linaro-license-protection

Merge lp:~gesha/linaro-license-protection/fix-https-and-chrome into lp:~linaro-automation/linaro-license-protection/trunk

  1. fix-https-and-chrome
  2. Merge into trunk
Proposed by Georgy Redkozubov
Status: Merged
Merged at revision: 63
Proposed branch: lp:~gesha/linaro-license-protection/fix-https-and-chrome
Merge into: lp:~linaro-automation/linaro-license-protection/trunk
Diff against target: 221 lines (+84/-36)
3 files modified
.htaccess (+18/-5)
licenses/license.php (+64/-29)
licenses/ste.html (+2/-2)
To merge this branch: bzr merge lp:~gesha/linaro-license-protection/fix-https-and-chrome
Reviewer Review Type Date Requested Status
James Tunnicliffe (community) Approve
Paul Sokolovsky Approve
Review via email: mp+103482@code.launchpad.net

Description of the change

This branch adds https processing and fixes cookies handling.

To post a comment you must log in.
lp:~gesha/linaro-license-protection/fix-https-and-chrome updated
67. By Georgy Redkozubov

Updated filename handling

68. By Georgy Redkozubov

Added symlinks support

Revision history for this message
Paul Sokolovsky (pfalcon) wrote :

I was here and eyeballed it for typos, etc.

Not sure I understand functionality enough to comment on that. One thing I could point to is:

+function check_file($fn)
70 +{
71 + if (is_file($fn) or is_link($fn)) {

if (file_exists($fn) and check_file($fn)) { // Requested download is file

Symlink is assumed to be a file, but it can point to a dir too.

review: Approve
Revision history for this message
James Tunnicliffe (dooferlad) wrote :

This looks fine to me. I assume it passes the tests :-)

