From f2f8fe25f7cc81e99c6187fc83f722c7477ef341 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 11 Nov 2015 22:51:40 +0100 Subject: [PATCH] mod_http_upload: Log message if URL looks wrong Log an [info] message if a PUT request looks like the specified "put_url" contains a path component that doesn't match the "request_handlers" path, as in the following configuration: listen: - module: ejabberd_http port: 5444 request_handlers: "/": mod_http_upload modules: mod_http_upload: put_url: "http://example.com/path/" --- mod_http_upload/src/mod_http_upload.erl | 27 ++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/mod_http_upload/src/mod_http_upload.erl b/mod_http_upload/src/mod_http_upload.erl index 2d252b9..1d1e180 100644 --- a/mod_http_upload/src/mod_http_upload.erl +++ b/mod_http_upload/src/mod_http_upload.erl @@ -375,16 +375,16 @@ code_change(_OldVsn, #state{server_host = ServerHost} = State, _Extra) -> -spec process([binary()], #request{}) -> {pos_integer(), [{binary(), binary()}], binary()}. -process(LocalPath, #request{method = 'PUT', host = Host, ip = IP, - data = Data}) -> +process([_UserDir, _RandDir, _FileName] = Slot, + #request{method = 'PUT', host = Host, ip = IP, data = Data}) -> Proc = gen_mod:get_module_proc(Host, ?PROCNAME), - case catch gen_server:call(Proc, {use_slot, LocalPath}) of + case catch gen_server:call(Proc, {use_slot, Slot}) of {ok, Size, Path, FileMode, DirMode, GetPrefix, Thumbnail} when byte_size(Data) == Size -> ?DEBUG("Storing file from ~s for ~s: ~s", [?ADDR_TO_STR(IP), Host, Path]), case store_file(Path, Data, FileMode, DirMode, - GetPrefix, LocalPath, Thumbnail) of + GetPrefix, Slot, Thumbnail) of ok -> http_response(Host, 201); {ok, Headers, OutData} -> @@ -407,17 +407,17 @@ process(LocalPath, #request{method = 'PUT', host = Host, ip = IP, [?ADDR_TO_STR(IP), Host, Error]), http_response(Host, 500) end; -process(LocalPath, #request{method = Method, host = Host, ip = IP}) +process([_UserDir, _RandDir, FileName] = Slot, + #request{method = Method, host = Host, ip = IP}) when Method == 'GET'; Method == 'HEAD' -> Proc = gen_mod:get_module_proc(Host, ?PROCNAME), case catch gen_server:call(Proc, get_docroot) of {ok, DocRoot} -> - Path = str:join([DocRoot | LocalPath], <<$/>>), + Path = str:join([DocRoot | Slot], <<$/>>), case file:read_file(Path) of {ok, Data} -> ?INFO_MSG("Serving ~s to ~s", [Path, ?ADDR_TO_STR(IP)]), - FileName = lists:last(LocalPath), ContentType = guess_content_type(FileName), Headers1 = case ContentType of <<"image/", _SubType/binary>> -> []; @@ -451,6 +451,19 @@ process(LocalPath, #request{method = Method, host = Host, ip = IP}) [Method, ?ADDR_TO_STR(IP), Host, Error]), http_response(Host, 500) end; +process(LocalPath, #request{method = 'PUT', host = Host, ip = IP}) + when length(LocalPath) > 3 -> + ?INFO_MSG("Rejecting PUT request from ~s for ~s: Too many path components", + [?ADDR_TO_STR(IP), Host]), + ?INFO_MSG("Check whether 'request_handlers' path matches 'put_url'", []), + http_response(Host, 404); +process(_LocalPath, #request{method = Method, host = Host, ip = IP}) + when Method == 'PUT'; + Method == 'GET'; + Method == 'HEAD' -> + ?DEBUG("Rejecting ~s request from ~s for ~s: Too few/many path components", + [Method, ?ADDR_TO_STR(IP), Host]), + http_response(Host, 404); process(_LocalPath, #request{method = 'OPTIONS', host = Host, ip = IP}) -> ?DEBUG("Responding to OPTIONS request from ~s for ~s", [?ADDR_TO_STR(IP), Host]),