Fixed bug: check to make sure upload->fp is valid (no file may have
been passed).
Checked in ErrorScript, and documentation.
PR:
Obtained from:
Submitted by:
Reviewed by:
diff --git a/builddtcl.sh b/builddtcl.sh
index 95671e4..30746f5 100755
--- a/builddtcl.sh
+++ b/builddtcl.sh
@@ -26,7 +26,7 @@
APACHE=$HOME/download/apache-1.3/ ######### CHANGEME ##########
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# APACHE=/usr/local/src/apache-1.3/
-APACHE=/
+# APACHE=/
export APACHE
diff --git a/docs/documentation.html b/docs/documentation.html
index ac7cb5b..c97d9c5 100644
--- a/docs/documentation.html
+++ b/docs/documentation.html
@@ -179,6 +179,13 @@
<code><b>Dtcl_Script AfterScript <i>"script"</i></b></code><br>
Script to be called after each .ttml page.
</li>
+
+ <li>
+ <code><b>Dtcl_Script ErrorScript <i>"script"</i></b></code><br>
+ This code is called in place of the standard 'error' pages
+ generated for mod_dtcl. This directive may be useful if you
+ have sensitive logic that you wish to protect.
+ </li>
<li>
<code><b>Dtcl_CacheSize <i>cachesize</i></b></code><br>
@@ -295,10 +302,12 @@
<code><b>$::request::UPLOAD(type)</b></code><br>
The content type of the file upload. <i>Not always available!</i><br>
- <code><b>$::request::UPLOAD(channelname)</b></code><br>
- The name of a Tcl channel which may be used to manipulate
- the uploaded file. If Dtcl_UploadFilesToVar is set, this
- variable doesn't get created.<br>
+ <code><b>$::request::UPLOAD(channelname)</b></code><br> The
+ name of a Tcl channel which may be used to manipulate the
+ uploaded file. If Dtcl_UploadFilesToVar is set, this
+ variable doesn't get created. If no file is passed to the
+ server, this variable does not exist! Be sure to check for
+ this.<br>
<code><b>$::request::UPLOAD(data)</b></code><br>
Contents of the uploaded file, if Dtcl_UploadFilesToVar is
diff --git a/mod_dtcl.c b/mod_dtcl.c
index 7237c4c..914cf6c 100644
--- a/mod_dtcl.c
+++ b/mod_dtcl.c
@@ -443,10 +443,12 @@
{
char *errorinfo;
char *hashKey;
- Tcl_Obj *outbuf;
int isNew;
- Tcl_HashEntry *entry;
+ dtcl_server_conf *dsc = NULL;
+
+ Tcl_Obj *outbuf;
+ Tcl_HashEntry *entry;
Tcl_Interp *interp = GETREQINTERP(r);
/* Look for the script's compiled version. If it's not found, create it. */
@@ -456,7 +458,6 @@
/* BEGIN PARSER */
char inside = 0; /* are we inside the starting/ending delimiters */
- dtcl_server_conf *dsc = NULL;
const char *strstart = STARTING_SEQUENCE;
const char *strend = ENDING_SEQUENCE;
@@ -617,6 +618,7 @@
} else if (cacheSize) { /* if it's zero, we just skip this... */
Tcl_HashEntry *delEntry;
+ /* a better algorithm wouldn't hurt */
delEntry = Tcl_FindHashEntry(&objCache, objCacheList[cacheSize - 1]);
Tcl_DecrRefCount((Tcl_Obj *)Tcl_GetHashValue(delEntry));
Tcl_DeleteHashEntry(delEntry);
@@ -642,7 +644,8 @@
flush_output_buffer(global_rr);
if (dsc->dtcl_error_script)
{
- Tcl_EvalObj(interp, dsc->dtcl_error_script);
+ if (Tcl_EvalObj(interp, dsc->dtcl_error_script) == TCL_ERROR)
+ print_error(r, 1, "<b>Tcl_ErrorScript failed!</b>");
} else {
/* default action */
errorinfo = Tcl_GetVar(interp, "errorInfo", 0);
@@ -784,14 +787,17 @@
}
if (!upload_files_to_var)
{
- chan = Tcl_MakeFileChannel((ClientData *)fileno(upload->fp), TCL_READABLE);
- Tcl_RegisterChannel(interp, chan);
- channelname = Tcl_GetChannelName(chan);
- Tcl_ObjSetVar2(interp,
- Tcl_NewStringObj("::request::UPLOAD", -1),
- Tcl_NewStringObj("channelname", -1),
- Tcl_NewStringObj(channelname, -1), /* kill end of line */
- TCL_LIST_ELEMENT|TCL_APPEND_VALUE);
+ if (upload->fp != NULL)
+ {
+ chan = Tcl_MakeFileChannel((ClientData *)fileno(upload->fp), TCL_READABLE);
+ Tcl_RegisterChannel(interp, chan);
+ channelname = Tcl_GetChannelName(chan);
+ Tcl_ObjSetVar2(interp,
+ Tcl_NewStringObj("::request::UPLOAD", -1),
+ Tcl_NewStringObj("channelname", -1),
+ Tcl_NewStringObj(channelname, -1), /* kill end of line */
+ TCL_LIST_ELEMENT|TCL_APPEND_VALUE);
+ }
}
upload = upload->next;