On the subject of tests, I don't think we have one for the condition that Paul spotted (simlink to something that isn't a file). I don't think it is worth holding up releasing this since I don't think we simlink to directories at the moment on snapshots or releases, but it is worth filing a bug and getting it fixed when you have the time.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file '.htaccess'
2--- .htaccess 2012-04-24 08:30:45 +0000
3+++ .htaccess 2012-04-25 16:35:48 +0000
4@@ -11,11 +11,13 @@
5
6 ## CO_DOMAIN is set to host name or host address
7 ## without port number for use in cookie domain
8-RewriteCond %{SERVER_PORT} !^80$
9+RewriteCond %{SERVER_PORT} !^80$ [OR]
10+RewriteCond %{SERVER_PORT} !^443$
11 RewriteCond %{HTTP_HOST} (.*)(\:.*)
12 RewriteRule .* - [E=CO_DOMAIN:%1]
13
14-RewriteCond %{SERVER_PORT} ^80$
15+RewriteCond %{SERVER_PORT} !^80$ [OR]
16+RewriteCond %{SERVER_PORT} !^443$
17 RewriteCond %{HTTP_HOST} (^.*$)
18 RewriteRule .* - [E=CO_DOMAIN:%1]
19
20@@ -50,7 +52,7 @@
21 ## Unset it to be able to process several protected files in the same dir
22 RewriteCond %{HTTP_COOKIE} licenseaccepted=true
23 RewriteCond %{HTTP_COOKIE} downloadrequested=([^\;]*\/)([^/\;]*)
24-RewriteRule .* - [CO=licenseaccepted:INVALID:;:-1:%1,L]
25+RewriteRule .* - [CO=licenseaccepted:INVALID:.%{ENV:CO_DOMAIN}:-1:%1,L]
26
27 ## When license is accepted, set the cookie.
28 RewriteCond %{REQUEST_URI} licenses/.*-accepted.html$
29@@ -62,6 +64,17 @@
30 RewriteCond %{HTTP_COOKIE} downloadrequested=(.*)
31 RewriteRule .* /licenses/nolicense.html [L]
32
33+## Exception for images.
34+RewriteCond %{REQUEST_URI} /favicon.ico [OR]
35+RewriteCond %{REQUEST_URI} .*\.png
36+RewriteRule .* - [L]
37+
38+## Exception for restricted area
39+RewriteCond %{REQUEST_URI} .*openid.* [OR]
40+RewriteCond %{REQUEST_URI} .*restricted.* [OR]
41+RewriteCond %{REQUEST_URI} .*private.*
42+RewriteRule .* - [L]
43+
44 ## Pass through any non-protected dirs.
45 RewriteCond %{REQUEST_FILENAME} -d
46 RewriteCond %{REQUEST_FILENAME}/OPEN-EULA.txt -f
47@@ -73,11 +86,11 @@
48
49 ## Unset cookie indicating redirect from license.php
50 RewriteCond %{HTTP_COOKIE} redirectlicensephp=yes
51-RewriteRule .* - [CO=redirectlicensephp:INVALID:;:-1,L]
52+RewriteRule .* - [CO=redirectlicensephp:INVALID:.%{ENV:CO_DOMAIN}:-1,L]
53
54 ## Redirect to the Samsung license file protected builds.
55 RewriteCond %{REQUEST_URI} !^/$
56-RewriteRule .* /licenses/license.php [CO=downloadrequested:%{REQUEST_URI}:.%{ENV:CO_DOMAIN},L,R]
57+RewriteRule .* /licenses/license.php [CO=downloadrequested:%{REQUEST_URI}:.%{ENV:CO_DOMAIN}:5:/,L,R]
58
59 ## Return "Permission denied" if no EULA/OPEN-EULA exists
60 RewriteCond %{REQUEST_URI} !^/$
61
62=== modified file 'licenses/license.php'
63--- licenses/license.php 2012-04-24 08:30:45 +0000
64+++ licenses/license.php 2012-04-25 16:35:48 +0000
65@@ -1,12 +1,20 @@
66 <?php
67 // Get list of files into array to process them later.
68 // Used to find special licenses and dirs with only subdirs.
69+function check_file($fn)
70+{
71+ if (is_file($fn) or is_link($fn)) {
72+ return true;
73+ }
74+ return false;
75+}
76+
77 function getFilesList($dirname)
78 {
79 $files = array();
80 if ($handle = opendir($dirname)) {
81 while ($handle && false !== ($entry = readdir($handle))) {
82- if ($entry != "." && $entry != ".." && !is_dir($dirname.$entry) && !is_link($dirname.$entry)) {
83+ if ($entry != "." && $entry != ".." && !is_dir($dirname.$entry) && $entry != "HEADER.html") {
84 $files[] = $entry;
85 }
86 }
87@@ -55,31 +63,58 @@
88 } else {
89 $theme = "linaro";
90 }
91- }
92+ }
93 return $theme;
94 }
95
96+function status_forbidden($dir)
97+{
98+ header("Status: 403");
99+ header("HTTP/1.1 403 Forbidden");
100+ echo "<h1>Forbidden</h1>";
101+ echo "You don't have permission to access ".$dir." on this server.";
102+ exit;
103+}
104+
105+function status_ok($dir, $domain)
106+{
107+ header("Status: 200");
108+ header("Location: ".$dir);
