-const char cgi_rcs[] = "$Id: cgi.c,v 1.74 2006/09/06 18:45:03 fabiankeil Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.78 2006/09/21 19:22:07 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
*
* Revisions :
* $Log: cgi.c,v $
+ * Revision 1.78 2006/09/21 19:22:07 fabiankeil
+ * Use CGI_PREFIX to check the referrer.
+ * The check for "http://config.privoxy.org/" fails
+ * if the user modified CGI_SITE_2_HOST.
+ *
+ * Revision 1.77 2006/09/21 15:17:23 fabiankeil
+ * Adjusted headers for Privoxy's cgi responses:
+ * Don't set Last-Modified, Expires and Cache-Control
+ * headers for redirects; always set "Connection: close".
+ *
+ * Revision 1.76 2006/09/07 14:06:38 fabiankeil
+ * Only predate the Last-Modified header for cgi responses
+ * that are delivered with status code 404 or 503.
+ *
+ * Revision 1.75 2006/09/07 11:56:39 fabiankeil
+ * Mark cgi_send_user_manual as harmless,
+ * to fix the access denied problem Hal spotted.
+ * The manual has no secret content, therefore we
+ * don't have to care about "secure" referrers.
+ *
* Revision 1.74 2006/09/06 18:45:03 fabiankeil
* Incorporate modified version of Roland Rosenfeld's patch to
* optionally access the user-manual via Privoxy. Closes patch 679075.
#include "loadcfg.h"
/* loadcfg.h is for global_toggle_state only */
#ifdef FEATURE_PTHREAD
-#include <pthread.h>
#include "jcc.h"
/* jcc.h is for mutex semaphore globals only */
#endif /* def FEATURE_PTHREAD */
*/
if (d->harmless
|| ((NULL != (referrer = grep_cgi_referrer(csp)))
- && (0 == strncmp(referrer, "http://config.privoxy.org/", 26)))
+ && (0 == strncmp(referrer, CGI_PREFIX, sizeof(CGI_PREFIX)-1)))
)
{
err = (d->handler)(csp, rsp, param_list);
struct tm *t;
time_t current_time;
-#if defined(HAVE_GMTIME_R) && !defined(OSX_DARWIN)
+#if defined(HAVE_GMTIME_R)
/*
* Declare dummy up here (instead of inside get/set gmt block) so it
* doesn't go out of scope before it's potentially used in snprintf later.
/* get and save the gmt */
{
-#ifdef OSX_DARWIN
+#if HAVE_GMTIME_R
+ t = gmtime_r(¤t_time, &dummy);
+#elif FEATURE_PTHREAD
pthread_mutex_lock(&gmtime_mutex);
t = gmtime(¤t_time);
pthread_mutex_unlock(&gmtime_mutex);
-#elif HAVE_GMTIME_R
- t = gmtime_r(¤t_time, &dummy);
#else
t = gmtime(¤t_time);
#endif
err = enlist(rsp->headers, buf);
}
- /*
- * Fill in the default headers:
+ if (strncmpic(rsp->status, "302", 3))
+ {
+ /*
+ * If it's not a redirect without any content,
+ * set the Content-Type to text/html if it's
+ * not already specified.
+ */
+ if (!err) err = enlist_unique(rsp->headers, "Content-Type: text/html", 13);
+ }
+
+ /*
+ * Fill in the rest of the default headers:
*
- * Content-Type: default to text/html if not already specified.
* Date: set to current date/time.
* Last-Modified: set to date/time the page was last changed.
* Expires: set to date/time page next needs reloading.
*
* See http://www.w3.org/Protocols/rfc2068/rfc2068
*/
- if (!err) err = enlist_unique(rsp->headers, "Content-Type: text/html", 13);
-
if (rsp->is_static)
{
/*
err = enlist_unique_header(rsp->headers, "Expires", buf);
}
}
+ else if (!strncmpic(rsp->status, "302", 3))
+ {
+ get_http_time(0, buf);
+ if (!err) err = enlist_unique_header(rsp->headers, "Date", buf);
+ }
else
{
/*
* the current time doesn't exactly forbid caching, it just
* requires the client to revalidate the cached copy.
*
- * If a temporary problem occurres and the user tries again after
+ * If a temporary problem occurs and the user tries again after
* getting Privoxy's error message, a compliant browser may set the
* If-Modified-Since header with the content of the error page's
* Last-Modified header. More often than not, the document on the server
* is older than Privoxy's error message, the server would send status code
* 304 and the browser would display the outdated error message again and again.
*
- * As a last resort we set "Last-Modified" to Tim Berners-Lee's birthday,
- * which predates the age of any page on the web and can be safely used to
- * "revalidate" without getting a status code 304.
+ * For documents delivered with status code 404 or 503 we set "Last-Modified"
+ * to Tim Berners-Lee's birthday, which predates the age of any page on the web
+ * and can be safely used to "revalidate" without getting a status code 304.
*
* There is no need to let the useless If-Modified-Since header reach the
* server, it is therefore stripped by client_if_modified_since in parsers.c.
get_http_time(0, buf);
if (!err) err = enlist_unique_header(rsp->headers, "Date", buf);
- if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", "Wed, 08 Jun 1955 12:00:00 GMT");
+ if (!strncmpic(rsp->status, "404", 3) || !strncmpic(rsp->status, "503", 3))
+ {
+ if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", "Wed, 08 Jun 1955 12:00:00 GMT");
+ }
+ else
+ {
+ if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", buf);
+ }
if (!err) err = enlist_unique_header(rsp->headers, "Expires", "Sat, 17 Jun 2000 12:00:00 GMT");
if (!err) err = enlist_unique_header(rsp->headers, "Pragma", "no-cache");
}
+ /*
+ * Quoting RFC 2616:
+ *
+ * HTTP/1.1 applications that do not support persistent connections MUST
+ * include the "close" connection option in every message.
+ */
+ if (!err) err = enlist_unique_header(rsp->headers, "Connection", "close");
/*
* Write the head