From: helge Date: Mon, 14 Feb 2005 13:37:08 +0000 (+0000) Subject: added a redirect safety marker to stop processing at some limit X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42dca894b5e7cb804d6c4331bef83a9fd36f4cc8;p=sope added a redirect safety marker to stop processing at some limit git-svn-id: http://svn.opengroupware.org/SOPE/trunk@558 e4a50df8-12e2-0310-a44c-efbce7f8a7e3 --- diff --git a/sope-appserver/NGObjWeb/ChangeLog b/sope-appserver/NGObjWeb/ChangeLog index 833309e1..e17de4cb 100644 --- a/sope-appserver/NGObjWeb/ChangeLog +++ b/sope-appserver/NGObjWeb/ChangeLog @@ -1,3 +1,9 @@ +2005-02-14 Helge Hess + + * SoObjects/SoObjectRequestHandler.m: added a safety limit on the URL + to avoid excessive redirects to view URLs, the "stop suffix" can be + configured using the 'WORedirectURISafetySuffix' default (v4.5.115) + 2005-02-12 Helge Hess * DynamicElements/WOxHTMLElemBuilder.m: create a WOGenericElement diff --git a/sope-appserver/NGObjWeb/Defaults.plist b/sope-appserver/NGObjWeb/Defaults.plist index 3101370b..1b236d5a 100644 --- a/sope-appserver/NGObjWeb/Defaults.plist +++ b/sope-appserver/NGObjWeb/Defaults.plist @@ -103,6 +103,7 @@ WOProfileLoading = NO; WOProfileResponse = NO; WOProjectSearchPath = (); + WORedirectURISafetySuffix = "/view/view/view/view"; WOResourceRequestHandlerKey = "y"; WOResourceURLAssociationDebugEnabled = NO; WORunMultithreaded = NO; diff --git a/sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m b/sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m index 7b9b4682..57727f7f 100644 --- a/sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m +++ b/sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m @@ -56,24 +56,30 @@ static BOOL disableZLHack = NO; static Class WOTemplateClass = Nil; static NSString *rapidTurnAroundPath = nil; +static NSString *redirectURISafetySuffix = nil; + + (int)version { return [super version] + 0 /* 2 */; } + (void)initialize { static BOOL didInit = NO; - if (!didInit) { - NSUserDefaults *ud = [NSUserDefaults standardUserDefaults]; - didInit = YES; - NSAssert2([super version] == 2, - @"invalid superclass (%@) version %i !", - NSStringFromClass([self superclass]), [super version]); - debugOn = [ud boolForKey:@"SoObjectRequestHandlerDebugEnabled"]; - debugRulesOn = [ud boolForKey:@"SoObjectRequestHandlerRulesDebugEnabled"]; - disableZLHack = [ud boolForKey:@"DisableZideLookHack"]; - - WOTemplateClass = [WOTemplate class]; - rapidTurnAroundPath = [[ud stringForKey:@"WOProjectDirectory"] copy]; - } + NSUserDefaults *ud = [NSUserDefaults standardUserDefaults]; + if (didInit) + return; + + didInit = YES; + NSAssert2([super version] == 2, + @"invalid superclass (%@) version %i !", + NSStringFromClass([self superclass]), [super version]); + debugOn = [ud boolForKey:@"SoObjectRequestHandlerDebugEnabled"]; + debugRulesOn = [ud boolForKey:@"SoObjectRequestHandlerRulesDebugEnabled"]; + disableZLHack = [ud boolForKey:@"DisableZideLookHack"]; + + WOTemplateClass = [WOTemplate class]; + rapidTurnAroundPath = [[ud stringForKey:@"WOProjectDirectory"] copy]; + + redirectURISafetySuffix = + [[ud stringForKey:@"WORedirectURISafetySuffix"] copy]; } - (id)init { @@ -209,7 +215,7 @@ static NSString *rapidTurnAroundPath = nil; } - (NSArray *)traversalPathFromRequest:(WORequest *)_rq { - static NSArray *rqKeys = nil; + static NSArray *rqKeys = nil; /* cache of request handlers */ NSMutableArray *traversalPath; unsigned i, count; NSString *m; @@ -285,7 +291,7 @@ static NSString *rapidTurnAroundPath = nil; - (id)rootObjectForRequest:(WORequest *)_rq inContext:(WOContext *)_ctx { id object; - if (self->rootObject) + if (self->rootObject != nil) return self->rootObject; if ((object = [_ctx application]) == nil) @@ -493,6 +499,27 @@ static NSString *rapidTurnAroundPath = nil; if (_sn) [self debugWithFormat:@"session 0x%08X: %@", _sn, _sn]; } + /* first check safety marker */ + + if ([[_rq uri] hasSuffix:redirectURISafetySuffix]) { +#if 0 // does not work => znek's logging framework + [self logWithFormat: + @"ERROR: stopping processing because redirect safety suffix was " + @"reached:\n uri=%@\n suffix=%@\n", + [_rq uri], redirectURISafetySuffix]; +#else + NSLog(@"ERROR: stopping processing because redirect safety suffix was " + @"reached:\n uri=%@\n suffix=%@\n", + [_rq uri], redirectURISafetySuffix); +#endif + + r = [_ctx response]; + [r setStatus:403 /* Forbidden */]; + [r appendContentString: + @"Request forbidden, a server side safety limit was reached."]; + return r; + } + /* setup rule context */ [self->dispatcherRules reset]; diff --git a/sope-mime/NGImap4/EOQualifier+IMAPAdditions.m b/sope-mime/NGImap4/EOQualifier+IMAPAdditions.m index 9563b221..87b86e44 100644 --- a/sope-mime/NGImap4/EOQualifier+IMAPAdditions.m +++ b/sope-mime/NGImap4/EOQualifier+IMAPAdditions.m @@ -247,6 +247,8 @@ static void _initImap4SearchCategory(void) { lvalue = [self value]; lselector = [self selector]; + + // TODO: add support for <> qualifier? (seen => unseen) if (sel_eq(lselector, EOQualifierOperatorEqual)) { lvalue = [NSArray arrayWithObject:lvalue];