1 files changed, 51 insertions, 12 deletions

diff --git a/Inject/Handler.pm b/Inject/Handler.pm
index 98d4713..5a40fd8 100644
--- a/Inject/Handler.pm
+++ b/Inject/Handler.pm
@@ -1,29 +1,60 @@
 package Apache::Inject::Handler;
 
 use strict;
-use warnings;
+use warnings FATAL => 'all';
 
 use Apache2::RequestRec ();
 use Apache2::RequestUtil ();
 use Apache2::Const qw/OK DECLINED/;
 
 my $doc = qr{
-	(?<head> \s* # common way to trigger quirks mode
-		 (<!doctype[^>]*>)? \s*
-		 ( <head[^>]*>.*?</head> \s*
+	\A
+	(?<head> \s*
+	         (<!doctype[^>]*>)? \s*
+	         (<html[^>]*>)? \s*
+	         ( <head[^>]*>.*?</head> \s*
 	         | ( <title[^>]*>.*?</title> \s*
 	           | <base[^>]*> \s*
 	           | <meta[^>]*> \s*
 	           | <link[^>]*> \s*
-	           | <object[^>]*>.*?</object> \s*
 	           | <style[^>]*>.*?</style> \s* # n.b.
 	           | <script[^>]*>.*?</script> \s* # n.b.
-	           | <noscript[^>]*>.*?</noscript> \s* # n.b.!
 	           )+
-		 )
+	         )?
+	         (<body[^>]*>)?
 	)?
-	(?<body> .* )
-}xms;
+	(?<body> .*? )
+	(?<rest> </html> \s* )?
+	\z
+}xmsi;
+
+sub inject {
+	my ($r, $var) = @_;
+
+	# Retrieve value implicitly set by Inject directive
+	return if not (my $val = $r->dir_config($var));
+
+	# Validate path
+	if ($val =~ m{^/}) {
+		warn "$var should not begin with slash, "
+		   . "as it is already always relative to document root";
+	}
+	if ($val =~ m{^../|/../|/..$}) {
+		warn "$var cannot extend past document root";
+		return;
+	}
+
+	# note: document root has been confirmed not to be empty
+	my $root = $r->document_root;
+
+	# Read contents of specified file
+	open my $fh, '<', "$root/$val" or do {
+		warn "$var $root/$val does not exist";
+		return;
+	};
+	print for <$fh>;
+	close $fh;
+}
 
 sub handler {
 	my $r = shift;
@@ -32,10 +63,18 @@ sub handler {
 
 	my $content = ${$r->slurp_filename};
 	return DECLINED if not $content =~ /$doc/;
+
+	# Or is DocumentRoot guaranteed not to be empty?
+	if (not $r->document_root) {
+		warn 'Declining request due to empty document root';
+		return DECLINED;
+	}
+
 	print $+{head} if $+{head};
-	print "Injection 1\n";
-	print $+{body};
-	print "Injection 2\n";
+	inject($r, "InjectHead");
+	print $+{body} if $+{body};
+	inject($r, "InjectFoot");
+	print $+{rest} if $+{rest};
 
 	return OK;
 }