Change insertfile URI to include doc key in it
From /lool/insertfile to /lool/<docUrl>/insertfile Change-Id: I63864673bc1d92a737a95b484c2f440cb5ce6605
This commit is contained in:
parent
12dee85ef8
commit
8c61ee3c94
2 changed files with 17 additions and 2 deletions
|
@ -14,7 +14,8 @@ L.Map.FileInserter = L.Handler.extend({
|
|||
this._toInsert = {};
|
||||
var parser = document.createElement('a');
|
||||
parser.href = map.options.server;
|
||||
this._url = map.options.webserver + '/' + map.options.urlPrefix + '/insertfile';
|
||||
this._url = map.options.webserver + '/' + map.options.urlPrefix +
|
||||
'/' + encodeURIComponent(map.options.doc) + '/insertfile';
|
||||
},
|
||||
|
||||
addHooks: function () {
|
||||
|
|
|
@ -472,7 +472,7 @@ private:
|
|||
|
||||
return true;
|
||||
}
|
||||
else if (tokens.count() >= 3 && tokens[2] == "insertfile")
|
||||
else if (tokens.count() >= 4 && tokens[3] == "insertfile")
|
||||
{
|
||||
Log::info("Insert file request.");
|
||||
response.set("Access-Control-Allow-Origin", "*");
|
||||
|
@ -488,6 +488,20 @@ private:
|
|||
const std::string formChildid(form.get("childid"));
|
||||
const std::string formName(form.get("name"));
|
||||
|
||||
// Validate the docKey
|
||||
std::unique_lock<std::mutex> docBrokersLock(docBrokersMutex);
|
||||
std::string decodedUri;
|
||||
URI::decode(tokens[2], decodedUri);
|
||||
const auto docKey = DocumentBroker::getDocKey(DocumentBroker::sanitizeURI(decodedUri));
|
||||
auto docBrokerIt = docBrokers.find(docKey);
|
||||
|
||||
// Maybe just free the client from sending childid in form ?
|
||||
if (docBrokerIt == docBrokers.end() || docBrokerIt->second->getJailId() != formChildid)
|
||||
{
|
||||
throw BadRequestException("DocKey [" + docKey + "] or childid [" + formChildid + "] is invalid.");
|
||||
}
|
||||
docBrokersLock.unlock();
|
||||
|
||||
// protect against attempts to inject something funny here
|
||||
if (formChildid.find('/') == std::string::npos && formName.find('/') == std::string::npos)
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue