[vlc-devel] [PATCH] http.lua: Fix parsing problem.
Rémi Denis-Courmont
remi at remlab.net
Wed Jul 24 07:54:18 CEST 2019
Hi,
Ok. But what if a binary file, e.g. a picture, contains the magic sequence? I don't think we can rely on escaping, that's my point.
Le 23 juillet 2019 13:42:41 GMT+03:00, "Александр Ковернинский" <a.koverninsky at gmail.com> a écrit :
>This "was not" a problem, because the page content (e.g. js-scripts
>containing '?>') can be downloaded from the Internet.
>
>share/lua/http/index.html :
>
><script type = "text / javascript" src = "
>http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"> </
>script>
><script type = "text / javascript" src = "
>http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js">
></
>script>
><script type = "text / javascript" src = "js / jquery.jstree.js"> </
>script>
>
>We encountered this problem in the place where the Internet was
>missing.
>
>вт, 23 июл. 2019 г. в 11:48, Rémi Denis-Courmont <remi at remlab.net>:
>
>> Hi,
>>
>> How was this not a problem so far?
>>
>> IMO, the HTTP server-side parser should leave file content as is by
>> default, with only .lua or whatever getting parsed, and the .lua
>dropped
>> from the URL.
>>
>> Otherwise dropping asset files will never work properly.
>>
>> Le 15 juillet 2019 16:25:53 GMT+03:00, Alexandr Koverninsky <
>> a.koverninsky at gmail.com> a écrit :
>>>
>>> The closing '?>' needs to be printed using '?<?vlc print ">" ?>' to
>prevent a parse error.
>>> ------------------------------
>>> share/lua/http/js/jquery.jstree.js | 4 ++--
>>> share/lua/http/requests/browse.xml | 2 +-
>>> share/lua/http/requests/playlist.xml | 2 +-
>>> share/lua/http/requests/playlist_jstree.xml | 2 +-
>>> share/lua/http/requests/status.xml | 2 +-
>>> share/lua/http/requests/vlm.xml | 4 ++--
>>> share/lua/http/requests/vlm_cmd.xml | 4 ++--
>>> share/lua/intf/http.lua | 7 ++-----
>>> 8 files changed, 12 insertions(+), 15 deletions(-)
>>>
>>> diff --git a/share/lua/http/js/jquery.jstree.js
>b/share/lua/http/js/jquery.jstree.js
>>> index 59e49296d7..a47e949c65 100644
>>> --- a/share/lua/http/js/jquery.jstree.js
>>> +++ b/share/lua/http/js/jquery.jstree.js
>>> @@ -3027,7 +3027,7 @@
>>> return false;
>>> };
>>> var xsl = {
>>> - 'nest' : '<' + '?xml version="1.0" encoding="utf-8" ?<?vlc print
>'>'?>' +
>>> + 'nest' : '<' + '?xml version="1.0" encoding="utf-8" ?>' +
>>> '<xsl:stylesheet version="1.0"
>xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >' +
>>> '<xsl:output method="html" encoding="utf-8"
>omit-xml-declaration="yes" standalone="no" indent="no"
>media-type="text/html" />' +
>>> '<xsl:template match="/">' +
>>> @@ -3088,7 +3088,7 @@
>>> '</xsl:template>' +
>>> '</xsl:stylesheet>',
>>>
>>> - 'flat' : '<' + '?xml version="1.0" encoding="utf-8" ?<?vlc print
>'>'?>' +
>>> + 'flat' : '<' + '?xml version="1.0" encoding="utf-8" ?>' +
>>> '<xsl:stylesheet version="1.0"
>xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >' +
>>> '<xsl:output method="html" encoding="utf-8"
>omit-xml-declaration="yes" standalone="no" indent="no"
>media-type="text/xml" />' +
>>> '<xsl:template match="/">' +
>>> diff --git a/share/lua/http/requests/browse.xml
>b/share/lua/http/requests/browse.xml
>>> index 0afff8f090..59ac5c3c34 100644
>>> --- a/share/lua/http/requests/browse.xml
>>> +++ b/share/lua/http/requests/browse.xml
>>> @@ -1,4 +1,4 @@
>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc
>print'>'?>
>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>> <?vlc --[[
>>> vim:syntax=lua
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>- - - >
>>> diff --git a/share/lua/http/requests/playlist.xml
>b/share/lua/http/requests/playlist.xml
>>> index 8b8930b657..7cbcd75baa 100644
