2 The software in this package is distributed under the GNU General
3 Public License version 2 (with a special exception described below).
5 A copy of GNU General Public License (GPL) is included in this distribution,
6 in the file COPYING.GPL.
8 As a special exception, if other files instantiate templates or use macros
9 or inline functions from this file, or you compile this file and link it
10 with other works to produce a work based on this file, this file
11 does not by itself cause the resulting work to be covered
12 by the GNU General Public License.
14 However the source code for this file must still be made available
15 in accordance with section (3) of the GNU General Public License.
17 This exception does not invalidate any other reasons why a work based
18 on this file might be covered by the GNU General Public License.
21 * @brief restricts html messages to an allowed group of tags.
23 * @copyright © Copyright 2017 Intra2net AG
31 #include <stringfunc.hxx>
32 #include <restricted_html.hpp>
36 #include "filefunc.hxx"
47 * @brief Replace all "+" characters found in s to spaces (" ").
49 * @param s string that will be modified.
51 static void unescape_space(string &s)
53 string::size_type pos;
54 while ((pos=s.find('+')) != string::npos)
59 * @brief Converts a hexadecimal sequence to its respective character.
61 * @param s string of size 2. Example: "77"
62 * @return respective character represented by the hex sequence.
64 static char x2c(const string& s)
67 digit=(s[0]>='A' ? ((s[0] & 0xdf)-'A')+10 : (s[0]-'0'));
69 digit+=(s[1]>='A' ? ((s[1] & 0xdf)-'A')+10 : (s[1]-'0'));
74 * @brief Scan a string to find escaped hex chars in the format "%HH" and replace
75 * for their respective character.
76 * Example: "www%2E" becomes "www."
78 * @param s String that will be modified.
80 static void unescape_hex(string& s)
82 static char hex_escape='%';
83 string::size_type escape_pos;
86 for (s=""; ((escape_pos=rest.find(hex_escape)) != string::npos);)
88 if (escape_pos+2<static_cast<unsigned int>(rest.length())
89 && ::isalnum(rest[escape_pos+1]) && ::isalnum(rest[escape_pos+2]))
91 hex_seq=rest.substr(escape_pos+1,2);
92 s=s+rest.substr(0,escape_pos)+x2c(hex_seq);
93 rest=rest.erase(0,escape_pos+3);
97 s=s+rest.substr(0,escape_pos+1);
98 rest=rest.erase(0,escape_pos+1);
105 * @brief Decode url that contains percent-encoding. Replace space " " with "+".
106 * Example: "%77%77%77%2E" becomes "www."
108 * @param s url string.
109 * @return the decoded string.
111 string decode_url(string s)
119 * @brief Verify if the parameter character requires encoding, If it is non
120 * alphanumeric or valid ascii signs.
122 * @param c character to be verified.
123 * @return true if the character should be encoded.
125 bool needs_encoding (const char &c)
127 // some valid ascii signs
128 if (c == '_' || c == '-')
132 if (c > 47 && c < 58)
135 // is uppercase letter?
136 if (c > 64 && c < 91)
139 // is lowercase letter?
140 if (c > 96 && c < 123)
147 * @brief Encode url with percent-encoding. Any non-alphanumeric character is
148 * converted to its hex value with the percent character (%) as prefix, except "_"
149 * and "-". Replace space " " with "+".
151 * @param s url string.
152 * @return the encoded url string.
154 string encode_url(string s)
156 // convert non-alphanumeric characters to hex, convert space to +
158 for (string::iterator pos2=s.begin(); pos2 != s.end(); pos2++)
162 else if (needs_encoding (*pos2))
163 out << '%' << std::uppercase << setw(2) << setfill('0') << \
164 std::hex << (int)(unsigned char)*pos2;
173 * @brief Change the attribute Filename from which the SecretId is going
176 * @param s custom_filename string new filename.
178 void RedirectHash::set_custom_filename(string custom_filename)
180 Filename = custom_filename;
184 * @brief Reads the file Filename and loads the data into SecretId.
186 void RedirectHash::load_secret_id()
188 SecretId = read_file(Filename);
190 if (SecretId.empty())
191 throw runtime_error("Inexistent file or empty");
195 * @brief Hashes the given url with the SecretId and returns a base64 hash.
197 * @param s &url string.
199 * @return base64 raw hash
201 string RedirectHash::hash_url(const string &url)
203 if (SecretId.empty())
206 return base64_encode(hash_data_raw(url + SecretId, MD5));
210 * @brief Reads a HTML file, removes all ##BEGIN_URL## and ##END_URL## tags and
211 * adds urlauth param to the url in between these tags.
213 * @param s &html string.
215 * @return new html with the urls signed
217 string RedirectHash::sign_urls(const string &html)
221 string re = "##BEGIN_URL##(.*?)##END_URL##";
222 pcrecpp::RE re_match(re);
223 while (re_match.PartialMatch(ret, &url))
225 string hashed_url = hash_url(url);
228 "##BEGIN_URL##" + url + "##END_URL##",
229 encode_url(url) + "&urlauth=" + encode_url(hashed_url));
235 * @brief Validates if the given url is the correspondent url to the given
238 * @param s &url string;
239 * &authtag string hash;
241 * @return bool true if the given url is the correspondent url to the
242 * authtag hash, else returns false
244 bool RedirectHash::validate_redirect_authtag(const string &url,
245 const string &authtag)
247 return authtag == hash_url(url);
250 } // eo namespace I2n