-const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.39 2002/05/12 21:39:15 jongfoster Exp $";
+const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.64 2009/03/01 18:43:09 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $
*
* Stick to the short names in this file for consistency.
*
- * Copyright : Written by and Copyright (C) 2001 the SourceForge
+ * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge
* Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
*
* Revisions :
* $Log: cgiedit.c,v $
+ * Revision 1.64 2009/03/01 18:43:09 fabiankeil
+ * Fix cparser warnings.
+ *
+ * Revision 1.63 2008/12/04 18:15:38 fabiankeil
+ * Fix some cparser warnings.
+ *
+ * Revision 1.62 2008/08/31 15:59:02 fabiankeil
+ * There's no reason to let remote toggling support depend
+ * on FEATURE_CGI_EDIT_ACTIONS, so make sure it doesn't.
+ *
+ * Revision 1.61 2008/03/24 18:12:52 fabiankeil
+ * Use sizeof() more often.
+ *
+ * Revision 1.60 2008/03/15 14:52:35 fabiankeil
+ * Add CGI editor support for the "disable all filters of this type"
+ * directives "-client-header-filter", "-server-header-filter",
+ * "-client-header-tagger" and "-server-header-tagger".
+ *
+ * Revision 1.59 2008/03/08 16:25:56 fabiankeil
+ * After three file modification time mismatches, turn the CGI editor off.
+ *
+ * Revision 1.58 2007/11/28 17:57:01 fabiankeil
+ * Fix double free in cgi_edit_actions_list().
+ * Reported by adlab in BR#1840145.
+ *
+ * Revision 1.57 2007/10/27 13:32:23 fabiankeil
+ * Plug minor 5-year-old memory leak. Spotted by
+ * Valgrind and triggered by Privoxy-Regression-Test.
+ *
+ * Revision 1.56 2007/08/05 13:47:03 fabiankeil
+ * #1763173 from Stefan Huehner: s@const static@static const@.
+ *
+ * Revision 1.55 2007/05/31 11:50:20 fabiankeil
+ * Re-enable support for old-school URLs like
+ * http://config.privoxy.org/edit-actions-list?f=default
+ * in the action editor.
+ *
+ * They are no longer used by the CGI pages, but make it easier
+ * to reach the editor directly, without knowing the requested
+ * file's index in csp->config->actions_file[].
+ *
+ * Revision 1.54 2007/05/14 10:33:51 fabiankeil
+ * - Use strlcpy() and strlcat() instead of strcpy() and strcat().
+ *
+ * Revision 1.53 2007/04/15 16:39:20 fabiankeil
+ * Introduce tags as alternative way to specify which
+ * actions apply to a request. At the moment tags can be
+ * created based on client and server headers.
+ *
+ * Revision 1.52 2007/04/12 10:41:23 fabiankeil
+ * - Don't mistake VC++'s _snprintf() for a snprintf() replacement.
+ * - Move some cgi_edit_actions_for_url() variables into structs.
+ * - Remove bogus comment.
+ *
+ * Revision 1.51 2007/04/08 13:21:05 fabiankeil
+ * Reference action files in CGI URLs by id instead
+ * of using the first part of the file name.
+ * Fixes BR 1694250 and BR 1590556.
+ *
+ * Revision 1.50 2007/03/29 11:40:34 fabiankeil
+ * Divide @filter-params@ into @client-header-filter-params@
+ * @content-filter-params@ and @server-header-filter-params@.
+ *
+ * Revision 1.49 2007/03/20 15:16:34 fabiankeil
+ * Use dedicated header filter actions instead of abusing "filter".
+ * Replace "filter-client-headers" and "filter-client-headers"
+ * with "server-header-filter" and "client-header-filter".
+ *
+ * Revision 1.48 2007/02/13 14:35:25 fabiankeil
+ * Replace hash escaping code to prevent
+ * crashes, memory and file corruption.
+ *
+ * Revision 1.47 2006/12/28 18:04:25 fabiankeil
+ * Fixed gcc43 conversion warnings.
+ *
+ * Revision 1.46 2006/12/27 18:44:52 fabiankeil
+ * Stop shadowing string.h's index().
+ *
+ * Revision 1.45 2006/12/21 12:57:48 fabiankeil
+ * Add config option "split-large-forms"
+ * to work around the browser bug reported
+ * in BR #1570678.
+ *
+ * Revision 1.44 2006/12/09 13:49:16 fabiankeil
+ * Fix configure option --disable-toggle.
+ * Thanks to Peter Thoenen for reporting this.
