-const char cgi_rcs[] = "$Id: cgi.c,v 1.70.2.2 2002/11/12 16:20:37 oes Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.70.2.3 2002/11/28 18:14:32 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/Attic/cgi.c,v $
*
* Revisions :
* $Log: cgi.c,v $
+ * Revision 1.70.2.3 2002/11/28 18:14:32 oes
+ * Disable access to critical CGIs via untrusted referrers.
+ * This prevents users from being tricked by malicious websites
+ * into making unintentional configuration changes:
+ *
+ * - Added flag to each cgi_dispatcher that allows or denies
+ * external linking
+ * - Introduced proviorical function that greps for the
+ * referrer header before regular header parsing happens
+ * - Added safety check to dispatch_known_cgi. CGI is called
+ * if (cgi harmless || no referrer || we are referrer).
+ * Else a) toggle calls are modified not to change status and
+ * b) all other calls are denied.
+ *
* Revision 1.70.2.2 2002/11/12 16:20:37 oes
* Added missing #ifdef FEATURE_TOGGLE around g_bToggleIJB; fixes bug #636651
*
#endif /* def FEATURE_CGI_EDIT_ACTIONS */
#include "loadcfg.h"
/* loadcfg.h is for g_bToggleIJB only */
-
+#ifdef FEATURE_PTHREAD
+#include <pthread.h>
+#include "jcc.h"
+/* jcc.h is for mutex semaphore globals only */
+#endif /* def FEATURE_PTHREAD */
const char cgi_h_rcs[] = CGI_H_VERSION;
/*
/* get and save the gmt */
{
-#ifdef HAVE_GMTIME_R
+#ifdef OSX_DARWIN
+ pthread_mutex_lock(&gmtime_mutex);
+ t = gmtime(¤t_time);
+ pthread_mutex_unlock(&gmtime_mutex);
+#elif HAVE_GMTIME_R
struct tm dummy;
t = gmtime_r(¤t_time, &dummy);
#else