From 42dca894b5e7cb804d6c4331bef83a9fd36f4cc8 Mon Sep 17 00:00:00 2001
From: helge <helge@e4a50df8-12e2-0310-a44c-efbce7f8a7e3>
Date: Mon, 14 Feb 2005 13:37:08 +0000
Subject: [PATCH] added a redirect safety marker to stop processing at some
 limit

git-svn-id: http://svn.opengroupware.org/SOPE/trunk@558 e4a50df8-12e2-0310-a44c-efbce7f8a7e3
---
 sope-appserver/NGObjWeb/ChangeLog             |  6 ++
 sope-appserver/NGObjWeb/Defaults.plist        |  1 +
 .../SoObjects/SoObjectRequestHandler.m        | 57 ++++++++++++++-----
 sope-mime/NGImap4/EOQualifier+IMAPAdditions.m |  2 +
 4 files changed, 51 insertions(+), 15 deletions(-)

diff --git a/sope-appserver/NGObjWeb/ChangeLog b/sope-appserver/NGObjWeb/ChangeLog
index 833309e1..e17de4cb 100644
--- a/sope-appserver/NGObjWeb/ChangeLog
+++ b/sope-appserver/NGObjWeb/ChangeLog
@@ -1,3 +1,9 @@
+2005-02-14  Helge Hess  <helge.hess@opengroupware.org>
+
+	* SoObjects/SoObjectRequestHandler.m: added a safety limit on the URL
+	  to avoid excessive redirects to view URLs, the "stop suffix" can be
+	  configured using the 'WORedirectURISafetySuffix' default (v4.5.115)
+
 2005-02-12  Helge Hess  <helge.hess@opengroupware.org>
 
 	* DynamicElements/WOxHTMLElemBuilder.m: create a WOGenericElement
diff --git a/sope-appserver/NGObjWeb/Defaults.plist b/sope-appserver/NGObjWeb/Defaults.plist
index 3101370b..1b236d5a 100644
--- a/sope-appserver/NGObjWeb/Defaults.plist
+++ b/sope-appserver/NGObjWeb/Defaults.plist
@@ -103,6 +103,7 @@
   WOProfileLoading                      = NO;
   WOProfileResponse                     = NO;
   WOProjectSearchPath                   = ();
+  WORedirectURISafetySuffix             = "/view/view/view/view";
   WOResourceRequestHandlerKey           = "y";
   WOResourceURLAssociationDebugEnabled  = NO;
   WORunMultithreaded                    = NO;
diff --git a/sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m b/sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m
index 7b9b4682..57727f7f 100644
--- a/sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m
+++ b/sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m
@@ -56,24 +56,30 @@ static BOOL disableZLHack = NO;
 static Class WOTemplateClass = Nil;
 static NSString *rapidTurnAroundPath = nil;
 
+static NSString *redirectURISafetySuffix = nil;
+
 + (int)version {
   return [super version] + 0 /* 2 */;
 }
 + (void)initialize {
   static BOOL didInit = NO;
-  if (!didInit) {
-    NSUserDefaults *ud = [NSUserDefaults standardUserDefaults];
-    didInit = YES;
-    NSAssert2([super version] == 2,
-	      @"invalid superclass (%@) version %i !",
-	      NSStringFromClass([self superclass]), [super version]);
-    debugOn       = [ud boolForKey:@"SoObjectRequestHandlerDebugEnabled"];
-    debugRulesOn  = [ud boolForKey:@"SoObjectRequestHandlerRulesDebugEnabled"];
-    disableZLHack = [ud boolForKey:@"DisableZideLookHack"];
-
-    WOTemplateClass     = [WOTemplate class];
-    rapidTurnAroundPath = [[ud stringForKey:@"WOProjectDirectory"] copy];    
-  }
+  NSUserDefaults *ud = [NSUserDefaults standardUserDefaults];
+  if (didInit)
+    return;
+  
+  didInit = YES;
+  NSAssert2([super version] == 2,
+	    @"invalid superclass (%@) version %i !",
+	    NSStringFromClass([self superclass]), [super version]);
+  debugOn       = [ud boolForKey:@"SoObjectRequestHandlerDebugEnabled"];
+  debugRulesOn  = [ud boolForKey:@"SoObjectRequestHandlerRulesDebugEnabled"];
+  disableZLHack = [ud boolForKey:@"DisableZideLookHack"];
+
+  WOTemplateClass     = [WOTemplate class];
+  rapidTurnAroundPath = [[ud stringForKey:@"WOProjectDirectory"] copy];    
+  
+  redirectURISafetySuffix = 
+    [[ud stringForKey:@"WORedirectURISafetySuffix"] copy];
 }
 
 - (id)init {
@@ -209,7 +215,7 @@ static NSString *rapidTurnAroundPath = nil;
 }
 
 - (NSArray *)traversalPathFromRequest:(WORequest *)_rq {
-  static NSArray *rqKeys = nil;
+  static NSArray *rqKeys = nil; /* cache of request handlers */
   NSMutableArray *traversalPath;
   unsigned i, count;
   NSString *m;
@@ -285,7 +291,7 @@ static NSString *rapidTurnAroundPath = nil;
 - (id)rootObjectForRequest:(WORequest *)_rq inContext:(WOContext *)_ctx {
   id object;
   
-  if (self->rootObject)
+  if (self->rootObject != nil)
     return self->rootObject;
     
   if ((object = [_ctx application]) == nil)
@@ -493,6 +499,27 @@ static NSString *rapidTurnAroundPath = nil;
     if (_sn) [self debugWithFormat:@"session 0x%08X: %@", _sn, _sn];
   }
   
+  /* first check safety marker */
+  
+  if ([[_rq uri] hasSuffix:redirectURISafetySuffix]) {
+#if 0 // does not work => znek's logging framework
+    [self logWithFormat:
+	    @"ERROR: stopping processing because redirect safety suffix was "
+	    @"reached:\n  uri=%@\n  suffix=%@\n",
+	    [_rq uri], redirectURISafetySuffix];
+#else
+    NSLog(@"ERROR: stopping processing because redirect safety suffix was "
+	  @"reached:\n  uri=%@\n  suffix=%@\n",
+	  [_rq uri], redirectURISafetySuffix);
+#endif
+    
+    r = [_ctx response];
+    [r setStatus:403 /* Forbidden */];
+    [r appendContentString:
+	 @"Request forbidden, a server side safety limit was reached."];
+    return r;
+  }
+  
   /* setup rule context */
   
   [self->dispatcherRules reset];
diff --git a/sope-mime/NGImap4/EOQualifier+IMAPAdditions.m b/sope-mime/NGImap4/EOQualifier+IMAPAdditions.m
index 9563b221..87b86e44 100644
--- a/sope-mime/NGImap4/EOQualifier+IMAPAdditions.m
+++ b/sope-mime/NGImap4/EOQualifier+IMAPAdditions.m
@@ -247,6 +247,8 @@ static void _initImap4SearchCategory(void) {
   
   lvalue    = [self value];
   lselector = [self selector];
+
+  // TODO: add support for <> qualifier? (seen => unseen)
       
   if (sel_eq(lselector, EOQualifierOperatorEqual)) {
     lvalue = [NSArray arrayWithObject:lvalue];
-- 
2.39.5