-const char cgi_rcs[] = "$Id: cgi.c,v 1.70.2.3 2002/11/28 18:14:32 oes Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.70.2.11 2003/10/23 12:29:26 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/Attic/cgi.c,v $
*
* Revisions :
* $Log: cgi.c,v $
+ * Revision 1.70.2.11 2003/10/23 12:29:26 oes
+ * Bugfix: Transparent PNG was not transparent. Thanks to
+ * Dan Razzell of Starfish Systems for notice and new PNG.
+ *
+ * Revision 1.70.2.10 2003/06/06 07:54:25 oes
+ * Security fix: dspatch_known_cgi no longer considers an empty
+ * referrer safe for critical CGIs, since malicious links could
+ * reside on https:// locations which browsers don't advertize as
+ * referrers. Closes bug #749916, thanks to Jeff Epler for the
+ * hint. Goodbye One-Click[tm] toggling :-(
+ *
+ * Revision 1.70.2.9 2003/05/08 15:11:31 oes
+ * Nit
+ *
+ * Revision 1.70.2.8 2003/04/29 13:33:51 oes
+ * Killed a compiler warning on OSX
+ *
+ * Revision 1.70.2.7 2003/04/03 13:50:58 oes
+ * - Don't call cgi_error_disabled ifndef FEATURE_CGI_EDIT_ACTIONS
+ * (fixes bug #710056)
+ * - Show toggle info only if we have it
+ *
+ * Revision 1.70.2.6 2003/03/12 01:26:25 david__schmidt
+ * Move declaration of struct tm dummy outside of a control block so it is
+ * accessible later on during snprintf in get_http_time.
+ *
+ * Revision 1.70.2.5 2003/03/11 11:53:58 oes
+ * Cosmetic: Renamed cryptic variable
+ *
+ * Revision 1.70.2.4 2003/03/07 03:41:03 david__schmidt
+ * Wrapping all *_r functions (the non-_r versions of them) with mutex semaphores for OSX. Hopefully this will take care of all of those pesky crash reports.
+ *
* Revision 1.70.2.3 2002/11/28 18:14:32 oes
* Disable access to critical CGIs via untrusted referrers.
* This prevents users from being tricked by malicious websites
#include "cgiedit.h"
#endif /* def FEATURE_CGI_EDIT_ACTIONS */
#include "loadcfg.h"
-/* loadcfg.h is for g_bToggleIJB only */
+/* loadcfg.h is for global_toggle_state only */
#ifdef FEATURE_PTHREAD
#include <pthread.h>
#include "jcc.h"
#endif
{ "show-status",
cgi_show_status,
+#ifdef FEATURE_CGI_EDIT_ACTIONS
"View & change the current configuration",
+#else
+ "View the current configuration",
+#endif
TRUE },
{ "show-version",
cgi_show_version,
{ "ear", /* Shortcut for edit-actions-remove-url-form */
cgi_edit_actions_remove_url_form,
NULL, FALSE },
+ { "eal", /* Shortcut for edit-actions-list */
+ cgi_edit_actions_list,
+ NULL, FALSE },
{ "eafu", /* Shortcut for edit-actions-for-url */
cgi_edit_actions_for_url,
NULL, FALSE },
/*
- * Bulit-in images for ad replacement
+ * Built-in images for ad replacement
*
* Hint: You can encode your own images like this:
* cat your-image | perl -e 'while (read STDIN, $c, 1) { printf("\\%.3o", unpack("C", $c)); }'
*/
const char image_blank_data[] =
"\211\120\116\107\015\012\032\012\000\000\000\015\111\110\104\122"
- "\000\000\000\004\000\000\000\004\010\006\000\000\000\251\361\236"
- "\176\000\000\000\007\164\111\115\105\007\322\003\013\020\073\070"
- "\013\025\036\203\000\000\000\011\160\110\131\163\000\000\013\022"
- "\000\000\013\022\001\322\335\176\374\000\000\000\004\147\101\115"
- "\101\000\000\261\217\013\374\141\005\000\000\000\033\111\104\101"
- "\124\170\332\143\070\161\342\304\207\377\377\377\347\302\150\006"
- "\144\016\210\146\040\250\002\000\042\305\065\221\270\027\131\110"
+ "\000\000\000\001\000\000\000\001\001\003\000\000\000\045\333\126"
+ "\312\000\000\000\003\120\114\124\105\377\377\377\247\304\033\310"
+ "\000\000\000\001\164\122\116\123\000\100\346\330\146\000\000\000"
+ "\001\142\113\107\104\000\210\005\035\110\000\000\000\012\111\104"
+ "\101\124\170\001\143\140\000\000\000\002\000\001\163\165\001\030"
"\000\000\000\000\111\105\116\104\256\102\140\202";
#else
else if (*path != '\0')
{
/*
- * wierdness: URL is /configXXX, where XXX is some string
+ * weirdness: URL is /configXXX, where XXX is some string
* Do *NOT* intercept.
