static int
url_encoded_field_found(const struct mg_connection *conn,
const char *key,
size_t key_len,
const char *filename,
size_t filename_len,
char *path,
size_t path_len,
struct mg_form_data_handler *fdh)
{
char key_dec[1024];
char filename_dec[1024];
int key_dec_len;
int filename_dec_len;
int ret;
key_dec_len =
mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
if (((size_t)key_dec_len >= (size_t)sizeof(key_dec)) || (key_dec_len < 0)) {
return FORM_FIELD_STORAGE_SKIP;
}
if (filename) {
filename_dec_len = mg_url_decode(filename,
(int)filename_len,
filename_dec,
(int)sizeof(filename_dec),
1);
if (((size_t)filename_dec_len >= (size_t)sizeof(filename_dec))
|| (filename_dec_len < 0)) {
mg_cry(conn, "%s: Cannot decode filename", __func__);
return FORM_FIELD_STORAGE_SKIP;
}
} else {
filename_dec[0] = 0;
}
ret =
fdh->field_found(key_dec, filename_dec, path, path_len, fdh->user_data);
if ((ret & 0xF) == FORM_FIELD_STORAGE_GET) {
if (fdh->field_get == NULL) {
mg_cry(conn, "%s: Function \"Get\" not available", __func__);
return FORM_FIELD_STORAGE_SKIP;
}
}
if ((ret & 0xF) == FORM_FIELD_STORAGE_STORE) {
if (fdh->field_store == NULL) {
mg_cry(conn, "%s: Function \"Store\" not available", __func__);
return FORM_FIELD_STORAGE_SKIP;
}
}
return ret;
}
static int
url_encoded_field_get(const struct mg_connection *conn,
const char *key,
size_t key_len,
const char *value,
size_t value_len,
struct mg_form_data_handler *fdh)
{
char key_dec[1024];
char *value_dec = (char *)mg_malloc_ctx(value_len + 1, conn->ctx);
int value_dec_len, ret;
if (!value_dec) {
mg_cry(conn,
"%s: Not enough memory (required: %lu)",
__func__,
(unsigned long)(value_len + 1));
return FORM_FIELD_STORAGE_ABORT;
}
mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
value_dec_len =
mg_url_decode(value, (int)value_len, value_dec, (int)value_len + 1, 1);
ret = fdh->field_get(key_dec,
value_dec,
(size_t)value_dec_len,
fdh->user_data);
mg_free(value_dec);
return ret;
}
static int
unencoded_field_get(const struct mg_connection *conn,
const char *key,
size_t key_len,
const char *value,
size_t value_len,
struct mg_form_data_handler *fdh)
{
char key_dec[1024];
(void)conn;
mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
return fdh->field_get(key_dec, value, value_len, fdh->user_data);
}
static int
field_stored(const struct mg_connection *conn,
const char *path,
long long file_size,
struct mg_form_data_handler *fdh)
{
(void)conn;
return fdh->field_store(path, file_size, fdh->user_data);
}
static const char *
search_boundary(const char *buf,
size_t buf_len,
const char *boundary,
size_t boundary_len)
{
int clen = (int)buf_len - (int)boundary_len - 4;
int i;
for (i = 0; i <= clen; i++) {
if (!memcmp(buf + i, "\r\n--", 4)) {
if (!memcmp(buf + i + 4, boundary, boundary_len)) {
return buf + i;
}
}
}
return NULL;
}
int
mg_handle_form_request(struct mg_connection *conn,
struct mg_form_data_handler *fdh)
{
const char *content_type;
char path[512];
char buf[1024];
int field_storage;
int buf_fill = 0;
int r;
int field_count = 0;
struct mg_file fstore = STRUCT_FILE_INITIALIZER;
int64_t file_size = 0;
int has_body_data =
(conn->request_info.content_length > 0) || (conn->is_chunked);
if (!has_body_data) {
const char *data;
if (strcmp(conn->request_info.request_method, "GET")) {
return -1;
}
data = conn->request_info.query_string;
