You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
881 lines
28 KiB
881 lines
28 KiB
using System;
using System.Collections.Generic;
using System.Globalization;
using System.IO;
using System.Net;
using System.Text;
using System.Threading.Tasks;
using MediaBrowser.Model.Services;
namespace Jellyfin.Server.SocketSharp
public partial class WebSocketSharpRequest : IHttpRequest
internal static string GetParameter(string header, string attr)
int ap = header.IndexOf(attr, StringComparison.Ordinal);
if (ap == -1)
return null;
ap += attr.Length;
if (ap >= header.Length)
return null;
char ending = header[ap];
if (ending != '"')
ending = ' ';
int end = header.IndexOf(ending, ap + 1);
if (end == -1)
return ending == '"' ? null : header.Substring(ap);
return header.Substring(ap + 1, end - ap - 1);
private async Task LoadMultiPart(WebROCollection form)
string boundary = GetParameter(ContentType, "; boundary=");
if (boundary == null)
using (var requestStream = InputStream)
// DB: 30/01/11 - Hack to get around non-seekable stream and received HTTP request
// Not ending with \r\n?
var ms = new MemoryStream(32 * 1024);
await requestStream.CopyToAsync(ms).ConfigureAwait(false);
var input = ms;
input.Position = 0;
// Uncomment to debug
// var content = new StreamReader(ms).ReadToEnd();
// Console.WriteLine(boundary + "::" + content);
// input.Position = 0;
var multi_part = new HttpMultipart(input, boundary, ContentEncoding);
HttpMultipart.Element e;
while ((e = multi_part.ReadNextElement()) != null)
if (e.Filename == null)
byte[] copy = new byte[e.Length];
input.Position = e.Start;
input.Read(copy, 0, (int)e.Length);
form.Add(e.Name, (e.Encoding ?? ContentEncoding).GetString(copy, 0, copy.Length));
// We use a substream, as in 2.x we will support large uploads streamed to disk,
var sub = new HttpPostedFile(e.Filename, e.ContentType, input, e.Start, e.Length);
files[e.Name] = sub;
public async Task<QueryParamCollection> GetFormData()
var form = new WebROCollection();
files = new Dictionary<string, HttpPostedFile>();
if (IsContentType("multipart/form-data", true))
await LoadMultiPart(form).ConfigureAwait(false);
else if (IsContentType("application/x-www-form-urlencoded", true))
await LoadWwwForm(form).ConfigureAwait(false);
#if NET_4_0
if (validateRequestNewMode && !checked_form) {
// Setting this before calling the validator prevents
// possible endless recursion
checked_form = true;
ValidateNameValueCollection("Form", query_string_nvc, RequestValidationSource.Form);
} else
if (validate_form && !checked_form)
checked_form = true;
ValidateNameValueCollection("Form", form);
return form;
public string Accept => string.IsNullOrEmpty(request.Headers["Accept"]) ? null : request.Headers["Accept"];
public string Authorization => string.IsNullOrEmpty(request.Headers["Authorization"]) ? null : request.Headers["Authorization"];
protected bool validate_cookies { get; set; }
protected bool validate_query_string { get; set; }
protected bool validate_form { get; set; }
protected bool checked_cookies { get; set; }
protected bool checked_query_string { get; set; }
protected bool checked_form { get; set; }
private static void ThrowValidationException(string name, string key, string value)
string v = "\"" + value + "\"";
if (v.Length > 20)
v = v.Substring(0, 16) + "...\"";
string msg = string.Format(
"A potentially dangerous Request.{0} value was detected from the client ({1}={2}).",
throw new Exception(msg);
private static void ValidateNameValueCollection(string name, QueryParamCollection coll)
if (coll == null)
foreach (var pair in coll)
var key = pair.Name;
var val = pair.Value;
if (val != null && val.Length > 0 && IsInvalidString(val))
ThrowValidationException(name, key, val);
internal static bool IsInvalidString(string val)
=> IsInvalidString(val, out var validationFailureIndex);
internal static bool IsInvalidString(string val, out int validationFailureIndex)
validationFailureIndex = 0;
int len = val.Length;
if (len < 2)
return false;
char current = val[0];
for (int idx = 1; idx < len; idx++)
char next = val[idx];
// See
if (current == '<' || current == '\xff1c')
if (next == '!' || next < ' '
|| (next >= 'a' && next <= 'z')
|| (next >= 'A' && next <= 'Z'))
validationFailureIndex = idx - 1;
return true;
else if (current == '&' && next == '#')
validationFailureIndex = idx - 1;
return true;
current = next;
return false;
public void ValidateInput()
validate_cookies = true;
validate_query_string = true;
validate_form = true;
private bool IsContentType(string ct, bool starts_with)
if (ct == null || ContentType == null)
return false;
if (starts_with)
return StrUtils.StartsWith(ContentType, ct, true);
return string.Equals(ContentType, ct, StringComparison.OrdinalIgnoreCase);
private async Task LoadWwwForm(WebROCollection form)
using (var input = InputStream)
using (var ms = new MemoryStream())
await input.CopyToAsync(ms).ConfigureAwait(false);
ms.Position = 0;
using (var s = new StreamReader(ms, ContentEncoding))
var key = new StringBuilder();
var value = new StringBuilder();
int c;
while ((c = s.Read()) != -1)
if (c == '=')
value.Length = 0;
while ((c = s.Read()) != -1)
