… | |
… | |
424 | sub map_uri { |
424 | sub map_uri { |
425 | my $self = shift; |
425 | my $self = shift; |
426 | my $host = $self->{server_name}; |
426 | my $host = $self->{server_name}; |
427 | my $uri = $self->{uri}; |
427 | my $uri = $self->{uri}; |
428 | |
428 | |
|
|
429 | $host =~ /[\/\\]/ |
|
|
430 | and $self->err(400, "bad request"); |
|
|
431 | |
429 | # some massaging, also makes it more secure |
432 | # some massaging, also makes it more secure |
430 | $uri =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr hex $1/ge; |
433 | $uri =~ s/%([0-9a-fA-F][0-9a-fA-F])/chr hex $1/ge; |
431 | $uri =~ s%//+%/%g; |
434 | $uri =~ s%//+%/%g; |
432 | $uri =~ s%/\.(?=/|$)%%g; |
435 | $uri =~ s%/\.(?=/|$)%%g; |
433 | 1 while $uri =~ s%/[^/]+/\.\.(?=/|$)%%; |
436 | 1 while $uri =~ s%/[^/]+/\.\.(?=/|$)%%; |
… | |
… | |
552 | }; |
555 | }; |
553 | |
556 | |
554 | my @code = (200, "ok"); |
557 | my @code = (200, "ok"); |
555 | my ($l, $h); |
558 | my ($l, $h); |
556 | |
559 | |
557 | if ($self->{h}{range} =~ /^bytes=(.*)$/) { |
560 | if ($self->{h}{range} =~ /^bytes=(.*)$/i) { |
558 | for (split /,/, $1) { |
561 | for (split /,/, $1) { |
559 | if (/^-(\d+)$/) { |
562 | if (/^-(\d+)$/) { |
560 | ($l, $h) = ($length - $1, $length - 1); |
563 | ($l, $h) = ($length - $1, $length - 1); |
561 | } elsif (/^(\d+)-(\d*)$/) { |
564 | } elsif (/^(\d+)-(\d*)$/) { |
562 | ($l, $h) = ($1, ($2 ne "" || $2 >= $length) ? $2 : $length - 1); |
565 | ($l, $h) = ($1, ($2 ne "" || $2 >= $length) ? $2 : $length - 1); |
… | |
… | |
628 | |
631 | |
629 | Coro::AIO::aio_read $fh, $l, ($h > $bufsize ? $bufsize : $h), my $buf, 0 |
632 | Coro::AIO::aio_read $fh, $l, ($h > $bufsize ? $bufsize : $h), my $buf, 0 |
630 | or last; |
633 | or last; |
631 | |
634 | |
632 | $tbf->request (length $buf); |
635 | $tbf->request (length $buf); |
633 | my $w = syswrite $self->{fh}, $buf |
636 | my $w = $self->{fh}->syswrite ($buf) |
634 | or last; |
637 | or last; |
635 | $::written += $w; |
638 | $::written += $w; |
636 | $self->{written} += $w; |
639 | $self->{written} += $w; |
637 | $l += $w; |
640 | $l += $w; |
638 | } |
641 | } |