From 67fe8238912579d6027c76506300934a6b3e25d1 Mon Sep 17 00:00:00 2001 From: radioegor146 Date: Sun, 28 Jul 2019 18:34:16 +0300 Subject: [PATCH] url fileserver fixes --- .../fileserver/FileServerHandler.java | 32 +++++++------------ .../launcher/downloader/ListDownloader.java | 9 +++++- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/fileserver/FileServerHandler.java b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/fileserver/FileServerHandler.java index 88e762ac..fa98a80e 100644 --- a/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/fileserver/FileServerHandler.java +++ b/LaunchServer/src/main/java/pro/gravit/launchserver/socket/handlers/fileserver/FileServerHandler.java @@ -15,6 +15,8 @@ import java.io.FileNotFoundException; import java.io.RandomAccessFile; import java.io.UnsupportedEncodingException; +import java.net.URI; +import java.net.URISyntaxException; import java.net.URLDecoder; import java.nio.file.Path; import java.nio.file.Paths; @@ -77,7 +79,15 @@ public void channelRead0(ChannelHandlerContext ctx, FullHttpRequest request) thr } final String uri = request.uri(); - final String path = sanitizeUri(uri); + final String path; + + try { + path = Paths.get(new URI(uri).getPath()).normalize().toString().substring(1); + } catch (URISyntaxException e) { + sendError(ctx, BAD_REQUEST); + return; + } + if (path == null) { sendError(ctx, FORBIDDEN); return; @@ -172,26 +182,6 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) { } } - private static final Pattern INSECURE_URI = Pattern.compile(".*[<>&\"].*"); - - private static String sanitizeUri(String uri) { - // Decode the path. - try { - uri = URLDecoder.decode(uri, "UTF-8"); - } catch (UnsupportedEncodingException e) { - throw new Error(e); - } - - if (uri.isEmpty() || uri.charAt(0) != '/') { - return null; - } - - // Convert file separators. - uri = uri.replace(File.separatorChar, '/'); - - return Paths.get(uri).normalize().toString().substring(1); - } - private static final Pattern ALLOWED_FILE_NAME = Pattern.compile("[^-\\._]?[^<>&\\\"]*"); private static void sendListing(ChannelHandlerContext ctx, File dir, String dirPath) { diff --git a/LauncherAPI/src/main/java/pro/gravit/launcher/downloader/ListDownloader.java b/LauncherAPI/src/main/java/pro/gravit/launcher/downloader/ListDownloader.java index 5f795bc7..991cf546 100644 --- a/LauncherAPI/src/main/java/pro/gravit/launcher/downloader/ListDownloader.java +++ b/LauncherAPI/src/main/java/pro/gravit/launcher/downloader/ListDownloader.java @@ -49,8 +49,15 @@ public void download(String base, List applies, Path dstDirFile, D .build()) { HttpGet get = null; + URI baseUri = new URI(base); + String scheme = baseUri.getScheme(); + String host = baseUri.getHost(); + int port = baseUri.getPort(); + if (port != -1) + host = host + ":" + port; + String path = baseUri.getPath(); for (DownloadTask apply : applies) { - URI u = new URL(base.concat(IOHelper.urlEncode(apply.apply).replace("%2F", "/"))).toURI(); + URI u = new URI(scheme, host, path + apply.apply, "", ""); callback.stateChanged(apply.apply, 0L, apply.size); Path targetPath = dstDirFile.resolve(apply.apply); LogHelper.debug("Download URL: %s to file %s dir: %s", u.toString(), targetPath.toAbsolutePath().toString(), dstDirFile.toAbsolutePath().toString());