+ *
+ * Revision 1.43 2006/07/18 14:48:45 david__schmidt
+ * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
+ * with what was really the latest development (the v_3_0_branch branch)
+ *
+ * Revision 1.41.2.12 2006/01/30 15:16:25 david__schmidt
+ * Remove a little residual debugging info
+ *
+ * Revision 1.41.2.11 2006/01/29 23:10:56 david__schmidt
+ * Multiple filter file support
+ *
+ * Revision 1.41.2.10 2005/07/04 03:13:43 david__schmidt
+ * Undo some damaging memory leak patches
+ *
+ * Revision 1.41.2.9 2005/07/04 00:31:04 david__schmidt
+ * Removing a double free
+ *
+ * Revision 1.41.2.8 2005/05/07 21:50:54 david__schmidt
+ * A few memory leaks plugged (mostly on error paths)
+ *
+ * Revision 1.41.2.7 2004/02/17 13:30:23 oes
+ * Moved cgi_error_disabled() from cgiedit.c to
+ * cgi.c to re-enable build with --disable-editor.
+ * Fixes Bug #892744. Thanks to Matthew Fischer
+ * for spotting.
+ *
+ * Revision 1.41.2.6 2003/12/18 08:13:48 oes
+ * One line lost in last commit
+ *
+ * Revision 1.41.2.5 2003/12/17 16:33:47 oes
+ * - All edit functions that redirect back to the list page
+ * now use cgi_redirect
+ * - All redirects now contain useless parameter "foo", whose
+ * value are raw seconds since epoch, in order to force
+ * Opera and Konqueror to properly reload the list. Closes
+ * bug #859993
+ *
+ * Revision 1.41.2.4 2003/03/11 11:53:59 oes
+ * Cosmetic: Renamed cryptic variable
+ *
+ * Revision 1.41.2.3 2002/11/12 15:01:41 oes
+ * Fix: Don't free uninitialized struct editable_file
+ *
+ * Revision 1.41.2.2 2002/08/05 20:02:59 oes
+ * Bugfix: "Insert new section at top" did not work properly if first non-comment line in file was of type FILE_LINE_ACTION
+ *
+ * Revision 1.41.2.1 2002/08/02 12:43:14 oes
+ * Fixed bug #588514: first_time now set on a per-string basis in actions_from_radio; javascriptify now called on copies
+ *
+ * Revision 1.41 2002/05/21 19:09:45 oes
+ * - Made Add/Edit/Remove URL Submit and Cancel
+ * buttons jump back to relevant section in eal
+ * - Bugfix: remove-url-form needs p export
+ *
+ * Revision 1.40 2002/05/19 11:34:35 jongfoster
+ * Handling read-only actions files better - report the actual
+ * error, not "Out of memory"!
+ *
+ * Bug report:
+ * http://sourceforge.net/tracker/index.php?func=detail
+ * &aid=557905&group_id=11118&atid=111118
+ *
* Revision 1.39 2002/05/12 21:39:15 jongfoster
* - Adding Doxygen-style comments to structures and #defines.
* - Correcting function comments
#include <assert.h>
#include <sys/stat.h>
-#ifdef _WIN32
-#define snprintf _snprintf
-#endif /* def _WIN32 */
-
#include "project.h"
#include "cgi.h"
#include "cgiedit.h"
#include "miscutil.h"
#include "errlog.h"
#include "loaders.h"
+#ifdef FEATURE_TOGGLE
+/* loadcfg.h is for global_toggle_state only */
#include "loadcfg.h"
-/* loadcfg.h is for g_bToggleIJB only */
+#endif /* def FEATURE_TOGGLE */
#include "urlmatch.h"
const char cgiedit_h_rcs[] = CGIEDIT_H_VERSION;
/** This file_line is in a {{description}} block. */
#define FILE_LINE_DESCRIPTION_ENTRY 10
+/*
+ * Number of file modification time mismatches
+ * before the CGI editor gets turned off.
+ */
+#define ACCEPTABLE_TIMESTAMP_MISMATCHES 3
/**
* A configuration file, in a format that can be edited and written back to
{
struct file_line * lines; /**< The contents of the file. A linked list of lines. */
const char * filename; /**< Full pathname - e.g. "/etc/privoxy/wibble.action". */
- const char * identifier; /**< Filename stub - e.g. "wibble". Use for CGI param. */
- /**< Pre-encoded with url_encode() for ease of use. */
+ unsigned identifier; /**< The file name's position in csp->config->actions_file[]. */
const char * version_str; /**< Last modification time, as a string. For CGI param. */
/**< Can be used in URL without using url_param(). */
unsigned version; /**< Last modification time - prevents chaos with
(Statically allocated) */
};
+/**
+ * Information about the filter types.
+ * Used for macro replacement in cgi_edit_actions_for_url.
