nginx-quic: src/http/modules/ngx_http_autoindex

comparison src/http/modules/ngx_http_autoindex_module.c @ 4193:63aa6ab94630

Autoindex: escape html in file names.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Tue, 11 Oct 2011 17:57:41 +0000
parents	61e4af19df9f
children	d620f497c50f

comparison

equal deleted inserted replaced

-:61e4af19df9f
+:63aa6ab94630
 typedef struct {
 ngx_str_t      name;
 size_t         utf_len;
 size_t         escape;
+size_t         escape_html;
 unsigned       dir:1;
 time_t         mtime;
 off_t          size;
 static ngx_int_t
 ngx_http_autoindex_handler(ngx_http_request_t *r)
 {
 u_char                         *last, *filename, scale;
 off_t                           length;
-size_t                          len, utf_len, allocated, root;
+size_t                          len, char_len, escape_html, allocated, root;
 ngx_tm_t                        tm;
 ngx_err_t                       err;
 ngx_buf_t                      *b;
 ngx_int_t                       rc, size;
 ngx_str_t                       path;
 ngx_cpystrn(entry->name.data, ngx_de_name(&dir), len + 1);
 entry->escape = 2 * ngx_escape_uri(NULL, ngx_de_name(&dir), len,
 NGX_ESCAPE_URI_COMPONENT);
+entry->escape_html = ngx_escape_html(NULL, entry->name.data,
+entry->name.len);
 if (utf8) {
 entry->utf_len = ngx_utf8_length(entry->name.data, entry->name.len);
 } else {
 entry->utf_len = len;
 }
 if (ngx_close_dir(&dir) == NGX_ERROR) {
 ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno,
 ngx_close_dir_n " \"%s\" failed", &path);
 }
+escape_html = ngx_escape_html(NULL, r->uri.data, r->uri.len);
 len = sizeof(title) - 1
-+ r->uri.len
++ r->uri.len + escape_html
 + sizeof(header) - 1
-+ r->uri.len
++ r->uri.len + escape_html
 + sizeof("</h1>") - 1
 + sizeof("<hr><pre><a href=\"../\">../</a>" CRLF) - 1
 + sizeof("</pre><hr>") - 1
 + sizeof(tail) - 1;
 len += sizeof("<a href=\"") - 1
 + entry[i].name.len + entry[i].escape
 + 1                                          /* 1 is for "/" */
 + sizeof("\">") - 1
 + entry[i].name.len - entry[i].utf_len
++ entry[i].escape_html
 + NGX_HTTP_AUTOINDEX_NAME_LEN + sizeof("&gt;") - 2
 + sizeof("</a>") - 1
 + sizeof(" 28-Sep-1970 12:00 ") - 1
 + 20                                         /* the file size */
 + 2;
 sizeof(ngx_http_autoindex_entry_t),
 ngx_http_autoindex_cmp_entries);
 }
 b->last = ngx_cpymem(b->last, title, sizeof(title) - 1);
-b->last = ngx_cpymem(b->last, r->uri.data, r->uri.len);
-b->last = ngx_cpymem(b->last, header, sizeof(header) - 1);
+if (escape_html) {
-b->last = ngx_cpymem(b->last, r->uri.data, r->uri.len);
+b->last = (u_char *) ngx_escape_html(b->last, r->uri.data, r->uri.len);
+b->last = ngx_cpymem(b->last, header, sizeof(header) - 1);
+b->last = (u_char *) ngx_escape_html(b->last, r->uri.data, r->uri.len);
+} else {
+b->last = ngx_cpymem(b->last, r->uri.data, r->uri.len);
+b->last = ngx_cpymem(b->last, header, sizeof(header) - 1);
+b->last = ngx_cpymem(b->last, r->uri.data, r->uri.len);
+}
 b->last = ngx_cpymem(b->last, "</h1>", sizeof("</h1>") - 1);
 b->last = ngx_cpymem(b->last, "<hr><pre><a href=\"../\">../</a>" CRLF,
 sizeof("<hr><pre><a href=\"../\">../</a>" CRLF) - 1);
 len = entry[i].utf_len;
 if (entry[i].name.len != len) {
 if (len > NGX_HTTP_AUTOINDEX_NAME_LEN) {
-utf_len = NGX_HTTP_AUTOINDEX_NAME_LEN - 3 + 1;
+char_len = NGX_HTTP_AUTOINDEX_NAME_LEN - 3 + 1;
 } else {
-utf_len = NGX_HTTP_AUTOINDEX_NAME_LEN + 1;
+char_len = NGX_HTTP_AUTOINDEX_NAME_LEN + 1;
 }
+last = b->last;
 b->last = ngx_utf8_cpystrn(b->last, entry[i].name.data,
-utf_len, entry[i].name.len + 1);
+char_len, entry[i].name.len + 1);
+if (entry[i].escape_html) {
+b->last = (u_char *) ngx_escape_html(last, entry[i].name.data,
+b->last - last);
+}
 last = b->last;
 } else {
-b->last = ngx_cpystrn(b->last, entry[i].name.data,
+if (entry[i].escape_html) {
-NGX_HTTP_AUTOINDEX_NAME_LEN + 1);
+if (len > NGX_HTTP_AUTOINDEX_NAME_LEN) {
-last = b->last - 3;
+char_len = NGX_HTTP_AUTOINDEX_NAME_LEN - 3;
+} else {
+char_len = len;
+}
+b->last = (u_char *) ngx_escape_html(b->last,
+entry[i].name.data, char_len);
+last = b->last;
+} else {
+b->last = ngx_cpystrn(b->last, entry[i].name.data,
+NGX_HTTP_AUTOINDEX_NAME_LEN + 1);
+last = b->last - 3;
+}
 }
 if (len > NGX_HTTP_AUTOINDEX_NAME_LEN) {
 b->last = ngx_cpymem(last, "..&gt;</a>", sizeof("..&gt;</a>") - 1);

Mercurial > hg > nginx-quic

comparison src/http/modules/ngx_http_autoindex_module.c @ 4193:63aa6ab94630