sanitizing and security

[cgilite] / file.sh

diff --git a/file.sh b/file.sh
index 82eefae0af0298b09a64261913947d0622752aba..51ec245f2678602a12882d71d39173ff9acd98b1 100755 (executable)
--- a/file.sh
+++ b/file.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright 2016 - 2018 Paul Hänsch
+# Copyright 2016 - 2019 Paul Hänsch
 #
 # This file is part of cgilite.
 # 
@@ -40,8 +40,8 @@ file_type(){
 }
 
 FILE(){
-  local file file_size file_date http_date cachedate range
-  file="$1"
+  local file file_size file_date http_date cachedate range mime
+  file="$1" mime="$2"
 
   if ! [ -f "$file" ]; then
     printf 'Content-Length: 0\r\nStatus: 404 Not Found\r\n\r\n'
@@ -59,7 +59,7 @@ FILE(){
     # Parse the allowable date formats from Section 3.3.1 of
     # https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html
     HEADER If-Modified-Since \
-    | sed -r 's;^[^ ]+, ([0-9]{2}) (...) ([0-9]{4}) (..:..:..) GMT$;\3-\2-\1 \4;;
+    | sed -E 's;^[^ ]+, ([0-9]{2}) (...) ([0-9]{4}) (..:..:..) GMT$;\3-\2-\1 \4;;
               s;^[^ ]+, ([0-9]{2})-(...)-([789][0-9]) (..:..:..) GMT$;19\3-\2-\1 \4;;
               s;^[^ ]+, ([0-9]{2})-(...)-([0-6][0-9]) (..:..:..) GMT$;20\3-\2-\1 \4;;
               s;^[^ ]+ (...) ([0-9]{2}) (..:..:..) ([0-9]{4})$;\4-\1-\2 \3;;
@@ -69,7 +69,7 @@ FILE(){
     | xargs -r0 date +%s -ud 2>&-
   )"
 
-  range="$(HEADER Range |sed -nr 's;^bytes=([0-9]+-[0-9]*|-[0-9]+)$;\1;p;q;')"
+  range="$(HEADER Range |sed -nE 's;^bytes=([0-9]+-[0-9]*|-[0-9]+)$;\1;p;q;')"
   case "$range" in
     *-) range="${range}$((file_size - 1))";;
     -*) [ ${range#-} -le $file_size ] \
@@ -91,7 +91,7 @@ FILE(){
       Status "200 OK" \
       Accept-Ranges bytes \
       Last-Modified "$http_date" \
-      Content-Type $(file_type "$file") \
+      Content-Type "${mime:-$(file_type "$file")}" \
       Content-Length $file_size
     printf '\r\n'
   
@@ -102,7 +102,7 @@ FILE(){
       Status "206 Partial Content" \
       Accept-Ranges bytes \
       Last-Modified "$http_date" \
-      Content-Type $(file_type "$file") \
+      Content-Type "${mime:-$(file_type "$file")}" \
       Content-Range "bytes ${range}/${file_size}" \
       Content-Length "$((${range#*-} - ${range%-*} + 1))"
     printf '\r\n'