Ticket #536: mod_ssi.c.2.diff

mod_ssi.c

@@ -98 +98 @@
 
         config_values_t cv[] = {
                 { "ssi.extension",              NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },       /* 0 */
+                { "ssi.max_recursion",          NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION },       /* 0 */
                 { NULL,                         NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
         };
 
@@ -110 +111 @@
 
                 s = calloc(1, sizeof(plugin_config));
                 s->ssi_extension  = array_init();
+                s->ssi_max_recursion  = 1;
 
                 cv[0].destination = s->ssi_extension;
+                cv[1].destination = s->ssi_max_recursion;
 
                 p->config_storage[i] = s;
 
@@ -577 +580 @@
                                 }
                                 break;
                         case SSI_INCLUDE:
-                                chunkqueue_append_file(con->send, p->stat_fn, 0, st.st_size);
+                                // do recursive SSI expansion
+
+                                // prevents infinite loop
+                                if (buffer_is_equal(con->physical.path, p->stat_fn)) {
+                                        buffer_copy_string(srv->tmp_buf, "<!-- your include directives create an infinite loop; aborting -->");
+                                        chunkqueue_append_buffer(con->write_queue, srv->tmp_buf);
+                                        break;
+                                }
+
+                                // only allow predefined recursion depth
+                                if (con->loops_per_request > p->conf.ssi_max_recursion) {
+                                        buffer_copy_string(srv->tmp_buf, "<!-- your include directives recurse deeper than pre-defined max_recursion; aborting -->");
+                                        chunkqueue_append_buffer(con->write_queue, srv->tmp_buf);
+                                        break;
+                                }
+
+                                tmp = buffer_init();
+                                buffer_copy_string_buffer(tmp, con->physical.path); // save path of current document
+                                buffer_copy_string_buffer(con->physical.path, p->stat_fn); // next sub-document to parse
+                                if (mod_ssi_physical_path(srv,con,p) != HANDLER_FINISHED) {
+                                        // the document was not processed, so write it as is
+                                        chunkqueue_append_file(con->send, con->physical.path, 0, st.st_size);
+                                }
+                                buffer_copy_string_buffer(con->physical.path, tmp); // restore saved path
+                                buffer_free(tmp);
                                 break;
                         }
                 } else {
@@ -1017 +1044 @@
         plugin_config *s = p->config_storage[0];
 
         PATCH_OPTION(ssi_extension);
+        PATCH_OPTION(ssi_max_recursion);
 
         /* skip the first, the global context */
         for (i = 1; i < srv->config_context->used; i++) {
@@ -1033 +1061 @@
                         if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssi.extension"))) {
                                 PATCH_OPTION(ssi_extension);
                         }
+                        if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssi.max_recursion"))) {
+                                PATCH_OPTION(ssi_max_recursion);
+                        }
                 }
         }
 
@@ -1045 +1076 @@
 
         if (con->physical.path->used == 0) return HANDLER_GO_ON;
 
+        con->loops_per_request++;
+
         mod_ssi_patch_connection(srv, con, p);
 
         for (k = 0; k < p->conf.ssi_extension->used; k++) {