X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Fbin%2Fwebmux.pl.in;h=7aae041b3d844a4189802fc6ce0d95b50b9b92b8;hb=68c776b1b81217be620c9a4212d6652cc44452e5;hp=7e61b277506f9f140a271fdd94f434b374ec69ad;hpb=b4b0c7e72d7eaee2fbfc7022022c9698323203dd;p=freeside.git

diff --git a/rt/bin/webmux.pl.in b/rt/bin/webmux.pl.in
index 7e61b2775..7aae041b3 100644
--- a/rt/bin/webmux.pl.in
+++ b/rt/bin/webmux.pl.in
@@ -1,41 +1,41 @@
 #!@PERL@
 # BEGIN BPS TAGGED BLOCK {{{
-# 
+#
 # COPYRIGHT:
-# 
-# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC
-#                                          <jesse@bestpractical.com>
-# 
+#
+# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
+#                                          <sales@bestpractical.com>
+#
 # (Except where explicitly superseded by other copyright notices)
-# 
-# 
+#
+#
 # LICENSE:
-# 
+#
 # This work is made available to you under the terms of Version 2 of
 # the GNU General Public License. A copy of that license should have
 # been provided with this software, but in any event can be snarfed
 # from www.gnu.org.
-# 
+#
 # This work is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 # 02110-1301 or visit their web page on the internet at
 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-# 
-# 
+#
+#
 # CONTRIBUTION SUBMISSION POLICY:
-# 
+#
 # (The following paragraph is not intended to limit the rights granted
 # to you to modify and distribute this software under the terms of
 # the GNU General Public License and is only of importance to you if
 # you choose to contribute your changes and enhancements to the
 # community by submitting them to Best Practical Solutions, LLC.)
-# 
+#
 # By intentionally submitting any modifications, corrections or
 # derivatives to this work, or any other work intended for use with
 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
@@ -44,26 +44,95 @@
 # royalty-free, perpetual, license to use, copy, create derivative
 # works based on those contributions, and sublicense and distribute
 # those contributions and any derivatives thereof.
-# 
+#
 # END BPS TAGGED BLOCK }}}
 use strict;
+local $ENV{'PATH'}   = '/bin:/usr/bin';                   # or whatever you need
+local $ENV{'CDPATH'} = '' if defined $ENV{'CDPATH'};
+local $ENV{'SHELL'}  = '/bin/sh' if defined $ENV{'SHELL'};
+local $ENV{'ENV'}    = '' if defined $ENV{'ENV'};
+local $ENV{'IFS'}    = '' if defined $ENV{'IFS'};
 
-BEGIN {
-    $ENV{'PATH'}   = '/bin:/usr/bin';                     # or whatever you need
-    $ENV{'CDPATH'} = '' if defined $ENV{'CDPATH'};
-    $ENV{'SHELL'}  = '/bin/sh' if defined $ENV{'SHELL'};
-    $ENV{'ENV'}    = '' if defined $ENV{'ENV'};
-    $ENV{'IFS'}    = '' if defined $ENV{'IFS'};
+package HTML::Mason::Commands;
+our %session;
 
-    use CGI qw(-private_tempfiles);    #bring this in before mason, to make sure we
-                                   #set private_tempfiles
+package RT::Mason;
 
-    die "RT does not support mod_perl 1.99. Please upgrade to mod_perl 2.0"
-      if $ENV{'MOD_PERL'}
-      and $ENV{'MOD_PERL'} =~ m{mod_perl/(?:1\.9)};
+our ($Nobody, $SystemUser, $Handler, $r);
+
+my $protect_fd;
+
+sub handler {
+    ($r) = @_;
+
+    if ( !$protect_fd && $ENV{'MOD_PERL'} && exists $ENV{'MOD_PERL_API_VERSION'}
+        && $ENV{'MOD_PERL_API_VERSION'} >= 2 && fileno(STDOUT) != 1
+    ) {
+        # under mod_perl2, STDOUT gets closed and re-opened, however new STDOUT
+        # is not on FD #1. In this case next IO operation will occupy this FD
+        # and make all system() and open "|-" dangerouse, for example DBI
+        # can get this FD for DB connection and system() call will close
+        # by putting grabage into the socket
+        open( $protect_fd, '>', '/dev/null' )
+          or die "Couldn't open /dev/null: $!";
+        unless ( fileno($protect_fd) == 1 ) {
+            warn "We opened /dev/null to protect FD #1, but descriptor #1 is already occupied";
+        }
+    }
+
+    local $SIG{__WARN__};
+    local $SIG{__DIE__};
+    RT::InitSignalHandlers();
+
+    if ($r->content_type =~ m/^httpd\b.*\bdirectory/i) {
+        use File::Spec::Unix;
+        # Our DirectoryIndex is always index.html, regardless of httpd settings
+        $r->filename( File::Spec::Unix->catfile( $r->filename, 'index.html' ) );
+    }
+
+    Module::Refresh->refresh if RT->Config->Get('DevelMode');
+
+    RT::ConnectToDatabase();
 
