Http protocol functions
index
- About http protocol functions
- Initialize the library
- Parse http request header
- Send http response header
- Detect URL hack attempt
About http protocol functions
The http protocol functions are originally designed to be used by the control panel and the http protocol plug-in, however, the API's are made public and can be used in any other protocol.
The API offers functionality to:
- receive the http request from a client and parse this into a HTTPSession structure;
- create and send a http response header from a ResponseHeader structure;
- send (a range) of a file;
- escape and unescape special http characters;
- detecting URL hack attempts.
Initialize the library
When the plugin is loading, a call will be made to the __asm_exchange_tables function (see chapter "TV's server API"). From this function a call should be made to the function __asm_exchange_tables_http. This will load the import table from TV's server into it's memory. Without making this call, all other functions will crash when used.
Parse http request header
The RecvAndParseHTTP function will receive the HTTP header and parse it into a HTTPSession structure. The well known http variables will be placed in the DefaultHTTPVariables structure, this will make it easy accessible since the variables have a default position in this structure. The other variables that do not fit in the DefaultHTTPVariables structure will be placed in a list, this list can be accessed with the GetCollectionItem function. This list is build with the same technology as the "Storage indexed by string" described in article "Protocol data storage". A copy of the URL and Cookie variables will be made to be able to parse them without harming the original data. The URL can contain variables behind the question mark, these will be parsed into an list, this list can be accessed through the GetCollectionItem function. The cookies will be parsed into another list, that is accessible with the same function.
Send http response header
The SendHTTPHeader function will send a http response header created out of an ResponseHeader structure. The most features from a http response header are defined in this structure, however, if you somehow require an extra field to be set in the response header, that cannot be defined in this structure, it is possible to set flag FRH_DONT_END_HEADER. This flag will cause the function not to send the last new line, which indicates the end of a header. This gives a plug-in a opportunity to send their own fields before ending the header.
Detect URL hack attempt
It's wrong blindly trust input from a client, it could be a hack attempt. One of those attacks can be an client that tries to access a parent directory from the directory you want to publish (for example request url "/../"). The API offers the function DecodeURL to protect the server from this hack. This function will convert each parent ('../') and current directory ('./') into the folder that is actually requested. If the requested URL tries to access a parent directory from the top directory (for example "/test/../../") the function will return false. This function will only work on a string without escaped characters (use ConvertEscapedCharactersToBytes function to unescape) and without double slashes (use DeleteDoubleSlashesInUrl function to strip double slashes).