if (!data) {
return -1;
}
while (*data) {
const char *val = strchr(data, '=');
const char *next;
ptrdiff_t keylen, vallen;
if (!val) {
break;
}
keylen = val - data;
memset(path, 0, sizeof(path));
field_count++;
field_storage = url_encoded_field_found(conn,
data,
(size_t)keylen,
NULL,
0,
path,
sizeof(path) - 1,
fdh);
val++;
next = strchr(val, '&');
if (next) {
vallen = next - val;
next++;
} else {
vallen = (ptrdiff_t)strlen(val);
next = val + vallen;
}
if (field_storage == FORM_FIELD_STORAGE_GET) {
url_encoded_field_get(
conn, data, (size_t)keylen, val, (size_t)vallen, fdh);
}
if (field_storage == FORM_FIELD_STORAGE_STORE) {
if (mg_fopen(conn, path, MG_FOPEN_MODE_WRITE, &fstore) == 0) {
fstore.access.fp = NULL;
}
file_size = 0;
if (fstore.access.fp != NULL) {
size_t n = (size_t)
fwrite(val, 1, (size_t)vallen, fstore.access.fp);
if ((n != (size_t)vallen) || (ferror(fstore.access.fp))) {
mg_cry(conn,
"%s: Cannot write file %s",
__func__,
path);
(void)mg_fclose(&fstore.access);
remove_bad_file(conn, path);
}
file_size += (int64_t)n;
if (fstore.access.fp) {
r = mg_fclose(&fstore.access);
if (r == 0) {
field_stored(conn, path, file_size, fdh);
} else {
mg_cry(conn,
"%s: Error saving file %s",
__func__,
path);
remove_bad_file(conn, path);
}
fstore.access.fp = NULL;
}
} else {
mg_cry(conn, "%s: Cannot create file %s", __func__, path);
}
}
if ((field_storage & FORM_FIELD_STORAGE_ABORT)
== FORM_FIELD_STORAGE_ABORT) {
break;
}
data = next;
}
return field_count;
}
content_type = mg_get_header(conn, "Content-Type");
if (!content_type
|| !mg_strcasecmp(content_type, "APPLICATION/X-WWW-FORM-URLENCODED")
|| !mg_strcasecmp(content_type, "APPLICATION/WWW-FORM-URLENCODED")) {
int all_data_read = 0;
for (;;) {
const char *val;
const char *next;
ptrdiff_t keylen, vallen;
ptrdiff_t used;
int end_of_key_value_pair_found = 0;
int get_block;
if ((size_t)buf_fill < (sizeof(buf) - 1)) {
size_t to_read = sizeof(buf) - 1 - (size_t)buf_fill;
r = mg_read(conn, buf + (size_t)buf_fill, to_read);
if (r < 0) {
return -1;
}
if (r != (int)to_read) {
all_data_read = 1;
}
buf_fill += r;
buf[buf_fill] = 0;
if (buf_fill < 1) {
break;
}
}
val = strchr(buf, '=');
if (!val) {
break;
}
keylen = val - buf;
val++;
memset(path, 0, sizeof(path));
field_count++;
field_storage = url_encoded_field_found(conn,
buf,
(size_t)keylen,
NULL,
0,
path,
sizeof(path) - 1,
fdh);
if ((field_storage & FORM_FIELD_STORAGE_ABORT)
== FORM_FIELD_STORAGE_ABORT) {
break;
}
if (field_storage == FORM_FIELD_STORAGE_STORE) {
if (mg_fopen(conn, path, MG_FOPEN_MODE_WRITE, &fstore) == 0) {
fstore.access.fp = NULL;
}
file_size = 0;
if (!fstore.access.fp) {
mg_cry(conn, "%s: Cannot create file %s", __func__, path);
}
}
get_block = 0;
do {
next = strchr(val, '&');
if (next) {
vallen = next - val;
next++;
end_of_key_value_pair_found = 1;
} else {
vallen = (ptrdiff_t)strlen(val);
next = val + vallen;
}
if (field_storage == FORM_FIELD_STORAGE_GET) {
#if 0#else
(void)all_data_read;
#endif
url_encoded_field_get(conn,
((get_block > 0) ? NULL : buf),
((get_block > 0) ? 0
: (size_t)keylen),
val,
(size_t)vallen,
fdh);
get_block++;
}
if (fstore.access.fp) {
size_t n = (size_t)
fwrite(val, 1, (size_t)vallen, fstore.access.fp);
if ((n != (size_t)vallen) || (ferror(fstore.access.fp))) {
mg_cry(conn,
"%s: Cannot write file %s",
__func__,
path);
mg_fclose(&fstore.access);
