yay! get multidoc flatfile injection working.

2024-10-04 04:07:13 +03:00 · 2014-06-15 14:57:38 -07:00 · 2014-06-15 14:57:38 -07:00 · 4e3e4fd0d0
commit 4e3e4fd0d0
parent 6f813ed7a5
6 changed files with 69 additions and 25 deletions
--- a/HttpRequest.cpp
+++ b/HttpRequest.cpp
@ -1312,14 +1312,32 @@ void HttpRequest::parseFieldsMultipart ( char *s , long slen ) {

 	// point to = sign, use this for multiparts though
 	char *equal = strstr ( s , "\"\r\n\r\n" );
+	// for uploading a file it looks like
+	// Content-Disposition: form-data; name=\"file\"; filename=\"poo.txt\"\r\nContent-Type: text/plain\r\n\r\nsomething here\n=====\nagain we do it...
+	char *equal2 = strstr ( s , "\"" );
+	// debug point 
+	if ( strncmp(s,"file",4) == 0 )
+		log("hey");
+	// so if we had that then we had an uploaded file
+	bool uploadedFile = false;
+	if ( equal2 && equal && equal2 <  equal ) {
+		uploadedFile = true;
+		equal = equal2;
+	}
 	// try next field if none here
 	if ( ! equal ) goto loop;
 	// set field len
 	m_fieldLens [ n ] = equal - s;
-	// set = to \0 so getField() returns NULL terminated field name
-	*equal = '\0';
 	// point to field value
 	s = equal + 5;
+	// unless we had an uploaded file, then skip more
+	if ( uploadedFile ) {
+		char *fileStart = strstr(equal,"\r\n\r\n");
+		if ( fileStart ) fileStart += 4;
+		s = fileStart;
+	}
+	// set = to \0 so getField() returns NULL terminated field name
+	*equal = '\0';
 	// set value (may be \0)
 	m_fieldValues [ n ] = s;
 	// force to \0 at end
--- a/PageInject.cpp
+++ b/PageInject.cpp
@ -52,9 +52,19 @@ bool sendPageInject ( TcpSocket *sock , HttpRequest *hr ) {
 	// if content is "" make it NULL so XmlDoc will download it
 	// if user really wants empty content they can put a space in there
 	// TODO: update help then...
-	if ( gr->m_content && gr->m_content[0] == '\0' )
+	if ( gr->m_content && ! gr->m_content[0]  )
 		gr->m_content = NULL;
-	
+
+	if ( gr->m_contentFile && ! gr->m_contentFile[0]  )
+		gr->m_contentFile = NULL;
+
+	if ( gr->m_contentDelim && ! gr->m_contentDelim[0] )
+		gr->m_contentDelim = NULL;
+
+	// if we had a delimeter but not content, zero it out...
+	char *content = gr->m_content;
+	if ( ! content ) content = gr->m_contentFile;
+	if ( ! content ) gr->m_contentDelim = NULL;

 	// get collection rec
 	CollectionRec *cr = g_collectiondb.getRec ( gr->m_coll );
@ -216,6 +226,7 @@ Msg7::Msg7 () {
 	m_round = 0;
 	m_firstTime = true;
 	m_fixMe = false;
+	m_injectCount = 0;
 }

 Msg7::~Msg7 () {
@ -276,13 +287,12 @@ bool Msg7::inject ( void *state ,
 	// shortcut
 	XmlDoc *xd = &m_xd;

+	// this will be NULL if the "content" was empty or not given
 	char *content = gr->m_content;
-	if ( content && content[0] == '\0' ) content = NULL;

-	// try the uploaded file if nothing in the text area
+	// . try the uploaded file if nothing in the text area
+	// . this will be NULL if the "content" was empty or not given
 	if ( ! content ) content = gr->m_contentFile;
-	if ( content && content[0] == '\0' ) content = NULL;
-

 	if ( m_firstTime ) {
 		m_firstTime = false;
@ -312,7 +322,7 @@ bool Msg7::inject ( void *state ,
 		// we've saved m_start as "start" above, 
 		// so find the next delimeter after it and set that to m_start
 		// add +1 to avoid infinite loop
-		m_start = strstr(m_start+1,delim);
+		m_start = strstr(start+1,delim);
 		// for injecting "start" set this to \0
 		if ( m_start ) {
 			// null term it
@ -346,10 +356,13 @@ bool Msg7::inject ( void *state ,
 		Url u; u.set ( gr->m_url );
 		// reset it
 		m_injectUrlBuf.reset();
-		// by default append a .<ch64> to the provided url
-		m_injectUrlBuf.safePrintf("%s.%llu",u.getUrl(),ch64);
+		// by default append a -<ch64> to the provided url
+		m_injectUrlBuf.safePrintf("%s-%llu",u.getUrl(),ch64);
 	}

