-const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.17 2002/03/16 14:26:42 jongfoster Exp $";
+const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.28 2002/03/27 12:30:29 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $
* Stick to the short names in this file for consistency.
*
* Copyright : Written by and Copyright (C) 2001 the SourceForge
- * IJBSWA team. http://ijbswa.sourceforge.net
+ * Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
*
* Revisions :
* $Log: cgiedit.c,v $
+ * Revision 1.28 2002/03/27 12:30:29 oes
+ * Deleted unsused variable
+ *
+ * Revision 1.27 2002/03/26 23:06:04 jongfoster
+ * Removing duplicate @ifs on the toggle page
+ *
+ * Revision 1.26 2002/03/26 22:59:17 jongfoster
+ * Fixing /toggle to display status consistently.
+ *
+ * Revision 1.25 2002/03/26 22:29:54 swa
+ * we have a new homepage!
+ *
+ * Revision 1.24 2002/03/24 15:23:33 jongfoster
+ * Name changes
+ *
+ * Revision 1.23 2002/03/24 13:32:41 swa
+ * name change related issues
+ *
+ * Revision 1.22 2002/03/24 13:25:43 swa
+ * name change related issues
+ *
+ * Revision 1.21 2002/03/22 18:02:48 jongfoster
+ * Fixing remote toggle
+ *
+ * Revision 1.20 2002/03/16 20:28:34 oes
+ * Added descriptions to the filters so users will know what they select in the cgi editor
+ *
+ * Revision 1.19 2002/03/16 18:38:14 jongfoster
+ * Stopping stupid or malicious users from breaking the actions
+ * file using the web-based editor.
+ *
+ * Revision 1.18 2002/03/16 14:57:44 jongfoster
+ * Full support for enabling/disabling modular filters.
+ *
* Revision 1.17 2002/03/16 14:26:42 jongfoster
* First version of modular filters support - READ ONLY!
* Fixing a double-free bug in the out-of-memory handling in map_radio().
struct editable_file
{
struct file_line * lines;
- const char * filename; /* Full pathname - e.g. "/etc/junkbuster/wibble.action" */
+ const char * filename; /* Full pathname - e.g. "/etc/privoxy/wibble.action" */
const char * identifier; /* Filename stub - e.g. "wibble". Use for CGI param. */
/* Pre-encoded with url_encode() for ease of use. */
const char * version_str; /* Last modification time, as a string. For CGI param */
* (Statically allocated) */
};
+#define CGI_ACTION_PARAM_LEN_MAX 500
+
/* FIXME: Following non-static functions should be prototyped in .h or made static */
/* Functions to read and write arbitrary config files */
const struct map *parameters,
const char *name,
char **pvalue);
+static jb_err get_string_param(const struct map *parameters,
+ const char *param_name,
+ const char **pparam);
/* Internal actionsfile <==> HTML conversion functions */
static jb_err map_radio(struct map * exports,
}
+/*********************************************************************
+ *
+ * Function : get_char_param
+ *
+ * Description : Get a single-character parameter passed to a CGI
+ * function.
+ *
+ * Parameters :
+ * 1 : parameters = map of cgi parameters
+ * 2 : param_name = The name of the parameter to read
+ *
+ * Returns : Uppercase character on success, '\0' on error.
+ *
+ *********************************************************************/
+static char get_char_param(const struct map *parameters,
+ const char *param_name)
+{
+ char ch;
+
+ assert(parameters);
+ assert(param_name);
+
+ ch = *(lookup(parameters, param_name));
+ if ((ch >= 'a') && (ch <= 'z'))
+ {
+ ch = ch - 'a' + 'A';
+ }
+
+ return ch;
+}
+
+
+/*********************************************************************
+ *
+ * Function : get_string_param
+ *
+ * Description : Get a string paramater, to be used as an
+ * ACTION_STRING or ACTION_MULTI paramater.
+ * Validates the input to prevent stupid/malicious
+ * users from corrupting their action file.
+ *
+ * Parameters :
+ * 1 : parameters = map of cgi parameters
+ * 2 : param_name = The name of the parameter to read
+ * 3 : pparam = destination for paramater. Allocated as
+ * part of the map "parameters", so don't free it.
+ * Set to NULL if not specified.
+ *
+ * Returns : JB_ERR_OK on success, or if the paramater
+ * was not specified.
+ * JB_ERR_MEMORY on out-of-memory.
+ * JB_ERR_CGI_PARAMS if the paramater is not valid.
