DocumentServer/DocService/ResourceService.ashx
nikolay ivanov cba489e3d3 fixed directory traversal vulnerability
removed unused components
2014-07-10 11:02:38 +00:00

298 lines
12 KiB
Plaintext

<%@ WebHandler Language="C#" Class="ResourceService" %>
/*
* (c) Copyright Ascensio System SIA 2010-2014
*
* This program is a free software product. You can redistribute it and/or
* modify it under the terms of the GNU Affero General Public License (AGPL)
* version 3 as published by the Free Software Foundation. In accordance with
* Section 7(a) of the GNU AGPL its Section 15 shall be amended to the effect
* that Ascensio System SIA expressly excludes the warranty of non-infringement
* of any third-party rights.
*
* This program is distributed WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For
* details, see the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
*
* You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia,
* EU, LV-1021.
*
* The interactive user interfaces in modified source and object code versions
* of the Program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU AGPL version 3.
*
* Pursuant to Section 7(b) of the License you must retain the original Product
* logo when distributing the program. Pursuant to Section 7(e) we decline to
* grant you any rights under trademark law for use of our trademarks.
*
* All the Product's GUI elements, including illustrations and icon sets, as
* well as technical writing content are licensed under the terms of the
* Creative Commons Attribution-ShareAlike 4.0 International. See the License
* terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
*
*/
using System;
using System.Net;
using System.Configuration;
using System.Web;
using System.IO;
using System.Text;
using FileConverterUtils2;
using log4net;
public class ResourceService : IHttpAsyncHandler
{
private readonly ILog _log = LogManager.GetLogger(typeof(ResourceService));
public IAsyncResult BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
{
bool bStartAsync = false;
try
{
_log.Info("Starting process request...");
_log.Info(context.Request.Params.ToString());
Storage oStorage = new Storage();
TaskResult oTaskResult = new TaskResult();
string sPathOriginal = context.Request.Params["path"];
string sPath = null;
if (null != sPathOriginal)
{
sPath = sPathOriginal.Replace("../", "").Replace("..\\", "");
if (sPathOriginal != sPath)
{
_log.Error("Possible XSS attack:" + sPathOriginal);
}
}
string sOutputFilename = context.Request.Params["filename"];
string sDeletePathOriginal = context.Request.Params["deletepath"];
string sDeletePath = null;
if (null != sDeletePathOriginal)
{
sDeletePath = sDeletePathOriginal.Replace("../", "").Replace("..\\", "");
if (sDeletePathOriginal != sDeletePath)
{
_log.Error("Possible XSS attack:" + sDeletePathOriginal);
}
}
if (string.IsNullOrEmpty(sOutputFilename))
{
if (null != sPath)
{
int nIndex1 = sPath.LastIndexOf('/');
int nIndex2 = sPath.LastIndexOf('\\');
if (-1 != nIndex1 || -1 != nIndex2)
{
int nIndex = Math.Max(nIndex1, nIndex2);
sOutputFilename = sPath.Substring(nIndex + 1);
}
else
sOutputFilename = "resource";
}
}
context.Response.Clear();
context.Response.Cache.SetExpires(DateTime.Now);
context.Response.Cache.SetCacheability(HttpCacheability.Public);
context.Response.ContentType = Utils.GetMimeType(sOutputFilename);
string sUserAgent = context.Request.ServerVariables.Get("HTTP_USER_AGENT");
if (false == string.IsNullOrEmpty(sUserAgent) && sUserAgent.Contains("MSIE"))
context.Response.AppendHeader("Content-Disposition", "attachment; filename=\"" + context.Server.UrlEncode(sOutputFilename) + "\"");
else
context.Response.AppendHeader("Content-Disposition", "attachment; filename=\"" + sOutputFilename + "\"");
if (null != sPath)
{
TransportClass oTransportClass = new TransportClass(context, cb, oStorage, oTaskResult, sPath, sDeletePath);
StorageFileInfo oStorageFileInfo;
if (ErrorTypes.NoError == oStorage.GetFileInfo(sPath, out oStorageFileInfo) && null != oStorageFileInfo)
{
string sETag = oStorageFileInfo.m_oLastModify.Ticks.ToString("x");
DateTime oLastModified = oStorageFileInfo.m_oLastModify;
DateTime oDateTimeUtcNow = DateTime.UtcNow;
if (oLastModified.CompareTo(oDateTimeUtcNow) > 0)
{
_log.DebugFormat("LastModifiedTimeStamp changed from {0} to {1}", oLastModified, oDateTimeUtcNow);
oLastModified = oDateTimeUtcNow;
}
string sRequestIfModifiedSince = context.Request.Headers["If-Modified-Since"];
string sRequestETag = context.Request.Headers["If-None-Match"];
bool bNoModify = false;