+ */
+struct filter_type_info
+{
+ const int multi_action_index; /**< The multi action index as defined in project.h */
+ const char *macro_name; /**< Name of the macro that has to be replaced
+ with the prepared templates.
+ For example "content-filter-params" */
+ const char *type; /**< Name of the filter type,
+ for example "server-header-filter". */
+ /* XXX: check if these two can be combined. */
+ const char *disable_all_option; /**< Name of the catch-all radio option that has
+ to be checked or unchecked for this filter type. */
+ const char *disable_all_param; /**< Name of the parameter that causes all filters of
+ this type to be disabled. */
+ const char *abbr_type; /**< Abbreviation of the filter type, usually the
+ first or second character capitalized */
+ const char *anchor; /**< Anchor for the User Manual link,
+ for example "SERVER-HEADER-FILTER" */
+};
+
+/* Accessed by index, keep the order in the way the FT_ macros are defined. */
+static const struct filter_type_info filter_type_info[] =
+{
+ {
+ ACTION_MULTI_FILTER,
+ "content-filter-params", "filter",
+ "filter-all", "filter_all",
+ "F", "FILTER"
+ },
+ {
+ ACTION_MULTI_CLIENT_HEADER_FILTER,
+ "client-header-filter-params", "client-header-filter",
+ "client-header-filter-all", "client_header_filter_all",
+ "C", "CLIENT-HEADER-FILTER"
+ },
+ {
+ ACTION_MULTI_SERVER_HEADER_FILTER,
+ "server-header-filter-params", "server-header-filter",
+ "server-header-filter-all", "server_header_filter_all",
+ "S", "SERVER-HEADER-FILTER"
+ },
+ {
+ ACTION_MULTI_CLIENT_HEADER_TAGGER,
+ "client-header-tagger-params", "client-header-tagger",
+ "client-header-tagger-all", "client_header_tagger_all",
+ "L", "CLIENT-HEADER-TAGGER"
+ },
+ {
+ ACTION_MULTI_SERVER_HEADER_TAGGER,
+ "server-header-tagger-params", "server-header-tagger",
+ "server-header-tagger-all", "server_header_tagger_all",
+ "E", "SERVER-HEADER-TAGGER"
+ },
+};
+
/* FIXME: Following non-static functions should be prototyped in .h or made static */
/* Functions to read and write arbitrary config files */
jb_err edit_read_file(struct client_state *csp,
const struct map *parameters,
int require_version,
- const char *suffix,
struct editable_file **pfile);
jb_err edit_write_file(struct editable_file * file);
void edit_free_file(struct editable_file * file);
jb_err cgi_error_file_read_only(struct client_state *csp,
struct http_response *rsp,
const char *filename);
-jb_err cgi_error_disabled(struct client_state *csp,
- struct http_response *rsp);
/* Internal arbitrary config file support functions */
static jb_err edit_read_file_lines(FILE *fp, struct file_line ** pfile, int *newline);
static jb_err split_line_on_equals(const char * line, char ** pname, char ** pvalue);
/* Internal parameter parsing functions */
-static jb_err get_file_name_param(struct client_state *csp,
- const struct map *parameters,
- const char *param_name,
- const char *suffix,
- char **pfilename,
- const char **pparam);
-
static jb_err get_url_spec_param(struct client_state *csp,
const struct map *parameters,
const char *name,
const char *name);
#endif /* unused function */
+static jb_err get_file_name_param(struct client_state *csp,
+ const struct map *parameters,
+ const char *param_name,
+ const char **pfilename);
+
+/* Internal convenience functions */
+static char *section_target(const unsigned sectionid);
+
+/*********************************************************************
+ *
+ * Function : section_target
+ *
+ * Description : Given an unsigned (section id) n, produce a dynamically
+ * allocated string of the form #l<n>, for use in link
+ * targets.
+ *
+ * XXX: The hash should be moved into the templates
+ * to make this function more generic and render
+ * stringify() obsolete.
+ *
+ * Parameters :
+ * 1 : sectionid = start line number of section
+ *
+ * Returns : String with link target, or NULL if out of
+ * memory
+ *
+ *********************************************************************/
+static char *section_target(const unsigned sectionid)
+{
+ char buf[30];
+
+ snprintf(buf, sizeof(buf), "#l%d", sectionid);
+ return(strdup(buf));
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : stringify
+ *
+ * Description : Convert a number into a dynamically allocated string.
+ *
+ * Parameters :
+ * 1 : number = The number to convert.
