[vlc-devel] [PATCH] http.lua: Fix parsing problem.
Александр Ковернинский
a.koverninsky at gmail.com
Wed Jul 24 08:22:03 CEST 2019
Hi,
1. I olny changed process_raw(). It called only from process()
2. process() called only from file().
3. load_dir() checks mime type (on the line 310). Only for mime types
"text/*" calls file(). load_dir() is main function for manipulating local
content.
ср, 24 июл. 2019 г. в 08:54, Rémi Denis-Courmont <remi at remlab.net>:
> Hi,
>
> Ok. But what if a binary file, e.g. a picture, contains the magic
> sequence? I don't think we can rely on escaping, that's my point.
>
> Le 23 juillet 2019 13:42:41 GMT+03:00, "Александр Ковернинский" <
> a.koverninsky at gmail.com> a écrit :
>>
>> This "was not" a problem, because the page content (e.g. js-scripts
>> containing '?>') can be downloaded from the Internet.
>>
>> share/lua/http/index.html :
>>
>> <script type = "text / javascript" src = "
>> http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"> </
>> script>
>> <script type = "text / javascript" src = "
>> http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js">
>> </ script>
>> <script type = "text / javascript" src = "js / jquery.jstree.js"> </
>> script>
>>
>> We encountered this problem in the place where the Internet was missing.
>>
>> вт, 23 июл. 2019 г. в 11:48, Rémi Denis-Courmont <remi at remlab.net>:
>>
>>> Hi,
>>>
>>> How was this not a problem so far?
>>>
>>> IMO, the HTTP server-side parser should leave file content as is by
>>> default, with only .lua or whatever getting parsed, and the .lua dropped
>>> from the URL.
>>>
>>> Otherwise dropping asset files will never work properly.
>>>
>>> Le 15 juillet 2019 16:25:53 GMT+03:00, Alexandr Koverninsky <
>>> a.koverninsky at gmail.com> a écrit :
>>>>
>>>> The closing '?>' needs to be printed using '?<?vlc print ">" ?>' to prevent a parse error.
>>>> ------------------------------
>>>> share/lua/http/js/jquery.jstree.js | 4 ++--
>>>> share/lua/http/requests/browse.xml | 2 +-
>>>> share/lua/http/requests/playlist.xml | 2 +-
>>>> share/lua/http/requests/playlist_jstree.xml | 2 +-
>>>> share/lua/http/requests/status.xml | 2 +-
>>>> share/lua/http/requests/vlm.xml | 4 ++--
>>>> share/lua/http/requests/vlm_cmd.xml | 4 ++--
>>>> share/lua/intf/http.lua | 7 ++-----
>>>> 8 files changed, 12 insertions(+), 15 deletions(-)
>>>>
>>>> diff --git a/share/lua/http/js/jquery.jstree.js b/share/lua/http/js/jquery.jstree.js
>>>> index 59e49296d7..a47e949c65 100644
>>>> --- a/share/lua/http/js/jquery.jstree.js
>>>> +++ b/share/lua/http/js/jquery.jstree.js
>>>> @@ -3027,7 +3027,7 @@
>>>> return false;
>>>> };
>>>> var xsl = {
>>>> - 'nest' : '<' + '?xml version="1.0" encoding="utf-8" ?<?vlc print '>'?>' +
>>>> + 'nest' : '<' + '?xml version="1.0" encoding="utf-8" ?>' +
>>>> '<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >' +
>>>> '<xsl:output method="html" encoding="utf-8" omit-xml-declaration="yes" standalone="no" indent="no" media-type="text/html" />' +
>>>> '<xsl:template match="/">' +
>>>> @@ -3088,7 +3088,7 @@
>>>> '</xsl:template>' +
>>>> '</xsl:stylesheet>',
>>>>
>>>> - 'flat' : '<' + '?xml version="1.0" encoding="utf-8" ?<?vlc print '>'?>' +
>>>> + 'flat' : '<' + '?xml version="1.0" encoding="utf-8" ?>' +
>>>> '<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >' +
>>>> '<xsl:output method="html" encoding="utf-8" omit-xml-declaration="yes" standalone="no" indent="no" media-type="text/xml" />' +
>>>> '<xsl:template match="/">' +
>>>> diff --git a/share/lua/http/requests/browse.xml b/share/lua/http/requests/browse.xml
>>>> index 0afff8f090..59ac5c3c34 100644
>>>> --- a/share/lua/http/requests/browse.xml
>>>> +++ b/share/lua/http/requests/browse.xml
>>>> @@ -1,4 +1,4 @@
>>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print'>'?>
>>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>>> <?vlc --[[
>>>> vim:syntax=lua
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
