svrjs/redbrick
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions

Improved support for executing CGI outside cgi-bin directory

Browse source
This commit is contained in:
Dorian Niemiec 2023-11-23 04:23:46 +01:00
parent b40e9ad55a
commit 1851adc375
1 changed files with 9 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
index.js
View file

@ -336,7 +336,7 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
} }
var isCgiBin = href.match(new RegExp("/cgi-bin(?:$|[?#/])", os.platform() == "win32" ? "i" : "")); var isCgiBin = href.match(new RegExp("/cgi-bin(?:$|[?#/])", os.platform() == "win32" ? "i" : ""));
var isScriptExt = scriptExts.indexOf(ext) != -1; var isScriptExt = scriptExts.indexOf("." + ext) != -1;
if ((href == "/redbrick-interpreters.json" || href == "/redbrick-scriptexts.json" || (os.platform() == "win32" && (href.toLowerCase() == "/redbrick-interpreters.json" || href.toLowerCase() == "/redbrick-scriptexts.json"))) && path.normalize(__dirname + "/../../..") == process.cwd()) { if ((href == "/redbrick-interpreters.json" || href == "/redbrick-scriptexts.json" || (os.platform() == "win32" && (href.toLowerCase() == "/redbrick-interpreters.json" || href.toLowerCase() == "/redbrick-scriptexts.json"))) && path.normalize(__dirname + "/../../..") == process.cwd()) {
if (!callServerError) { if (!callServerError) {
@ -588,7 +588,7 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
function checkPath(pth, cb, a) { function checkPath(pth, cb, a) {
// Function to check the path of the file and execute CGI script // Function to check the path of the file and execute CGI script
var cpth = pth.split("/"); var cpth = pth.split("/");
if (cpth.length < 3) { if (cpth.length < (isCgiBin ? 3 : 2)) {
cb(false); cb(false);
return; return;
} }
@ -602,26 +602,8 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
rpth: (a !== undefined ? "/" + a : "") rpth: (a !== undefined ? "/" + a : "")
}) })
} else { } else {
fs.stat(pth + "/index.php", function (e2, s2) { b.unshift(cpth.pop());
if (!e2 && s2.isFile()) { return checkPath(cpth.join("/"), cb, b.join("/"));
cb({
fpth: (pth + "/index.php").replace(/\/+/g, "/"),
rpth: (a !== undefined ? "/" + a : "")
})
} else {
fs.stat(pth + "/index.cgi", function (e3, s3) {
if (!e3 && s3.isFile()) {
cb({
fpth: (pth + "/index.cgi").replace(/\/+/g, "/"),
rpth: (a !== undefined ? "/" + a : "")
})
} else {
b.unshift(cpth.pop());
return checkPath(cpth.join("/"), cb, b.join("/"));
}
});
}
});
} }
}); });
} }
@ -629,6 +611,8 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
if (!pathp) { if (!pathp) {
elseCallback(); elseCallback();
} else { } else {
var newext = path.extname(pathp.fpth);
if(isCgiBin || scriptExts.indexOf(newext) != -1) {
try { try {
executeCGIWithEnv( executeCGIWithEnv(
pathp.fpth.substr(1), pathp.fpth.substr(1),
@ -676,6 +660,9 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
callServerError(500, "RedBrick/" + version, ex); callServerError(500, "RedBrick/" + version, ex);
} }
} }
} else {
elseCallback();
}
} }
}); });
} else if (err && err.code == "ENOENT") { } else if (err && err.code == "ENOENT") {