*/
return NULL;
if ((d->name == NULL) || (strcmp(path_copy, d->name) == 0))
{
/*
- * If the called CGI is either harmless, or not referred
- * from an untrusted source, start it.
+ * If the called CGI is either harmless, or referred
+ * from a trusted source, start it.
*/
if (d->harmless
- || (NULL == (referrer = grep_cgi_referrer(csp)))
- || (0 == strncmp(referrer, "http://config.privoxy.org/", 26))
+ || ((NULL != (referrer = grep_cgi_referrer(csp)))
+ && (0 == strncmp(referrer, "http://config.privoxy.org/", 26)))
)
{
err = (d->handler)(csp, rsp, param_list);
}
+/*********************************************************************
+ *
+ * Function : cgi_redirect
+ *
+ * Description : CGI support function to generate a HTTP redirect
+ * message
+ *
+ * Parameters :
+ * 1 : rsp = http_response data structure for output
+ * 2 : target = string with the target URL
+ *
+ * CGI Parameters : None
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory error.
+ *
+ *********************************************************************/
+jb_err cgi_redirect (struct http_response * rsp, const char *target)
+{
+ jb_err err;
+
+ assert(rsp);
+ assert(target);
+
+ err = enlist_unique_header(rsp->headers, "Location", target);
+
+ rsp->status = strdup("302 Local Redirect from Privoxy");
+ if (rsp->status == NULL)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ return err;
+}
+
+
/*********************************************************************
*
* Function : add_help_link
struct tm *t;
time_t current_time;
+#if defined(HAVE_GMTIME_R) && !defined(OSX_DARWIN)
+ /*
+ * Declare dummy up here (instead of inside get/set gmt block) so it
+ * doesn't go out of scope before it's potentially used in snprintf later.
+ * Wrapping declaration inside HAVE_GMTIME_R keeps the compiler quiet when
+ * !defined HAVE_GMTIME_R.
+ */
+ struct tm dummy;
+#endif
assert(buf);
t = gmtime(¤t_time);
pthread_mutex_unlock(&gmtime_mutex);
#elif HAVE_GMTIME_R
- struct tm dummy;
t = gmtime_r(¤t_time, &dummy);
#else
t = gmtime(¤t_time);
get_http_time(0, buf);
if (!err) err = enlist_unique_header(rsp->headers, "Date", buf);
if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", buf);
- if (!err) err = enlist_unique_header(rsp->headers, "Expires", buf);
+ if (!err) err = enlist_unique_header(rsp->headers, "Expires", "Sat, 17 Jun 2000 12:00:00 GMT");
}
if (!err) err = map(exports, "user-manual", 1, csp->config->usermanual ,1);
if (!err) err = map(exports, "actions-help-prefix", 1, ACTIONS_HELP_PREFIX ,1);
#ifdef FEATURE_TOGGLE
- if (!err) err = map_conditional(exports, "enabled-display", g_bToggleIJB);
+ if (!err) err = map_conditional(exports, "enabled-display", global_toggle_state);
+#else
+ if (!err) err = map_block_killer(exports, "can-toggle");
#endif
snprintf(buf, 20, "%d", csp->config->hport);