blob: 27d827ccbf3f2e0dc7b9db8bf34d87dd9266a317 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<%pre>
#include <string>
#include <tnt/httperror.h>
#include <tnt/httpheader.h>
#include "filecache.h"
#include "setup.h"
using namespace std;
using namespace vdrlive;
</%pre>
<%session scope="global">
bool logged_in(false);
</%session>
<%cpp>
//if (!logged_in && LiveSetup().UseAuth()) return reply.redirect("login.html");
string mime("image/png");
if (request.getArgsCount() > 0) {
mime = request.getArg(0);
// dsyslog("vdrlive::content found mime arg (%s)", mime.c_str());
}
reply.setContentType(mime);
// dsyslog("vdrlive::content::mimetype(%s)", mime.c_str());
string const path(request.getPathInfo());
// dsyslog("vdrlive::content: path = %s", path.c_str());
// security checking of path. In order to not allow exploits the
// path must be absolute and not contain any upward references (e.g '../')
if (path.empty()) {
return HTTP_BAD_REQUEST;
}
if ('/' != path[0]) {
return HTTP_BAD_REQUEST;
}
if (string::npos != path.find("../", 1)) {
return HTTP_BAD_REQUEST;
}
FileCache::ptr_type f = LiveFileCache().get(path);
if (f.get() == 0) {
// dsyslog("vdrlive::content: DECLINED");
return DECLINED;
}
string ctime = tnt::HttpMessage::htdate(f->ctime());
string browserTime = request.getHeader(tnt::httpheader::ifModifiedSince);
if (browserTime == ctime) {
// dsyslog("vdrlive::content: HTTP_NOT_MODIFIED");
return HTTP_NOT_MODIFIED;
}
// dsyslog("vdrlive::content: send %d bytes of data", f->size());
reply.setHeader(tnt::httpheader::lastModified, ctime);
reply.out().write(f->data(), f->size());
</%cpp>
|
