File 6502-inets-rewrite-mod_esi-generate_webpage.patch of Package erlang

From ebc07c2c4ab7f5ed4f7b2b175f11c693b441bc03 Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Fri, 4 Aug 2023 10:06:40 +0200
Subject: [PATCH 2/2] inets: rewrite mod_esi:generate_webpage

---
 lib/inets/src/http_server/mod_esi.erl | 83 ++++++++++++++-------------
 1 file changed, 44 insertions(+), 39 deletions(-)

diff --git a/lib/inets/src/http_server/mod_esi.erl b/lib/inets/src/http_server/mod_esi.erl
index 64af60e508..92f206c1a0 100644
--- a/lib/inets/src/http_server/mod_esi.erl
+++ b/lib/inets/src/http_server/mod_esi.erl
@@ -35,7 +35,9 @@
 
 -define(VMODULE,"ESI").
 -define(DEFAULT_ERL_TIMEOUT,15).
-
+-define(ERROR_404,
+        [{status, {404, ModData#mod.request_uri, "Not found"}} |
+         ModData#mod.data]).
 
 %%%=========================================================================
 %%%  API 
@@ -220,47 +222,50 @@ erl(#mod{method = "POST", entity_body = Body} = ModData, ESIBody, Modules) ->
 	    {proceed,[{status, {400, none, BadRequest}} | ModData#mod.data]}
     end.
 
-generate_webpage(ModData, ESIBody, [all], Module, FunctionName,
-		 Input, ScriptElements) ->
-    try
-        ModuleAtom = list_to_existing_atom(Module),
-        generate_webpage(ModData, ESIBody, [ModuleAtom], Module,
-                         FunctionName, Input, ScriptElements)
-    catch
-        _:_ ->
-            {proceed, [{status, {404, ModData#mod.request_uri, "Not found"}}
-                      | ModData#mod.data]}
-    end;
-generate_webpage(ModData, ESIBody, Modules, Module, Function,
-		 Input, ScriptElements) when is_atom(Module), is_atom(Function) ->
-    case lists:member(Module, Modules) of
-	true ->
-	    Env = httpd_script_env:create_env(esi, ModData, ScriptElements),
-	    case erl_scheme_webpage_chunk(Module, Function, 
-					  Env, Input, ModData) of
-		{error, erl_scheme_webpage_chunk_undefined} ->
-                    {proceed, [{status, {404, ModData#mod.request_uri, "Not found"}}
-                               | ModData#mod.data]};
-		ResponseResult ->
-		    ResponseResult
-	    end;
-	false ->
-	    {proceed, [{status, {403, ModData#mod.request_uri,
-				 ?NICE("Client not authorized to evaluate: "
-				       ++  ESIBody)}} | ModData#mod.data]}
-    end;
-generate_webpage(ModData, ESIBody, Modules, ModuleName, FunctionName,
-		 Input, ScriptElements) ->
+generate_webpage(ModData, ESIBody, AllowedModules0, ModuleString, FunctionString,
+		 Input, ScriptElements)
+  when is_list(ModuleString), is_list(FunctionString) ->
+    case convert_to_atoms(ModuleString, FunctionString, ModData) of
+        {ok, Module, Function} ->
+            verify_module(ModData, ESIBody, AllowedModules0, Module, Function,
+                          Input, ScriptElements);
+        Result ->
+            Result
+    end.
+
+convert_to_atoms(ModuleString, FunctionString, ModData) ->
     try
-        Module = list_to_existing_atom(ModuleName),
+        Module = list_to_existing_atom(ModuleString),
         _ = code:ensure_loaded(Module),
-        Function = list_to_existing_atom(FunctionName),
-        generate_webpage(ModData, ESIBody, Modules, Module, Function,
-                         Input, ScriptElements)
+        Function = list_to_existing_atom(FunctionString),
+        {ok, Module, Function}
     catch
-        _:_ ->
-            {proceed, [{status, {404, ModData#mod.request_uri, "Not found"}}
-                      | ModData#mod.data]}
+        error:badarg:_Stacktrace ->
+            {proceed, ?ERROR_404}
+    end.
+
+verify_module(ModData, _ESIBody, [all], Module, Function, Input, ScriptElements) ->
+    do_generate_webpage(ModData, Module, Function, Input, ScriptElements);
+verify_module(ModData, ESIBody, Allowed, Module, Function, Input, ScriptElements) ->
+    case lists:member(Module, Allowed) of
+        true ->
+            do_generate_webpage(ModData, Module, Function, Input, ScriptElements);
+        _ ->
+            Error403 =
+                [{status,
+                  {403, ModData#mod.request_uri,
+                   ?NICE("Client not authorized to evaluate: " ++ ESIBody)}} |
+                 ModData#mod.data],
+            {proceed, Error403}
+    end.
+
+do_generate_webpage(ModData, Module, Function, Input, ScriptElements) ->
+    Env = httpd_script_env:create_env(esi, ModData, ScriptElements),
+    case erl_scheme_webpage_chunk(Module, Function, Env, Input, ModData) of
+        {error, erl_scheme_webpage_chunk_undefined} ->
+            {proceed, ?ERROR_404};
+        ResponseResult ->
+            ResponseResult
     end.
 
 %% API that allows the dynamic wepage to be sent back to the client 
-- 
2.35.3

openSUSE Build Service is sponsored by