From 9701a7fb84e73d5147c077a4aa08304b6c4eee49 Mon Sep 17 00:00:00 2001 From: Alexander Harkness Date: Sat, 19 Oct 2013 17:17:33 +0100 Subject: Added a HTML escaping function to cWebAdmin. Apparently my editor fixed some failed tabs too. --- source/WebAdmin.cpp | 69 +++++++++++++++++++++++++++++++++++++++++------------ source/WebAdmin.h | 49 +++++++++++++++++++------------------ 2 files changed, 80 insertions(+), 38 deletions(-) (limited to 'source') diff --git a/source/WebAdmin.cpp b/source/WebAdmin.cpp index 393e5ce52..1d2fe93b5 100644 --- a/source/WebAdmin.cpp +++ b/source/WebAdmin.cpp @@ -32,7 +32,7 @@ class cPlayerAccum : m_Contents.append(""); return false; } - + public: AString m_Contents; @@ -90,18 +90,18 @@ bool cWebAdmin::Init(void) { return false; } - + LOG("Initialising WebAdmin..."); - + if (!m_IniFile.GetValueSetB("WebAdmin", "Enabled", true)) { // WebAdmin is disabled, bail out faking a success return true; } - + AString PortsIPv4 = m_IniFile.GetValueSet("WebAdmin", "Port", "8080"); AString PortsIPv6 = m_IniFile.GetValueSet("WebAdmin", "PortsIPv6", ""); - + if (!m_HTTPServer.Initialize(PortsIPv4, PortsIPv6)) { return false; @@ -121,9 +121,9 @@ bool cWebAdmin::Start(void) // Not initialized return false; } - + LOG("Starting WebAdmin..."); - + // Initialize the WebAdmin template script and load the file m_TemplateScript.Create(); if (!m_TemplateScript.LoadFile(FILE_IO_PREFIX "webadmin/template.lua")) @@ -176,12 +176,12 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque a_Connection.SendNeedAuth("MCServer WebAdmin - bad username or password"); return; } - + // Check if the contents should be wrapped in the template: AString URL = a_Request.GetBareURL(); ASSERT(URL.length() > 0); bool ShouldWrapInTemplate = ((URL.length() > 1) && (URL[1] != '~')); - + // Retrieve the request data: cWebadminRequestData * Data = (cWebadminRequestData *)(a_Request.GetUserData()); if (Data == NULL) @@ -189,14 +189,14 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque a_Connection.SendStatusAndReason(500, "Bad UserData"); return; } - + // Wrap it all up for the Lua call: AString Template; HTTPTemplateRequest TemplateRequest; TemplateRequest.Request.Username = a_Request.GetAuthUsername(); TemplateRequest.Request.Method = a_Request.GetMethod(); TemplateRequest.Request.Path = URL.substr(1); - + if (Data->m_Form.Finish()) { for (cHTTPFormParser::const_iterator itr = Data->m_Form.begin(), end = Data->m_Form.end(); itr != end; ++itr) @@ -208,7 +208,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque TemplateRequest.Request.FormData[itr->first] = HTTPfd; TemplateRequest.Request.PostParams[itr->first] = itr->second; } // for itr - Data->m_Form[] - + // Parse the URL into individual params: size_t idxQM = a_Request.GetURL().find('?'); if (idxQM != AString::npos) @@ -221,7 +221,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque } // for itr - URLParams[] } } - + // Try to get the template from the Lua template script if (ShouldWrapInTemplate) { @@ -236,7 +236,7 @@ void cWebAdmin::HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPReque a_Connection.SendStatusAndReason(500, "m_TemplateScript failed"); return; } - + AString BaseURL = GetBaseURL(URL); AString Menu; Template = "{CONTENT}"; @@ -397,6 +397,45 @@ AString cWebAdmin::GetBaseURL( const AString& a_URL ) +AString cWebAdmin::GetHTMLEscapedString( const AString& a_Input ) +{ + + // Define a stringstream to write the output to. + std::stringstream dst; + + // Loop over input and substitute HTML characters for their alternatives. + for (char workingCharacter : a_Input) { + switch (workingCharacter) + { + case '&': + dst << "&"; + break; + case '\'': + dst << "'"; + break; + case '"': + dst << """; + break; + case '<': + dst << "<"; + break; + case '>': + dst << ">"; + break; + default: + dst << workingCharacter; + break; + } + } + + return dst.str(); + +} + + + + + AString cWebAdmin::GetBaseURL( const AStringVector& a_URLSplit ) { AString BaseURL = "./"; @@ -481,7 +520,7 @@ void cWebAdmin::OnRequestFinished(cHTTPConnection & a_Connection, cHTTPRequest & { // TODO: Handle other requests } - + // Delete any request data assigned to the request: cRequestData * Data = (cRequestData *)(a_Request.GetUserData()); delete Data; diff --git a/source/WebAdmin.h b/source/WebAdmin.h index 488cec274..fbe6a6b4a 100644 --- a/source/WebAdmin.h +++ b/source/WebAdmin.h @@ -51,18 +51,18 @@ struct HTTPRequest { typedef