>>> --- a/share/lua/http/requests/playlist.xml
>>> +++ b/share/lua/http/requests/playlist.xml
>>> @@ -1,4 +1,4 @@
>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc
>print'>'?>
>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>> <?vlc --[[
>>> vim:syntax=lua
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>- - - >
>>> diff --git a/share/lua/http/requests/playlist_jstree.xml
>b/share/lua/http/requests/playlist_jstree.xml
>>> index 0cdc309f2b..fcf19a328a 100644
>>> --- a/share/lua/http/requests/playlist_jstree.xml
>>> +++ b/share/lua/http/requests/playlist_jstree.xml
>>> @@ -1,4 +1,4 @@
>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc
>print'>'?>
>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>> <?vlc --[[
>>> vim:syntax=lua
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>- - - >
>>> diff --git a/share/lua/http/requests/status.xml
>b/share/lua/http/requests/status.xml
>>> index 2d76b6a556..fec2d9d383 100644
>>> --- a/share/lua/http/requests/status.xml
>>> +++ b/share/lua/http/requests/status.xml
>>> @@ -1,4 +1,4 @@
>>> -<?xml version="1.0" encoding="utf-8" standalone="yes"
>?<?vlcprint'>'?>
>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>> <?vlc --[[
>>> vim:syntax=lua
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>- - - >
>>> diff --git a/share/lua/http/requests/vlm.xml
>b/share/lua/http/requests/vlm.xml
>>> index ddb9f2b562..df34e7f6d3 100644
>>> --- a/share/lua/http/requests/vlm.xml
>>> +++ b/share/lua/http/requests/vlm.xml
>>> @@ -1,5 +1,5 @@
>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print
>'>'
>>> ---[[
>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>> +<?vlc --[[
>>> vim:syntax=lua
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>- - - >
>>> < vlm.xml: VLC media player web interface
>>> diff --git a/share/lua/http/requests/vlm_cmd.xml
>b/share/lua/http/requests/vlm_cmd.xml
>>> index 10a9a4a42b..fb6af4790a 100644
>>> --- a/share/lua/http/requests/vlm_cmd.xml
>>> +++ b/share/lua/http/requests/vlm_cmd.xml
>>> @@ -1,5 +1,5 @@
>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print
>'>'
>>> ---[[
>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>> +<?vlc --[[
>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>- - - >
>>> < vlm_cmd.xml: VLC media player web interface
>>> < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>- - - >
>>> diff --git a/share/lua/intf/http.lua b/share/lua/intf/http.lua
>>> index fc6d1a3156..04f60b091a 100644
>>> --- a/share/lua/intf/http.lua
>>> +++ b/share/lua/intf/http.lua
>>> @@ -73,11 +73,8 @@ function process_raw(filename)
>>> end
>>> str=string.rep("=",#str-1)
>>>
>>> - --[[ FIXME:
>>> - <?xml version="1.0" encoding="charset" standalone="yes" ?> is
>still a problem. The closing '?>' needs to be printed using '?<?vlc
>print ">" ?>' to prevent a parse error.
>>> - --]]
>>> - local code0 = string.gsub(input,escape(close_tag),"
>print(["..str.."[")
>>> - local code1 = string.gsub(code0,escape(open_tag),"]"..str.."])
>")
>>> + local code0 = string.gsub(input,escape(open_tag),"]"..str.."])
>")
>>> + local code1 = string.gsub(code0,"(%]"..str.."%]%)
>"..".-)("..escape(close_tag)..")","%1 print(["..str.."[")
>>> local code = "print(["..str.."["..code1.."]"..str.."])"
>>> --[[ Uncomment to debug
>>> if string.match(filename,"vlm_cmd.xml$") then
>>>
>>>
>> --
>> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez
>excuser ma
>> brièveté.
>> _______________________________________________
>> vlc-devel mailing list
>> To unsubscribe or modify your subscription options:
>> https://mailman.videolan.org/listinfo/vlc-devel
--
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20190724/2fa97bd9/attachment.html>
More information about the vlc-devel
mailing list