ExternalVendorCode/serval-dna
1
0
Fork 0
mirror of https://github.com/servalproject/serval-dna.git synced 2024-12-19 05:07:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

/restful/rhizome/insert reject out-of-order parameters

Browse Source 
Must have the 'bundle-secret', 'bundle-author' and 'bundle-id'
parameters before the 'manifest' part
This commit is contained in:
Andrew Bettison 2015-03-28 05:05:48 +10:30
parent ccf4824605
commit 99ff49d502
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
rhizome_restful.c
View File

@ -451,18 +451,27 @@ static int insert_mime_part_header(struct http_request *hr, const struct mime_pa
if (strcmp(h->content_disposition.name, PART_AUTHOR) == 0) {
if (r->u.insert.received_author)
return http_response_form_part(r, "Duplicate", PART_AUTHOR, NULL, 0);
// Reject a request if this parameter comes after the manifest part.
if (r->u.insert.received_manifest)
return http_response_form_part(r, "Spurious", PART_AUTHOR, NULL, 0);
r->u.insert.current_part = PART_AUTHOR;
assert(r->u.insert.author_hex_len == 0);
}
else if (strcmp(h->content_disposition.name, PART_SECRET) == 0) {
if (r->u.insert.received_secret)
return http_response_form_part(r, "Duplicate", PART_SECRET, NULL, 0);
// Reject a request if this parameter comes after the manifest part.
if (r->u.insert.received_manifest)
return http_response_form_part(r, "Spurious", PART_SECRET, NULL, 0);
r->u.insert.current_part = PART_SECRET;
assert(r->u.insert.secret_text_len == 0);
}
else if (strcmp(h->content_disposition.name, PART_BUNDLEID) == 0) {
if (r->u.insert.received_bundleid)
return http_response_form_part(r, "Duplicate", PART_BUNDLEID, NULL, 0);
// Reject a request if this parameter comes after the manifest part.
if (r->u.insert.received_manifest)
return http_response_form_part(r, "Spurious", PART_BUNDLEID, NULL, 0);
r->u.insert.current_part = PART_BUNDLEID;
assert(r->u.insert.bid_text_len == 0);
}