diff options
Diffstat (limited to 'source')
| -rw-r--r-- | source/Globals.h | 24 | ||||
| -rw-r--r-- | source/WebAdmin.cpp | 63 | ||||
| -rw-r--r-- | source/WebAdmin.h | 49 |
3 files changed, 85 insertions, 51 deletions
diff --git a/source/Globals.h b/source/Globals.h index 1e531f7f3..ef79e4cf1 100644 --- a/source/Globals.h +++ b/source/Globals.h @@ -12,24 +12,24 @@ #if defined(_MSC_VER) // MSVC produces warning C4481 on the override keyword usage, so disable the warning altogether #pragma warning(disable:4481) - + // Disable some warnings that we don't care about: #pragma warning(disable:4100) #define OBSOLETE __declspec(deprecated) - + // No alignment needed in MSVC #define ALIGN_8 #define ALIGN_16 - + #elif defined(__GNUC__) // TODO: Can GCC explicitly mark classes as abstract (no instances can be created)? #define abstract - + // TODO: Can GCC mark virtual methods as overriding (forcing them to have a virtual function of the same signature in the base class) #define override - + #define OBSOLETE __attribute__((deprecated)) #define ALIGN_8 __attribute__((aligned(8))) @@ -41,13 +41,13 @@ #else #error "You are using an unsupported compiler, you might need to #define some stuff here for your compiler" - + /* // Copy and uncomment this into another #elif section based on your compiler identification - + // Explicitly mark classes as abstract (no instances can be created) #define abstract - + // Mark virtual methods as overriding (forcing them to have a virtual function of the same signature in the base class) #define override @@ -92,17 +92,17 @@ typedef unsigned short UInt16; // OS-dependent stuff: #ifdef _WIN32 #define WIN32_LEAN_AND_MEAN - + #define _WIN32_WINNT 0x501 // We want to target WinXP and higher - + #include <Windows.h> #include <winsock2.h> #include <Ws2tcpip.h> // IPv6 stuff - + // Windows SDK defines min and max macros, messing up with our std::min and std::max usage #undef min #undef max - + // Windows SDK defines GetFreeSpace as a constant, probably a Win16 API remnant #ifdef GetFreeSpace #undef GetFreeSpace diff --git a/source/WebAdmin.cpp b/source/WebAdmin.cpp index 393e5ce52..3f9bc6c98 100644 --- a/source/WebAdmin.cpp +++ b/source/WebAdmin.cpp @@ -32,7 +32,7 @@ class cPlayerAccum : m_Contents.append("</li>"); return false; } - + public: AString m_Contents; @@ -90,18 +90,18 @@ bool cWebAdmin::Init(void) { return false; } - + LOG("Initialising WebAdmin..."); - + if (!m_IniFile.GetValueSetB("WebAdmin", "Enabled", true)) { // WebAdmin is disabled, bail out faking a success return true; } - + AString PortsIPv4 = m_IniFile.GetValueSet("WebAdmin", "Port", "8080"); AString PortsIPv6 = m_IniFile.GetValueSet("WebAdmin", "PortsIPv6", ""); - + if (!m_HTTPServer.Initialize(PortsIPv4, PortsIPv6)) { return false; @@ -121,9 +121,9 @@ bool cWebAdmin::Start(void) // Not initialized return false; } - + LOG("Starting WebAdmin..."); - + // Initialize the WebAdmin template script and load the file m_TemplateScript.Create(); if (!m_TemplateScript.LoadFile(FILE_IO_PREFIX "webadmin/template.lua")) @@ -176,12 +176,12 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque a_Connection.SendNeedAuth("MCServer WebAdmin - bad username or password"); return; } - + // Check if the contents should be wrapped in the template: AString URL = a_Request.GetBareURL(); ASSERT(URL.length() > 0); bool ShouldWrapInTemplate = ((URL.length() > 1) && (URL[1] != '~')); - + // Retrieve the request data: cWebadminRequestData * Data = (cWebadminRequestData *)(a_Request.GetUserData()); if (Data == NULL) @@ -189,14 +189,14 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque a_Connection.SendStatusAndReason(500, "Bad UserData"); return; } - + // Wrap it all up for the Lua call: AString Template; HTTPTemplateRequest TemplateRequest; TemplateRequest.Request.Username = a_Request.GetAuthUsername(); TemplateRequest.Request.Method = a_Request.GetMethod(); TemplateRequest.Request.Path = URL.substr(1); - + if (Data->m_Form.Finish()) { for (cHTTPFormParser::const_iterator itr = Data->m_Form.begin(), end = Data->m_Form.end(); itr != end; ++itr) @@ -208,7 +208,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque TemplateRequest.Request.FormData[itr->first] = HTTPfd; TemplateRequest.Request.PostParams[itr->first] = itr->second; } // for itr - Data->m_Form[] - + // Parse the URL into individual params: size_t idxQM = a_Request.GetURL().find('?'); if (idxQM != AString::npos) @@ -221,7 +221,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque } // for itr - URLParams[] } } - + // Try to get the template from the Lua template script if (ShouldWrapInTemplate) { @@ -236,7 +236,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque a_Connection.SendStatusAndReason(500, "m_TemplateScript failed"); return; } - + AString BaseURL = GetBaseURL(URL); AString