# HG changeset patch # User renatofilho # Date 1187042588 -3600 # Node ID d0e8c542c38e953e797ef7de49cd8603fed09b27 # Parent e51af4d0caf5d1ac07d184674ffb479d62796a5f [svn r808] fixed some security bugs diff -r e51af4d0caf5 -r d0e8c542c38e gmyth-stream/server/0.3/lib/request_handler.py --- a/gmyth-stream/server/0.3/lib/request_handler.py Mon Aug 13 22:54:55 2007 +0100 +++ b/gmyth-stream/server/0.3/lib/request_handler.py Mon Aug 13 23:03:08 2007 +0100 @@ -355,8 +355,14 @@ # serve_file_info() def serve_stream(self, body): - filename = self.query.get("uri", None)[0] + filename = self.query.get("file", None)[0] + if not filename: + self.send_error(404, "File not found") + return + + #Only stream files on .transcode dir + filename = ".transcode/" + os.path.basename(filename) if not os.path.exists (filename): self.send_error(404, "File not found") return @@ -387,7 +393,8 @@ status = utils.progress_bar(total_read, size, 50) msg_status = "Status:%s:%s%%" % (test_tid, status) self.transcoders_log._update_status(test_tid, msg_status) - self.transcoders_log._update_status(test_tid, "OK: Done") + + self.transcoders_log._update_status(test_tid, "OK: Done") except Exception, e: self.log.error("Stream error: %s" %e) @@ -395,6 +402,11 @@ # serve_stream() def serve_transcode(self, body): + type = self.query.get("type", None)[0] + if type.upper() == "FILE": + self.send_error(404, "Transcode local files not allowed") + return + transcoder = self._get_transcoder() try: obj = transcoder(self.query) @@ -409,7 +421,7 @@ if (obj.name == "gmencoder"): self.send_header("Transfer-Encoding", "chunked") - self.send_header("Connection", "close") + #self.send_header("Connection", "close") self.end_headers() if body: