X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=scripts%2Ffile.ml;h=ae4f9edb4d10ff81ac16284a1f228c379e14dafa;hb=262f6a0c34949247ba6b78399b787e693da38d86;hp=6a5deb19bd925c40f3cc1ccd1809ff9f43be08a1;hpb=3062d573a7617339324c23cdd4755f8f04956b92;p=cocanwiki.git diff --git a/scripts/file.ml b/scripts/file.ml index 6a5deb1..ae4f9ed 100644 --- a/scripts/file.ml +++ b/scripts/file.ml @@ -1,7 +1,22 @@ -(* COCANWIKI scripts. +(* COCANWIKI - a wiki written in Objective CAML. * Written by Richard W.M. Jones . * Copyright (C) 2004 Merjis Ltd. - * $Id: file.ml,v 1.1 2004/09/07 10:14:09 rich Exp $ + * $Id: file.ml,v 1.15 2006/03/27 19:10:29 rich Exp $ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file COPYING. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + * Boston, MA 02111-1307, USA. *) open Apache @@ -9,40 +24,61 @@ open Registry open Cgi open Printf -open Merjisforwiki +open ExtString open Cocanwiki -let run r (q : cgi) (dbh : Dbi.connection) (hostid, _) _ = +let run r (q : cgi) dbh hostid {hostname = hostname} _ = let name = q#param "name" in let version = - try Some (int_of_string (q#param "version")) with Not_found -> None in + try Some (Int32.of_string (q#param "version")) with Not_found -> None in (* Get the file and its MIME type. *) - let where, args = - match version with - None -> "hostid = ? and name = ?", [`Int hostid; `String name] - | Some version -> - "hostid = ? and (name = ? or name_deleted = ?) and id = ?", - [`Int hostid; `String name; `String name; `Int version] in - - let sth = - dbh#prepare_cached ("select content, mime_type from files - where " ^ where) in - sth#execute args; - - let data, mime_type = - match sth#fetch1 () with - [ `Binary data; `String mime_type ] -> - data, mime_type - | _ -> assert false in + let data, mime_type, deleted = + try + List.hd ( + match version with + | None -> + PGSQL(dbh) "select content, mime_type, name is null as deleted + from files + where hostid = $hostid and name = $name" + | Some version -> + PGSQL(dbh) "select content, mime_type, name is null as deleted + from files + where hostid = $hostid + and (name = $name or name_deleted = $name) + and id = $version" + ) + with + Not_found | ExtList.List.Empty_list -> + raise (HttpError cHTTP_NOT_FOUND) in + + let deleted = Option.get deleted in + + (* If deleted, refuse to serve this file except if called from the site. *) + if deleted then ( + let referer = + try Table.get (Request.headers_in r) "Referer" with Not_found -> "" in + let ok = + try ignore (String.find referer hostname); true + with Invalid_string -> false in + + if not ok then ( + prerr_endline "file.ml: bandwidth theft avoided"; + raise (HttpError cHTTP_NOT_FOUND) + ) + ); if version <> None then (* Set a medium-length expiry time on this resource. *) - Table.set (Request.headers_out r) "Expires" (Cgi_expires.expires_medium()); + Table.set (Request.headers_out r) "Expires" (Expires.medium ()); + + (* Content-length header. *) + Table.set (Request.headers_out r) "Content-Length" + (string_of_int (String.length data)); q#header ~content_type:mime_type (); - print_string r data + ignore (print_string r data) let () = - register_script run + register_script ~restrict:[CanView] run