Menu; Template = "{CONTENT}"; @@ -397,7 +397,38 @@ AString cWebAdmin::GetBaseURL( const AString& a_URL ) -AString cWebAdmin::GetBaseURL( const AStringVector& a_URLSplit ) +AString cWebAdmin::GetHTMLEscapedString(const AString & a_Input) +{ + AString dst; + dst.reserve(a_Input.length()); + + // Loop over input and substitute HTML characters for their alternatives: + size_t len = a_Input.length(); + for (size_t i = 0; i < len; i++) + { + switch (a_Input[i]) + { + case '&': dst.append("&"); break; + case '\'': dst.append("'"); break; + case '"': dst.append("""); break; + case '<': dst.append("<"); break; + case '>': dst.append(">"); break; + default: + { + dst.push_back(a_Input[i]); + break; + } + } // switch (a_Input[i]) + } // for i - a_Input[] + + return dst; +} + + + + + +AString cWebAdmin::GetBaseURL(const AStringVector & a_URLSplit) { AString BaseURL = "./"; if (a_URLSplit.size() > 1) @@ -481,7 +512,7 @@ void cWebAdmin::OnRequestFinished(cHTTPConnection & a_Connection, cHTTPRequest & { // TODO: Handle other requests } - + // Delete any request data assigned to the request: cRequestData * Data = (cRequestData *)(a_Request.GetUserData()); delete Data; diff --git a/source/WebAdmin.h b/source/WebAdmin.h index 488cec274..fbe6a6b4a 100644 --- a/source/WebAdmin.h +++ b/source/WebAdmin.h @@ -51,18 +51,18 @@ struct HTTPRequest { typedef std::map< std::string, std::string > StringStringMap; typedef std::map< std::string, HTTPFormData > FormDataMap; - + AString Method; AString Path; AString Username; // tolua_end - + /// Parameters given in the URL, after the questionmark StringStringMap Params; // >> EXPORTED IN MANUALBINDINGS << - + /// Parameters posted as a part of a form - either in the URL (GET method) or in the body (POST method) StringStringMap PostParams; // >> EXPORTED IN MANUALBINDINGS << - + /// Same as PostParams FormDataMap FormData; // >> EXPORTED IN MANUALBINDINGS << } ; // tolua_export @@ -101,7 +101,7 @@ class cWebAdmin : { public: // tolua_end - + typedef std::list< cWebPlugin* > PluginList; @@ -110,7 +110,7 @@ public: /// Initializes the object. Returns true if successfully initialized and ready to start bool Init(void); - + /// Starts the HTTP server taking care of the admin. Returns true if successful bool Start(void); @@ -121,32 +121,35 @@ public: PluginList GetPlugins() const { return m_Plugins; } // >> EXPORTED IN MANUALBINDINGS << // tolua_begin - + /// Returns the amount of currently used memory, in KiB, or -1 if it cannot be queried static int GetMemoryUsage(void); sWebAdminPage GetPage(const HTTPRequest& a_Request); - + /// Returns the contents of the default page - the list of plugins and players AString GetDefaultPage(void); - + AString GetBaseURL(const AString& a_URL); - + + // Escapes text passed into it, so it can be embedded into html. + AString GetHTMLEscapedString( const AString& a_Input ); + // tolua_end AString GetBaseURL(const AStringVector& a_URLSplit); - + protected: /// Common base class for request body data handlers class cRequestData { public: virtual ~cRequestData() {} // Force a virtual destructor in all descendants - + /// Called when a new chunk of body data is received virtual void OnBody(const char * a_Data, int a_Size) = 0; } ; - + /// The body handler for requests in the "/webadmin" and "/~webadmin" paths class cWebadminRequestData : public cRequestData, @@ -154,13 +157,13 @@ protected: { public: cHTTPFormParser m_Form; - - + + cWebadminRequestData(cHTTPRequest & a_Request) : m_Form(a_Request, *this) { } - + // cRequestData overrides: virtual void OnBody(const char * a_Data, int a_Size) override; @@ -169,31 +172,31 @@ protected: virtual void OnFileData(cHTTPFormParser & a_Parser, const char * a_Data, int a_Size) override {} virtual void OnFileEnd(cHTTPFormParser & a_Parser) override {} } ; - - + + /// Set to true if Init() succeeds and the webadmin isn't to be disabled bool m_IsInitialized; /// The webadmin.ini file, used for the settings and allowed logins cIniFile m_IniFile; - + PluginList m_Plugins; /// The Lua template script to provide templates: cLuaState m_TemplateScript; - + /// The HTTP server which provides the underlying HTTP parsing, serialization and events cHTTPServer m_HTTPServer; AString GetTemplate(void); - + /// Handles requests coming to the "/webadmin" or "/~webadmin" URLs void HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPRequest & a_Request); - + /// Handles requests for the root page void HandleRootRequest(cHTTPConnection & a_Connection, cHTTPRequest & a_Request); - + // cHTTPServer::cCallbacks overrides: virtual void OnRequestBegun (cHTTPConnection & a_Connection, cHTTPRequest & a_Request) override; virtual void OnRequestBody (cHTTPConnection & a_Connection, cHTTPRequest & a_Request, const char * a_Data, int a_Size) override; |