+ struct http_response *rsp;
+#ifdef FEATURE_FAST_REDIRECTS
+ /*
+ * XXX: Do we still need FEATURE_FAST_REDIRECTS
+ * as compile-time option? The user can easily disable
+ * it in his action file.
+ */
+ char * redirect_mode;
+#endif /* def FEATURE_FAST_REDIRECTS */
+ char *old_url = NULL;
+ char *new_url = NULL;
+ char *redirection_string;
+
+ if ((csp->action->flags & ACTION_REDIRECT))
+ {
+ redirection_string = csp->action->string[ACTION_STRING_REDIRECT];
+
+ /*
+ * If the redirection string begins with 's',
+ * assume it's a pcrs command, otherwise treat it as
+ * properly formatted URL and use it for the redirection
+ * directly.
+ *
+ * According to RFC 2616 section 14.30 the URL
+ * has to be absolute and if the user tries:
+ * +redirect{shit/this/will/be/parsed/as/pcrs_command.html}
+ * she would get undefined results anyway.
+ *
+ */
+
+ if (*redirection_string == 's')
+ {
+ old_url = csp->http->url;
+ new_url = rewrite_url(old_url, redirection_string);
+ }
+ else
+ {
+ log_error(LOG_LEVEL_REDIRECTS,
+ "No pcrs command recognized, assuming that \"%s\" is already properly formatted.",
+ redirection_string);
+ new_url = strdup(redirection_string);
+ }
+ }
+
+#ifdef FEATURE_FAST_REDIRECTS
+ if ((csp->action->flags & ACTION_FAST_REDIRECTS))
+ {
+ redirect_mode = csp->action->string[ACTION_STRING_FAST_REDIRECTS];
+
+ /*
+ * If it exists, use the previously rewritten URL as input
+ * otherwise just use the old path.
+ */
+ old_url = (new_url != NULL) ? new_url : strdup(csp->http->path);
+ new_url = get_last_url(old_url, redirect_mode);
+ freez(old_url);
+ }
+#endif /* def FEATURE_FAST_REDIRECTS */
+
+ /* Did any redirect action trigger? */
+ if (new_url)
+ {
+ if (0 == strcmpic(new_url, csp->http->url))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "New URL \"%s\" and old URL \"%s\" are the same. Redirection loop prevented.",
+ csp->http->url, new_url);
+ freez(new_url);
+ }
+ else
+ {
+ log_error(LOG_LEVEL_REDIRECTS, "New URL is: %s", new_url);
+
+ if (NULL == (rsp = alloc_http_response()))
+ {
+ freez(new_url);
+ return cgi_error_memory();
+ }
+
+ if ( enlist_unique_header(rsp->headers, "Location", new_url)
+ || (NULL == (rsp->status = strdup("302 Local Redirect from Privoxy"))) )
+ {
+ freez(new_url);
+ free_http_response(rsp);
+ return cgi_error_memory();
+ }
+ rsp->reason = RSP_REASON_REDIRECTED;
+ freez(new_url);
+
+ return finish_http_response(csp, rsp);
+ }
+ }
+
+ /* Only reached if no redirect is required */
+ return NULL;
+
+}
+
+
+#ifdef FEATURE_IMAGE_BLOCKING
+/*********************************************************************
+ *
+ * Function : is_imageurl
+ *
+ * Description : Given a URL, decide whether it is an image or not,
+ * using either the info from a previous +image action
+ * or, #ifdef FEATURE_IMAGE_DETECT_MSIE, and the browser
+ * is MSIE and not on a Mac, tell from the browser's accept
+ * header.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : True (nonzero) if URL is an image, false (0)
+ * otherwise
+ *
+ *********************************************************************/
+int is_imageurl(const struct client_state *csp)
+{
+#ifdef FEATURE_IMAGE_DETECT_MSIE
+ char *tmp;
+
+ tmp = get_header_value(csp->headers, "User-Agent:");
+ if (tmp && strstr(tmp, "MSIE") && !strstr(tmp, "Mac_"))
+ {
+ tmp = get_header_value(csp->headers, "Accept:");
+ if (tmp && strstr(tmp, "image/gif"))
+ {
+ /* Client will accept HTML. If this seems counterintuitive,
+ * blame Microsoft.
+ */
+ return(0);
+ }
+ else
+ {
+ return(1);
+ }
+ }
+#endif /* def FEATURE_IMAGE_DETECT_MSIE */
+
+ return ((csp->action->flags & ACTION_IMAGE) != 0);
+
+}
+#endif /* def FEATURE_IMAGE_BLOCKING */
+
+
+#ifdef FEATURE_TRUST
+/*********************************************************************
+ *
+ * Function : is_untrusted_url
+ *
+ * Description : Should we "distrust" this URL (and block it)?