if (c == '&')
AddRawKeyValue(form, key, value);
if (c == -1)
AddRawKeyValue(form, key, value);
else if (c == '&')
AddRawKeyValue(form, key, value);
if (c == -1)
AddRawKeyValue(form, key, value);
private static void AddRawKeyValue(WebROCollection form, StringBuilder key, StringBuilder value)
form.Add(WebUtility.UrlDecode(key.ToString()), WebUtility.UrlDecode(value.ToString()));
key.Length = 0;
value.Length = 0;
private Dictionary<string, HttpPostedFile> files;
private class WebROCollection : QueryParamCollection
public override string ToString()
var result = new StringBuilder();
foreach (var pair in this)
if (result.Length > 0)
var key = pair.Name;
if (key != null && key.Length > 0)
return result.ToString();
public sealed class HttpPostedFile
private string name;
private string content_type;
private Stream stream;
private class ReadSubStream : Stream
private Stream s;
private long offset;
private long end;
private long position;
public ReadSubStream(Stream s, long offset, long length)
this.s = s;
this.offset = offset;
this.end = offset + length;
position = offset;
public override void Flush()
public override int Read(byte[] buffer, int dest_offset, int count)
if (buffer == null)
throw new ArgumentNullException(nameof(buffer));
if (dest_offset < 0)
throw new ArgumentOutOfRangeException(nameof(dest_offset), "< 0");
if (count < 0)
throw new ArgumentOutOfRangeException(nameof(count), "< 0");
int len = buffer.Length;
if (dest_offset > len)
throw new ArgumentException("destination offset is beyond array size", nameof(dest_offset));
// reordered to avoid possible integer overflow
if (dest_offset > len - count)
throw new ArgumentException("Reading would overrun buffer", nameof(count));
if (count > end - position)
count = (int)(end - position);
if (count <= 0)
return 0;
s.Position = position;
int result = s.Read(buffer, dest_offset, count);
if (result > 0)
position += result;
position = end;
return result;
public override int ReadByte()
if (position >= end)
return -1;
s.Position = position;
int result = s.ReadByte();
if (result < 0)
position = end;
return result;
public override long Seek(long d, SeekOrigin origin)
long real;
switch (origin)
case SeekOrigin.Begin:
real = offset + d;
case SeekOrigin.End:
real = end + d;
case SeekOrigin.Current:
real = position + d;
throw new ArgumentException("Unknown SeekOrigin value", nameof(origin));
long virt = real - offset;
if (virt < 0 || virt > Length)
throw new ArgumentException("Invalid position", nameof(origin));
position = s.Seek(real, SeekOrigin.Begin);
return position;
public override void SetLength(long value)
throw new NotSupportedException();
public override void Write(byte[] buffer, int offset, int count)
throw new NotSupportedException();
public override bool CanRead => true;
public override bool CanSeek => true;
public override bool CanWrite => false;
public override long Length => end - offset;
public override long Position
get => position - offset;
if (value > Length)
throw new ArgumentOutOfRangeException(nameof(value));
position = Seek(value, SeekOrigin.Begin);
internal HttpPostedFile(string name, string content_type, Stream base_stream, long offset, long length)
| = name;
this.content_type = content_type;
| = new ReadSubStream(base_stream, offset, length);
public string ContentType => content_type;
public int ContentLength => (int)stream.Length;
public string FileName => name;
public Stream InputStream => stream;
internal static class StrUtils
public static bool StartsWith(string str1, string str2, bool ignore_case)
if (string.IsNullOrEmpty(str1))
return false;
var comparison = ignore_case ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal;
return str1.IndexOf(str2, comparison) == 0;
public static bool EndsWith(string str1, string str2, bool ignore_case)
int l2 = str2.Length;
if (l2 == 0)
return true;
int l1 = str1.Length;
if (l2 > l1)
return false;
var comparison = ignore_case ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal;
return str1.IndexOf(str2, comparison) == str1.Length - str2.Length - 1;
private class HttpMultipart
public class Element
public string ContentType { get; set; }
public string Name { get; set; }
public string Filename { get; set; }
public Encoding Encoding { get; set; }
public long Start { get; set; }
public long Length { get; set; }
public override string ToString()
return "ContentType " + ContentType + ", Name " + Name + ", Filename " + Filename + ", Start " +
Start.ToString(CultureInfo.CurrentCulture) + ", Length " + Length.ToString(CultureInfo.CurrentCulture);
private Stream data;
private string boundary;
private byte[] boundary_bytes;
private byte[] buffer;
private bool at_eof;
private Encoding encoding;
private StringBuilder sb;
private const byte LF = (byte)'\n', CR = (byte)'\r';
// See RFC 2046
// In the case of multipart entities, in which one or more different
// sets of data are combined in a single body, a "multipart" media type
// field must appear in the entity's header. The body must then contain
// one or more body parts, each preceded by a boundary delimiter line,
// and the last one followed by a closing boundary delimiter line.