>>>> diff --git a/share/lua/http/requests/playlist.xml b/share/lua/http/requests/playlist.xml
>>>> index 8b8930b657..7cbcd75baa 100644
>>>> --- a/share/lua/http/requests/playlist.xml
>>>> +++ b/share/lua/http/requests/playlist.xml
>>>> @@ -1,4 +1,4 @@
>>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print'>'?>
>>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>>> <?vlc --[[
>>>> vim:syntax=lua
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
>>>> diff --git a/share/lua/http/requests/playlist_jstree.xml b/share/lua/http/requests/playlist_jstree.xml
>>>> index 0cdc309f2b..fcf19a328a 100644
>>>> --- a/share/lua/http/requests/playlist_jstree.xml
>>>> +++ b/share/lua/http/requests/playlist_jstree.xml
>>>> @@ -1,4 +1,4 @@
>>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print'>'?>
>>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>>> <?vlc --[[
>>>> vim:syntax=lua
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
>>>> diff --git a/share/lua/http/requests/status.xml b/share/lua/http/requests/status.xml
>>>> index 2d76b6a556..fec2d9d383 100644
>>>> --- a/share/lua/http/requests/status.xml
>>>> +++ b/share/lua/http/requests/status.xml
>>>> @@ -1,4 +1,4 @@
>>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlcprint'>'?>
>>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>>> <?vlc --[[
>>>> vim:syntax=lua
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
>>>> diff --git a/share/lua/http/requests/vlm.xml b/share/lua/http/requests/vlm.xml
>>>> index ddb9f2b562..df34e7f6d3 100644
>>>> --- a/share/lua/http/requests/vlm.xml
>>>> +++ b/share/lua/http/requests/vlm.xml
>>>> @@ -1,5 +1,5 @@
>>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print '>'
>>>> ---[[
>>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>>> +<?vlc --[[
>>>> vim:syntax=lua
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
>>>> < vlm.xml: VLC media player web interface
>>>> diff --git a/share/lua/http/requests/vlm_cmd.xml b/share/lua/http/requests/vlm_cmd.xml
>>>> index 10a9a4a42b..fb6af4790a 100644
>>>> --- a/share/lua/http/requests/vlm_cmd.xml
>>>> +++ b/share/lua/http/requests/vlm_cmd.xml
>>>> @@ -1,5 +1,5 @@
>>>> -<?xml version="1.0" encoding="utf-8" standalone="yes" ?<?vlc print '>'
>>>> ---[[
>>>> +<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
>>>> +<?vlc --[[
>>>> <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
>>>> < vlm_cmd.xml: VLC media player web interface
>>>> < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >
>>>> diff --git a/share/lua/intf/http.lua b/share/lua/intf/http.lua
>>>> index fc6d1a3156..04f60b091a 100644
>>>> --- a/share/lua/intf/http.lua
>>>> +++ b/share/lua/intf/http.lua
>>>> @@ -73,11 +73,8 @@ function process_raw(filename)
>>>> end
>>>> str=string.rep("=",#str-1)
>>>>
>>>> - --[[ FIXME:
>>>> - <?xml version="1.0" encoding="charset" standalone="yes" ?> is still a problem. The closing '?>' needs to be printed using '?<?vlc print ">" ?>' to prevent a parse error.
>>>> - --]]
>>>> - local code0 = string.gsub(input,escape(close_tag)," print(["..str.."[")
>>>> - local code1 = string.gsub(code0,escape(open_tag),"]"..str.."]) ")
>>>> + local code0 = string.gsub(input,escape(open_tag),"]"..str.."]) ")
>>>> + local code1 = string.gsub(code0,"(%]"..str.."%]%) "..".-)("..escape(close_tag)..")","%1 print(["..str.."[")
>>>> local code = "print(["..str.."["..code1.."]"..str.."])"
>>>> --[[ Uncomment to debug
>>>> if string.match(filename,"vlm_cmd.xml$") then
>>>>
>>>>
>>> --
>>> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser
>>> ma brièveté.
>>> _______________________________________________
>>> vlc-devel mailing list
>>> To unsubscribe or modify your subscription options:
>>> https://mailman.videolan.org/listinfo/vlc-devel
>>
>>
> --
> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma
> brièveté.
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20190724/675fafeb/attachment.html>
More information about the vlc-devel
mailing list