-const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.53 2007/04/08 13:21:04 fabiankeil Exp $";
+const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.63 2008/02/01 06:04:31 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgisimple.c,v $
*
* Revisions :
* $Log: cgisimple.c,v $
+ * Revision 1.63 2008/02/01 06:04:31 fabiankeil
+ * If edit buttons on the show-url-info CGI page are hidden, explain why.
+ *
+ * Revision 1.62 2008/02/01 05:52:40 fabiankeil
+ * Hide edit buttons on the show-url-info CGI page if enable-edit-action
+ * is disabled. Patch by Lee with additional white space adjustments.
+ *
+ * Revision 1.61 2008/01/26 11:13:25 fabiankeil
+ * If enable-edit-actions is disabled, hide the edit buttons and explain why.
+ *
+ * Revision 1.60 2007/10/27 13:12:13 fabiankeil
+ * Finish 1.49 and check write access before
+ * showing edit buttons on show-url-info page.
+ *
+ * Revision 1.59 2007/10/19 16:42:36 fabiankeil
+ * Plug memory leak I introduced five months ago.
+ * Yay Valgrind and Privoxy-Regression-Test.
+ *
+ * Revision 1.58 2007/07/21 12:19:50 fabiankeil
+ * If show-url-info is called with an URL that Privoxy
+ * would reject as invalid, don't show unresolved forwarding
+ * variables, "final matches" or claim the site's secure.
+ *
+ * Revision 1.57 2007/06/01 16:53:05 fabiankeil
+ * Adjust cgi_show_url_info() to show what forward-override{}
+ * would do with the requested URL (instead of showing how the
+ * request for the CGI page would be forwarded if it wasn't a
+ * CGI request).
+ *
+ * Revision 1.56 2007/05/21 10:50:35 fabiankeil
+ * - Use strlcpy() instead of strcpy().
+ * - Stop treating actions files special. Expect a complete file name
+ * (with or without path) like it's done for the rest of the files.
+ * Closes FR#588084.
+ * - Don't rerun sed() in cgi_show_request().
+ *
+ * Revision 1.55 2007/04/13 13:36:46 fabiankeil
+ * Reference action files in CGI URLs by id instead
+ * of using the first part of the file name.
+ * Fixes BR 1694250 and BR 1590556.
+ *
+ * Revision 1.54 2007/04/09 18:11:35 fabiankeil
+ * Don't mistake VC++'s _snprintf() for a snprintf() replacement.
+ *
* Revision 1.53 2007/04/08 13:21:04 fabiankeil
* Reference action files in CGI URLs by id instead
* of using the first part of the file name.
return JB_ERR_MEMORY;
}
- if (map(exports, "processed-request", 1, html_encode_and_free_original(
- sed(client_patterns, add_client_headers, csp)), 0))
+ if (map(exports, "processed-request", 1,
+ html_encode_and_free_original(list_to_text(csp->headers)), 0))
{
free_map(exports);
return JB_ERR_MEMORY;
if (!err) err = string_append(&s, buf);
#ifdef FEATURE_CGI_EDIT_ACTIONS
- if (NULL == strstr(csp->actions_list[i]->filename, "standard.action") && NULL != csp->config->actions_file_short[i])
+ if ((csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS)
+ && (NULL == strstr(csp->actions_list[i]->filename, "standard.action"))
+ && (NULL != csp->config->actions_file_short[i]))
{
#ifdef HAVE_ACCESS
if (access(csp->config->actions_file[i], W_OK) == 0)
if (!err) err = map_block_killer(exports, "trust-support");
#endif /* ndef FEATURE_TRUST */
+#ifdef FEATURE_CGI_EDIT_ACTIONS
+ if (!err && (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
+ {
+ err = map_block_killer(exports, "cgi-editor-is-disabled");
+ }
+#endif /* ndef CGI_EDIT_ACTIONS */
+
if (err)
{
free_map(exports);
/*
* Unknown prefix - assume http://
*/
- char * url_param_prefixed = malloc(7 + 1 + strlen(url_param));
+ const size_t url_param_prefixed_size = 7 + 1 + strlen(url_param);
+ char * url_param_prefixed = malloc(url_param_prefixed_size);
if (NULL == url_param_prefixed)
{
free(url_param);
free_map(exports);
return JB_ERR_MEMORY;
}
- strcpy(url_param_prefixed, "http://");
- strcpy(url_param_prefixed + 7, url_param);
+ strlcpy(url_param_prefixed, "http://", url_param_prefixed_size);
+ strlcat(url_param_prefixed, url_param, url_param_prefixed_size);
free(url_param);
url_param = url_param_prefixed;
}
err = map(exports, "matches", 1, "<b>[Invalid URL specified!]</b>" , 1);
if (!err) err = map(exports, "final", 1, lookup(exports, "default"), 1);
+ if (!err) err = map_block_killer(exports, "valid-url");
free_current_action(action);
free_http_request(url_to_query);
}
/*
- * We have a warning about SSL paths. Hide it for insecure sites.
