rp_file_can_be_public_p (private)

 rp_file_can_be_public_p path

Defined in packages/acs-tcl/tcl/request-processor-procs.tcl

Determines if -- absent application restrictions -- a file can be served to a client without violating simple security checks. The checks and response do not require the initialization of ad_conn or expensive permission:: calls. The proc will return page-not-found messages to the client in the case where the file must not be served, log a warning, and close the connection to the client.

Parameters:

path (required)

The file to perform the simple security checks on.

Returns:

0 (and close the connection!) if the file must not be served. 1 if the application should perform its own checks, if any.

Partial Call Graph (max 5 caller/called nodes):

Testcases:

No testcase defined.

Source code:

    #  first check that we are not serving a forbidden file like a .xql, a backup or CVS file
    if {[ad_file extension $path] eq ".xql"
        && ![parameter::get -parameter ServeXQLFiles -package_id $::acs::kernel_id -default 0] } {
        # Can't use ad_return_exception_page because it depends upon an initialized ad_conn
        ns_log Warning "An attempt was made to access an .XQL resource: {$path}."
        ns_return 404 "text/html" "Not Found"
        return 0
    }
    foreach match [parameter::get -parameter ExcludedFiles -package_id $::acs::kernel_id -default {}] {
        if {[string match $match $path]} {
            # Can't use ad_return_exception_page because it depends upon an initialized ad_conn
            ns_log Warning "An attempt was made to access an ExcludedFiles resource: {$path}."
            ns_return 404 "text/html" "Not Found"
            return 0
        }
    }
    return 1

XQL Not present:

Generic, PostgreSQL, Oracle