flewkey/cuberite-2a
1
0
Fork 0
Code Releases Activity

Fixed webadmin for the fixed stringsplitting

Browse Source 
git-svn-id: http://mc-server.googlecode.com/svn/trunk@559 0a769ca7-a7f5-676a-18bf-c427514a06d6
This commit is contained in:
madmaxoft@gmail.com 2012-06-05 16:03:50 +00:00
parent d832996e19
commit fe89194248
1 changed files with 163 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
source/cWebAdmin.cpp
View File

@ -100,30 +100,47 @@ void cWebAdmin::Request_Handler(webserver::http_request* r)
if( WebAdmin == 0 ) return;
LOG("Path: %s", r->path_.c_str() );
AStringVector Split = StringSplit( r->path_, "/" );
if(r->path_ == "/")
if (r->path_ == "/")
{
r->answer_ += "<h1>MCServer WebAdmin</h1>";
r->answer_ += "<center>";
r->answer_ += "MCServer WebAdmin";
r->answer_ += "<br>";
r->answer_ += "<form method='get' action='webadmin/'>";
r->answer_ += "<input type='submit' value='Log in'>";
r->answer_ += "</form>";
r->answer_ += "</center>";
return;
}
else if( Split.size() > 0 && Split[0] == "webadmin" )
if (r->path_.empty() || r->path_[0] != '/')
{
if( r->authentication_given_ )
r->answer_ += "<h1>Bad request</h1>";
r->answer_ += "<p>";
r->answer_ = r->path_; // TODO: Shouldn't we sanitize this? Possible security issue.
r->answer_ += "</p>";
return;
}
AStringVector Split = StringSplit(r->path_.substr(1), "/");
if (Split.empty() || (Split[0] != "webadmin"))
{
r->answer_ += "<h1>Bad request</h1>";
return;
}
if (!r->authentication_given_)
{
r->answer_ += "no auth";
r->auth_realm_ = "MCServer WebAdmin";
}
std::string UserPassword = WebAdmin->m_IniFile->GetValue( "User:"+r->username_, "Password", "");
if (UserPassword != "" && r->password_ == UserPassword)
if ((UserPassword != "") && (r->password_ == UserPassword))
{
std::string BaseURL = "./";
if( Split.size() > 1 )
if (Split.size() > 1)
{
for( unsigned int i = 0; i < Split.size(); i++)
for (unsigned int i = 0; i < Split.size(); i++)
{
BaseURL += "../";
}
@ -135,7 +152,7 @@ void cWebAdmin::Request_Handler(webserver::http_request* r)
std::string Template = WebAdmin->GetTemplate();
std::string FoundPlugin;
for( PluginList::iterator itr = WebAdmin->m_Plugins.begin(); itr != WebAdmin->m_Plugins.end(); ++itr )
for (PluginList::iterator itr = WebAdmin->m_Plugins.begin(); itr != WebAdmin->m_Plugins.end(); ++itr)
{
cWebPlugin* WebPlugin = *itr;
cWebPlugin_Lua* LuaPlugin = dynamic_cast< cWebPlugin_Lua* >( WebPlugin );
@ -158,7 +175,7 @@ void cWebAdmin::Request_Handler(webserver::http_request* r)
Request.Method = r->method_;
Request.Params = r->params_;
Request.PostParams = r->params_post_;
Request.Path = r->path_;
Request.Path = r->path_.substr(1);
for( unsigned int i = 0; i < r->multipart_formdata_.size(); ++i )
{
@ -268,13 +285,6 @@ void cWebAdmin::Request_Handler(webserver::http_request* r)
r->answer_ += "Wrong username/password";
r->auth_realm_ = "MCServer WebAdmin";
}
}
else
{
r->answer_ += "no auth";
r->auth_realm_ = "MCServer WebAdmin";
}
}
}