webmcp
view framework/env/request/default_router.lua @ 347:169dfbd0246a
Prohibit public access to listing of subdirectories in static/ (on BSD systems)
| author | jbe |
|---|---|
| date | Thu Mar 26 03:00:04 2015 +0100 (2015-03-26) |
| parents | db79324a13fe |
| children | 545ec2e3eafa |
line source
1 --[[--
2 route =
3 request.default_router(
4 path -- URL path, including a leading slash
5 )
7 Default conversion from a path to a route. Called by request.router().
9 --]]--
11 function request.default_router(path)
12 if not path then
13 return nil
14 end
15 if path == "" then
16 return {module = "index", view = "index"}
17 end
18 local static = string.match(path, "^static/([-./0-9A-Z_a-z]*)$")
19 if static then
20 -- TODO: move sanitizer to request.handler(...)
21 if string.match(static, "^/") or string.match(static, "//") then
22 return nil
23 end
24 for element in string.gmatch(static, "[^/]+") do
25 if element == "." or element == ".." then
26 return nil
27 end
28 end
29 return {static = static}
30 end
31 local module, action, view, id, suffix
32 module = string.match(path, "^([^/]+)/$")
33 if module then
34 return {module = module, view = "index"}
35 end
36 module, action = string.match(path, "^([^/]+)/([^/.]+)$")
37 if module then
38 return {module = module, action = action}
39 end
40 module, view, suffix = string.match(path, "^([^/]+)/([^/.]+)%.([^/]+)$")
41 if module then
42 return {module = module, view = view, suffix = suffix}
43 end
44 module, view, id, suffix = string.match(path, "^([^/]+)/([^/]+)/([^/.]+)%.([^/]+)$")
45 if module then
46 return {module = module, view = view, id = id, suffix = suffix}
47 end
48 return nil
49 end
51 --//--