wsd/ClientSession.cpp | 5 +++++ wsd/LOOLWSD.cpp | 34 +++++++++++++++++++++++++++------- wsd/Storage.cpp | 15 +++++++++++++++ wsd/reference.txt | 24 +++++++++++++++++++++--- 4 files changed, 68 insertions(+), 10 deletions(-)
New commits: commit a59598050d378f599c989bee34e79b2bf8cb1c8f Author: Jan Holesovsky <[email protected]> Date: Wed Aug 2 18:55:43 2017 +0200 convert-to: Set the mimetype in the responses. Change-Id: Ib8dcad5f81499aec0ba147a3a4ef0b7a30995bcc diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp index 5cdcaaf3..d4793e96 100644 --- a/wsd/ClientSession.cpp +++ b/wsd/ClientSession.cpp @@ -638,7 +638,12 @@ bool ClientSession::handleKitToClientMessage(const char* buffer, const int lengt std::string encodedFilePath; Poco::URI::encode(resultURL.getPath(), "", encodedFilePath); LOG_TRC("Sending file: " << encodedFilePath); + + const std::string fileName = Poco::Path(resultURL.getPath()).getFileName(); Poco::Net::HTTPResponse response; + if (!fileName.empty()) + response.set("Content-Disposition", "attachment; filename=\"" + fileName + "\""); + HttpHelper::sendFile(_saveAsSocket, encodedFilePath, mimeType, response); } commit beffd4967acf760dccdaf7e1a0e6ebbea9932b6a Author: Jan Holesovsky <[email protected]> Date: Wed Aug 2 18:55:43 2017 +0200 convert-to: New features in the convert-to functionality. * Add possibility to omit the 'format' parameter * Allow it even when the 'file' storage is disabled Change-Id: Ib8dcad5f81499aec0ba147a3a4ef0b7a30995bcc diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index 2852fb7a..d38918fd 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -449,9 +449,14 @@ std::shared_ptr<ChildProcess> getNewChild_Blocks() class ConvertToPartHandler : public PartHandler { std::string& _filename; + + /// Is it really a convert-to, ie. use an especially formed path? + bool _convertTo; + public: - ConvertToPartHandler(std::string& filename) + ConvertToPartHandler(std::string& filename, bool convertTo = false) : _filename(filename) + , _convertTo(convertTo) { } @@ -469,7 +474,8 @@ public: if (!params.has("filename")) return; - Path tempPath = Path::forDirectory(Poco::TemporaryFile::tempName() + "/"); + Path tempPath = _convertTo? Path::forDirectory(Poco::TemporaryFile::tempName("/tmp/convert-to") + "/") : + Path::forDirectory(Poco::TemporaryFile::tempName() + "/"); File(tempPath).createDirectories(); // Prevent user inputting anything funny here. // A "filename" should always be a filename, not a path @@ -1737,9 +1743,18 @@ private: } catch (const std::exception& exc) { - // TODO: Send back failure. + // Bad request. + std::ostringstream oss; + oss << "HTTP/1.1 400\r\n" + << "Date: " << Poco::DateTimeFormatter::format(Poco::Timestamp(), Poco::DateTimeFormat::HTTP_FORMAT) << "\r\n" + << "User-Agent: LOOLWSD WOPI Agent\r\n" + << "Content-Length: 0\r\n" + << "\r\n"; + socket->send(oss.str()); + socket->shutdown(); + // NOTE: Check _wsState to choose between HTTP response or WebSocket (app-level) error. - LOG_ERR("#" << socket->getFD() << " Exception while processing incoming request: [" << + LOG_INF("#" << socket->getFD() << " Exception while processing incoming request: [" << LOOLProtocol::getAbbreviatedMessage(in) << "]: " << exc.what()); } @@ -1866,12 +1881,17 @@ private: auto socket = _socket.lock(); StringTokenizer tokens(request.getURI(), "/?"); - if (tokens.count() >= 3 && tokens[2] == "convert-to") + if (tokens.count() > 2 && tokens[2] == "convert-to") { std::string fromPath; - ConvertToPartHandler handler(fromPath); + ConvertToPartHandler handler(fromPath, /*convertTo =*/ true); HTMLForm form(request, message, handler); - const std::string format = (form.has("format") ? form.get("format") : ""); + + std::string format = (form.has("format") ? form.get("format") : ""); + + // prefer what is in the URI + if (tokens.count() > 3) + format = tokens[3]; bool sent = false; if (!fromPath.empty()) diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp index b64b6431..47c81748 100644 --- a/wsd/Storage.cpp +++ b/wsd/Storage.cpp @@ -195,6 +195,21 @@ std::unique_ptr<StorageBase> StorageBase::create(const Poco::URI& uri, const std { return std::unique_ptr<StorageBase>(new LocalStorage(uri, jailRoot, jailPath)); } + else + { + // guard against attempts to escape + Poco::URI normalizedUri(uri); + normalizedUri.normalize(); + + std::vector<std::string> pathSegments; + normalizedUri.getPathSegments(pathSegments); + + if (pathSegments.size() == 4 && pathSegments[0] == "tmp" && pathSegments[1] == "convert-to") + { + LOG_INF("Public URI [" << normalizedUri.toString() << "] is actually a convert-to tempfile."); + return std::unique_ptr<StorageBase>(new LocalStorage(normalizedUri, jailRoot, jailPath)); + } + } LOG_ERR("Local Storage is disabled by default. Enable in the config file or on the command-line to enable."); } diff --git a/wsd/reference.txt b/wsd/reference.txt index 5c706621..0f70035b 100644 --- a/wsd/reference.txt +++ b/wsd/reference.txt @@ -2,9 +2,27 @@ LibreOffice Online API ======================= Document conversion: - - API: HTTP POST to /lool/convert-to - - parameters: format=<format> (see e.g. "png", "pdf" or "txt"), and the file itself in the payload - - example: curl -F "[email protected]" -F "format=pdf" https://localhost:9980/lool/convert-to + - API: HTTP POST to /lool/convert-to/<format> + - the format is e.g. "png", "pdf" or "txt" + - the file itself in the payload + - example + - curl -F "[email protected]" https://localhost:9980/lool/convert-to/docx > out.docx + - or in html: + <form action="https://localhost:9980/lool/convert-to/docx"; enctype="multipart/form-data" method="post"> + File: <input type="file" name="data"><br/> + <input type="submit" value="Convert to DOCX"> + </form> + + - alternatively you can omit the <format>, and instead + provide it as another parameter + - example + - curl -F "[email protected]" -F "format=pdf" https://localhost:9980/lool/convert-to > out.pdf + - or in html: + <form action="https://localhost:9980/lool/convert-to"; enctype="multipart/form-data" method="post"> + File: <input type="file" name="data"><br/> + Format: <input type="text" name="format"><br/> + <input type="submit" value="Convert"> + </form> WOPI Extensions =============== _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
