wsd/ClientSession.cpp | 8 +++++++- wsd/LOOLWSD.cpp | 9 ++++++--- wsd/Storage.cpp | 13 ++++++++----- 3 files changed, 21 insertions(+), 9 deletions(-)
New commits: commit 126e696d1fa4d9ef3870140dbe480172fbdf6aae Author: Jan Holesovsky <ke...@collabora.com> Date: Wed Aug 2 23:18:28 2017 +0200 [revert API CHANGE] Actually the "format" is useful for the web forms... Change-Id: I23b053240855888dc09b531f92e0a4fbbed69329 Reviewed-on: https://gerrit.libreoffice.org/40695 Reviewed-by: pranavk <pran...@collabora.co.uk> Tested-by: pranavk <pran...@collabora.co.uk> diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp index 64e7ea94..61509277 100644 --- a/wsd/ClientSession.cpp +++ b/wsd/ClientSession.cpp @@ -636,7 +636,13 @@ bool ClientSession::handleKitToClientMessage(const char* buffer, const int lengt std::string encodedFilePath; Poco::URI::encode(resultURL.getPath(), "", encodedFilePath); LOG_TRC("Sending file: " << encodedFilePath); - HttpHelper::sendFile(_saveAsSocket, encodedFilePath, mimeType); + + const std::string fileName = Poco::Path(resultURL.getPath()).getFileName(); + Poco::Net::HTTPResponse response; + if (!fileName.empty()) + response.set("Content-Disposition", "attachment; filename=\"" + fileName + "\""); + + HttpHelper::sendFile(_saveAsSocket, encodedFilePath, mimeType, response); } // Conversion is done, cleanup this fake session. diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index 00eb3248..92c99154 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -1866,14 +1866,17 @@ private: auto socket = _socket.lock(); StringTokenizer tokens(request.getURI(), "/?"); - if (tokens.count() >= 4 && tokens[2] == "convert-to") + if (tokens.count() > 2 && tokens[2] == "convert-to") { std::string fromPath; ConvertToPartHandler handler(fromPath, /*convertTo =*/ true); HTMLForm form(request, message, handler); - // extract the target format from the URI - const std::string format = tokens[3]; + std::string format = (form.has("format") ? form.get("format") : ""); + + // prefer what is in the URI + if (tokens.count() > 3) + format = tokens[3]; bool sent = false; if (!fromPath.empty()) diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp index aac3b1d1..e57d0684 100644 --- a/wsd/Storage.cpp +++ b/wsd/Storage.cpp @@ -197,14 +197,17 @@ std::unique_ptr<StorageBase> StorageBase::create(const Poco::URI& uri, const std } else { + // guard against attempts to escape + Poco::URI normalizedUri(uri); + normalizedUri.normalize(); + std::vector<std::string> pathSegments; - Poco::URI(uri).getPathSegments(pathSegments); + normalizedUri.getPathSegments(pathSegments); - // guard against attempts to escape - if (pathSegments.size() == 4 && pathSegments[0] == "tmp" && pathSegments[1] == "convert-to" && pathSegments[2] != ".." && pathSegments[3] != "..") + if (pathSegments.size() == 4 && pathSegments[0] == "tmp" && pathSegments[1] == "convert-to") { - LOG_INF("Public URI [" << uri.toString() << "] is actually a convert-to tempfile."); - return std::unique_ptr<StorageBase>(new LocalStorage(uri, jailRoot, jailPath)); + LOG_INF("Public URI [" << normalizedUri.toString() << "] is actually a convert-to tempfile."); + return std::unique_ptr<StorageBase>(new LocalStorage(normalizedUri, jailRoot, jailPath)); } } _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits