esac
}
-if [ "${PATH_INFO%/\[attachment\]/}" != "${PATH_INFO}" ]; then
- tsid="$(POST session_key)"; tsid="${tsid%% *}"
- attachment_delete="$(POST delete)"
+case ${PATH_INFO} in
+ */\[attachment\]/)
+ tsid="$(POST session_key)"; tsid="${tsid%% *}"
+ attachment_delete="$(POST delete)"
- if [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ] && acl_write "${PATH_INFO%\[attachment\]/}"; then
- . "$_EXEC/multipart.sh"
- multipart_cache
+ if [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ] && acl_write "${PATH_INFO%\[attachment\]/}"; then
+ . "$_EXEC/multipart.sh"
+ multipart_cache
- # Validate session id from form to prevent CSRF
- # Only validate if username is present, because no username means
- # anonymous uploads are allowed via acl and cgilite/session.sh does not
- # validate anonymous sessions from a multipart/formdata
- if [ "$USER_NAME" -a "$(multipart session_id)" != "$SESSION_ID" ]; then
+ # Validate session id from form to prevent CSRF
+ # Only validate if username is present, because no username means
+ # anonymous uploads are allowed via acl and cgilite/session.sh does not
+ # validate anonymous sessions from a multipart/formdata
+ if [ "$USER_NAME" -a "$(multipart session_id)" != "$SESSION_ID" ]; then
+ rm -- "$multipart_cachefile"
+ printf 'Refresh: %i\r\n' 4
+ theme_error 403
+ return 0
+ fi
+
+ mkdir -p "$_DATA/pages/${PATH_INFO%/\[attachment\]/}/#attachments/"
+ n=1; while filename=$(multipart_filename "file" "$n"); do
+ filename="$(printf %s "$filename" |tr /\\0 __)"
+ multipart "file" "$n" >"$_DATA/pages/${PATH_INFO%/\[attachment\]/}/#attachments/$filename"
+ n=$((n + 1))
+ done
rm -- "$multipart_cachefile"
+ REDIRECT "${_BASE}${PATH_INFO}"
+ elif [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ]; then
+ printf 'Refresh: %i\r\n' 4
+ theme_error 403
+ head -c $((CONTENT_LENGTH)) >/dev/null
+ return 0
+ elif [ "$attachment_delete" -a "$SESSION_ID" = "$tsid" ]; then
+ rm -- "$_DATA/pages/${PATH_INFO%/\[attachment\]/}/#attachments/$attachment_delete"
+ REDIRECT "${_BASE}${PATH_INFO}"
+ elif [ "$attachment_delete" ]; then
printf 'Refresh: %i\r\n' 4
theme_error 403
return 0
+ elif acl_read "${PATH_INFO%\[attachment\]/}"; then
+ theme_attachments "${PATH_INFO%\[attachment\]/}"
+ return 0
+ else
+ theme_error 404
+ return 0
fi
+ ;;
- mkdir -p "$_DATA/pages/${PATH_INFO%/\[attachment\]/}/#attachments/"
- n=1; while filename=$(multipart_filename "file" "$n"); do
- filename="$(printf %s "$filename" |tr /\\0 __)"
- multipart "file" "$n" >"$_DATA/pages/${PATH_INFO%/\[attachment\]/}/#attachments/$filename"
- n=$((n + 1))
- done
- rm -- "$multipart_cachefile"
- REDIRECT "${_BASE}${PATH_INFO}"
- elif [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ]; then
- printf 'Refresh: %i\r\n' 4
- theme_error 403
- head -c $((CONTENT_LENGTH)) >/dev/null
- return 0
- elif [ "$attachment_delete" -a "$SESSION_ID" = "$tsid" ]; then
- rm -- "$_DATA/pages/${PATH_INFO%/\[attachment\]/}/#attachments/$attachment_delete"
- REDIRECT "${_BASE}${PATH_INFO}"
- elif [ "$attachment_delete" ]; then
- printf 'Refresh: %i\r\n' 4
- theme_error 403
- return 0
- elif acl_read "${PATH_INFO%\[attachment\]/}"; then
- theme_attachments "${PATH_INFO%\[attachment\]/}"
- return 0
- else
- theme_error 404
- return 0
- fi
-
-elif [ "${PATH_INFO%/\[attachment\]/*}" != "${PATH_INFO}" ]; then
- attpath="${PATH_INFO%/\[attachment\]/*}/#attachments/${PATH_INFO##*/}"
+ */\[attachment\]/*)
+ attpath="${PATH_INFO%/\[attachment\]/*}/#attachments/${PATH_INFO##*/}"
- if ! acl_read "${PATH_INFO%/\[attachment\]/*}"; then
- theme_error 403
- return 0
- elif [ -f "$_DATA/pages/$attpath" ]; then
- FILE "$_DATA/pages/$attpath"
- return 0
- elif [ -f "$_EXEC/pages/$attpath" ]; then
- FILE "$_EXEC/pages/$attpath"
- return 0
- else
- theme_error 404
- return 0
- fi
-# exit 0;
-
-elif [ "${PATH_INFO%/}" = "${PATH_INFO}" ]; then
- attpath="${PATH_INFO%/*}/#attachments/${PATH_INFO##*/}"
+ if ! acl_read "${PATH_INFO%/\[attachment\]/*}"; then
+ theme_error 403
+ return 0
+ elif [ -f "$_DATA/pages/$attpath" ]; then
+ FILE "$_DATA/pages/$attpath"
+ return 0
+ elif [ -f "$_EXEC/pages/$attpath" ]; then
+ FILE "$_EXEC/pages/$attpath"
+ return 0
+ else
+ theme_error 404
+ return 0
+ fi
+ ;;
+ */*/)
+ return 1
+ ;;
+ */*)
+ attpath="${PATH_INFO%/*}/#attachments/${PATH_INFO##*/}"
- if ! acl_read "${PATH_INFO%/*}/"; then
- theme_error 403
- return 0
- elif [ -f "$_DATA/pages/$attpath" ]; then
- FILE "$(attachment_convert "$_DATA/pages/$attpath")"
- return 0
- elif [ -f "$_EXEC/pages/$attpath" ]; then
- FILE "$(attachment_convert "$_EXEC/pages/$attpath")"
- return 0
- elif [ -d "$_DATA/pages/${PATH_INFO}" -o -d "$_EXEC/pages/${PATH_INFO}" ]; then
- REDIRECT "${_BASE}${PATH_INFO}/"
- elif [ "${PATH_INFO%\[*\]}" = "${PATH_INFO}" ]; then
- theme_error 404
- return 0
- fi
-fi
+ if ! acl_read "${PATH_INFO%/*}/"; then
+ theme_error 403
+ return 0
+ elif [ -f "$_DATA/pages/$attpath" ]; then
+ FILE "$(attachment_convert "$_DATA/pages/$attpath")"
+ return 0
+ elif [ -f "$_EXEC/pages/$attpath" ]; then
+ FILE "$(attachment_convert "$_EXEC/pages/$attpath")"
+ return 0
+ elif [ -d "$_DATA/pages/${PATH_INFO}" -o -d "$_EXEC/pages/${PATH_INFO}" ]; then
+ REDIRECT "${_BASE}${PATH_INFO}/"
+ elif [ "${PATH_INFO%\[*\]}" = "${PATH_INFO}" ]; then
+ theme_error 404
+ return 0
+ fi
+ ;;
+esac
return 1
projects / shellwiki / blobdiff