<div dir="ltr">Hi Rémi,<div><br></div><div>In other words process_raw() called only for 

"text/*"  mime types. No binary files expected. </div><div><div>  <br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 24 июл. 2019 г. в 09:22, Александр Ковернинский <<a href="mailto:a.koverninsky@gmail.com">a.koverninsky@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>1. I olny changed process_raw(). It called only from  process()</div><div>2. process() called only from  file().<br></div><div>3. load_dir() checks  mime type (on the line 310).  Only for mime types "text/*" calls file(). load_dir() is main function for manipulating local content. </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 24 июл. 2019 г. в 08:54, Rémi Denis-Courmont <<a href="mailto:remi@remlab.net" target="_blank">remi@remlab.net</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Hi,<br><br>Ok.  But what if a binary file, e.g. a picture, contains the magic sequence? I don't think we can rely on escaping, that's my point.<br><br><div class="gmail_quote">Le 23 juillet 2019 13:42:41 GMT+03:00, "Александр Ковернинский" <<a href="mailto:a.koverninsky@gmail.com" target="_blank">a.koverninsky@gmail.com</a>> a écrit :<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">This "was not" a problem, because the page content (e.g. js-scripts containing '?>') can be downloaded from the Internet.<br><br>share/lua/http/index.html :<div><br><script type = "text / javascript" src = "<a href="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js" target="_blank">http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js</a>"> </ script><br><script type = "text / javascript" src = "<a href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js" target="_blank">http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js</a>"> </ script><br><script type = "text / javascript" src = "js / jquery.jstree.js"> </ script><br><br>We encountered this problem in the place where the Internet was missing.<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">вт, 23 июл. 2019 г. в 11:48, Rémi Denis-Courmont <<a href="mailto:remi@remlab.net" target="_blank">remi@remlab.net</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Hi,<br><br>How was this not a problem so far?<br><br>IMO, the HTTP server-side parser should leave file content as is by default, with only .lua or whatever getting parsed, and the .lua dropped from the URL.<br><br>Otherwise dropping asset files will never work properly.<br><br><div class="gmail_quote">Le 15 juillet 2019 16:25:53 GMT+03:00, Alexandr Koverninsky <<a href="mailto:a.koverninsky@gmail.com" target="_blank">a.koverninsky@gmail.com</a>> a écrit :<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<pre class="gmail-m_-7829813218532431448gmail-m_5515973173919272208gmail-m_-9198807831996845237k9mail">The closing '?>' needs to be printed using '?<?vlc print ">" ?>' to prevent a parse error.<hr> share/lua/http/js/jquery.jstree.js          | 4 ++--<br> share/lua/http/requests/browse.xml          | 2 +-<br> share/lua/http/requests/playlist.xml        | 2 +-<br> share/lua/http/requests/playlist_jstree.xml | 2 +-<br> share/lua/http/requests/status.xml          | 2 +-<br> share/lua/http/requests/vlm.xml             | 4 ++--<br> share/lua/http/requests/vlm_cmd.xml         | 4 ++--<br> share/lua/intf/http.lua                     | 7 ++-----<br> 8 files changed, 12 insertions(+), 15 deletions(-)<br><br>diff --git a/share/lua/http/js/jquery.jstree.js b/share/lua/http/js/jquery.jstree.js<br>index 59e49296d7..a47e949c65 100644<br>--- a/share/lua/http/js/jquery.jstree.js<br>+++ b/share/lua/http/js/jquery.jstree.js<br>@@ -3027,7 +3027,7 @@<br>               return false;<br>         };<br>    var xsl = {<br>-          'nest' : '<' + '?xml version="1.0" encoding="utf-8" ?<?vlc print '>'?>' +<br>+            'nest' : '<' + '?xml version="1.0" encoding="utf-8" ?>' +<br>                   '<xsl:stylesheet version="1.0" xmlns:xsl="<a href="http://www.w3.org/1999/XSL/Transform" target="_blank">http://www.w3.org/1999/XSL/Transform</a>" >' + <br>                    '<xsl:output method="html" encoding="utf-8" omit-xml-declaration="yes" standalone="no" indent="no" media-type="text/html" />' + <br>                    '<xsl:template match="/">' + <br>@@ -3088,7 +3088,7 @@<br>                  '</xsl:template>' + <br>                    '</xsl:stylesheet>',<br> <br>-                'flat' : '<' + '?xml version="1.0" encoding="utf-8" ?<?vlc print '>'?>' +<br>+            'flat' : '<' + '?xml version="1.0" encoding="utf-8" ?