+ *
+ *********************************************************************/
+static jb_err get_string_param(const struct map *parameters,
+ const char *param_name,
+ const char **pparam)
+{
+ const char *param;
+ const char *s;
+ char ch;
+
+ assert(parameters);
+ assert(param_name);
+ assert(pparam);
+
+ *pparam = NULL;
+
+ param = lookup(parameters, param_name);
+ if (!*param)
+ {
+ return JB_ERR_OK;
+ }
+
+ if (strlen(param) >= CGI_ACTION_PARAM_LEN_MAX)
+ {
+ /*
+ * Too long.
+ *
+ * Note that the length limit is arbitrary, it just seems
+ * sensible to limit it to *something*. There's no
+ * technical reason for any limit at all.
+ */
+ return JB_ERR_CGI_PARAMS;
+ }
+
+ /* Check every character to see if it's legal */
+ s = param;
+ while ((ch = *s++) != '\0')
+ {
+ if ( ((unsigned char)ch < (unsigned char)' ')
+ || (ch == '}') )
+ {
+ /* Probable hack attempt, or user accidentally used '}'. */
+ return JB_ERR_CGI_PARAMS;
+ }
+ }
+
+ /* Success */
+ *pparam = param;
+
+ return JB_ERR_OK;
+}
+
+
/*********************************************************************
*
* Function : get_number_param
/*********************************************************************
*
- * Function : cgi_error_bad_param
+ * Function : cgi_error_disabled
*
- * Description : CGI function that is called if the parameters
- * (query string) for a CGI were wrong.
+ * Description : CGI function that is called if the actions editor
+ * is called although it's disabled in config
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
}
/* FIXME: Incomplete */
- rsp->status = strdup("302 Local Redirect from Junkbuster");
+ rsp->status = strdup("302 Local Redirect from Privoxy");
if (rsp->status == NULL)
{
return JB_ERR_MEMORY;
}
if (enlist_unique_header(rsp->headers, "Location",
- CGI_PREFIX "edit-actions-list?f=ijb"))
+ CGI_PREFIX "edit-actions-list?f=default"))
{
free(rsp->status);
rsp->status = NULL;
filter_name = cur_line->data.action->multi_add[ACTION_MULTI_FILTER]->first;
while ((filter_name != NULL)
- && (0 != strcmp(filter_group->filtername, filter_name->str)))
+ && (0 != strcmp(filter_group->name, filter_name->str)))
{
filter_name = filter_name->next;
}
{
filter_name = cur_line->data.action->multi_remove[ACTION_MULTI_FILTER]->first;
while ((filter_name != NULL)
- && (0 != strcmp(filter_group->filtername, filter_name->str)))
+ && (0 != strcmp(filter_group->name, filter_name->str)))
{
filter_name = filter_name->next;
}
else
{
if (!err) err = map(line_exports, "index", 1, number, 1);
- if (!err) err = map(line_exports, "name", 1, filter_group->filtername, 1);
+ if (!err) err = map(line_exports, "name", 1, filter_group->name, 1);
+ if (!err) err = map(line_exports, "description", 1, filter_group->description, 1);
if (!err) err = map_radio(line_exports, "this-filter", "ynx", current_mode);
this_line = NULL;
return err;
}
- ch = ijb_toupper((int)lookup(parameters, "filter_all")[0]);
+ ch = get_char_param(parameters, "filter_all");
if (ch == 'N')
{
list_remove_all(cur_line->data.action->multi_add[ACTION_MULTI_FILTER]);
cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER] = 0;
}
- for (index = 0; ; index++)
+ for (index = 0; !err; index++)
{
char key_value[30];
char key_name[30];
snprintf(key_name, sizeof(key_name), "filter_n%x", index);
key_name[sizeof(key_name) - 1] = '\0';
- name = lookup(parameters, key_name);
+ err = get_string_param(parameters, key_name, &name);
+ if (err) break;
- if (*name == '\0')
+ if (name == NULL)
{
/* End of list */
break;
}
- value = ijb_toupper((int)lookup(parameters, key_value)[0]);
+ value = get_char_param(parameters, key_value);
if (value == 'Y')
{
