def ssi_open(rootdir, path, mode):
rootdir = asciiify(rootdir)
path = asciiify(path)
path = os.sep.join([rootdir, path])
path = os.path.normpath(path)
path = asciiify(path)
if not path.startswith(rootdir):
raise ValueError("ssi: Path name below root directory")
return open(path, mode)
def ssi_open(rootdir, path, mode):
''' Wrapper for open() that makes security checks '''
rootdir = asciiify(rootdir)
path = asciiify(path)
path = os.sep.join([rootdir, path])
path = os.path.normpath(path)
path = asciiify(path)
if not path.startswith(rootdir):
raise ValueError("ssi: Path name below root directory")
return open(path, mode)
def process_request(self, stream, request):
''' Process a request and generate the response '''
response = Message()
if not request.uri.startswith("/"):
response.compose(code="403", reason="Forbidden",
body="403 Forbidden")
stream.send_response(request, response)
return
for prefix, child in self.childs.items():
if request.uri.startswith(prefix):
child.process_request(stream, request)
return
rootdir = self.conf.get("http.server.rootdir", "")
if not rootdir:
response.compose(code="403", reason="Forbidden",
body="403 Forbidden")
stream.send_response(request, response)
return
if request.uri == "/":
response.compose_redirect(stream, "/api/index")
stream.send_response(request, response)
return
# Paranoid mode: ON
rootdir = utils.asciiify(rootdir)
uripath = utils.asciiify(request.uri)
fullpath = os.path.normpath(rootdir + uripath)
fullpath = utils.asciiify(fullpath)
if not fullpath.startswith(rootdir):
response.compose(code="403", reason="Forbidden",
body="403 Forbidden")
stream.send_response(request, response)
return
try:
filep = open(fullpath, "rb")
except (IOError, OSError):
LOG.error("HTTP: Not Found: %s (WWW: %s)" % (fullpath, rootdir))
response.compose(code="404", reason="Not Found",
body="404 Not Found")
stream.send_response(request, response)
return
if self.conf.get("http.server.mime", True):
mimetype, encoding = mimetypes.guess_type(fullpath)
# Do not attempt SSI if the resource is, say, gzipped
if not encoding:
if mimetype == "text/html":
ssi = self.conf.get("http.server.ssi", False)
if ssi:
body = ssi_replace(rootdir, filep)
filep = StringIO.StringIO(body)
#XXX Do we need to enforce the charset?
if mimetype in ("text/html", "application/x-javascript"):
mimetype += "; charset=UTF-8"
else:
response["content-encoding"] = encoding
else:
mimetype = "text/plain"
response.compose(code="200", reason="Ok", body=filep,
mimetype=mimetype)
if request.method == "HEAD":
utils.safe_seek(filep, 0, os.SEEK_END)
stream.send_response(request, response)