diff options
Diffstat (limited to 'mod/mod-submit.cxx')
-rw-r--r-- | mod/mod-submit.cxx | 53 |
1 files changed, 23 insertions, 30 deletions
diff --git a/mod/mod-submit.cxx b/mod/mod-submit.cxx index 3130823..5ee358a 100644 --- a/mod/mod-submit.cxx +++ b/mod/mod-submit.cxx @@ -1,25 +1,25 @@ // file : mod/mod-submit.cxx -*- C++ -*- -// copyright : Copyright (c) 2014-2019 Code Synthesis Ltd // license : MIT; see accompanying LICENSE file #include <mod/mod-submit.hxx> #include <ostream> -#include <libbutl/sha256.mxx> -#include <libbutl/sendmail.mxx> -#include <libbutl/fdstream.mxx> -#include <libbutl/timestamp.mxx> -#include <libbutl/filesystem.mxx> -#include <libbutl/process-io.mxx> // operator<<(ostream, process_args) -#include <libbutl/manifest-types.mxx> -#include <libbutl/manifest-serializer.mxx> +#include <libbutl/sha256.hxx> +#include <libbutl/sendmail.hxx> +#include <libbutl/fdstream.hxx> +#include <libbutl/timestamp.hxx> +#include <libbutl/filesystem.hxx> +#include <libbutl/process-io.hxx> // operator<<(ostream, process_args) +#include <libbutl/manifest-types.hxx> +#include <libbutl/manifest-serializer.hxx> -#include <web/xhtml.hxx> -#include <web/module.hxx> +#include <web/server/module.hxx> + +#include <web/xhtml/serialization.hxx> #include <mod/page.hxx> -#include <mod/options.hxx> +#include <mod/module-options.hxx> #include <mod/external-handler.hxx> using namespace std; @@ -163,7 +163,7 @@ handle (request& rq, response& rs) if (!options_->submit_data_specified ()) return respond_manifest (404, "submission disabled"); - // Parse the request form data and verifying the submission size limit. + // Parse the request form data and verify the submission size limit. // // Note that if it is exceeded, then there are parameters and this is the // submission rather than the form request, and so we respond with the @@ -254,24 +254,17 @@ handle (request& rq, response& rs) return respond_manifest (400, "invalid package archive checksum"); // Verify that unknown parameter values satisfy the requirements (contain - // only ASCII printable characters plus '\r', '\n', and '\t'). + // only UTF-8 encoded graphic characters plus '\t', '\r', and '\n'). // // Actually, the expected ones must satisfy too, so check them as well. // - auto printable = [] (const string& s) -> bool - { - for (char c: s) - { - if (!((c >= 0x20 && c <= 0x7E) || c == '\n' || c == '\r' || c == '\t')) - return false; - } - return true; - }; - + string what; for (const name_value& nv: rps) { - if (nv.value && !printable (*nv.value)) - return respond_manifest (400, "invalid parameter " + nv.name); + if (nv.value && + !utf8 (*nv.value, what, codepoint_types::graphic, U"\n\r\t")) + return respond_manifest (400, + "invalid parameter " + nv.name + ": " + what); } // Note that from now on the result manifest we respond with will contain @@ -299,8 +292,8 @@ handle (request& rq, response& rs) // However, using the abbreviated checksum can be helpful for // troubleshooting. // - td = dir_path (options_->submit_temp () / - dir_path (path::traits_type::temp_name (ref))); + td = options_->submit_temp () / + dir_path (path::traits_type::temp_name (ref)); // It's highly unlikely but still possible that the temporary directory // already exists. This can only happen due to the unclean web server @@ -560,7 +553,7 @@ handle (request& rq, response& rs) // Run the submission handler, if specified, reading the result manifest // from its stdout and caching it as a name/value pair list for later use - // (forwarding to the client, sending via email, etc.). Otherwise, create + // (forwarding to the client, sending via email, etc). Otherwise, create // implied result manifest. // status_code sc; @@ -690,7 +683,7 @@ handle (request& rq, response& rs) sendmail sm (print_args, 2 /* stderr */, options_->email (), - "new package submission " + a.string () + " (" + ref + ")", + "new package submission " + a.string () + " (" + ref + ')', {options_->submit_email ()}); // Write the submission request manifest. |