indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Error handling when reading POST data

main
Bob Mottram 2020-06-08 19:52:18 +01:00
parent d780c3330f
commit 29c8332741
1 changed files with 123 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
daemon.py
View File

@ -5436,7 +5436,11 @@ class PubServer(BaseHTTPRequestHandler):
if ';' in boundary: if ';' in boundary:
boundary = boundary.split(';')[0] boundary = boundary.split(';')[0]
postBytes = self.rfile.read(length) try:
postBytes = self.rfile.read(length)
except BaseException:
print('ERROR: POST postBytes rfile.read failed')
return None
# second length check from the bytes received # second length check from the bytes received
# since Content-Length could be untruthful # since Content-Length could be untruthful
@ -5545,7 +5549,16 @@ class PubServer(BaseHTTPRequestHandler):
self.end_headers() self.end_headers()
self.server.POSTbusy = False self.server.POSTbusy = False
return return
loginParams = self.rfile.read(length).decode('utf-8')
try:
loginParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
loginNickname, loginPassword, register = \ loginNickname, loginPassword, register = \
htmlGetLoginCredentials(loginParams, self.server.lastLoginTime) htmlGetLoginCredentials(loginParams, self.server.lastLoginTime)
if loginNickname: if loginNickname:
@ -5723,6 +5736,8 @@ class PubServer(BaseHTTPRequestHandler):
postBytes = self.rfile.read(length) postBytes = self.rfile.read(length)
except BaseException: except BaseException:
print('ERROR: failed to read bytes for POST') print('ERROR: failed to read bytes for POST')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False self.server.POSTbusy = False
return return
@ -6308,7 +6323,14 @@ class PubServer(BaseHTTPRequestHandler):
self.server.httpPrefix + '://' + \ self.server.httpPrefix + '://' + \
self.server.domainFull + usersPath self.server.domainFull + usersPath
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
moderationParams = self.rfile.read(length).decode('utf-8') try:
moderationParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST moderationParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
if '&' in moderationParams: if '&' in moderationParams:
moderationText = None moderationText = None
moderationButton = None moderationButton = None
@ -6471,7 +6493,14 @@ class PubServer(BaseHTTPRequestHandler):
return return
# get the parameters # get the parameters
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
questionParams = self.rfile.read(length).decode('utf-8') try:
questionParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST questionParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
questionParams = questionParams.replace('+', ' ') questionParams = questionParams.replace('+', ' ')
questionParams = questionParams.replace('%3F', '') questionParams = questionParams.replace('%3F', '')
questionParams = \ questionParams = \
@ -6522,7 +6551,14 @@ class PubServer(BaseHTTPRequestHandler):
self.server.httpPrefix + '://' + \ self.server.httpPrefix + '://' + \
self.server.domainFull + usersPath self.server.domainFull + usersPath
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
searchParams = self.rfile.read(length).decode('utf-8') try:
searchParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST searchParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
if 'submitBack=' in searchParams: if 'submitBack=' in searchParams:
# go back on search screen # go back on search screen
if callingDomain.endswith('.onion') and \ if callingDomain.endswith('.onion') and \
@ -6719,7 +6755,15 @@ class PubServer(BaseHTTPRequestHandler):
self.server.httpPrefix + '://' + \ self.server.httpPrefix + '://' + \
self.server.domainFull + usersPath self.server.domainFull + usersPath
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
removeShareConfirmParams = self.rfile.read(length).decode('utf-8') try:
removeShareConfirmParams = \
self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST removeShareConfirmParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
if '&submitYes=' in removeShareConfirmParams: if '&submitYes=' in removeShareConfirmParams:
removeShareConfirmParams = \ removeShareConfirmParams = \
removeShareConfirmParams.replace('+', ' ').strip() removeShareConfirmParams.replace('+', ' ').strip()
@ -6759,7 +6803,15 @@ class PubServer(BaseHTTPRequestHandler):
self.server.httpPrefix + '://' + \ self.server.httpPrefix + '://' + \
self.server.domainFull + usersPath self.server.domainFull + usersPath
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
removePostConfirmParams = self.rfile.read(length).decode('utf-8') try:
removePostConfirmParams = \
self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST removePostConfirmParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
if '&submitYes=' in removePostConfirmParams: if '&submitYes=' in removePostConfirmParams:
removePostConfirmParams = \ removePostConfirmParams = \
urllib.parse.unquote(removePostConfirmParams) urllib.parse.unquote(removePostConfirmParams)
