<%pre> #include #include #include #include "filecache.h" #include "setup.h" using namespace std; using namespace vdrlive; <%session scope="global"> bool logged_in(false); <%cpp> //if (!logged_in && LiveSetup().UseAuth()) return reply.redirect("login.html"); string mime("image/png"); if (request.getArgsCount() > 0) { mime = request.getArg(0); // dsyslog("vdrlive::content found mime arg (%s)", mime.c_str()); } reply.setContentType(mime); // dsyslog("vdrlive::content::mimetype(%s)", mime.c_str()); string const path(request.getPathInfo()); // dsyslog("vdrlive::content: path = %s", path.c_str()); // security checking of path. In order to not allow exploits the // path must be absolute and not contain any upward references (e.g '../') if (path.empty()) { return HTTP_BAD_REQUEST; } if ('/' != path[0]) { return HTTP_BAD_REQUEST; } if (string::npos != path.find("../", 1)) { return HTTP_BAD_REQUEST; } FileCache::ptr_type f = LiveFileCache().get(path); if (f.get() == 0) { // dsyslog("vdrlive::content: DECLINED"); return DECLINED; } string ctime = tnt::HttpMessage::htdate(f->ctime()); string browserTime = request.getHeader(tnt::httpheader::ifModifiedSince); if (browserTime == ctime) { // dsyslog("vdrlive::content: HTTP_NOT_MODIFIED"); return HTTP_NOT_MODIFIED; } // dsyslog("vdrlive::content: send %d bytes of data", f->size()); reply.setHeader(tnt::httpheader::lastModified, ctime); reply.out().write(f->data(), f->size());