109+ setcookie("redirectlicensephp", "yes", 0, "/", ".".$domain);
110+ exit;
111+}
112+
113+function status_not_found()
114+{
115+ header("Status: 404");
116+ header("HTTP/1.0 404 Not Found");
117+ echo "<h1>404 Not Found</h1>";
118+ echo "The requested URL was not found on this server.";
119+ exit;
120+}
121+
122 $down = $_COOKIE["downloadrequested"];
123 $host = $_SERVER["HTTP_HOST"];
124 $doc = $_SERVER["DOCUMENT_ROOT"];
125+$domain = $_SERVER["CO_DOMAIN"];
126 $fn = $doc.$down; // Filename on server
127 $flist = array();
128 $eula = '';
129
130-if (file_exists($fn) and is_file($fn)) { // Requested download is file
131+if (preg_match("/.*openid.*/", $fn) or preg_match("/.*restricted.*/", $fn) or preg_match("/.*private.*/", $fn)) {
132+ status_ok($down, $domain);
133+}
134+
135+if (file_exists($fn) and check_file($fn)) { // Requested download is file
136 $search_dir = dirname($fn);
137 $repl = dirname($down);
138- $name_only = splitFilename(basename($down));
139+ $name_only = array(basename($down), '');
140 } elseif (is_dir($fn)) { // Requested download is directory
141 $search_dir = $fn;
142 $repl = $down;
143 $name_only = array();
144 } else { // Requested download not found on server
145- header("HTTP/1.0 404 Not Found");
146- header("Status: 404");
147- echo "<h1>404 Not Found</h1>";
148- echo "The requested URL was not found on this server.";
149- exit;
150+ status_not_found();
151 }
152
153 $flist = getFilesList($search_dir);
154@@ -89,26 +124,26 @@
155 $eula = findSpecialEULA($flist, $pattern);
156 }
157
158-if (is_file($doc."/".$repl."/".$eula)) { // Special EULA found
159- $theme = getTheme($eula, $down);
160-} elseif (is_file($doc."/".$repl."/EULA.txt")) { // No special EULA found
161- $theme = getTheme("EULA.txt", $down);
162-} elseif (file_exists($fn) and findSpecialEULA($flist, "/.*EULA.txt.*/")) {
163- // If file is requested but no special EULA for it and no EULA.txt is present,
164- // look for any EULA and if found decide that current file is not protected.
165- setcookie("redirectlicensephp", "yes", 0, "/");
166- header("Location: ".$down);
167- exit;
168-} elseif (empty($flist)) { // Directory contains only subdirs
169- setcookie("redirectlicensephp", "yes", 0, "/");
170- header("Location: ".$down);
171- exit;
172-} else { // No special EULA, no EULA.txt, no OPEN-EULA.txt found
173- header("HTTP/1.1 403 Forbidden");
174- header("Status: 403");
175- echo "<h1>Forbidden</h1>";
176- echo "You don't have permission to access ".$down." on this server.";
177- exit;
178+if (check_file($fn)) {
179+ if (check_file($doc."/".$repl."/".$eula)) { // Special EULA found
180+ $theme = getTheme($eula, $down);
181+ } elseif (check_file($doc."/".$repl."/EULA.txt")) { // No special EULA found
182+ $theme = getTheme("EULA.txt", $down);
183+ } elseif (findSpecialEULA($flist, "/.*EULA.txt.*/")) {
184+ // If file is requested but no special EULA for it and no EULA.txt is present,
185+ // look for any EULA and if found decide that current file is not protected.
186+ status_ok($down, $domain);
187+ } else {
188+ status_forbidden($down);
189+ }
190+} elseif (is_dir($fn)) {
191+ if (empty($flist) or findSpecialEULA($flist, "/.*EULA.txt.*/")) { // Directory contains only subdirs or any EULA
192+ status_ok($down, $domain);
193+ } else { // No special EULA, no EULA.txt, no OPEN-EULA.txt found
194+ status_forbidden($down);
195+ }
196+} else {
197+ status_forbidden($down);
198 }
199
200 $template_content = file_get_contents($doc."/licenses/".$theme.".html");
201
202=== modified file 'licenses/ste.html'
203--- licenses/ste.html 2012-04-24 08:30:45 +0000
204+++ licenses/ste.html 2012-04-25 16:35:48 +0000
205@@ -108,8 +108,6 @@
206 EULA.txt
207 </div><!-- license-text -->
208
209-</div><!-- content -->
210-
211 <div id="actions">
212
213 <div style="float: left;">If accepting the license doesn't work, enable
214@@ -120,5 +118,7 @@
215
216 </div>
217
218+</div><!-- content -->
219+
220 </body>
221 </html>

Subscribers

People subscribed via source and target branches