// After its boundary delimiter line, each body part then consists of a
// header area, a blank line, and a body area. Thus a body part is
// similar to an RFC 822 message in syntax, but different in meaning.
public HttpMultipart(Stream data, string b, Encoding encoding)
| = data;
boundary = b;
boundary_bytes = encoding.GetBytes(b);
buffer = new byte[boundary_bytes.Length + 2]; // CRLF or '--'
this.encoding = encoding;
sb = new StringBuilder();
private string ReadLine()
// CRLF or LF are ok as line endings.
bool got_cr = false;
int b = 0;
sb.Length = 0;
while (true)
b = data.ReadByte();
if (b == -1)
return null;
if (b == LF)
got_cr = b == CR;
if (got_cr)
return sb.ToString();
private static string GetContentDispositionAttribute(string l, string name)
int idx = l.IndexOf(name + "=\"", StringComparison.Ordinal);
if (idx < 0)
return null;
int begin = idx + name.Length + "=\"".Length;
int end = l.IndexOf('"', begin);
if (end < 0)
return null;
if (begin == end)
return string.Empty;
return l.Substring(begin, end - begin);
private string GetContentDispositionAttributeWithEncoding(string l, string name)
int idx = l.IndexOf(name + "=\"", StringComparison.Ordinal);
if (idx < 0)
return null;
int begin = idx + name.Length + "=\"".Length;
int end = l.IndexOf('"', begin);
if (end < 0)
return null;
if (begin == end)
return string.Empty;
string temp = l.Substring(begin, end - begin);
byte[] source = new byte[temp.Length];
for (int i = temp.Length - 1; i >= 0; i--)
source[i] = (byte)temp[i];
return encoding.GetString(source, 0, source.Length);
private bool ReadBoundary()
string line;
line = ReadLine();
while (line.Length == 0);
if (line[0] != '-' || line[1] != '-')
return false;
if (!StrUtils.EndsWith(line, boundary, false))
return true;
return false;
private string ReadHeaders()
string s = ReadLine();
if (s.Length == 0)
return null;
return s;
private static bool CompareBytes(byte[] orig, byte[] other)
for (int i = orig.Length - 1; i >= 0; i--)
if (orig[i] != other[i])
return false;
return true;
private long MoveToNextBoundary()
long retval = 0;
bool got_cr = false;
int state = 0;
int c = data.ReadByte();
while (true)
if (c == -1)
return -1;
if (state == 0 && c == LF)
retval = data.Position - 1;
if (got_cr)
state = 1;
c = data.ReadByte();
else if (state == 0)
got_cr = c == CR;
c = data.ReadByte();
else if (state == 1 && c == '-')
c = data.ReadByte();
if (c == -1)
return -1;
if (c != '-')
state = 0;
got_cr = false;
continue; // no ReadByte() here
int nread = data.Read(buffer, 0, buffer.Length);
int bl = buffer.Length;
if (nread != bl)
return -1;
if (!CompareBytes(boundary_bytes, buffer))
state = 0;
data.Position = retval + 2;
if (got_cr)
got_cr = false;
c = data.ReadByte();
if (buffer[bl - 2] == '-' && buffer[bl - 1] == '-')
at_eof = true;
else if (buffer[bl - 2] != CR || buffer[bl - 1] != LF)
state = 0;
data.Position = retval + 2;
if (got_cr)
got_cr = false;
c = data.ReadByte();
data.Position = retval + 2;
if (got_cr)
// state == 1
state = 0; // no ReadByte() here
return retval;
public Element ReadNextElement()
if (at_eof || ReadBoundary())
return null;
var elem = new Element();
string header;
while ((header = ReadHeaders()) != null)
if (StrUtils.StartsWith(header, "Content-Disposition:", true))
elem.Name = GetContentDispositionAttribute(header, "name");
elem.Filename = StripPath(GetContentDispositionAttributeWithEncoding(header, "filename"));
else if (StrUtils.StartsWith(header, "Content-Type:", true))
elem.ContentType = header.Substring("Content-Type:".Length).Trim();
elem.Encoding = GetEncoding(elem.ContentType);
long start = 0;
start = data.Position;
elem.Start = start;
long pos = MoveToNextBoundary();
if (pos == -1)
return null;
elem.Length = pos - start;
return elem;
private static string StripPath(string path)
if (path == null || path.Length == 0)
return path;
if (path.IndexOf(":\\", StringComparison.Ordinal) != 1
&& !path.StartsWith("\\\\", StringComparison.Ordinal))
return path;
return path.Substring(path.LastIndexOf('\\') + 1);