+ *
+ * Yes if it matches a line in the trustfile, or if the
+ * referrer matches a line starting with "+" in the
+ * trustfile.
+ * No otherwise.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : 0 => trusted, 1 => untrusted
+ *
+ *********************************************************************/
+int is_untrusted_url(const struct client_state *csp)
+{
+ struct file_list *fl;
+ struct block_spec *b;
+ struct url_spec **trusted_url;
+ struct http_request rhttp[1];
+ const char * referer;
+ jb_err err;
+
+ /*
+ * If we don't have a trustlist, we trust everybody
+ */
+ if (((fl = csp->tlist) == NULL) || ((b = fl->f) == NULL))
+ {
+ return 0;
+ }
+
+ memset(rhttp, '\0', sizeof(*rhttp));
+
+ /*
+ * Do we trust the request URL itself?
+ */
+ for (b = b->next; b ; b = b->next)
+ {
+ if (url_match(b->url, csp->http))
+ {
+ return b->reject;
+ }
+ }
+
+ if (NULL == (referer = get_header_value(csp->headers, "Referer:")))
+ {
+ /* no referrer was supplied */
+ return 1;
+ }
+
+
+ /*
+ * If not, do we maybe trust its referrer?
+ */
+ err = parse_http_url(referer, rhttp, csp);
+ if (err)
+ {
+ return 1;
+ }
+
+ for (trusted_url = csp->config->trust_list; *trusted_url != NULL; trusted_url++)
+ {
+ if (url_match(*trusted_url, rhttp))
+ {
+ /* if the URL's referrer is from a trusted referrer, then
+ * add the target spec to the trustfile as an unblocked
+ * domain and return 0 (which means it's OK).
+ */
+
+ FILE *fp;
+
+ if (NULL != (fp = fopen(csp->config->trustfile, "a")))
+ {
+ char * path;
+ char * path_end;
+ char * new_entry = strdup("~");
+
+ string_append(&new_entry, csp->http->hostport);
+
+ path = csp->http->path;
+ if ( (path[0] == '/')
+ && (path[1] == '~')
+ && ((path_end = strchr(path + 2, '/')) != NULL))
+ {
+ /* since this path points into a user's home space
+ * be sure to include this spec in the trustfile.
+ */
+ int path_len = path_end - path; /* save offset */
+ path = strdup(path); /* Copy string */
+ if (path != NULL)
+ {
+ path_end = path + path_len; /* regenerate ptr to new buffer */
+ *(path_end + 1) = '\0'; /* Truncate path after '/' */
+ }
+ string_join(&new_entry, path);
+ }
+
+ /*
+ * Give a reason for generating this entry.
+ */
+ string_append(&new_entry, " # Trusted referrer was: ");
+ string_append(&new_entry, referer);
+
+ if (new_entry != NULL)
+ {
+ if (-1 == fprintf(fp, "%s\n", new_entry))
+ {
+ log_error(LOG_LEVEL_ERROR, "Failed to append \'%s\' to trustfile \'%s\': %E",
+ new_entry, csp->config->trustfile);
+ }
+ free(new_entry);
+ }
+ else
+ {
+ /* FIXME: No way to handle out-of memory, so mostly ignoring it */
+ log_error(LOG_LEVEL_ERROR, "Out of memory adding pattern to trust file");
+ }
+
+ fclose(fp);
+ }
+ else
+ {
+ log_error(LOG_LEVEL_ERROR, "Failed to append new entry for \'%s\' to trustfile \'%s\': %E",
+ csp->http->hostport, csp->config->trustfile);
+ }
+ return 0;
+ }
+ }
+
+ return 1;
+}
+#endif /* def FEATURE_TRUST */
+
+
+/*********************************************************************
+ *
+ * Function : pcrs_filter_response
+ *
+ * Description : Execute all text substitutions from all applying
+ * +filter actions on the text buffer that's been accumulated
+ * in csp->iob->buf. If this changes the contents, set
+ * csp->content_length to the modified size and raise the
+ * CSP_FLAG_MODIFIED flag.
+ *
+ * XXX: Currently pcrs_filter_response is also responsible
+ * for dechunking and decompressing. Both should be
+ * done in separate functions so other content modifiers
+ * profit as well, even if pcrs filtering is disabled.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : a pointer to the (newly allocated) modified buffer.
+ * or NULL if there were no hits or something went wrong
+ *
+ *********************************************************************/
+char *pcrs_filter_response(struct client_state *csp)
+{
+ int hits=0;
+ size_t size, prev_size;