diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2011-10-10 20:46:14 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2011-10-10 20:46:14 +0000 |
| commit | 933d3b99ff2dbc9da92f7e6327b9e4c58c33df79 (patch) | |
| tree | 43bae011c8a516f752b5319a4a7e95b6f6385c02 /cgi-bin | |
| parent | 1d895ace660869053830ed33302e0708efb6065e (diff) | |
| download | acf-provisioning-933d3b99ff2dbc9da92f7e6327b9e4c58c33df79.tar.bz2 acf-provisioning-933d3b99ff2dbc9da92f7e6327b9e4c58c33df79.tar.xz | |
Changes to implement PUT
Diffstat (limited to 'cgi-bin')
| -rwxr-xr-x | cgi-bin/provisioning.cgi | 84 |
1 files changed, 49 insertions, 35 deletions
diff --git a/cgi-bin/provisioning.cgi b/cgi-bin/provisioning.cgi index bf7a6a2..ee12e22 100755 --- a/cgi-bin/provisioning.cgi +++ b/cgi-bin/provisioning.cgi @@ -106,15 +106,6 @@ if ( request_method == "GET" ) then local func = haserl.loadfile(data.value.values.value.device.template) func(data.value.values.value) else - if data.errtxt then - APP.logevent("data.errtxt") - elseif not data.value.values then - APP.logevent("not data.value.values") - elseif not data.value.values.value.device then - APP.logevent("not data.value.values.value.device") - elseif not data.value.values.value.device.template then - APP.logevent("not data.value.values.value.device.template") - end http_code(404) end end @@ -130,36 +121,59 @@ if ( request_method == "GET" ) then ENV.PATH_INFO = pathinfo elseif ( request_method == "PUT" ) then local data = io.stdin:read("*all") + local success = true - log:write("Checking PROV Table for results\n") - -- Load the ACF mvc - local PATH = package.path - package.path = "/usr/share/acf/www/cgi-bin/?.lua;" .. package.path - require("mvc") - package.path = PATH - -- We'll use the cli controller, but change the view resolver to report HTTP code - local pathinfo = ENV.PATH_INFO - FRAMEWORK=mvc:new() - FRAMEWORK:read_config("acf") - APP=FRAMEWORK:new("acf_cli") - APP.view_resolver = function(self) - return function (data) - if data.errtxt then - http_code(400) - else - http_code(200) + -- Protect against writing to arbitrary paths + if string.match(path_info, "%.%.") then + http_code(403) + log:close() + os.exit() + end + + -- Don't bother for .log files + if not string.match(path_info, "%.log$") then + log:write("Checking PROV Table for results\n") + -- Load the ACF mvc + local PATH = package.path + package.path = "/usr/share/acf/www/cgi-bin/?.lua;" .. package.path + require("mvc") + package.path = PATH + -- We'll use the cli controller, but change the view resolver to report HTTP code + local pathinfo = ENV.PATH_INFO + FRAMEWORK=mvc:new() + FRAMEWORK:read_config("acf") + APP=FRAMEWORK:new("acf_cli") + APP.view_resolver = function(self) + return function (output) + if output.errtxt then + success = false + http_code(400) + else + data = output.value + end end end - end - -- Set up the action and parameters - ENV.PATH_INFO = "/provisioning/provisioning/putfile" - APP.clientdata = {file=path_info, root=root, data=data, ip=ip_address, agent=user_agent} - -- Dispatch the command - APP:dispatch() - APP:destroy() - FRAMEWORK:destroy() + -- Set up the action and parameters + ENV.PATH_INFO = "/provisioning/provisioning/putfile" + APP.clientdata = {mac=mac, data=data} + -- Dispatch the command + APP:dispatch() + APP:destroy() + FRAMEWORK:destroy() - ENV.PATH_INFO = pathinfo + ENV.PATH_INFO = pathinfo + end + if success then + local path = root..path_info + log:write("Writing to "..path.."\n") + posix.mkdir(posix.dirname(path)) + local f = io.open(path, "w+") + f:write(data) + f:close() + http_code(200) + else + http_code(400) + end end log:close() %> |