+ *
+ * Returns : String with link target, or NULL if out of memory
+ *
+ *********************************************************************/
+static char *stringify(const unsigned number)
+{
+ char buf[6];
+
+ snprintf(buf, sizeof(buf), "%i", number);
+ return strdup(buf);
+}
+
+
/*********************************************************************
*
* Function : map_copy_parameter_html
}
#endif /* 0 - unused function */
+
/*********************************************************************
*
* Function : cgi_edit_actions_url_form
* 3 : parameters = map of cgi parameters
*
* CGI Parameters
- * f : (filename) Identifies the file to edit
+ * i : (action index) Identifies the file to edit
* v : (version) File's last-modified time
* p : (pattern) Line number of pattern to edit
*
struct editable_file * file;
struct file_line * cur_line;
unsigned line_number;
+ unsigned section_start_line_number = 0;
jb_err err;
assert(csp);
for (line_number = 1; (cur_line != NULL) && (line_number < patternid); line_number++)
{
+ if (cur_line->type == FILE_LINE_ACTION)
+ {
+ section_start_line_number = line_number;
+ }
cur_line = cur_line->next;
}
if ( (cur_line == NULL)
|| (line_number != patternid)
- || (patternid < 1)
+ || (patternid < 1U)
|| (cur_line->type != FILE_LINE_URL))
{
/* Invalid "patternid" parameter */
return JB_ERR_MEMORY;
}
- err = map(exports, "f", 1, file->identifier, 1);
+ err = map(exports, "f", 1, stringify(file->identifier), 0);
if (!err) err = map(exports, "v", 1, file->version_str, 1);
if (!err) err = map(exports, "p", 1, url_encode(lookup(parameters, "p")), 0);
if (!err) err = map(exports, "u", 1, html_encode(cur_line->unprocessed), 0);
+ if (!err) err = map(exports, "jumptarget", 1, section_target(section_start_line_number), 0);
edit_free_file(file);
* 3 : parameters = map of cgi parameters
*
* CGI Parameters :
- * f : (filename) Identifies the file to edit
+ * f : (number) The action file identifier.
* v : (version) File's last-modified time
* p : (pattern) Line number of pattern to edit
*
struct editable_file * file;
struct file_line * cur_line;
unsigned line_number;
+ unsigned section_start_line_number = 0;
jb_err err;
assert(csp);
for (line_number = 1; (cur_line != NULL) && (line_number < patternid); line_number++)
{
+ if (cur_line->type == FILE_LINE_ACTION)
+ {
+ section_start_line_number = line_number;
+ }
cur_line = cur_line->next;
}
if ( (cur_line == NULL)
|| (line_number != patternid)
- || (patternid < 1)
+ || (patternid < 1U)
|| (cur_line->type != FILE_LINE_URL))
{
/* Invalid "patternid" parameter */
return JB_ERR_MEMORY;
}
- err = map(exports, "f", 1, file->identifier, 1);
+ err = map(exports, "f", 1, stringify(file->identifier), 0);
if (!err) err = map(exports, "v", 1, file->version_str, 1);
- if (!err) err = map(exports, "s", 1, url_encode(lookup(parameters, "s")), 0);
+ if (!err) err = map(exports, "p", 1, url_encode(lookup(parameters, "p")), 0);
if (!err) err = map(exports, "u", 1, html_encode(cur_line->unprocessed), 0);
+ if (!err) err = map(exports, "jumptarget", 1, section_target(section_start_line_number), 0);
+ if (!err) err = map(exports, "actions-file", 1, html_encode(file->filename), 0);
edit_free_file(file);
{
/* Must quote '#' characters */
int numhash = 0;
- int len;
+ size_t len;
char * src;
char * dest;
char * str;
assert(numhash > 0);
/* Allocate new memory for string */
- len = strlen(cur_line->unprocessed);
- if (NULL == (str = malloc((size_t) len + 1 + numhash)))
+ len = strlen(cur_line->unprocessed) + (size_t)numhash;
+ if (NULL == (str = malloc(len + 1)))
{
/* Uh oh, just trashed file! */
fclose(fp);
return JB_ERR_MEMORY;
}
- /* Loop through string from end */
- src = cur_line->unprocessed + len;
- dest = str + len + numhash;
- for ( ; len >= 0; len--)
+ /* Copy string but quote hashes */
+ src = cur_line->unprocessed;
+ dest = str;
+ while (*src)
{
- if ((*dest-- = *src--) == '#')
+ if (*src == '#')
{
- *dest-- = '\\';
+ *dest++ = '\\';
numhash--;
assert(numhash >= 0);
}
+ *dest++ = *src++;
}
+ *dest = '\0';
+
assert(numhash == 0);
- assert(src + 1 == cur_line->unprocessed);
- assert(dest + 1 == str);
+ assert(strlen(str) == len);
+ assert(str == dest - len);
+ assert(src - len <= cur_line->unprocessed);
+
+ if ((strlen(str) != len) || (numhash != 0))
+ {
+ /*
+ * Escaping didn't work as expected, go spread the news.
