wsd/LOOLWSD.cpp | 31 ++++++++++++++++++++++++------- wsd/Storage.cpp | 12 ++++++++++++ wsd/reference.txt | 7 ++++--- 3 files changed, 40 insertions(+), 10 deletions(-)
New commits: commit d3a079520e531ee55ce6243e80b5a4fd400092c2 Author: Jan Holesovsky <[email protected]> Date: Wed Aug 2 18:55:43 2017 +0200 [API CHANGE] Changed how the params are passed to convert-to. No need for the 'fromat=' parameter any more; use like: curl -F "[email protected]" https://localhost:9980/lool/convert-to/pdf Change-Id: Ic3080f821c752982f4d22b5e8043b36e6a39fff2 Reviewed-on: https://gerrit.libreoffice.org/40693 Reviewed-by: Michael Meeks <[email protected]> Tested-by: Michael Meeks <[email protected]> diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index 074dc643..00eb3248 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -442,9 +442,14 @@ std::shared_ptr<ChildProcess> getNewChild_Blocks() class ConvertToPartHandler : public PartHandler { std::string& _filename; + + /// Is it really a convert-to, ie. use an especially formed path? + bool _convertTo; + public: - ConvertToPartHandler(std::string& filename) + ConvertToPartHandler(std::string& filename, bool convertTo = false) : _filename(filename) + , _convertTo(convertTo) { } @@ -462,7 +467,8 @@ public: if (!params.has("filename")) return; - Path tempPath = Path::forDirectory(Poco::TemporaryFile::tempName() + "/"); + Path tempPath = _convertTo? Path::forDirectory(Poco::TemporaryFile::tempName("/tmp/convert-to") + "/") : + Path::forDirectory(Poco::TemporaryFile::tempName() + "/"); File(tempPath).createDirectories(); // Prevent user inputting anything funny here. // A "filename" should always be a filename, not a path @@ -1723,9 +1729,18 @@ private: } catch (const std::exception& exc) { - // TODO: Send back failure. + // Bad request. + std::ostringstream oss; + oss << "HTTP/1.1 400\r\n" + << "Date: " << Poco::DateTimeFormatter::format(Poco::Timestamp(), Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n" + << "User-Agent: LOOLWSD WOPI Agent\r\n" + << "Content-Length: 0\r\n" + << "\r\n"; + socket->send(oss.str()); + socket->shutdown(); + // NOTE: Check _wsState to choose between HTTP response or WebSocket (app-level) error. - LOG_ERR("#" << socket->getFD() << " Exception while processing incoming request: [" << + LOG_INF("#" << socket->getFD() << " Exception while processing incoming request: [" << LOOLProtocol::getAbbreviatedMessage(in) << "]: " << exc.what()); } @@ -1851,12 +1866,14 @@ private: auto socket = _socket.lock(); StringTokenizer tokens(request.getURI(), "/?"); - if (tokens.count() >= 3 && tokens[2] == "convert-to") + if (tokens.count() >= 4 && tokens[2] == "convert-to") { std::string fromPath; - ConvertToPartHandler handler(fromPath); + ConvertToPartHandler handler(fromPath, /*convertTo =*/ true); HTMLForm form(request, message, handler); - const std::string format = (form.has("format") ? form.get("format") : ""); + + // extract the target format from the URI + const std::string format = tokens[3]; bool sent = false; if (!fromPath.empty()) diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp index 6df6744a..aac3b1d1 100644 --- a/wsd/Storage.cpp +++ b/wsd/Storage.cpp @@ -195,6 +195,18 @@ std::unique_ptr<StorageBase> StorageBase::create(const Poco::URI& uri, const std { return std::unique_ptr<StorageBase>(new LocalStorage(uri, jailRoot, jailPath)); } + else + { + std::vector<std::string> pathSegments; + Poco::URI(uri).getPathSegments(pathSegments); + + // guard against attempts to escape + if (pathSegments.size() == 4 && pathSegments[0] == "tmp" && pathSegments[1] == "convert-to" && pathSegments[2] != ".." && pathSegments[3] != "..") + { + LOG_INF("Public URI [" << uri.toString() << "] is actually a convert-to tempfile."); + return std::unique_ptr<StorageBase>(new LocalStorage(uri, jailRoot, jailPath)); + } + } LOG_ERR("Local Storage is disabled by default. Enable in the config file or on the command-line to enable."); } diff --git a/wsd/reference.txt b/wsd/reference.txt index 5c706621..6f35c5cb 100644 --- a/wsd/reference.txt +++ b/wsd/reference.txt @@ -2,9 +2,10 @@ LibreOffice Online API ======================= Document conversion: - - API: HTTP POST to /lool/convert-to - - parameters: format=<format> (see e.g. "png", "pdf" or "txt"), and the file itself in the payload - - example: curl -F "[email protected]" -F "format=pdf" https://localhost:9980/lool/convert-to + - API: HTTP POST to /lool/convert-to/<format> + - the format is e.g. "png", "pdf" or "txt" + - the file itself in the payload + - example: curl -F "[email protected]" https://localhost:9980/lool/convert-to/pdf WOPI Extensions =============== _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