@ -6833,7 +6885,14 @@ class PubServer(BaseHTTPRequestHandler):
self.server.domainFull + usersPath self.server.domainFull + usersPath
followerNickname = getNicknameFromActor(originPathStr) followerNickname = getNicknameFromActor(originPathStr)
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
followConfirmParams = self.rfile.read(length).decode('utf-8') try:
followConfirmParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST followConfirmParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
if '&submitView=' in followConfirmParams: if '&submitView=' in followConfirmParams:
followingActor = \ followingActor = \
urllib.parse.unquote(followConfirmParams) urllib.parse.unquote(followConfirmParams)
@ -6897,7 +6956,14 @@ class PubServer(BaseHTTPRequestHandler):
self.server.domainFull + usersPath self.server.domainFull + usersPath
followerNickname = getNicknameFromActor(originPathStr) followerNickname = getNicknameFromActor(originPathStr)
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
followConfirmParams = self.rfile.read(length).decode('utf-8') try:
followConfirmParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST followConfirmParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
if '&submitYes=' in followConfirmParams: if '&submitYes=' in followConfirmParams:
followingActor = \ followingActor = \
urllib.parse.unquote(followConfirmParams) urllib.parse.unquote(followConfirmParams)
@ -6973,7 +7039,14 @@ class PubServer(BaseHTTPRequestHandler):
self.server.POSTbusy = False self.server.POSTbusy = False
return return
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
blockConfirmParams = self.rfile.read(length).decode('utf-8') try:
blockConfirmParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST blockConfirmParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
if '&submitYes=' in blockConfirmParams: if '&submitYes=' in blockConfirmParams:
blockingActor = \ blockingActor = \
urllib.parse.unquote(blockConfirmParams) urllib.parse.unquote(blockConfirmParams)
@ -7052,7 +7125,14 @@ class PubServer(BaseHTTPRequestHandler):
self.server.POSTbusy = False self.server.POSTbusy = False
return return
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
blockConfirmParams = self.rfile.read(length).decode('utf-8') try:
blockConfirmParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST blockConfirmParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
if '&submitYes=' in blockConfirmParams: if '&submitYes=' in blockConfirmParams:
blockingActor = \ blockingActor = \
urllib.parse.unquote(blockConfirmParams) urllib.parse.unquote(blockConfirmParams)
@ -7133,7 +7213,14 @@ class PubServer(BaseHTTPRequestHandler):
self.server.POSTbusy = False self.server.POSTbusy = False
return return
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
optionsConfirmParams = self.rfile.read(length).decode('utf-8') try:
optionsConfirmParams = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST optionsConfirmParams rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
optionsConfirmParams = \ optionsConfirmParams = \
urllib.parse.unquote(optionsConfirmParams) urllib.parse.unquote(optionsConfirmParams)
# page number to return to # page number to return to
@ -7456,7 +7543,14 @@ class PubServer(BaseHTTPRequestHandler):
self._404() self._404()
self.server.POSTbusy = False self.server.POSTbusy = False
return return
mediaBytes = self.rfile.read(length) try:
mediaBytes = self.rfile.read(length)
except BaseException:
print('ERROR: POST mediaBytes rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
mediaFilenameBase = accountsDir + '/upload' mediaFilenameBase = accountsDir + '/upload'
mediaFilename = mediaFilenameBase + '.png' mediaFilename = mediaFilenameBase + '.png'
if self.headers['Content-type'].endswith('jpeg'): if self.headers['Content-type'].endswith('jpeg'):
@ -7482,7 +7576,14 @@ class PubServer(BaseHTTPRequestHandler):
print(str(self.headers)) print(str(self.headers))
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
if length < self.server.maxPostLength: if length < self.server.maxPostLength:
unknownPost = self.rfile.read(length).decode('utf-8') try:
unknownPost = self.rfile.read(length).decode('utf-8')
except BaseException:
print('ERROR: POST unknownPost rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
print(str(unknownPost)) print(str(unknownPost))
self._400() self._400()
self.server.POSTbusy = False self.server.POSTbusy = False
@ -7509,7 +7610,14 @@ class PubServer(BaseHTTPRequestHandler):
self.server.POSTbusy = False self.server.POSTbusy = False
return return
messageBytes = self.rfile.read(length) try:
messageBytes = self.rfile.read(length)
except BaseException:
print('ERROR: POST messageBytes rfile.read failed')
self.send_response(400)
self.end_headers()
self.server.POSTbusy = False
return
# check content length after reading bytes # check content length after reading bytes
if self.path == '/sharedInbox' or self.path == '/inbox': if self.path == '/sharedInbox' or self.path == '/inbox':