liquid_feedback_frontend

changeset 1110:9461c738ea0b

find changesets by author, revision, files, or words in the commit message
Backported support for pseudonymous access to fastpath image interface from version 3.0.3
author jbe
date Mon Nov 10 18:48:58 2014 +0100 (2014-11-10)
parents 68d91f47bb98
children 5b77825ecfa6
files fastpath/getpic.c
line diff
     1.1 --- a/fastpath/getpic.c	Thu Jul 10 01:02:36 2014 +0200
     1.2 +++ b/fastpath/getpic.c	Mon Nov 10 18:48:58 2014 +0100
     1.3 @@ -23,6 +23,9 @@
     1.4    const char *sql_member_image_params[2];
     1.5  
     1.6  #ifndef PUBLIC_ACCESS
     1.7 +#ifdef PUBLIC_AVATAR_ACCESS
     1.8 +  int authorization_required = 0;
     1.9 +#endif
    1.10    char *cookies;
    1.11    regex_t session_ident_regex;
    1.12    ssize_t start, length;
    1.13 @@ -35,40 +38,48 @@
    1.14    PGresult *dbr;
    1.15  
    1.16    args_string = getenv("QUERY_STRING");
    1.17 -#ifdef PUBLIC_ACCESS
    1.18    if (!args_string) {
    1.19      fputs("Status: 403 Access Denied\n\n", stdout);
    1.20      return 0;
    1.21    }
    1.22 -#else
    1.23 -  cookies = getenv("HTTP_COOKIE");
    1.24 -  if (!args_string || !cookies) {
    1.25 +
    1.26 +  member_id   = strtok(args_string, "+");
    1.27 +  image_type  = strtok(NULL, "+");
    1.28 +  if (!member_id || !image_type) {
    1.29      fputs("Status: 403 Access Denied\n\n", stdout);
    1.30      return 0;
    1.31    }
    1.32 -#endif
    1.33 -
    1.34 -  member_id   = strtok(args_string, "+");
    1.35 -  image_type  = strtok(NULL, "+");
    1.36    sql_member_image_params[0] = member_id;
    1.37    sql_member_image_params[1] = image_type;
    1.38  
    1.39  #ifndef PUBLIC_ACCESS
    1.40 -  if (regcomp(&session_ident_regex, "(^|[; \t])liquid_feedback_session=([0-9A-Za-z]+)", REG_EXTENDED) != 0) {
    1.41 -    // shouldn't happen
    1.42 -    abort();
    1.43 -  }
    1.44 -  if (regexec(&session_ident_regex, cookies, 3, session_ident_regmatch, 0) != 0) {
    1.45 -    fputs("Status: 403 Access Denied\n\n", stdout);
    1.46 -    return 0;
    1.47 +#ifdef PUBLIC_AVATAR_ACCESS
    1.48 +  if (strcmp(image_type, "avatar")) {
    1.49 +    authorization_required = 1;
    1.50 +#endif
    1.51 +    cookies = getenv("HTTP_COOKIE");
    1.52 +    if (!args_string || !cookies) {
    1.53 +      fputs("Status: 403 Access Denied\n\n", stdout);
    1.54 +      return 0;
    1.55 +    }
    1.56 +    if (regcomp(&session_ident_regex, "(^|[; \t])liquid_feedback_session=([0-9A-Za-z]+)", REG_EXTENDED) != 0) {
    1.57 +      // shouldn't happen
    1.58 +      abort();
    1.59 +    }
    1.60 +    if (regexec(&session_ident_regex, cookies, 3, session_ident_regmatch, 0) != 0) {
    1.61 +      fputs("Status: 403 Access Denied\n\n", stdout);
    1.62 +      return 0;
    1.63 +    }
    1.64 +    start = session_ident_regmatch[2].rm_so;
    1.65 +    length = session_ident_regmatch[2].rm_eo - session_ident_regmatch[2].rm_so;
    1.66 +    session_ident = malloc(length + 1);
    1.67 +    if (!session_ident) abort();  // shouldn't happen
    1.68 +    strncpy(session_ident, cookies + start, length);
    1.69 +    session_ident[length] = 0;
    1.70 +    sql_session_params[0] = session_ident;
    1.71 +#ifdef PUBLIC_AVATAR_ACCESS
    1.72    }
    1.73 -  start = session_ident_regmatch[2].rm_so;
    1.74 -  length = session_ident_regmatch[2].rm_eo - session_ident_regmatch[2].rm_so;
    1.75 -  session_ident = malloc(length + 1);
    1.76 -  if (!session_ident) abort();  // shouldn't happen
    1.77 -  strncpy(session_ident, cookies + start, length);
    1.78 -  session_ident[length] = 0;
    1.79 -  sql_session_params[0] = session_ident;
    1.80 +#endif
    1.81  #endif
    1.82  
    1.83    conn = PQconnectdb(GETPIC_CONNINFO);
    1.84 @@ -83,20 +94,26 @@
    1.85    }
    1.86  
    1.87  #ifndef PUBLIC_ACCESS
    1.88 -  dbr = PQexecParams(conn,
    1.89 -    "SELECT NULL FROM session JOIN member ON member.id = session.member_id WHERE session.ident = $1 AND member.active",
    1.90 -    1, NULL, sql_session_params, NULL, NULL, 0
    1.91 -  );
    1.92 -  if (PQresultStatus(dbr) != PGRES_TUPLES_OK) {
    1.93 -    fputs(PQresultErrorMessage(dbr), stderr);
    1.94 -    PQfinish(conn);
    1.95 -    return 1;
    1.96 +#ifdef PUBLIC_AVATAR_ACCESS
    1.97 +  if (authorization_required) {
    1.98 +#endif
    1.99 +    dbr = PQexecParams(conn,
   1.100 +      "SELECT NULL FROM session JOIN member ON member.id = session.member_id WHERE session.ident = $1 AND member.active",
   1.101 +      1, NULL, sql_session_params, NULL, NULL, 0
   1.102 +    );
   1.103 +    if (PQresultStatus(dbr) != PGRES_TUPLES_OK) {
   1.104 +      fputs(PQresultErrorMessage(dbr), stderr);
   1.105 +      PQfinish(conn);
   1.106 +      return 1;
   1.107 +    }
   1.108 +    if (PQntuples(dbr) != 1) {
   1.109 +      fputs("Status: 403 Access Denied\n\n", stdout);
   1.110 +      PQfinish(conn);
   1.111 +      return 0;
   1.112 +    }
   1.113 +#ifdef PUBLIC_AVATAR_ACCESS
   1.114    }
   1.115 -  if (PQntuples(dbr) != 1) {
   1.116 -    fputs("Status: 403 Access Denied\n\n", stdout);
   1.117 -    PQfinish(conn);
   1.118 -    return 0;
   1.119 -  }
   1.120 +#endif
   1.121  #endif
   1.122  
   1.123    dbr = PQexecParams(conn,

Impressum / About Us