rejetto forum

Software => HFS ~ HTTP File Server => Programmers corner => Topic started by: Mars on December 18, 2010, 08:21:53 PM

Title: build 272 what is wrong or missing
Post by: Mars on December 18, 2010, 08:21:53 PM
Already indicated
Quote
 procedure handleItem(f:Tfile);  //main.pas
  var
    type_, s, url, fingerprint, itemFolder: string;
    nonPerc: TStringDynArray;
  begin
  //We have to make an exception with virtual links
  if not f.isLink and ansiContainsStr(f.resource, '?') then exit; // unicode filename?

  if f.size > 0 then inc(totalBytes, f.size);

New: The rerouting login is wrong  when the destination does not exist,It was necessary to me to erase cookies concerning HFS under firefox to obtain the web page because hfs jammed because of it.

Quote
   function getAccountRedirect():string;   //main.pas
    var
      acc: Paccount;
    begin
    result:='';
    acc:=accountRecursion(data.account, ARSC_REDIR);
    if acc = NIL then exit;
    result:=acc.redir;
    if (result = '')  or ansiContainsStr(result, '://') then exit;
    // if it's not a complete url, it may require some fixing
    if not ansiStartsStr('/', result) then result:='/'+result;
    result:=xtpl(result,['\','/']);
//add by mars 18/12/2010
    if fileExistsByURL(result) then exit;
    add2log('Error on redirect with account '+acc.user+crlf+'The path is invalid :'+ result);
    result:='';
    end; // getAccountRedirect

this can help the admin to detect bad redirect path under accounts dialogbox
Quote
procedure ToptionsFrm.loadAccountProperties(); //optionsdlg.pas
....
redirBox.Text:=a.redir;
notesBox.text:=a.notes;
//add by mars 18/12/20010
redirBox.color:=clWindow;
if (a.redir>'') and not fileExistsByURL(a.redir) then redirBox.color:=clRed;

groupsBtn.enabled:=FALSE;
for i:=0 to length(tempAccounts)-1 do
  if tempAccounts.group and (i <> accountsBox.itemIndex) then
    groupsBtn.enabled:=TRUE;

updateAccessBox();
accountsBox.invalidate();
end; // loadAccountProperties


procedure ToptionsFrm.applyBtnClick(Sender: TObject);
begin
  saveValues();
// this is necessary to refresh the account box when we click on the apply button
  selectAccount(accountsBox.itemIndex);  //add by mars 18/12/2010
end;

Title: Re: build 272 what is wrong or missing
Post by: rejetto on December 23, 2010, 02:00:39 PM
New: The rerouting login is wrong  when the destination does not exist,It was necessary to me to erase cookies concerning HFS under firefox to obtain the web page because hfs jammed because of it.

i just tried specifying a non-existent path.
at login i just got a "not found" message, then clicked on the link to go to the root.
no jamming, no need to erase cookies.
can you please give us some details on the problem you faced, how to reproduce it?

Quote
this can help the admin to detect bad redirect path under accounts dialogbox

i like it!
Title: Re: build 272 what is wrong or missing
Post by: Mars on December 24, 2010, 05:50:25 PM
Quote
can you please give us some details on the problem you faced, how to reproduce it?
A simple example
 the root not authorized on access for the person is protected by a compulsory login,.

With the request of login, if the redirect is defective (case of nonexistent directory), we are redirected or towards the not found or towards the new identification.
 the only solution to go out of this buckle is to close the sailor browser.

It is not easy to manage to make well understand the principle, but in the long run that can be irritating as situation this 'not found', that is why I recommend the solution of the function getAccountRedirect()

Bad redirect == NO redirect

 ;)
Title: Re: build 272 what is wrong or missing
Post by: SilentPliz on December 27, 2010, 11:28:02 PM
Hi! :)

I added some elements at the code of Mars (in brown color).
If you find these changes useful ... do not forget to activate the "Hint" for the "redirBox" and "accountLinkBox". ;)

Quote

procedure ToptionsFrm.loadAccountProperties(); //optionsdlg.pas
var
  a: Paccount;
  b, bakWrap, existRedir: boolean;
  i: integer;
....
redirBox.Text:=a.redir;
existRedir:=fileExistsByURL(a.redir);
redirBox.Hint:='';
redirBox.color:=clWindow;  //add by mars 18/12/20010
redirBox.font.color:=clWindowText;
accountLinkBox.hint:='';
notesBox.text:=a.notes;

if (a.redir>'') and not existRedir then redirBox.color:=clRed;  //add by mars 18/12/20010
if (a.redir>'') and not existRedir then redirBox.font.color:=clWhite;

if (a.redir>'') and existRedir then
redirBox.Hint:='Redirect URL for "'+a.user+'":    '+#13+'  '+a.redir;

if (a.redir>'') and not existRedir then
redirBox.Hint:='INVALID redirect URL for "'+a.user+'":    '+#13+'  '+a.redir+#13'Please correct this error.';

if (accountLinkBox.text>'') then
accountLinkBox.hint:='"'+a.user+'"'+' is member of this(these) group(s):     '+#13+'      '+join(#13+'      ',a.link);

groupsBtn.enabled:=FALSE;
for i:=0 to length(tempAccounts)-1 do
  if tempAccounts.group and (i <> accountsBox.itemIndex) then
    groupsBtn.enabled:=TRUE;

updateAccessBox();
accountsBox.invalidate();
end; // loadAccountProperties


procedure ToptionsFrm.applyBtnClick(Sender: TObject);
begin
  saveValues();
// this is necessary to refresh the account box when we click on the apply button
  selectAccount(accountsBox.itemIndex);  //add by mars 18/12/2010
end;
Title: Re: build 272 what is wrong or missing
Post by: Mars on January 05, 2011, 05:33:46 PM
@rejetto  about this topic (http://www.rejetto.com/forum/index.php/topic,9357.msg1053038.html#msg1053038)

At first, I thought of using the code  dyndns.host:=trim(dyndns.host);
but later wall up reflection the solution for the user is the following one:

each space is replaced by %20, So the has the choice to correct the domain as he thinks best ;)

Quote
function dynDNSinputHost():boolean;
begin
result:=FALSE;
while true do
  begin
  if not inputQuery('Enter host', 'Enter domain (full form!)', dyndns.host)
  or (dyndns.host = '') then exit;
  dyndns.host:=hslib.encodeURL(dyndns.host, False, True, False);  //add by mars
  if pos('://', dyndns.host) > 0 then
    chop('://', dyndns.host);
  if pos('.', dyndns.host) > 0 then
    begin
    result:=TRUE;
    exit;
    end;
  msgDlg('Please, enter it in the FULL form, with dots', MB_ICONERROR);
  end;
end; // dynDNSinputHost
Title: Re: build 272 what is wrong or missing
Post by: Mars on January 12, 2011, 09:51:40 PM
jquery must be moved.

 It's a Web resource in free access, but if it is necessary to use the internal resource, it can be blocked(surrounded) by a bad identification.

Quote
 runEventScript('request');
  if data.disconnectReason > '' then
    begin
    getPage('deny', data);
    exit;
    end;
  if conn.reply.mode = HRM_REDIRECT then
    exit;

  if data.urlvars.values['mode'] = 'jquery' then
    begin
    replyWithString(getRes('jquery'));
    conn.reply.contentType:='text/javascript';
    exit;
    end;

  // forbid using invalid credentials
  if not freeLoginChk.checked and not specialGrant then
    if assigned(data.account) and (data.account.pwd <> data.pwd)
    or (data.account = NIL) and (data.usr > '') and not usersInVFS.match(data.usr, data.pwd) then
      begin
      runEventScript('unauthorized');
      getPage('unauthorized', data);
      conn.reply.realm:='Invalid login';
      exit;
      end;

  if ansiStartsStr('/~img', url) then
    begin
    if not sendPic(data) then
      getPage('not found', data);
    exit;
    end;

 if data.urlvars.values['mode'] = 'jquery' then
    begin
    replyWithString(getRes('jquery'));
    conn.reply.contentType:='text/javascript';
    exit;
    end;

  f:=findFileByURL(url);
Title: Re: build 272 what is wrong or missing
Post by: rejetto on January 25, 2011, 06:31:33 PM
each space is replaced by %20, So the has the choice to correct the domain as he thinks best ;)

domains cannot have spaces, so it's pointless. If you really care, you should replace spaces with nothing. I used trim just because i guess it's enough for users' needs.
Title: Re: build 272 what is wrong or missing
Post by: rejetto on January 25, 2011, 06:43:11 PM
jquery must be moved.
 It is a Web resource in free access, but if it is necessary to use the internal resource, she can be blocked(surrounded) by a bad identification

does this happen when a template uses jquery in error pages?
if yes i will change it.
Title: Re: build 272 what is wrong or missing
Post by: Mars on January 25, 2011, 06:59:01 PM
can a template uses jquery in error pages?

It is the possibility which is not to be neglected, thus for me it justifies the movement  ;)
Title: Re: build 272 what is wrong or missing
Post by: rejetto on January 29, 2011, 06:58:34 PM
in such case we must move also the pics