list_remove_item(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
return JB_ERR_MEMORY;
}
- rsp->status = strdup("302 Local Redirect from Junkbuster");
+ rsp->status = strdup("302 Local Redirect from Privoxy");
if (rsp->status == NULL)
{
free(target);
return JB_ERR_MEMORY;
}
- rsp->status = strdup("302 Local Redirect from Junkbuster");
+ rsp->status = strdup("302 Local Redirect from Privoxy");
if (rsp->status == NULL)
{
free(target);
return JB_ERR_MEMORY;
}
- rsp->status = strdup("302 Local Redirect from Junkbuster");
+ rsp->status = strdup("302 Local Redirect from Privoxy");
if (rsp->status == NULL)
{
free(target);
return JB_ERR_MEMORY;
}
- rsp->status = strdup("302 Local Redirect from Junkbuster");
+ rsp->status = strdup("302 Local Redirect from Privoxy");
if (rsp->status == NULL)
{
free(target);
return JB_ERR_MEMORY;
}
- rsp->status = strdup("302 Local Redirect from Junkbuster");
+ rsp->status = strdup("302 Local Redirect from Privoxy");
if (rsp->status == NULL)
{
free(target);
return JB_ERR_MEMORY;
}
- rsp->status = strdup("302 Local Redirect from Junkbuster");
+ rsp->status = strdup("302 Local Redirect from Privoxy");
if (rsp->status == NULL)
{
free(target);
return JB_ERR_MEMORY;
}
- rsp->status = strdup("302 Local Redirect from Junkbuster");
+ rsp->status = strdup("302 Local Redirect from Privoxy");
if (rsp->status == NULL)
{
free(target);
struct map *exports;
char mode;
const char *template_name;
- jb_err err;
assert(csp);
assert(rsp);
return cgi_error_disabled(csp, rsp);
}
- if (NULL == (exports = default_exports(csp, "toggle")))
- {
- return JB_ERR_MEMORY;
- }
-
- mode = *(lookup(parameters, "set"));
+ mode = get_char_param(parameters, "set");
- if (mode == 'e')
+ if (mode == 'E')
{
/* Enable */
g_bToggleIJB = 1;
}
- else if (mode == 'd')
+ else if (mode == 'D')
{
/* Disable */
g_bToggleIJB = 0;
}
- else if (mode == 't')
+ else if (mode == 'T')
{
/* Toggle */
g_bToggleIJB = !g_bToggleIJB;
}
- err = map_conditional(exports, "enabled", g_bToggleIJB);
- if (err)
+ if (NULL == (exports = default_exports(csp, "toggle")))
{
- free_map(exports);
- return err;
+ return JB_ERR_MEMORY;
}
- template_name = (*(lookup(parameters, "mini"))
+ template_name = (get_char_param(parameters, "mini")
? "toggle-mini"
: "toggle");
char * param_dup;
char ch;
const char * js_name;
+ jb_err err = JB_ERR_OK;
assert(parameters);
assert(action);
#define DEFINE_ACTION_BOOL(name, bit) \
JAVASCRIPTIFY(js_name, name); \
- param = lookup(parameters, js_name); \
- ch = ijb_toupper(param[0]); \
+ ch = get_char_param(parameters, js_name); \
if (ch == 'Y') \
{ \
action->add |= bit; \
#define DEFINE_ACTION_STRING(name, bit, index) \
JAVASCRIPTIFY(js_name, name); \
- param = lookup(parameters, js_name); \
- ch = ijb_toupper(param[0]); \
+ ch = get_char_param(parameters, js_name); \
if (ch == 'Y') \
{ \
+ param = NULL; \
JAVASCRIPTIFY(js_name, name "-mode"); \
- param = lookup(parameters, js_name); \
- if ((*param == '\0') || (0 == strcmp(param, "CUSTOM"))) \
- { \
- JAVASCRIPTIFY(js_name, name "-param"); \
- param = lookup(parameters, js_name); \
+ if (!err) err = get_string_param(parameters, js_name, ¶m); \
+ if ((param == NULL) || (0 == strcmp(param, "CUSTOM"))) \
+ { \
+ JAVASCRIPTIFY(js_name, name "-param"); \
+ if (!err) err = get_string_param(parameters, js_name, ¶m); \
} \
- if (*param != '\0') \
+ if (param != NULL) \
{ \
if (NULL == (param_dup = strdup(param))) \
{ \
#define DEFINE_ACTION_MULTI(name, index) \
JAVASCRIPTIFY(js_name, name); \
- param = lookup(parameters, js_name); \
- ch = ijb_toupper((int)param[0]); \
+ ch = get_char_param(parameters, js_name); \
if (ch == 'Y') \
{ \
/* FIXME */ \
first_time = 0;
- return JB_ERR_OK;
+ return err;
}