+ * Only reached in non-debugging builds.
+ */
+ log_error(LOG_LEVEL_ERROR,
+ "Looks like hash escaping failed. %s might be corrupted now.",
+ file->filename);
+ }
if (fputs(str, fp) < 0)
{
/* Correct file->version_str */
freez(file->version_str);
- snprintf(version_buf, 22, "%u", file->version);
- version_buf[21] = '\0';
+ snprintf(version_buf, sizeof(version_buf), "%u", file->version);
+ version_buf[sizeof(version_buf)-1] = '\0';
file->version_str = strdup(version_buf);
if (version_buf == NULL)
{
}
edit_free_file_lines(file->lines);
- freez(file->filename);
- freez(file->identifier);
freez(file->version_str);
file->version = 0;
file->parse_error_text = NULL; /* Statically allocated */
name_end--;
}
- name_len = name_end - line + 1; /* Length excluding \0 */
+ name_len = (size_t)(name_end - line) + 1; /* Length excluding \0 */
if (NULL == (*pname = (char *) malloc(name_len + 1)))
{
return JB_ERR_MEMORY;
text++;
len--;
}
- while ( (len > 0)
+ while ( (len > (size_t)0)
&& ( (text[len - 1] == ' ')
|| (text[len - 1] == '\t') ) )
{
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : parameters = map of cgi parameters.
* 3 : require_version = true to check "ver" parameter.
- * 4 : suffix = File extension, e.g. ".action".
- * 5 : pfile = Destination for the file. Will be set
+ * 4 : pfile = Destination for the file. Will be set
* to NULL on error.
*
* CGI Parameters :
- * filename : The name of the file to read, without the
- * path or ".action" extension.
+ * f : The action file identifier.
* ver : (Only if require_version is nonzero)
* Timestamp of the actions file. If wrong, this
* function fails with JB_ERR_MODIFIED.
jb_err edit_read_file(struct client_state *csp,
const struct map *parameters,
int require_version,
- const char *suffix,
struct editable_file **pfile)
{
struct file_line * lines;
FILE * fp;
jb_err err;
- char * filename;
- const char * identifier;
+ const char *filename = NULL;
struct editable_file * file;
unsigned version = 0;
struct stat statbuf[1];
char version_buf[22];
int newline = NEWLINE_UNKNOWN;
+ unsigned i;
assert(csp);
assert(parameters);
*pfile = NULL;
- err = get_file_name_param(csp, parameters, "f", suffix,
- &filename, &identifier);
- if (err)
+ err = get_number_param(csp, parameters, "f", &i);
+ if ((JB_ERR_OK == err) && (i < MAX_AF_FILES) && (NULL != csp->config->actions_file[i]))
{
- return err;
+ filename = csp->config->actions_file[i];
+ }
+ else if (JB_ERR_CGI_PARAMS == err)
+ {
+ /*
+ * Probably an old-school URL like
+ * http://config.privoxy.org/edit-actions-list?f=default
+ */
+ err = get_file_name_param(csp, parameters, "f", &filename);
}
- if (stat(filename, statbuf) < 0)
+ if (NULL == filename || stat(filename, statbuf) < 0)
{
/* Error, probably file not found. */
- free(filename);
return JB_ERR_FILE;
}
version = (unsigned) statbuf->st_mtime;
err = get_number_param(csp, parameters, "v", &specified_version);
if (err)
{
- free(filename);
return err;
}
if (NULL == (fp = fopen(filename,"rb")))
{
- free(filename);
return JB_ERR_FILE;
}
if (err)
{
- free(filename);
return err;
}
file = (struct editable_file *) zalloc(sizeof(*file));
if (err)
{
- free(filename);
edit_free_file_lines(lines);
return err;
}
file->newline = newline;
file->filename = filename;
file->version = version;
- file->identifier = url_encode(identifier);
-
- if (file->identifier == NULL)
- {
- edit_free_file(file);
- return JB_ERR_MEMORY;
- }
+ file->identifier = i;
/* Correct file->version_str */
freez(file->version_str);
- snprintf(version_buf, 22, "%u", file->version);
- version_buf[21] = '\0';
+ snprintf(version_buf, sizeof(version_buf), "%u", file->version);
+ version_buf[sizeof(version_buf)-1] = '\0';
file->version_str = strdup(version_buf);
if (version_buf == NULL)
{
* to NULL on error.
*
* CGI Parameters :
- * filename : The name of the actions file to read, without the
- * path or ".action" extension.
+ * f : The actions file identifier.
* ver : (Only if require_version is nonzero)
* Timestamp of the actions file. If wrong, this
* function fails with JB_ERR_MODIFIED.