+	// count them
+	m_injectCount++;
+

 	if ( ! xd->injectDoc ( m_injectUrlBuf.getBufStart() ,
 			       cr ,
--- a/PageInject.h
+++ b/PageInject.h
@ -16,7 +16,7 @@ public:
 	bool m_firstTime;
 	char *m_start;
 	bool  m_fixMe;
-
+	long  m_injectCount;

 	bool       m_needsSet;
 	XmlDoc     m_xd;
--- a/Pages.cpp
+++ b/Pages.cpp
@ -149,7 +149,7 @@ static WebPage s_pages[] = {
 	  //USER_ADMIN | USER_MASTER   , 
 	  "prioritize urls for spidering",
 	  sendPageGeneric  , 0 } ,
-	{ PAGE_INJECT    , "admin/inject"   , 0 , "inject url" ,  0 , 1 ,
+	{ PAGE_INJECT    , "admin/inject"   , 0 , "inject url" , 0,M_MULTI ,
 	  //USER_ADMIN | USER_MASTER   ,
 	  "inject url in the index here",
 	  sendPageInject   , 2 } ,
@ -201,7 +201,7 @@ static WebPage s_pages[] = {
 //	  "sync page",
 //	  sendPageGeneric  , 0 } ,

-	{ PAGE_AUTOBAN    ,"admin/autoban" , 0 , "autoban" ,  1 , 1 ,
+	{ PAGE_AUTOBAN    ,"admin/autoban" , 0 , "autoban" ,  1 , M_POST ,
 	  //USER_MASTER | USER_PROXY , 
 	  "autobanned ips",
 	  sendPageAutoban   , 0 },
@ -209,7 +209,7 @@ static WebPage s_pages[] = {
 	{ PAGE_SPIDERLOCKS,"admin/spiderlocks" , 0 , "spider locks" ,  0 , 0 ,
 	  USER_MASTER , sendPageSpiderLocks , 0 },
 	  */
-	{ PAGE_PROFILER    , "admin/profiler"   , 0 , "profiler" ,  0 , 1 ,
+	{ PAGE_PROFILER    , "admin/profiler"   , 0 , "profiler" ,  0 ,M_POST,
 	  //USER_MASTER , 
 	  "profiler page",
 	  sendPageProfiler   , 0 } ,
@ -232,7 +232,7 @@ static WebPage s_pages[] = {
 	  //USER_MASTER | USER_ADMIN , 
 	  "api page",
 	  sendPageAPI , 0 } ,
-	{ PAGE_RULES  , "admin/siterules", 0 , "site rules", 1, 1,
+	{ PAGE_RULES  , "admin/siterules", 0 , "site rules", 1, M_POST,
 	  //USER_ADMIN | USER_MASTER   , 
 	  "site rules page",
 	  sendPageGeneric , 0} ,
@ -273,7 +273,7 @@ static WebPage s_pages[] = {
 	  sendPageResults  , 0 } ,
 #endif

