/* ScummVM - Graphic Adventure Engine * * ScummVM is the legal property of its developers, whose names * are too numerous to list here. Please refer to the COPYRIGHT * file distributed with this source distribution. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * */ #include "backends/networking/sdl_net/handlerutils.h" #include "backends/networking/sdl_net/localwebserver.h" #include "backends/saves/default/default-saves.h" #include "common/archive.h" #include "common/config-manager.h" #include "common/file.h" #include "common/translation.h" #include "common/unzip.h" namespace Networking { #define ARCHIVE_NAME "wwwroot.zip" #define INDEX_PAGE_NAME ".index.html" Common::Archive *HandlerUtils::getZipArchive() { // first search in themepath if (ConfMan.hasKey("themepath")) { const Common::FSNode &node = Common::FSNode(ConfMan.get("themepath")); if (!node.exists() || !node.isReadable() || !node.isDirectory()) return nullptr; Common::FSNode fileNode = node.getChild(ARCHIVE_NAME); if (fileNode.exists() && fileNode.isReadable() && !fileNode.isDirectory()) { Common::SeekableReadStream *const stream = fileNode.createReadStream(); Common::Archive *zipArchive = Common::makeZipArchive(stream); if (zipArchive) return zipArchive; } } // then use SearchMan to find it Common::ArchiveMemberList fileList; SearchMan.listMatchingMembers(fileList, ARCHIVE_NAME); for (Common::ArchiveMemberList::iterator it = fileList.begin(); it != fileList.end(); ++it) { Common::ArchiveMember const &m = **it; Common::SeekableReadStream *const stream = m.createReadStream(); Common::Archive *zipArchive = Common::makeZipArchive(stream); if (zipArchive) return zipArchive; } return nullptr; } Common::ArchiveMemberList HandlerUtils::listArchive() { Common::ArchiveMemberList resultList; Common::Archive *zipArchive = getZipArchive(); if (zipArchive) { zipArchive->listMembers(resultList); delete zipArchive; } return resultList; } Common::SeekableReadStream *HandlerUtils::getArchiveFile(Common::String name) { Common::SeekableReadStream *result = nullptr; Common::Archive *zipArchive = getZipArchive(); if (zipArchive) { const Common::ArchiveMemberPtr ptr = zipArchive->getMember(name); if (ptr.get() == nullptr) return nullptr; result = ptr->createReadStream(); delete zipArchive; } return result; } Common::String HandlerUtils::readEverythingFromStream(Common::SeekableReadStream *const stream) { Common::String result; char buf[1024]; uint32 readBytes; while (!stream->eos()) { readBytes = stream->read(buf, 1024); result += Common::String(buf, readBytes); } return result; } Common::String HandlerUtils::normalizePath(const Common::String &path) { Common::String normalized; bool slash = false; for (uint32 i = 0; i < path.size(); ++i) { char c = path[i]; if (c == '\\' || c == '/') { slash = true; continue; } if (slash) { normalized += '/'; slash = false; } if ('A' <= c && c <= 'Z') { normalized += c - 'A' + 'a'; } else { normalized += c; } } if (slash) normalized += '/'; return normalized; } bool HandlerUtils::hasForbiddenCombinations(const Common::String &path) { return (path.contains("/../") || path.contains("\\..\\") || path.contains("\\../") || path.contains("/..\\")); } bool HandlerUtils::isBlacklisted(const Common::String &path) { const char *blacklist[] = { "/etc", "/bin", "c:/windows" // just saying: I know guys who install windows on another drives }; // normalize path Common::String normalized = normalizePath(path); uint32 size = sizeof(blacklist) / sizeof(const char *); for (uint32 i = 0; i < size; ++i) if (normalized.hasPrefix(blacklist[i])) return true; return false; } bool HandlerUtils::hasPermittedPrefix(const Common::String &path) { // normalize path Common::String normalized = normalizePath(path); // prefix for /root/ Common::String prefix; if (ConfMan.hasKey("rootpath", "cloud")) { prefix = normalizePath(ConfMan.get("rootpath", "cloud")); if (prefix == "/" || normalized.hasPrefix(prefix)) return true; } // prefix for /saves/ #ifdef USE_LIBCURL DefaultSaveFileManager *manager = dynamic_cast(g_system->getSavefileManager()); prefix = (manager ? manager->concatWithSavesPath("") : ConfMan.get("savepath")); #else prefix = ConfMan.get("savepath"); #endif return (normalized.hasPrefix(normalizePath(prefix))); } bool HandlerUtils::permittedPath(const Common::String path) { return hasPermittedPrefix(path) && !isBlacklisted(path); } void HandlerUtils::setMessageHandler(Client &client, Common::String message, Common::String redirectTo) { Common::String response = "ScummVM{message}"; // load stylish response page from the archive Common::SeekableReadStream *const stream = getArchiveFile(INDEX_PAGE_NAME); if (stream) response = readEverythingFromStream(stream); replace(response, "{message}", message); if (redirectTo.empty()) LocalWebserver::setClientGetHandler(client, response); else LocalWebserver::setClientRedirectHandler(client, response, redirectTo); } void HandlerUtils::setFilesManagerErrorMessageHandler(Client &client, Common::String message, Common::String redirectTo) { setMessageHandler( client, Common::String::format( "%s
%s", message.c_str(), client.queryParameter("ajax") == "true" ? "AJAX" : "", "%2F", //that's encoded "/" _("Back to the files manager") ), redirectTo ); } } // End of namespace Networking