+    # none of the methods in $r gives us the information we want (most
+    # canonicalize /foo/../bar to /bar which is exactly what we want to avoid)
+    my (undef, $requested) = split ' ', $r->the_request, 3;
+    my $uri = URI->new("http://".$r->hostname.$requested);
+    my $path = URI::Escape::uri_unescape($uri->path);
+
+    ## Each environment has its own way of handling .. and so on in paths,
+    ## so RT consistently forbids such paths.
+    if ( $path =~ m{/\.} ) {
+        $RT::Logger->crit("Invalid request for ".$path." aborting");
+        RT::Interface::Web::Handler->CleanupRequest();
+        return 400;
+    }
+
+    my (%session, $status);
+    {
+        local $@;
+        $status = eval { $Handler->handle_request($r) };
+        $RT::Logger->crit( $@ ) if $@;
+    }
+    undef %session;
+
+    RT::Interface::Web::Handler->CleanupRequest();
+
+    return $status;
 }
 
+package main;
+
+# check mod_perl version if it's mod_perl
+BEGIN {
+    die "RT does not support mod_perl 1.99. Please upgrade to mod_perl 2.0"
+        if $ENV{'MOD_PERL'}
+        and $ENV{'MOD_PERL'} =~ m{mod_perl/(?:1\.9)};
+}
+
+require CGI;
+CGI->import(qw(-private_tempfiles));
+
 # fix lib paths, some may be relative
 BEGIN {
     require File::Spec;
@@ -88,91 +157,49 @@ BEGIN {
     }
 
 }
-use RT;
-
-package RT::Mason;
-
-use vars qw($Nobody $SystemUser $Handler $r);
 
-#This drags in RT's config.pm
-BEGIN {
-    RT::LoadConfig();
-    if (RT->Config->Get('DevelMode')) { require Module::Refresh; }
-    RT->InitPluginPaths();
+require RT;
+die "Wrong version of RT $RT::Version found; need @RT_VERSION_MAJOR@.@RT_VERSION_MINOR@.*"
+    unless $RT::VERSION =~ /^@RT_VERSION_MAJOR@\.@RT_VERSION_MINOR@\./;
+RT::LoadConfig();
+if ( RT->Config->Get('DevelMode') ) {
+    require Module::Refresh;
 }
+RT::Init();
 
+# check compatibility of the DB
 {
-    require RT::Handle;
-    my $dsn = RT::Handle->DSN;
-    my $user = RT->Config->Get('DatabaseUser');
-    my $pass = RT->Config->Get('DatabasePassword');
-
-    my $dbh = DBI->connect(
-        $dsn, $user, $pass,
-        { RaiseError => 0, PrintError => 0 },
-    );
+    my $dbh = $RT::Handle->dbh;
     if ( $dbh ) {
-        my ($status, $msg) = RT::Handle->CheckCompatibility( $dbh, 'post' );
+        my ($status, $msg) = $RT::Handle->CheckCompatibility( $dbh, 'post' );
         die $msg unless $status;
     }
 }
 
-{
-    package HTML::Mason::Commands;
-    use vars qw(%session);
-}
+require RT::Interface::Web::Handler;
+$RT::Mason::Handler = RT::Interface::Web::Handler->new(
+    RT->Config->Get('MasonParameters')
+);
+
+# load more for mod_perl before forking
+RT::InitClasses( Heavy => 1 ) if $ENV{'MOD_PERL'} || $ENV{RT_WEBMUX_HEAVY_LOAD};
 
-use RT::Interface::Web;
-use RT::Interface::Web::Handler;
+# we must disconnect DB before fork
+$RT::Handle->dbh(undef);
+undef $RT::Handle;
 
-if ($ENV{'MOD_PERL'} && !RT->Config->Get('DevelMode')) {
+if ( $ENV{'MOD_PERL'} && !RT->Config->Get('DevelMode')) {
     # Under static_source, we need to purge the component cache
     # each time we restart, so newer components may be reloaded.
     #
-    # We can't do this in FastCGI or we'll blow away the component root _every_ time a new server starts
-    # which happens every few hits.
+    # We can't do this in FastCGI or we'll blow away the component
+    # root _every_ time a new server starts which happens every few
+    # hits.
     
-    use File::Path qw( rmtree );
-    use File::Glob qw( bsd_glob );
-    my @files = bsd_glob("$RT::MasonDataDir/obj/*");
-    rmtree([ @files ], 0, 1) if @files;
-}
-
-sub handler {
-    ($r) = @_;
-
-    local $SIG{__WARN__};
-    local $SIG{__DIE__};
-
-    if ($r->content_type =~ m/^httpd\b.*\bdirectory/i) {
-        use File::Spec::Unix;
-        # Our DirectoryIndex is always index.html, regardless of httpd settings
-        $r->filename( File::Spec::Unix->catfile( $r->filename, 'index.html' ) );
-    }
-#    elsif (defined( $r->content_type )) {
-        #$r->content_type !~ m!(^text/|\bxml\b)!i or return -1;
-#    }
-
-    Module::Refresh->refresh if RT->Config->Get('DevelMode');
-
-    RT::Init();
-
-    $Handler ||= RT::Interface::Web::Handler->new(
-        RT->Config->Get('MasonParameters')
-    );
-
-    my %session;
-    my $status;
-    eval { $status = $Handler->handle_request($r) };
-    if ($@) {
-        $RT::Logger->crit($@);
-    }
-
-    undef(%session);
-
-    RT::Interface::Web::Handler->CleanupRequest();
-
-    return $status;
+    require File::Path;
+    require File::Glob;
+    my @files = File::Glob::bsd_glob("$RT::MasonDataDir/obj/*");
+    File::Path::rmtree([ @files ], 0, 1) if @files;
 }
 
 1;