line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package HTTP::Server::Simple::Static; |
2
|
1
|
|
|
1
|
|
466
|
use strict; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
23
|
|
3
|
1
|
|
|
1
|
|
4
|
use warnings; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
18
|
|
4
|
|
|
|
|
|
|
|
5
|
1
|
|
|
1
|
|
9
|
use v5.10; |
|
1
|
|
|
|
|
3
|
|
6
|
|
|
|
|
|
|
|
7
|
1
|
|
|
1
|
|
4
|
use Cwd (); |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
15
|
|
8
|
1
|
|
|
1
|
|
230
|
use File::Spec::Functions qw(catfile); |
|
1
|
|
|
|
|
570
|
|
|
1
|
|
|
|
|
45
|
|
9
|
1
|
|
|
1
|
|
297
|
use HTTP::Date (); |
|
1
|
|
|
|
|
2908
|
|
|
1
|
|
|
|
|
20
|
|
10
|
1
|
|
|
1
|
|
237
|
use IO::File (); |
|
1
|
|
|
|
|
5468
|
|
|
1
|
|
|
|
|
19
|
|
11
|
1
|
|
|
1
|
|
253
|
use URI::Escape (); |
|
1
|
|
|
|
|
1037
|
|
|
1
|
|
|
|
|
21
|
|
12
|
|
|
|
|
|
|
|
13
|
1
|
|
|
1
|
|
6
|
use base qw(Exporter); |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
449
|
|
14
|
|
|
|
|
|
|
our @EXPORT = qw(serve_static); |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
our $VERSION = '0.13'; |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
my $line_end = "\015\012"; |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
my $magic; |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
my @mime_types = ( |
23
|
|
|
|
|
|
|
[ qr/\.htm(l)?$/ => 'text/html' ], |
24
|
|
|
|
|
|
|
[ qr/\.txt$/ => 'text/plain' ], |
25
|
|
|
|
|
|
|
[ qr/\.css$/ => 'text/css' ], |
26
|
|
|
|
|
|
|
[ qr/\.js$/ => 'application/javascript' ], |
27
|
|
|
|
|
|
|
); |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
sub get_mimetype { |
30
|
0
|
|
|
0
|
0
|
|
my ($path) = @_; |
31
|
|
|
|
|
|
|
|
32
|
0
|
|
|
|
|
|
for my $type (@mime_types) { |
33
|
0
|
0
|
|
|
|
|
if ( $path =~ $type->[0] ) { |
34
|
0
|
|
|
|
|
|
return $type->[1]; |
35
|
|
|
|
|
|
|
} |
36
|
|
|
|
|
|
|
} |
37
|
|
|
|
|
|
|
|
38
|
0
|
0
|
|
|
|
|
if ( !defined $magic ) { |
39
|
0
|
|
|
|
|
|
require File::LibMagic; |
40
|
0
|
|
|
|
|
|
$magic = File::LibMagic->new(); |
41
|
|
|
|
|
|
|
} |
42
|
|
|
|
|
|
|
|
43
|
0
|
|
|
|
|
|
return $magic->checktype_filename($path); |
44
|
|
|
|
|
|
|
} |
45
|
|
|
|
|
|
|
|
46
|
|
|
|
|
|
|
sub serve_static { |
47
|
0
|
|
|
0
|
1
|
|
my ( $self, $cgi, $base ) = @_; |
48
|
0
|
|
0
|
|
|
|
$base //= q{.}; |
49
|
|
|
|
|
|
|
|
50
|
0
|
|
|
|
|
|
my $path = $cgi->url( -absolute => 1, -path_info => 1 ); |
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
# Internet Explorer provides the full URI in the GET section |
53
|
|
|
|
|
|
|
# of the request header, so remove the protocol, domain name, |
54
|
|
|
|
|
|
|
# and port if they exist. |
55
|
0
|
|
|
|
|
|
$path =~ s{^https?://([^/:]+)(:\d+)?/}{/}; |
56
|
|
|
|
|
|
|
|
57
|
0
|
|
|
|
|
|
$path = URI::Escape::uri_unescape($path); |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
# The splitting of the URL path and then concatenating with the |
60
|
|
|
|
|
|
|
# base ensures the correct directory separators are used for the |
61
|
|
|
|
|
|
|
# file path. |
62
|
|
|
|
|
|
|
|
63
|
0
|
|
|
|
|
|
my @parts = split q{/+}, $path; |
64
|
0
|
|
|
|
|
|
my $fullpath = catfile( $base, @parts ); |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
# Sanitize the path and try it. |
67
|
|
|
|
|
|
|
|
68
|
0
|
|
|
|
|
|
my $realpath = Cwd::realpath($fullpath); |
69
|
0
|
0
|
0
|
|
|
|
if ( !$realpath || $realpath !~ m/^\Q$base\E/ ) { |
70
|
|
|
|
|
|
|
# directory traversal attack! |
71
|
0
|
|
|
|
|
|
return 0; |
72
|
|
|
|
|
|
|
} |
73
|
|
|
|
|
|
|
|
74
|