+ * We have a warning about SSL paths. Hide it for unencrypted sites.
*/
if (!url_to_query->ssl)
{
for (i = 0; i < MAX_AF_FILES; i++)
{
if (NULL == csp->config->actions_file_short[i]
- || !strcmp(csp->config->actions_file_short[i], "standard")) continue;
+ || !strcmp(csp->config->actions_file_short[i], "standard.action")) continue;
b = NULL;
hits = 1;
/* FIXME: Hardcoded HTML! */
string_append(&matches, "<tr><th>In file: ");
string_join (&matches, html_encode(csp->config->actions_file_short[i]));
- snprintf(buf, 150, ".action <a class=\"cmd\" href=\"/show-status?file=actions&index=%d\">", i);
+ snprintf(buf, sizeof(buf), " <a class=\"cmd\" href=\"/show-status?file=actions&index=%d\">", i);
string_append(&matches, buf);
string_append(&matches, "View</a>");
#ifdef FEATURE_CGI_EDIT_ACTIONS
- string_append(&matches, " <a class=\"cmd\" href=\"/edit-actions-list?f=");
- string_join (&matches, html_encode(csp->config->actions_file_short[i]));
- string_append(&matches, "\">Edit</a>");
-#endif
+ if (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS)
+ {
+#ifdef HAVE_ACCESS
+ if (access(csp->config->actions_file[i], W_OK) == 0)
+ {
+#endif /* def HAVE_ACCESS */
+ snprintf(buf, sizeof(buf),
+ " <a class=\"cmd\" href=\"/edit-actions-list?f=%d\">", i);
+ string_append(&matches, buf);
+ string_append(&matches, "Edit</a>");
+#ifdef HAVE_ACCESS
+ }
+ else
+ {
+ string_append(&matches, " <strong>No write access.</strong>");
+ }
+#endif /* def HAVE_ACCESS */
+ }
+#endif /* FEATURE_CGI_EDIT_ACTIONS */
+
string_append(&matches, "</th></tr>\n");
hits = 0;
}
string_append(&matches, "</table>\n");
+ /*
+ * XXX: Kludge to make sure the "Forward settings" section
+ * shows what forward-override{} would do with the requested URL.
+ * No one really cares how the CGI request would be forwarded
+ * if it wasn't intercepted as CGI request in the first place.
+ *
+ * From here on the action bitmask will no longer reflect
+ * the real url (http://config.privoxy.org/show-url-info?url=.*),
+ * but luckily it's no longer required later on anyway.
+ */
+ free_current_action(csp->action);
+ url_actions(url_to_query, csp);
+
/*
* Fill in forwarding settings.
*
*
* XXX: Parts of this code could be reused for the
* "forwarding-failed" template which currently doesn't
- * display the proxy port and an eventuell second forwarder.
+ * display the proxy port and an eventual second forwarder.
*/
{
const struct forward_spec * fwd = forward_url(url_to_query, csp);
if (fwd->gateway_host != NULL)
{
- if (!err) err = map(exports, "socks-type", 1, (fwd->type == SOCKS_4) ?
- "socks4" : "socks4a", 1);
+ char *socks_type = NULL;
+
+ switch (fwd->type)
+ {
+ case SOCKS_4:
+ socks_type = "socks4";
+ break;
+ case SOCKS_4A:
+ socks_type = "socks4a";
+ break;
+ case SOCKS_5:
+ socks_type = "socks5";
+ break;
+ default:
+ log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type);
+ }
+
+ if (!err) err = map(exports, "socks-type", 1, socks_type, 1);
if (!err) err = map(exports, "gateway-host", 1, fwd->gateway_host, 1);
snprintf(port, sizeof(port), "%d", fwd->gateway_port);
if (!err) err = map(exports, "gateway-port", 1, port, 1);
return JB_ERR_MEMORY;
}
- if (map(exports, "matches", 1, matches , 0))
+#ifdef FEATURE_CGI_EDIT_ACTIONS
+ if ((csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
+ {
+ err = map_block_killer(exports, "cgi-editor-is-disabled");
+ }
+#endif /* FEATURE_CGI_EDIT_ACTIONS */
+
+ if (err || map(exports, "matches", 1, matches , 0))
{
free_current_action(action);
free_map(exports);