if (false == string.IsNullOrEmpty(sRequestETag) || false == string.IsNullOrEmpty(sRequestIfModifiedSince))
{
bool bRequestETag = true;
if (false == string.IsNullOrEmpty(sRequestETag) && sRequestETag != sETag)
bRequestETag = false;
bool bRequestIfModifiedSince = true;
if (false == string.IsNullOrEmpty(sRequestIfModifiedSince))
{
try
{
DateTime oRequestIfModifiedSince = DateTime.ParseExact(sRequestIfModifiedSince, "R", System.Globalization.CultureInfo.InvariantCulture);
if ((oRequestIfModifiedSince - oLastModified).TotalSeconds > 1)
bRequestIfModifiedSince = false;
}
catch
{
bRequestIfModifiedSince = false;
}
}
if (bRequestETag && bRequestIfModifiedSince)
{
context.Response.StatusCode = (int)HttpStatusCode.NotModified;
bNoModify = true;
}
}
if (false == bNoModify)
{
context.Response.Cache.SetETag(sETag);
context.Response.Cache.SetLastModified(oLastModified);
oStorage.ReadFileBegin(sPath, context.Response.OutputStream, ReadFileCallback, oTransportClass);
bStartAsync = true;
}
}
else
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
else
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
catch(Exception e)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
_log.Error(context.Request.Params.ToString());
_log.Error("Exeption catched in BeginProcessRequest:", e);
}
TransportClass oTempTransportClass = new TransportClass(context, cb, null, null, null, null);
if (false == bStartAsync)
cb(new AsyncOperationData(oTempTransportClass));
return new AsyncOperationData(oTempTransportClass);
}
public void EndProcessRequest(IAsyncResult result)
{
}
private void ReadFileCallback(IAsyncResult result)
{
TransportClass oTransportClass = result.AsyncState as TransportClass;
HttpContext context = oTransportClass.m_oContext;
try
{
Storage oStorage = oTransportClass.m_oStorage;
if (null != oStorage)
{
int nReadWriteBytes = 0;
ErrorTypes eResult = oStorage.ReadFileEnd(result, out nReadWriteBytes);
if (ErrorTypes.NoError != eResult)
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
else
{
context.Response.AddHeader("Content-Length", nReadWriteBytes.ToString());
context.Response.StatusCode = (int)HttpStatusCode.OK;
}
context.Response.Flush();
context.Response.End();
}
if (null != oTransportClass.m_sDeletePath && false == string.IsNullOrEmpty(oTransportClass.m_sDeletePath))
{
TaskResult oTaskResult = oTransportClass.m_oTaskResult;
string sKey = oTransportClass.m_sDeletePath;
oTaskResult.RemoveBegin(sKey, RemoveTaskCallback, oTransportClass);
}
else
{
oTransportClass.m_oCallback(new AsyncOperationData(oTransportClass));
}
}
catch(Exception e)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
oTransportClass.m_oCallback(new AsyncOperationData(oTransportClass));
_log.Error("Exception catched in ReadFileCallback:", e);
}
}
private void RemoveTaskCallback(IAsyncResult result)
{
TransportClass oTransportClass = result.AsyncState as TransportClass;
HttpContext context = oTransportClass.m_oContext;
try
{
TaskResult oTaskResult = oTransportClass.m_oTaskResult;
if (null != oTaskResult)
oTaskResult.RemoveEnd(result);
Storage oStorage = oTransportClass.m_oStorage;
if (null != oStorage)
oStorage.RemovePathBegin(oTransportClass.m_sDeletePath, RemoveFileCallback, oTransportClass);
}
catch(Exception e)
{
oTransportClass.m_oCallback(new AsyncOperationData(oTransportClass));
_log.Error("Exception catched in RemoveTaskCallback:", e);
}
}
private void RemoveFileCallback(IAsyncResult result)
{
TransportClass oTransportClass = result.AsyncState as TransportClass;
HttpContext context = oTransportClass.m_oContext;
try
{
Storage oStorage = oTransportClass.m_oStorage;
if (null != oStorage)
oStorage.RemovePathEnd(result);
oTransportClass.m_oCallback(new AsyncOperationData(oTransportClass));
}
catch(Exception e)
{
oTransportClass.m_oCallback(new AsyncOperationData(oTransportClass));
_log.Error("Exception catched in RemoveFileCallback:", e);
}
}
public void ProcessRequest(HttpContext context)
{
throw new InvalidOperationException();
}
public bool IsReusable
{
get
{
return false;
}
}
private class TransportClass
{
public HttpContext m_oContext;
public AsyncCallback m_oCallback;
public Storage m_oStorage;
public TaskResult m_oTaskResult;
public string m_sPath;
public string m_sDeletePath;
public TransportClass(HttpContext oContext, AsyncCallback oCallback, Storage oStorage, TaskResult oTaskResult, string sPath, string sDeletePath)
{
m_oContext = oContext;
m_oCallback = oCallback;
m_oStorage = oStorage;
m_oTaskResult = oTaskResult;
m_sPath = sPath;
m_sDeletePath = sDeletePath;
}
}
}