0
|
|
|
|
|
|
my $fh = IO::File->new(); |
75
|
0
|
0
|
0
|
|
|
|
if ( -f $realpath && $fh->open($realpath) ) { |
76
|
0
|
|
|
|
|
|
my $mtime = ( stat $realpath )[9]; |
77
|
0
|
|
|
|
|
|
my $now = time; |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
# RFC-2616 Section 14.25 "If-Modified-Since": |
80
|
|
|
|
|
|
|
|
81
|
0
|
|
|
|
|
|
my $if_modified_since = $cgi->http('If-Modified-Since'); |
82
|
0
|
0
|
|
|
|
|
if ($if_modified_since) { |
83
|
0
|
|
|
|
|
|
$if_modified_since = HTTP::Date::str2time($if_modified_since); |
84
|
|
|
|
|
|
|
|
85
|
0
|
0
|
0
|
|
|
|
if ( defined $if_modified_since && # parsed ok |
|
|
|
0
|
|
|
|
|
86
|
|
|
|
|
|
|
$if_modified_since <= $now && # not in future |
87
|
|
|
|
|
|
|
$mtime <= $if_modified_since ) { # not changed |
88
|
|
|
|
|
|
|
|
89
|
0
|
|
|
|
|
|
print 'HTTP/1.1 304 Not Modified' . $line_end; |
90
|
0
|
|
|
|
|
|
print $line_end; |
91
|
|
|
|
|
|
|
|
92
|
0
|
|
|
|
|
|
return 1; |
93
|
|
|
|
|
|
|
} |
94
|
|
|
|
|
|
|
} |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
# Read the file contents and get the length in bytes |
97
|
|
|
|
|
|
|
|
98
|
0
|
|
|
|
|
|
binmode $fh; |
99
|
0
|
|
|
|
|
|
binmode $self->stdout_handle; |
100
|
|
|
|
|
|
|
|
101
|
0
|
|
|
|
|
|
my $content; |
102
|
|
|
|
|
|
|
{ |
103
|
0
|
|
|
|
|
|
local $/; |
|
0
|
|
|
|
|
|
|
104
|
0
|
|
|
|
|
|
$content = <$fh>; |
105
|
|
|
|
|
|
|
} |
106
|
0
|
|
|
|
|
|
$fh->close; |
107
|
|
|
|
|
|
|
|
108
|
0
|
|
|
|
|
|
my $content_length; |
109
|
0
|
0
|
|
|
|
|
if ( defined $content ) { |
110
|
1
|
|
|
1
|
|
341
|
use bytes; # Content-Length in bytes, not characters |
|
1
|
|
|
|
|
11
|
|
|
1
|
|
|
|
|
4
|
|
111
|
0
|
|
|
|
|
|
$content_length = length $content; |
112
|
|
|
|
|
|
|
} |
113
|
|
|
|
|
|
|
else { |
114
|
0
|
|
|
|
|
|
$content_length = 0; |
115
|
0
|
|
|
|
|
|
$content = q{}; |
116
|
|
|
|
|
|
|
} |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
# Find MIME type |
119
|
|
|
|
|
|
|
|
120
|
0
|
|
|
|
|
|
my $mimetype = get_mimetype($realpath); |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
# RFC-2616 Section 14.29 "Last-Modified": |
123
|
|
|
|
|
|
|
# |
124
|
|
|
|
|
|
|
# An origin server MUST NOT send a Last-Modified date which is |
125
|
|
|
|
|
|
|
# later than the server's time of message origination. In such |
126
|
|
|
|
|
|
|
# cases, where the resource's last modification would indicate |
127
|
|
|
|
|
|
|
# some time in the future, the server MUST replace that date |
128
|
|
|
|
|
|
|
# with the message origination date. |
129
|
|
|
|
|
|
|
|
130
|
0
|
0
|
|
|
|
|
if ( $mtime > $now ) { |
131
|
0
|
|
|
|
|
|
$mtime = $now; |
132
|
|
|
|
|
|
|
} |
133
|
|
|
|
|
|
|
|
134
|
0
|
|
|
|
|
|
my $last_modified = HTTP::Date::time2str($mtime); |
135
|
0
|
|
|
|
|
|
my $date = HTTP::Date::time2str($now); |
136
|
|
|
|
|
|
|
|
137
|
0
|
|
|
|
|
|
print 'HTTP/1.1 200 OK' . $line_end; |
138
|
0
|
|
|
|
|
|
print 'Date: ' . $date . $line_end; |
139
|
0
|
|
|
|
|
|
print 'Last-Modified: ' . $last_modified . $line_end; |
140
|
0
|
|
|
|
|
|
print 'Content-Type: ' . $mimetype . $line_end; |
141
|
0
|
|
|
|
|
|
print 'Content-Length: ' . $content_length . $line_end; |
142
|
0
|
|
|
|
|
|
print $line_end; |
143
|
|
|
|
|
|
|
|
144
|
0
|
0
|
|
|
|
|
if ( $cgi->request_method() ne 'HEAD' ) { |
145
|
0
|
|
|
|
|
|
print $content; |
146
|
|
|
|
|
|
|
} |
147
|
|
|
|
|
|
|
|
148
|
0
|
|
|
|
|
|
return 1; |
149
|
|
|
|
|
|
|
} |
150
|
0
|
|
|
|
|
|
return 0; |
151
|
|
|
|
|
|
|
} |
152
|
|
|
|
|
|
|
|
153
|
|
|
|
|
|
|
1; |
154
|
|
|
|
|
|
|
__END__ |