>' +<br>                   '<xsl:stylesheet version="1.0" xmlns:xsl="<a href="http://www.w3.org/1999/XSL/Transform" target="_blank">http://www.w3.org/1999/XSL/Transform</a>" >' + <br>                    '<xsl:output method="html" encoding="utf-8" omit-xml-declaration="yes" standalone="no" indent="no" media-type="text/xml" />' + <br>                     '<xsl:template match="/">' + <br>diff --git a/share/lua/http/requests/browse.xml b/share/lua/http/requests/browse.xml<br>index 0afff8f090..59ac5c3c34 100644<br>--- a/share/lua/http/requests/browse.xml<br>+++ b/share/lua/http/requests/browse.xml<br>@@ -1,4 +1,4 @@<br>-<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print'>'?><br>+<?xml version="1.0" encoding="utf-8" standalone="yes" ?><br> <?vlc --[[<br> vim:syntax=lua<br> <!--  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ><br>diff --git a/share/lua/http/requests/playlist.xml b/share/lua/http/requests/playlist.xml<br>index 8b8930b657..7cbcd75baa 100644<br>--- a/share/lua/http/requests/playlist.xml<br>+++ b/share/lua/http/requests/playlist.xml<br>@@ -1,4 +1,4 @@<br>-<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print'>'?><br>+<?xml version="1.0" encoding="utf-8" standalone="yes" ?><br> <?vlc --[[<br> vim:syntax=lua<br> <!--  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ><br>diff --git a/share/lua/http/requests/playlist_jstree.xml b/share/lua/http/requests/playlist_jstree.xml<br>index 0cdc309f2b..fcf19a328a 100644<br>--- a/share/lua/http/requests/playlist_jstree.xml<br>+++ b/share/lua/http/requests/playlist_jstree.xml<br>@@ -1,4 +1,4 @@<br>-<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print'>'?><br>+<?xml version="1.0" encoding="utf-8" standalone="yes" ?><br> <?vlc --[[<br> vim:syntax=lua<br> <!--  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ><br>diff --git a/share/lua/http/requests/status.xml b/share/lua/http/requests/status.xml<br>index 2d76b6a556..fec2d9d383 100644<br>--- a/share/lua/http/requests/status.xml<br>+++ b/share/lua/http/requests/status.xml<br>@@ -1,4 +1,4 @@<br>-<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlcprint'>'?><br>+<?xml version="1.0" encoding="utf-8" standalone="yes" ?><br> <?vlc --[[<br> vim:syntax=lua<br> <!--  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ><br>diff --git a/share/lua/http/requests/vlm.xml b/share/lua/http/requests/vlm.xml<br>index ddb9f2b562..df34e7f6d3 100644<br>--- a/share/lua/http/requests/vlm.xml<br>+++ b/share/lua/http/requests/vlm.xml<br>@@ -1,5 +1,5 @@<br>-<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print '>'<br>---[[<br>+<?xml version="1.0" encoding="utf-8" standalone="yes" ?><br>+<?vlc --[[<br> vim:syntax=lua<br> <!--  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ><br> <  vlm.xml: VLC media player web interface<br>diff --git a/share/lua/http/requests/vlm_cmd.xml b/share/lua/http/requests/vlm_cmd.xml<br>index 10a9a4a42b..fb6af4790a 100644<br>--- a/share/lua/http/requests/vlm_cmd.xml<br>+++ b/share/lua/http/requests/vlm_cmd.xml<br>@@ -1,5 +1,5 @@<br>-<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print '>'<br>---[[<br>+<?xml version="1.0" encoding="utf-8" standalone="yes" ?><br>+<?vlc --[[<br> <!--  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ><br> <  vlm_cmd.xml: VLC media player web interface<br> < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ><br>diff --git a/share/lua/intf/http.lua b/share/lua/intf/http.lua<br>index fc6d1a3156..04f60b091a 100644<br>--- a/share/lua/intf/http.lua<br>+++ b/share/lua/intf/http.lua<br>@@ -73,11 +73,8 @@ function process_raw(filename)<br>     end<br>     str=string.rep("=",#str-1)<br> <br>-    --[[ FIXME:<br>-    <?xml version="1.0" encoding="charset" standalone="yes" ?> is still a problem. The closing '?>' needs to be printed using '?<?vlc print ">" ?>' to prevent a parse error.<br>-    --]]<br>-    local code0 = string.gsub(input,escape(close_tag)," print(["..str.."[")<br>-    local code1 = string.gsub(code0,escape(open_tag),"]"..str.."]) ")<br>+    local code0 = string.gsub(input,escape(open_tag),"]"..str.."]) ")<br>+    local code1 = string.gsub(code0,"(%]"..str.."%]%) "..".-)("..escape(close_tag)..")","%1 print(["..str.."[")<br>     local code = "print(["..str.."["..code1.."]"..str.."])"<br>     --[[ Uncomment to debug<br>     if string.match(filename,"vlm_cmd.xml$") then</pre></blockquote></div><br>-- <br>Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.</div>_______________________________________________<br>
vlc-devel mailing list<br>
To unsubscribe or modify your subscription options:<br>
<a href="https://mailman.videolan.org/listinfo/vlc-devel" rel="noreferrer" target="_blank">https://mailman.videolan.org/listinfo/vlc-devel</a></blockquote></div>
</blockquote></div><br>-- <br>Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.</div>_______________________________________________<br>
vlc-devel mailing list<br>
To unsubscribe or modify your subscription options:<br>
<a href="https://mailman.videolan.org/listinfo/vlc-devel" rel="noreferrer" target="_blank">https://mailman.videolan.org/listinfo/vlc-devel</a></blockquote></div>
</blockquote></div>