std::map< std::string, std::string > StringStringMap; typedef std::map< std::string, HTTPFormData > FormDataMap; - + AString Method; AString Path; AString Username; // tolua_end - + /// Parameters given in the URL, after the questionmark StringStringMap Params; // >> EXPORTED IN MANUALBINDINGS << - + /// Parameters posted as a part of a form - either in the URL (GET method) or in the body (POST method) StringStringMap PostParams; // >> EXPORTED IN MANUALBINDINGS << - + /// Same as PostParams FormDataMap FormData; // >> EXPORTED IN MANUALBINDINGS << } ; // tolua_export @@ -101,7 +101,7 @@ class cWebAdmin : { public: // tolua_end - + typedef std::list< cWebPlugin* > PluginList; @@ -110,7 +110,7 @@ public: /// Initializes the object. Returns true if successfully initialized and ready to start bool Init(void); - + /// Starts the HTTP server taking care of the admin. Returns true if successful bool Start(void); @@ -121,32 +121,35 @@ public: PluginList GetPlugins() const { return m_Plugins; } // >> EXPORTED IN MANUALBINDINGS << // tolua_begin - + /// Returns the amount of currently used memory, in KiB, or -1 if it cannot be queried static int GetMemoryUsage(void); sWebAdminPage GetPage(const HTTPRequest& a_Request); - + /// Returns the contents of the default page - the list of plugins and players AString GetDefaultPage(void); - + AString GetBaseURL(const AString& a_URL); - + + // Escapes text passed into it, so it can be embedded into html. + AString GetHTMLEscapedString( const AString& a_Input ); + // tolua_end AString GetBaseURL(const AStringVector& a_URLSplit); - + protected: /// Common base class for request body data handlers class cRequestData { public: virtual ~cRequestData() {} // Force a virtual destructor in all descendants - + /// Called when a new chunk of body data is received virtual void OnBody(const char * a_Data, int a_Size) = 0; } ; - + /// The body handler for requests in the "/webadmin" and "/~webadmin" paths class cWebadminRequestData : public cRequestData, @@ -154,13 +157,13 @@ protected: { public: cHTTPFormParser m_Form; - - + + cWebadminRequestData(cHTTPRequest & a_Request) : m_Form(a_Request, *this) { } - + // cRequestData overrides: virtual void OnBody(const char * a_Data, int a_Size) override; @@ -169,31 +172,31 @@ protected: virtual void OnFileData(cHTTPFormParser & a_Parser, const char * a_Data, int a_Size) override {} virtual void OnFileEnd(cHTTPFormParser & a_Parser) override {} } ; - - + + /// Set to true if Init() succeeds and the webadmin isn't to be disabled bool m_IsInitialized; /// The webadmin.ini file, used for the settings and allowed logins cIniFile m_IniFile; - + PluginList m_Plugins; /// The Lua template script to provide templates: cLuaState m_TemplateScript; - + /// The HTTP server which provides the underlying HTTP parsing, serialization and events cHTTPServer m_HTTPServer; AString GetTemplate(void); - + /// Handles requests coming to the "/webadmin" or "/~webadmin" URLs void HandleWebadminRequest(cHTTPConnection & a_Connection, cHTTPRequest & a_Request); - + /// Handles requests for the root page void HandleRootRequest(cHTTPConnection & a_Connection, cHTTPRequest & a_Request); - + // cHTTPServer::cCallbacks overrides: virtual void OnRequestBegun (cHTTPConnection & a_Connection, cHTTPRequest & a_Request) override; virtual void OnRequestBody (cHTTPConnection & a_Connection, cHTTPRequest & a_Request, const char * a_Data, int a_Size) override; -- cgit v1.2.3 From f7c9230106503149061f31efea0e387122fc1224 Mon Sep 17 00:00:00 2001 From: Alexander Harkness Date: Sat, 19 Oct 2013 17:37:47 +0100 Subject: Fixed general failings with everything. Fixes #211. My editor fixed some extra tabs in globals. --- source/Globals.h | 25 +++++++++++++------------ source/WebAdmin.cpp | 6 +++--- 2 files changed, 16 insertions(+), 15 deletions(-) (limited to 'source') diff --git a/source/Globals.h b/source/Globals.h index 1e531f7f3..174273bbc 100644 --- a/source/Globals.h +++ b/source/Globals.h @@ -12,24 +12,24 @@ #if defined(_MSC_VER) // MSVC produces warning C4481 on the override keyword usage, so disable the warning altogether #pragma warning(disable:4481) - + // Disable some warnings that we don't care about: #pragma warning(disable:4100) #define OBSOLETE __declspec(deprecated) - + // No alignment needed in MSVC #define ALIGN_8 #define ALIGN_16 - + #elif defined(__GNUC__) // TODO: Can GCC explicitly mark classes as abstract (no instances can be created)? #define abstract - + // TODO: Can GCC mark virtual methods as overriding (forcing them to have a virtual function of the same signature in the base class) #define override - + #define OBSOLETE __attribute__((deprecated)) #define ALIGN_8 __attribute__((aligned(8))) @@ -41,13 +41,13 @@ #else #error "You are using an unsupported compiler, you might need to #define some stuff here for your compiler" - + /* // Copy and uncomment this into another #elif section based on your compiler identification - + // Explicitly mark classes as abstract (no instances can be created) #define abstract - + // Mark virtual methods as overriding (forcing them to have a virtual function of the same signature in the base class) #define override @@ -92,17 +92,17 @@ typedef unsigned short UInt16; // OS-dependent stuff: #ifdef _WIN32 #define WIN32_LEAN_AND_MEAN - + #define _WIN32_WINNT 0x501 // We want to target WinXP and higher - + #include #include #include // IPv6 stuff - + // Windows SDK defines min and max macros, messing up with our std::min and std::max usage #undef min #undef max - + // Windows SDK defines GetFreeSpace as a constant, probably a Win16 API remnant #ifdef GetFreeSpace #undef GetFreeSpace @@ -161,6 +161,7 @@ typedef unsigned short UInt16; #include #include #include +#include diff --git a/source/WebAdmin.cpp b/source/WebAdmin.cpp index 1d2fe93b5..f72f9f63b 100644 --- a/source/WebAdmin.cpp +++ b/source/WebAdmin.cpp @@ -404,8 +404,8 @@ AString cWebAdmin::GetHTMLEscapedString( const AString& a_Input ) std::stringstream dst; // Loop over input and substitute HTML characters for their alternatives. - for (char workingCharacter : a_Input) { - switch (workingCharacter) + for (int i = 0; i < a_Input.length(); i++) { + switch ( a_Input[i] ) { case '&': dst << "&"; @@ -423,7 +423,7 @@ AString cWebAdmin::GetHTMLEscapedString( const AString& a_Input ) dst << ">"; break; default: - dst << workingCharacter; + dst << a_Input[i]; break; } } -- cgit v1.2.3 From 0677872d880cd2fd9d67933059a9df1fd08aa0d4 Mon Sep 17 00:00:00 2001 From: Alexander Harkness Date: Sat, 19 Oct 2013 21:13:47 +0100 Subject: Changed the code according to xoft's suggestions. --- source/WebAdmin.cpp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source') diff --git a/source/WebAdmin.cpp b/source/WebAdmin.cpp index f72f9f63b..7d17ddc03 100644 --- a/source/WebAdmin.cpp +++ b/source/WebAdmin.cpp @@ -400,35 +400,35 @@ AString cWebAdmin::GetBaseURL( const AString& a_URL ) AString cWebAdmin::GetHTMLEscapedString( const AString& a_Input ) { - // Define a stringstream to write the output to. - std::stringstream dst; + // Define a string to write the output to. + AString dst = ""; // Loop over input and substitute HTML characters for their alternatives. - for (int i = 0; i < a_Input.length(); i++) { + for (size_t i = 0; i < a_Input.length(); i++) { switch ( a_Input[i] ) { case '&': - dst << "&"; + dst =+ "&"; break; case '\'': - dst << "'"; + dst =+ "'"; break; case '"': - dst << """; + dst =+ """; break; case '<': - dst << "<"; + dst =+ "<"; break; case '>': - dst << ">"; + dst =+ ">"; break; default: - dst << a_Input[i]; + dst =+ a_Input[i]; break; } } - return dst.str(); + return dst(); } -- cgit v1.2.3 From 5ba998174ae7690c7ded25bbac99429b88fdcee9 Mon Sep 17 00:00:00 2001 From: Alexander Harkness Date: Sat, 19 Oct 2013 21:21:44 +0100 Subject: Fixed compile error. silly parentheses creeping in. --- source/WebAdmin.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source') diff --git a/source/WebAdmin.cpp b/source/WebAdmin.cpp index 7d17ddc03..a81d85f5f 100644 --- a/source/WebAdmin.cpp +++ b/source/WebAdmin.cpp @@ -428,7 +428,7 @@ AString cWebAdmin::GetHTMLEscapedString( const AString& a_Input ) } } - return dst(); + return dst; } -- cgit v1.2.3 From 3272b45bc53dd50e830f507e98643281d85ecab1 Mon Sep 17 00:00:00 2001 From: Alexander Harkness Date: Sat, 19 Oct 2013 21:30:54 +0100 Subject: Added a string reserve. --- source/WebAdmin.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'source') diff --git a/source/WebAdmin.cpp b/source/WebAdmin.cpp index a81d85f5f..d0b9648d9 100644 --- a/source/WebAdmin.cpp +++ b/source/WebAdmin.cpp @@ -402,6 +402,7 @@ AString cWebAdmin::GetHTMLEscapedString( const AString& a_Input ) // Define a string to write the output to. AString dst = ""; + dst.reserve(a_Input.length()); // Loop over input and substitute HTML characters for their alternatives. for (size_t i = 0; i < a_Input.length(); i++) { -- cgit v1.2.3