-	{ PAGE_ACCESS    , "admin/access" , 0 , "access" ,  1 , 1 , // usepost
+	{ PAGE_ACCESS    , "admin/access" , 0 , "access" ,  1 , M_POST,
 	  //USER_ADMIN | USER_MASTER   , 
 	  "access password, ip, admin ips etc. all goes in here",
 	  sendPageGeneric  , 0 } ,
@ -281,15 +281,15 @@ static WebPage s_pages[] = {
 	  //USER_ADMIN | USER_MASTER   , 
 	  "search box",
 	  sendPageResults  , 0 } ,
-	{ PAGE_PARSER    , "admin/parser"  , 0 , "parser"          ,  0 , 1,
+	{ PAGE_PARSER    , "admin/parser"  , 0 , "parser"          , 0,M_POST,
 	  //USER_MASTER ,
 	  "page parser page",
 	  sendPageParser   , 2 } ,
-	{ PAGE_SITEDB    , "admin/tagdb"  , 0 , "tagdb"  ,  0 , 1,
+	{ PAGE_SITEDB    , "admin/tagdb"  , 0 , "tagdb"  ,  0 , M_POST,
 	  //USER_MASTER | USER_ADMIN,
 	  "tagdb page to add/remove/get tags",
 	  sendPageTagdb ,  0} ,	  
-	{ PAGE_CATDB     , "admin/catdb"   , 0 , "catdb"           ,  0 , 1,
+	{ PAGE_CATDB     , "admin/catdb"   , 0 , "catdb"           ,  0,M_POST,
 	  //USER_MASTER | USER_ADMIN,
 	  "catdb page",
 	  sendPageCatdb    , 0 } ,
@ -955,7 +955,13 @@ bool Pages::printAdminTop (SafeBuf     *sb   ,
 	// . we cannot use the GET method if there is more than a few k of
 	//   parameters, like in the case of the Search Controls page. The
 	//   browser simply will not send the request if it is that big.
-	if ( s_pages[page].m_usePost )
+	if ( s_pages[page].m_usePost == M_MULTI )
+		sb->safePrintf ("<form name=\"SubmitInput\" method=\"post\" "
+				// we need this for <input type=file> tags
+				"ENCTYPE=\"multipart/form-data\" "
+				"action=\"/%s\">\n",
+				s_pages[page].m_filename);
+	else if ( s_pages[page].m_usePost == M_POST )
 		sb->safePrintf ("<form name=\"SubmitInput\" method=\"post\" "
 				"action=\"/%s\">\n",
 				s_pages[page].m_filename);
--- a/Pages.h
+++ b/Pages.h
@ -87,6 +87,11 @@ bool sendPageQualityAgent   ( TcpSocket *s , HttpRequest *r );
 bool sendPageThesaurus  ( TcpSocket *s , HttpRequest *r );
 bool sendPageStatsdb   ( TcpSocket *s , HttpRequest *r );

+// values for m_usePost:
+#define M_GET   0x00
+#define M_POST  0x01
+#define M_MULTI 0x02
+
 // . description of a dynamic page
 // . we have a static array of these in Pages.cpp
 class WebPage {
@ -96,7 +101,7 @@ class WebPage {
 	long  m_flen;
 	char *m_name;     // for printing the links to the pages in admin sect.
 	bool  m_cast;     // broadcast input to all hosts?
-	bool  m_usePost;  // use a POST request/reply instead of GET?
+	char  m_usePost;  // use a POST request/reply instead of GET?
 	                  // used because GET's input is limited to a few k.
 	//char  m_perm;     // permissions, see USER_* #define's below
 	char *m_desc; // page description
--- a/Parms.cpp
+++ b/Parms.cpp
@ -2085,7 +2085,7 @@ bool Parms::printParm ( SafeBuf* sb,
 	else if ( t == TYPE_RETRIES    ) 
 		printDropDown ( 4 , sb , cgi , *s , false , false );
 	else if ( t == TYPE_FILEUPLOADBUTTON    ) {
-		sb->safePrintf("<input type=file name=urls>");
+		sb->safePrintf("<input type=file name=%s>",cgi);
 	}
 	else if ( t == TYPE_PRIORITY_BOXES ) {
 		// print ALL the checkboxes when we get the first parm
@ -2685,8 +2685,6 @@ void Parms::setParm ( char *THIS , Parm *m , long mm , long j , char *s ,

 	char  t   = m->m_type;

-	if ( t == TYPE_FILEUPLOADBUTTON ) { char *xx=NULL;*xx=0; }
-
 	if      ( t == TYPE_CHAR           || 
 		  t == TYPE_CHAR2          || 
 		  t == TYPE_CHECKBOX       ||
@ -2709,6 +2707,10 @@ void Parms::setParm ( char *THIS , Parm *m , long mm , long j , char *s ,
 		// "s" might be NULL or m->m_def...
 		*(char **)(THIS + m->m_off + j) = s;
 	}
+	else if ( t == 	TYPE_FILEUPLOADBUTTON ) {
+		// "s" might be NULL or m->m_def...
+		*(char **)(THIS + m->m_off + j) = s;
+	}
 	else if ( t == TYPE_CMD ) {
 		log(LOG_LOGIC, "conf: Parms: TYPE_CMD is not a cgi var.");
 		return;	}