X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=scripts%2Ffile.ml;h=4345b11218ded440ef55095975a479fc14bbb5da;hb=fffce48503e09a21f9c5846a0fc378e6180e50f3;hp=d495f80063fe69a7ca841419c812567e8834b73f;hpb=50799fee9a4c3906fe0ab9988df83af2109fa269;p=cocanwiki.git

diff --git a/scripts/file.ml b/scripts/file.ml
index d495f80..4345b11 100644
--- a/scripts/file.ml
+++ b/scripts/file.ml
@@ -1,7 +1,7 @@
 (* COCANWIKI - a wiki written in Objective CAML.
  * Written by Richard W.M. Jones <rich@merjis.com>.
  * Copyright (C) 2004 Merjis Ltd.
- * $Id: file.ml,v 1.7 2004/10/04 15:19:56 rich Exp $
+ * $Id: file.ml,v 1.12 2004/11/01 16:24:32 rich Exp $
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -24,9 +24,11 @@ open Registry
 open Cgi
 open Printf
 
+open ExtString
+
 open Cocanwiki
 
-let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
+let run r (q : cgi) (dbh : Dbi.connection) hostid {hostname = hostname} _ =
   let name = q#param "name" in
   let version =
     try Some (int_of_string (q#param "version")) with Not_found -> None in
@@ -40,22 +42,44 @@ let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
 	  [`Int hostid; `String name; `String name; `Int version] in
 
   let sth =
-    dbh#prepare_cached ("select content, mime_type from files
+    dbh#prepare_cached ("select content, mime_type, name is null as deleted
+                           from files
                           where " ^ where) in
   sth#execute args;
 
-  let data, mime_type =
-    match sth#fetch1 () with
-	[ `Binary data; `String mime_type ] ->
-	  data, mime_type
-      | _ -> assert false in
+  let data, mime_type, deleted =
+    try
+      (match sth#fetch1 () with
+	   [ `Binary data; `String mime_type; `Bool deleted ] ->
+	     data, mime_type, deleted
+	 | _ -> assert false)
+    with
+	Not_found -> raise (HttpError cHTTP_NOT_FOUND) in
+
+  (* If deleted, refuse to serve this file except if called from the site. *)
+  if deleted then (
+    let referer =
+      try Table.get (Request.headers_in r) "Referer" with Not_found -> "" in
+    let ok =
+      try String.find referer hostname; true
+      with String.Invalid_string -> false in
+
+    if not ok then (
+      prerr_endline "file.ml: bandwidth theft avoided";
+      raise (HttpError cHTTP_NOT_FOUND)
+    )
+  );
 
   if version <> None then
     (* Set a medium-length expiry time on this resource. *)
     Table.set (Request.headers_out r) "Expires" (Expires.medium ());
 
+  (* Content-length header. *)
+  Table.set (Request.headers_out r) "Content-Length"
+    (string_of_int (String.length data));
+
   q#header ~content_type:mime_type ();
-  print_string r data
+  ignore (print_string r data)
 
 let () =
   register_script ~restrict:[CanView] run