{
jb_err err;
struct editable_file *file;
+ static int acceptable_failures = ACCEPTABLE_TIMESTAMP_MISMATCHES - 1;
assert(csp);
assert(parameters);
*pfile = NULL;
- err = edit_read_file(csp, parameters, require_version, ".action", &file);
+ err = edit_read_file(csp, parameters, require_version, &file);
if (err)
{
/* Try to handle if possible */
}
else if (err == JB_ERR_MODIFIED)
{
+ assert(require_version);
err = cgi_error_modified(csp, rsp, lookup(parameters, "f"));
+ log_error(LOG_LEVEL_ERROR,
+ "Blocking CGI edit request due to modification time mismatch.");
+ if (acceptable_failures > 0)
+ {
+ log_error(LOG_LEVEL_INFO,
+ "The CGI editor will be turned off after another %d mismatche(s).",
+ acceptable_failures);
+ acceptable_failures--;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_INFO,
+ "Timestamp mismatch limit reached, turning CGI editor off. "
+ "Reload the configuration file to reenable it.");
+ csp->config->feature_flags &= ~RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
+ }
}
if (err == JB_ERR_OK)
{
* Function : get_file_name_param
*
* Description : Get the name of the file to edit from the parameters
- * passed to a CGI function. This function handles
- * security checks such as blocking urls containing
- * "/" or ".", prepending the config file directory,
- * and adding the specified suffix.
- *
- * (This is an essential security check, otherwise
- * users may be able to pass "../../../etc/passwd"
- * and overwrite the password file [linux], "prn:"
- * and print random data [Windows], etc...)
- *
- * This function only allows filenames contining the
- * characters '-', '_', 'A'-'Z', 'a'-'z', and '0'-'9'.
- * That's probably too restrictive but at least it's
- * secure.
+ * passed to a CGI function using the old syntax.
+ * This function handles security checks and only
+ * accepts files that Privoxy already knows.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : parameters = map of cgi parameters
* 3 : param_name = The name of the parameter to read
- * 4 : suffix = File extension, e.g. ".actions"
- * 5 : pfilename = destination for full filename. Caller
- * free()s. Set to NULL on error.
- * 6 : pparam = destination for partial filename,
- * suitable for use in another URL. Allocated as part
- * of the map "parameters", so don't free it.
- * Set to NULL if not specified.
+ * 4 : pfilename = pointer to the filename in
+ * csp->config->actions_file[] if found. Set to NULL on error.
*
* Returns : JB_ERR_OK on success
* JB_ERR_MEMORY on out-of-memory
static jb_err get_file_name_param(struct client_state *csp,
const struct map *parameters,
const char *param_name,
- const char *suffix,
- char **pfilename,
- const char **pparam)
+ const char **pfilename)
{
const char *param;
+ const char suffix[] = ".action";
const char *s;
char *name;
char *fullpath;
char ch;
- int len;
+ size_t len;
+ size_t name_size;
+ int i;
assert(csp);
assert(parameters);
- assert(suffix);
assert(pfilename);
- assert(pparam);
*pfilename = NULL;
- *pparam = NULL;
param = lookup(parameters, param_name);
if (!*param)
return JB_ERR_CGI_PARAMS;
}
- *pparam = param;
-
len = strlen(param);
if (len >= FILENAME_MAX)
{
return JB_ERR_CGI_PARAMS;
}
- /* Check every character to see if it's legal */
+ /*
+ * Check every character to see if it's legal.
+ * Totally unnecessary but we do it anyway.
+ */
s = param;
while ((ch = *s++) != '\0')
{
}
/* Append extension */
- name = malloc(len + strlen(suffix) + 1);
+ name_size = len + strlen(suffix) + 1;
+ name = malloc(name_size);
if (name == NULL)
{
return JB_ERR_MEMORY;
}
- strcpy(name, param);
- strcpy(name + len, suffix);
+ strlcpy(name, param, name_size);
+ strlcat(name, suffix, name_size);
/* Prepend path */
fullpath = make_path(csp->config->confdir, name);
return JB_ERR_MEMORY;
}
- /* Success */
- *pfilename = fullpath;
+ /* Check if the file is known */
+ for (i = 0; i < MAX_AF_FILES; i++)
+ {
+ if (NULL != csp->config->actions_file[i] &&
+ !strcmp(fullpath, csp->config->actions_file[i]))
+ {
+ /* Success */
+ *pfilename = csp->config->actions_file[i];
+ freez(fullpath);
+
+ return JB_ERR_OK;
+ }
+ }
+ freez(fullpath);
- return JB_ERR_OK;
+ return JB_ERR_CGI_PARAMS;
}
const char * values,
int value)
{
- size_t len;
char * buf;
char * p;
char c;
+ const size_t len = strlen(optionname);
+ const size_t buf_size = len + 3;
assert(exports);
assert(optionname);
assert(values);
- len = strlen(optionname);
- buf = malloc(len + 3);
+ buf = malloc(buf_size);
if (buf == NULL)
{
return JB_ERR_MEMORY;
}
- strcpy(buf, optionname);
+ strlcpy(buf, optionname, buf_size);
+
+ /* XXX: this looks ... interesting */
p = buf + len;
*p++ = '-';
p[1] = '\0';
}
}
- *p = value;
+ *p = (char)value;
return map(exports, buf, 0, "checked", 1);
}
return JB_ERR_MEMORY;
}
- err = map(exports, "f", 1, file->identifier, 1);
+ err = map(exports, "f", 1, stringify(file->identifier), 0);
if (!err) err = map(exports, "parse-error", 1, html_encode(file->parse_error_text), 0);
cur_line = file->parse_error;
/*********************************************************************
*
- * Function : cgi_error_file
+ * Function : cgi_error_file_read_only
*
* Description : CGI function that is called when a file cannot be
* opened for writing by the CGI editor.
