From 7375c26f0b0c5ce337bc0feac0b44fbecb4c95e0 Mon Sep 17 00:00:00 2001 From: maro5397 Date: Fri, 17 Dec 2021 03:37:22 -0500 Subject: [PATCH] =?UTF-8?q?=E2=9C=85=20fix:=20apply=20http=20header=20erro?= =?UTF-8?q?r?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/captiveportal/captiveportal.pro | 2 +- app/captiveportal/weuiserver.cpp | 28 ++++++++++++++++++++++++++++ app/captiveportal/weuiserver.h | 1 + app/uiserver-test/uiserver-test.pro | 2 +- app/uiserver-test/uiserver.cpp | 18 +++++++++--------- 5 files changed, 40 insertions(+), 11 deletions(-) diff --git a/app/captiveportal/captiveportal.pro b/app/captiveportal/captiveportal.pro index 0fe65a3..ed4a2d8 100755 --- a/app/captiveportal/captiveportal.pro +++ b/app/captiveportal/captiveportal.pro @@ -1,6 +1,6 @@ QT -= gui -CONFIG += c++17 +CONFIG += c++2a TEMPLATE = app CONFIG += qt diff --git a/app/captiveportal/weuiserver.cpp b/app/captiveportal/weuiserver.cpp index 112fee9..99fdf73 100644 --- a/app/captiveportal/weuiserver.cpp +++ b/app/captiveportal/weuiserver.cpp @@ -34,6 +34,20 @@ void WEUIServer::setHttpResponse() { int size = 0; DLOG(INFO) << "request path:" << path; + if(path.ends_with(".css")) { + uiresponse_.setHTTPHeader("Content-Type", "text/css;charset=UTF-8"); + } + else if(path.ends_with(".js")) { + uiresponse_.setHTTPHeader("Content-Type", "text/javascript;charset=UTF-8"); + } + else { + uiresponse_.setHTTPHeader("Content-Type", "text/html"); + } + + if(denyDotDotPacket(path)) { + return; + } + if(path == "/") { size = getWebUIData("/index.html"); uiresponse_.setResponseBody(ui_); @@ -105,3 +119,17 @@ std::string WEUIServer::getDateTime() { return dateheader; } +bool WEUIServer::denyDotDotPacket(std::string path) +{ + if(path.find("..") != std::string::npos) { + DLOG(INFO) << "there is .. string from path:" << path; + uiresponse_.setProtocol(HTTP1_1); + uiresponse_.setStatusCode(403); + uiresponse_.setReasonPhrase(); + uiresponse_.setHTTPHeader("Date", getDateTime()); + uiresponse_.setHTTPHeader("Server", "UIServer"); + uiresponse_.makeResponse(); + return true; + } + return false; +} diff --git a/app/captiveportal/weuiserver.h b/app/captiveportal/weuiserver.h index 82817c1..3b68ca4 100644 --- a/app/captiveportal/weuiserver.h +++ b/app/captiveportal/weuiserver.h @@ -28,4 +28,5 @@ class WEUIServer : public TcpServer void setHttpResponse(); int getWebUIData(std::string path); std::string getDateTime(); + bool denyDotDotPacket(std::string path); }; diff --git a/app/uiserver-test/uiserver-test.pro b/app/uiserver-test/uiserver-test.pro index 28cc409..effda44 100644 --- a/app/uiserver-test/uiserver-test.pro +++ b/app/uiserver-test/uiserver-test.pro @@ -1,6 +1,6 @@ QT -= gui -CONFIG += c++20 +CONFIG += c++2a TEMPLATE = app CONFIG += qt diff --git a/app/uiserver-test/uiserver.cpp b/app/uiserver-test/uiserver.cpp index eeff46b..63f2b08 100644 --- a/app/uiserver-test/uiserver.cpp +++ b/app/uiserver-test/uiserver.cpp @@ -29,15 +29,15 @@ void UIServer::setHttpResponse() { int size = 0; DLOG(INFO) << "request path:" << path; -// if(path.ends_with(".css")) { -// uiresponse_.setHTTPHeader("Content-Type", "text/css;charset=UTF-8"); -// } -// else if(path.ends_with(".js")) { -// uiresponse_.setHTTPHeader("Content-Type", "text/javascript;charset=UTF-8"); -// } -// else { -// uiresponse_.setHTTPHeader("Content-Type", "text/html"); -// } + if(path.ends_with(".css")) { + uiresponse_.setHTTPHeader("Content-Type", "text/css;charset=UTF-8"); + } + else if(path.ends_with(".js")) { + uiresponse_.setHTTPHeader("Content-Type", "text/javascript;charset=UTF-8"); + } + else { + uiresponse_.setHTTPHeader("Content-Type", "text/html"); + } if(denyDotDotPacket(path)) { return;