Mirror/Crow
1
0
Fork 0
mirror of https://github.com/CrowCpp/Crow.git synced 2024-06-07 21:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into local-middleware

Browse Source
This commit is contained in:
Farook Al-Sammarraie 2022-02-14 22:17:19 +03:00 committed by GitHub
commit 1c98bbb860
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 41 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/crow/http_response.h
View File

@ -223,10 +223,16 @@ namespace crow
int statResult;
};
///Return a static file as the response body
/// Return a static file as the response body
void set_static_file_info(std::string path)
{
utility::sanitize_filename(path);
set_static_file_info_unsafe(path);
}
/// Return a static file as the response body without sanitizing the path (use set_static_file_info instead)
void set_static_file_info_unsafe(std::string path)
{
file_info.path = path;
file_info.statResult = stat(file_info.path.c_str(), &file_info.statbuf);
#ifdef CROW_ENABLE_COMPRESSION
@ -252,6 +258,7 @@ namespace crow
else
{
code = 404;
file_info.path.clear();
this->end();
}
}

8
include/crow/json.h
View File

@ -16,9 +16,11 @@
#include <boost/algorithm/string/predicate.hpp>
#include <boost/operators.hpp>
#include <vector>
#include <math.h>
#include "crow/settings.h"
#include "crow/returnable.h"
#include "crow/logging.h"
#if defined(__GNUG__) || defined(__clang__)
#define crow_json_likely(x) __builtin_expect(x, 1)
@ -1772,6 +1774,12 @@ namespace crow
{
if (v.nt == num_type::Floating_point)
{
if (isnan(v.num.d) || isinf(v.num.d))
{
out += "null";
CROW_LOG_WARNING << "Invalid JSON value detected (" << v.num.d << "), value set to null";
break;
}
#ifdef _MSC_VER
#define MSC_COMPATIBLE_SPRINTF(BUFFER_PTR, FORMAT_PTR, VALUE) sprintf_s((BUFFER_PTR), 128, (FORMAT_PTR), (VALUE))
#else

16
include/crow/mustache.h
View File

@ -146,8 +146,8 @@ namespace crow
case '"': out += "&quot;"; break;
case '\'': out += "&#39;"; break;
case '/': out += "&#x2F;"; break;
case '`': out += "&#x60"; break;
case '=': out += "&#x3D"; break;
case '`': out += "&#x60;"; break;
case '=': out += "&#x3D;"; break;
default: out += *it; break;
}
}
@ -631,6 +631,13 @@ namespace crow
}
inline std::string load_text(const std::string& filename)
{
std::string filename_sanitized(filename);
utility::sanitize_filename(filename_sanitized);
return detail::get_loader_ref()(filename_sanitized);
}
inline std::string load_text_unsafe(const std::string& filename)
{
return detail::get_loader_ref()(filename);
}
@ -641,5 +648,10 @@ namespace crow
utility::sanitize_filename(filename_sanitized);
return compile(detail::get_loader_ref()(filename_sanitized));
}
inline template_t load_unsafe(const std::string& filename)
{
return compile(detail::get_loader_ref()(filename));
}
} // namespace mustache
} // namespace crow

10
include/crow/utility.h
View File

@ -728,7 +728,15 @@ namespace crow
}
else if ((c == '/') || (c == '\\'))
{
checkForSpecialEntries = true;
//TODO(EDev): uncomment below once #332 is merged
if (/*CROW_UNLIKELY(*/ i == 0 /*)*/) //Prevent Unix Absolute Paths (Windows Absolute Paths are prevented with `(c == ':')`)
{
data[i] = replacement;
}
else
{
checkForSpecialEntries = true;
}
}
}
}

1
tests/unittest.cpp
View File

@ -2541,6 +2541,7 @@ TEST_CASE("sanitize_filename")
CHECK(sanitize_filename("abc/COM9") == "abc/_");
CHECK(sanitize_filename("abc/COM") == "abc/COM");
CHECK(sanitize_filename("abc/CON") == "abc/_");
CHECK(sanitize_filename("/abc/") == "_abc/");
}
TEST_CASE("get_port")

2
vcpkg.json
View File

@ -31,7 +31,7 @@
"version>=": "1.70.0"
},
{
"name": "openssl-windows"
"name": "openssl"
},
{
"name": "zlib"