From 5c628517d1be67e6eccb6a71c03a39cd10aec178 Mon Sep 17 00:00:00 2001
From: Slava Pestov <slava@factorcode.org>
Date: Tue, 11 Dec 2007 18:44:26 -0500
Subject: [PATCH] Source responder fixes

---
 extra/webapps/file/file.factor     | 12 ++----------
 extra/webapps/source/source.factor | 31 +++++++++++++++++++++---------
 2 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/extra/webapps/file/file.factor b/extra/webapps/file/file.factor
index 3a8feddbad..110b90f84a 100755
--- a/extra/webapps/file/file.factor
+++ b/extra/webapps/file/file.factor
@@ -35,8 +35,9 @@ IN: webapps.file
 SYMBOL: serve-file-hook
 
 [
+    dupd
     file-response
-    stdio get stream-copy
+    <file-reader> stdio get stream-copy
 ] serve-file-hook set-global
 
 : serve-static ( filename mime-type -- )
@@ -46,7 +47,6 @@ SYMBOL: serve-file-hook
         "method" get "head" = [
             file-response
         ] [
-            >r dup <file-reader> swap r>
             serve-file-hook get call
         ] if 
     ] if ;
@@ -118,14 +118,6 @@ SYMBOL: page
     ] if ;
 
 global [
-    ! Serve up our own source code
-    "resources" [
-        [
-            "" resource-path "doc-root" set
-            file-responder
-        ] with-scope
-    ] add-simple-responder
-    
     ! Serves files from a directory stored in the "doc-root"
     ! variable. You can set the variable in the global
     ! namespace, or inside the responder.
diff --git a/extra/webapps/source/source.factor b/extra/webapps/source/source.factor
index efc46c68b7..c414e0ac70 100755
--- a/extra/webapps/source/source.factor
+++ b/extra/webapps/source/source.factor
@@ -1,20 +1,33 @@
 ! Copyright (C) 2007 Slava Pestov.
 ! See http://factorcode.org/license.txt for BSD license.
 USING: io.files namespaces webapps.file http.server.responders
-xmode.code2html kernel html ;
+xmode.code2html kernel html sequences ;
 IN: webapps.source
 
+! This responder is a potential security problem. Make sure you
+! don't have sensitive files stored under vm/, core/, extra/
+! or misc/.
+
+: check-source-path ( path -- ? )
+    { "vm/" "core/" "extra/" "misc/" }
+    [ head? ] curry* contains? ;
+
+: source-responder ( path mime-type -- )
+    drop
+    serving-html
+    [ dup <file-reader> htmlize-stream ] with-html-stream ;
+
 global [
     ! Serve up our own source code
     "source" [
-        [
-            "" resource-path "doc-root" set
+        "argument" get check-source-path [
             [
-                drop
-                serving-html
-                [ swap htmlize-stream ] with-html-stream
-            ] serve-file-hook set
-            file-responder
-        ] with-scope
+                "" resource-path "doc-root" set
+                [ source-responder ] serve-file-hook set
+                file-responder
+            ] with-scope
+        ] [
+            "403 forbidden" httpd-error
+        ] if
     ] add-simple-responder
 ] bind