remove_bad_file(conn, path);
}
file_size += (int64_t)n;
}
if (!end_of_key_value_pair_found) {
used = next - buf;
memmove(buf,
buf + (size_t)used,
sizeof(buf) - (size_t)used);
buf_fill -= (int)used;
if ((size_t)buf_fill < (sizeof(buf) - 1)) {
size_t to_read = sizeof(buf) - 1 - (size_t)buf_fill;
r = mg_read(conn, buf + (size_t)buf_fill, to_read);
if (r < 0) {
return -1;
}
if (r != (int)to_read) {
all_data_read = 1;
}
buf_fill += r;
buf[buf_fill] = 0;
if (buf_fill < 1) {
break;
}
val = buf;
}
}
} while (!end_of_key_value_pair_found);
if (fstore.access.fp) {
r = mg_fclose(&fstore.access);
if (r == 0) {
field_stored(conn, path, file_size, fdh);
} else {
mg_cry(conn, "%s: Error saving file %s", __func__, path);
remove_bad_file(conn, path);
}
fstore.access.fp = NULL;
}
used = next - buf;
memmove(buf, buf + (size_t)used, sizeof(buf) - (size_t)used);
buf_fill -= (int)used;
}
return field_count;
}
if (!mg_strncasecmp(content_type, "MULTIPART/FORM-DATA;", 20)) {
char *boundary;
size_t bl;
ptrdiff_t used;
struct mg_request_info part_header;
char *hbuf;
const char *content_disp, *hend, *fbeg, *fend, *nbeg, *nend;
const char *next;
unsigned part_no;
memset(&part_header, 0, sizeof(part_header));
bl = 20;
while (content_type[bl] == ' ') {
bl++;
}
if (mg_strncasecmp(content_type + bl, "BOUNDARY=", 9)) {
return -1;
}
fbeg = content_type + bl + 9;
bl = strlen(fbeg);
boundary = (char *)mg_malloc(bl + 1);
if (!boundary) {
mg_cry(conn,
"%s: Cannot allocate memory for boundary [%lu]",
__func__,
(unsigned long)bl);
return -1;
}
memcpy(boundary, fbeg, bl);
boundary[bl] = 0;
if (boundary[0] == '"') {
hbuf = strchr(boundary + 1, '"');
if ((!hbuf) || (*hbuf != '"')) {
mg_free(boundary);
return -1;
}
*hbuf = 0;
memmove(boundary, boundary + 1, bl);
bl = strlen(boundary);
}
if (bl > 70) {
mg_free(boundary);
return -1;
}
if (bl < 4) {
mg_free(boundary);
return -1;
}
for (part_no = 0;; part_no++) {
size_t towrite, n;
int get_block;
r = mg_read(conn,
buf + (size_t)buf_fill,
sizeof(buf) - 1 - (size_t)buf_fill);
if (r < 0) {
mg_free(boundary);
return -1;
}
buf_fill += r;
buf[buf_fill] = 0;
if (buf_fill < 1) {
mg_free(boundary);
return -1;
}
if (part_no == 0) {
int d = 0;
while ((buf[d] != '-') && (d < buf_fill)) {
d++;
}
if ((d > 0) && (buf[d] == '-')) {
memmove(buf, buf + d, (unsigned)buf_fill - (unsigned)d);
buf_fill -= d;
buf[buf_fill] = 0;
}
}
if (buf[0] != '-' || buf[1] != '-') {
mg_free(boundary);
return -1;
}
if (strncmp(buf + 2, boundary, bl)) {
mg_free(boundary);
return -1;
}
if (buf[bl + 2] != '\r' || buf[bl + 3] != '\n') {
if (((size_t)buf_fill != (size_t)(bl + 6))
|| (strncmp(buf + bl + 2, "--\r\n", 4))) {
mg_free(boundary);
return -1;
}
break;
}
hbuf = buf + bl + 4;
hend = strstr(hbuf, "\r\n\r\n");
if (!hend) {
mg_free(boundary);
return -1;
}
part_header.num_headers =
parse_http_headers(&hbuf, part_header.http_headers);
if ((hend + 2) != hbuf) {
mg_free(boundary);
return -1;
}
hend += 4;
content_disp = get_header(part_header.http_headers,
part_header.num_headers,
"Content-Disposition");
if (!content_disp) {
mg_free(boundary);
return -1;
}
nbeg = strstr(content_disp, "name=\"");
while ((nbeg != NULL) && (strcspn(nbeg - 1, ":,; \t") != 0)) {
nbeg = strstr(nbeg + 1, "name=\"");
}
nend = nbeg;
(void)nend;
if (nbeg) {
nbeg += 6;
nend = strchr(nbeg, '\"');
if (!nend) {
mg_free(boundary);
return -1;
}
} else {
nbeg = strstr(content_disp, "name=");
while ((nbeg != NULL) && (strcspn(nbeg - 1, ":,; \t") != 0)) {
nbeg = strstr(nbeg + 1, "name=");
}
if (!nbeg) {
mg_free(boundary);
return -1;
}
nbeg += 5;
nend = nbeg + strcspn(nbeg, ",; \t");
}
fbeg = strstr(content_disp, "filename=\"");
while ((fbeg != NULL) && (strcspn(fbeg - 1, ":,; \t") != 0)) {
fbeg = strstr(fbeg + 1, "filename=\"");
}
fend = fbeg;
if (fbeg) {
fbeg += 10;
fend = strchr(fbeg, '\"');
if (!fend) {
mg_free(boundary);
return -1;
}
}
if (!fbeg) {
fbeg = strstr(content_disp, "filename=");
while ((fbeg != NULL) && (strcspn(fbeg - 1, ":,; \t") != 0)) {
fbeg = strstr(fbeg + 1, "filename=");
}
if (fbeg) {
fbeg += 9;
fend = fbeg + strcspn(fbeg, ",; \t");
}
}
if (!fbeg) {
fend = NULL;
}
if (!(((ptrdiff_t)fbeg > (ptrdiff_t)nend)
|| ((ptrdiff_t)nbeg > (ptrdiff_t)fend))) {
mg_free(boundary);
return -1;
}
memset(path, 0, sizeof(path));
field_count++;
field_storage = url_encoded_field_found(conn,
nbeg,
(size_t)(nend - nbeg),
fbeg,
(size_t)(fend - fbeg),
path,
sizeof(path) - 1,
fdh);
next = search_boundary(hbuf,
(size_t)((buf - hbuf) + buf_fill),
boundary,
bl);
if (field_storage == FORM_FIELD_STORAGE_STORE) {
if (mg_fopen(conn, path, MG_FOPEN_MODE_WRITE, &fstore) == 0) {
fstore.access.fp = NULL;
}
file_size = 0;
if (!fstore.access.fp) {
mg_cry(conn, "%s: Cannot create file %s", __func__, path);
}
}
get_block = 0;
while (!next) {
towrite = (size_t)(buf - hend + buf_fill);
towrite -= bl + 4;
if (field_storage == FORM_FIELD_STORAGE_GET) {
unencoded_field_get(conn,
((get_block > 0) ? NULL : nbeg),
((get_block > 0)
? 0
: (size_t)(nend - nbeg)),
hend,
towrite,
fdh);
get_block++;
}
if (field_storage == FORM_FIELD_STORAGE_STORE) {
if (fstore.access.fp) {
n = (size_t)fwrite(hend, 1, towrite, fstore.access.fp);
if ((n != towrite) || (ferror(fstore.access.fp))) {
mg_cry(conn,
"%s: Cannot write file %s",
__func__,
path);
mg_fclose(&fstore.access);
remove_bad_file(conn, path);
}
file_size += (int64_t)n;
}
}
memmove(buf, hend + towrite, bl + 4);
buf_fill = (int)(bl + 4);
hend = buf;
r = mg_read(conn,
buf + (size_t)buf_fill,
sizeof(buf) - 1 - (size_t)buf_fill);
if (r < 0) {
mg_free(boundary);
return -1;
}
buf_fill += r;
buf[buf_fill] = 0;
if (buf_fill < 1) {
mg_free(boundary);
return -1;
}
next = search_boundary(buf, (size_t)buf_fill, boundary, bl);
}
towrite = (size_t)(next - hend);
if (field_storage == FORM_FIELD_STORAGE_GET) {
unencoded_field_get(conn,
((get_block > 0) ? NULL : nbeg),
((get_block > 0) ? 0
: (size_t)(nend - nbeg)),
hend,
towrite,
fdh);
}
if (field_storage == FORM_FIELD_STORAGE_STORE) {
if (fstore.access.fp) {
n = (size_t)fwrite(hend, 1, towrite, fstore.access.fp);
if ((n != towrite) || (ferror(fstore.access.fp))) {
mg_cry(conn,
"%s: Cannot write file %s",
__func__,
path);
mg_fclose(&fstore.access);
remove_bad_file(conn, path);
} else {
file_size += (int64_t)n;
r = mg_fclose(&fstore.access);
if (r == 0) {
field_stored(conn, path, file_size, fdh);
} else {
mg_cry(conn,
"%s: Error saving file %s",
__func__,
path);
remove_bad_file(conn, path);
}
}
fstore.access.fp = NULL;
}
}
if ((field_storage & FORM_FIELD_STORAGE_ABORT)
== FORM_FIELD_STORAGE_ABORT) {
break;
}
used = next - buf + 2;
memmove(buf, buf + (size_t)used, sizeof(buf) - (size_t)used);
buf_fill -= (int)used;
}
mg_free(boundary);
return field_count;
}
return -1;
}