}
-/*********************************************************************
- *
- * Function : cgi_error_disabled
- *
- * Description : CGI function that is called if the actions editor
- * is called although it's disabled in config
- *
- * Parameters :
- * 1 : csp = Current client state (buffers, headers, etc...)
- * 2 : rsp = http_response data structure for output
- *
- * CGI Parameters : none
- *
- * Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
- *
- *********************************************************************/
-jb_err cgi_error_disabled(struct client_state *csp,
- struct http_response *rsp)
-{
- struct map *exports;
-
- assert(csp);
- assert(rsp);
-
- if (NULL == (exports = default_exports(csp, NULL)))
- {
- return JB_ERR_MEMORY;
- }
-
- return template_fill_for_cgi(csp, "cgi-error-disabled", exports, rsp);
-}
-
-
/*********************************************************************
*
* Function : cgi_edit_actions
struct http_response *rsp,
const struct map *parameters)
{
+ (void)parameters;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
{
}
/* FIXME: Incomplete */
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- return JB_ERR_MEMORY;
- }
- if (enlist_unique_header(rsp->headers, "Location",
- CGI_PREFIX "edit-actions-list?f=default"))
- {
- free(rsp->status);
- rsp->status = NULL;
- return JB_ERR_MEMORY;
- }
- return JB_ERR_OK;
+ return cgi_redirect(rsp, CGI_PREFIX "edit-actions-list?f=default");
+
}
if (NULL == (exports = default_exports(csp, NULL)))
{
- edit_free_file(file);
return JB_ERR_MEMORY;
}
if (err)
{
/* No filename specified, can't read file, or out of memory. */
+ free_map(exports);
return (err == JB_ERR_FILE ? JB_ERR_OK : err);
}
}
buttons = strdup("");
- for (i = 0; i < MAX_ACTION_FILES; i++)
+ for (i = 0; i < MAX_AF_FILES; i++)
{
if (((fl = csp->actions_list[i]) != NULL) && ((b = fl->f) != NULL))
{
*/
if (!err) err = map_conditional(exports, "all-urls-present", 1);
- snprintf(buf, 150, "%d", line_number);
+ snprintf(buf, sizeof(buf), "%d", line_number);
if (!err) err = map(exports, "all-urls-s", 1, buf, 1);
- snprintf(buf, 150, "%d", line_number + 2);
+ snprintf(buf, sizeof(buf), "%d", line_number + 2);
if (!err) err = map(exports, "all-urls-s-next", 1, buf, 1);
if (!err) err = map(exports, "all-urls-actions", 1,
actions_to_html(csp, cur_line->data.action), 0);
/* Set up global exports */
- if (!err) err = map(exports, "f", 1, file->identifier, 1);
+ if (!err) err = map(exports, "actions-file", 1, html_encode(file->filename), 0);
+ if (!err) err = map(exports, "f", 1, stringify(file->identifier), 0);
if (!err) err = map(exports, "v", 1, file->version_str, 1);
/* Discourage private additions to default.action */
if (!err) err = map_conditional(exports, "default-action",
- (strcmp("default", lookup(parameters, "f")) == 0));
+ (strstr("default.action", file->filename) != NULL));
if (err)
{
edit_free_file(file);
free(url_template);
edit_free_file(file);
free_map(exports);
- free(url_template);
return err;
}
return JB_ERR_MEMORY;
}
- snprintf(buf, 150, "%d", line_number);
+ snprintf(buf, sizeof(buf), "%d", line_number);
err = map(section_exports, "s", 1, buf, 1);
if (!err) err = map(section_exports, "actions", 1,
actions_to_html(csp, cur_line->data.action), 0);
if (prev_section_line_number != ((unsigned)(-1)))
{
/* Not last section */
- snprintf(buf, 150, "%d", prev_section_line_number);
+ snprintf(buf, sizeof(buf), "%d", prev_section_line_number);
if (!err) err = map(section_exports, "s-prev", 1, buf, 1);
if (!err) err = map_block_keep(section_exports, "s-prev-exists");
}
return JB_ERR_MEMORY;
