Jump to content
RadStudio 10.3.1 was released today Read more... ×
hsvandrew

ISAPI in Delphi 10.2,10.3 TranslateURI

Do you create web projects in Delphi?  

9 members have voted

  1. 1. What framework do you deploy with

    • Apache
      3
    • ISAPI
      8
  2. 2. Which operating system do you deploy on

    • Windows 2016
      6
    • Windows 2012
      6
    • Linux
      4
    • Older Windows
      4
    • Other
      0
  3. 3. Which Framework do you use?

    • TidHTTPServer
      2
    • Intraweb
      2
    • Synapse vanilla
      0
    • DataSnap
      2
    • DMVC
      2
    • mORMot
      2
    • Node.js
      0
    • Intraweb
      0
    • UniGUI
      1
    • Other
      0
    • Left Delphi to build web stack
      2


Recommended Posts

This note is for anyone going about creating an ISAPI in modern versions of Delphi. Request.TranslateURI has been broken (and still remains unfixed in 10.3)for a number of releases.

TranslateURI is useful if you run multiple sites on the same IIS server and want to work out the base folder of the site i.e. request.TranslateURI('/')  to work out which customer experience/domain etc you are currently serving.

 

I'm not sure if this code covers every unicode etc scenario, but for basic needs it works whereas the built in code does not.

You'll need to modify C:\Program Files (x86)\Embarcadero\Studio\20.0\source\internet\Web.Win.IsapiHTTP.pas 

You need to then ADD the Web.Win.IsapiHTTP.pas  to your project with the full source path

 

I'm surprised this bug hasn't had more attention and have to wonder how much web work is going on in Delphi.

 

**please see below for updated version from another member**

function TISAPIRequest.TranslateURI(const URI: string): string;
var
PathBuffer: array[0..1023] of AnsiChar;
Size: Integer;
begin
System.AnsiStrings.StrCopy(PathBuffer, PAnsiChar(AnsiString(URI)));
Size := SizeOf(PathBuffer);
if ECB.ServerSupportFunction(ECB.ConnID, HSE_REQ_MAP_URL_TO_PATH,
@PathBuffer, @Size, nil) then
Result := string(PathBuffer)
else Result := '';
end;

 

Share this post


Link to post

You should wipe your version from the net then it's vulnerable as you are not checking the length of the URI.

 

Looks like somebody went to get a coffee at emba in the middle of the refactoring.

 

The right code should be:

 

function TISAPIRequest.TranslateURI(const URI: string): string;
var
  Size: integer;
  LBytes: TBytes;
begin
  LBytes := DefaultCharSetEncoding.GetBytes(URI);
  Size := Length(LBytes);
  SetLength(LBytes, 1024);
  LBytes[Min(Size, Length(LBytes) - 1)] := 0; // null terminator
  Size := Length(LBytes);
  if ECB.ServerSupportFunction(ECB.ConnID, HSE_REQ_MAP_URL_TO_PATH, LBytes, @Size, nil) then
    Result := DefaultCharSetEncoding.GetString(LBytes, 0, Size - 1); // Dmitry Arefiev Instead of last "Size" reference there should be "Size - 1"
end;

Can be easily put into an interposer hack/fake-class.

 

Edited by Attila Kovacs

Share this post


Link to post
23 hours ago, hsvandrew said:

This note is for anyone going about creating an ISAPI in modern versions of Delphi. Request.TranslateURI has been broken (and still remains unfixed in 10.3)for a number of releases.

TranslateURI is useful if you run multiple sites on the same IIS server and want to work out the base folder of the site i.e. request.TranslateURI('/')  to work out which customer experience/domain etc you are currently serving.

 

There's no entry for my MARS REST library (https://github.com/andrea-magni/MARS) in your poll...

I am happily doing web backend development since years, using DataSnap at first. Using MARS since it exists 😉

 

  • Like 1

Share this post


Link to post
On 1/15/2019 at 5:52 PM, Andrea Magni said:

 

There's no entry for my MARS REST library (https://github.com/andrea-magni/MARS) in your poll...

I am happily doing web backend development since years, using DataSnap at first. Using MARS since it exists 😉

 

Apologies @Andrea Magni I wasn't able to edit the survey once it collected results and I wasn't aware of the MARS REST Library

Share this post


Link to post
14 hours ago, hsvandrew said:

Apologies @Andrea Magni I wasn't able to edit the survey once it collected results and I wasn't aware of the MARS REST Library

No worries 🙂

If you need some information about the library, feel free to ask me (there is a dedicated subforum in the third party group).

 

Sincerely,

Andrea

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×