}
- snprintf(buf, 150, "%d", line_number);
+ snprintf(buf, sizeof(buf), "%d", line_number);
err = map(url_exports, "p", 1, buf, 1);
- snprintf(buf, 150, "%d", url_1_2);
+ snprintf(buf, sizeof(buf), "%d", url_1_2);
if (!err) err = map(url_exports, "url-1-2", 1, buf, 1);
if (!err) err = map(url_exports, "url-html", 1,
/* Could also do section-specific exports here, but it wouldn't be as fast */
+ snprintf(buf, sizeof(buf), "%d", line_number);
+ if (!err) err = map(section_exports, "s-next", 1, buf, 1);
+
if ( (cur_line != NULL)
&& (cur_line->type == FILE_LINE_ACTION))
{
/* Not last section */
- snprintf(buf, 150, "%d", line_number);
- if (!err) err = map(section_exports, "s-next", 1, buf, 1);
if (!err) err = map_block_keep(section_exports, "s-next-exists");
}
else
struct file_line * cur_line;
unsigned line_number;
jb_err err;
- struct file_list *filter_file;
struct re_filterfile_spec *filter_group;
+ int i, have_filters = 0;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
{
return JB_ERR_MEMORY;
}
- err = map(exports, "f", 1, file->identifier, 1);
+ err = map(exports, "f", 1, stringify(file->identifier), 0);
if (!err) err = map(exports, "v", 1, file->version_str, 1);
if (!err) err = map(exports, "s", 1, url_encode(lookup(parameters, "s")), 0);
if (!err) err = actions_to_radio(exports, cur_line->data.action);
- filter_file = csp->rlist;
- filter_group = ((filter_file != NULL) ? filter_file->f : NULL);
+ /*
+ * XXX: Some browsers (at least IE6 and IE7) have an artifical URL
+ * length limitation and ignore clicks on the Submit buttons if
+ * the resulting GET URL would be longer than their limit.
+ *
+ * In Privoxy 3.0.5 beta the standard edit-actions-for-url template
+ * reached this limit and action editing stopped working in these
+ * browsers (BR #1570678).
+ *
+ * The config option split-large-forms works around this browser
+ * bug (HTTP has no URL lenght limitation) by deviding the action
+ * list form into multiple smaller ones. It means the URLs are shorter
+ * and work in broken browsers as well, but the user can no longer change
+ * all actions with one submit.
+ *
+ * A better solution would be to switch to POST requests,
+ * but this will do for now.
+ */
+ if(!err && (csp->config->feature_flags & RUNTIME_FEATURE_SPLIT_LARGE_FORMS))
+ {
+ /* Generate multiple smaller form by killing the big one. */
+ err = map_block_killer(exports, "one-form-only");
+ }
+ else
+ {
+ /* Default: Generate one large form by killing the smaller ones. */
+ err = map_block_killer(exports, "multiple-forms");
+ }
- if (!err) err = map_conditional(exports, "any-filters-defined", (filter_group != NULL));
+ for (i = 0; i < MAX_AF_FILES; i++)
+ {
+ if ((csp->rlist[i] != NULL) && (csp->rlist[i]->f != NULL))
+ {
+ if (!err) err = map_conditional(exports, "any-filters-defined", 1);
+ have_filters = 1;
+ break;
+ }
+ }
if (err)
{
return err;
}
- if (filter_group == NULL)
+ if (0 == have_filters)
{
err = map(exports, "filter-params", 1, "", 1);
}
else
{
- /* We have some entries in the filter list */
- char * result;
- int index = 0;
- char * filter_template;
+ /*
+ * List available filters and their settings.
+ */
+ char *filter_template;
+ int filter_identifier = 0;
+ char *prepared_templates[MAX_FILTER_TYPES];
+
+ for (i = 0; i < MAX_FILTER_TYPES; i++)
+ {
+ prepared_templates[i] = strdup("");
+ }
err = template_load(csp, &filter_template, "edit-actions-for-url-filter", 0);
if (err)
err = template_fill(&filter_template, exports);
- result = strdup("");
-
- for (;(!err) && (filter_group != NULL); filter_group = filter_group->next)
+ for (i = 0; i < MAX_AF_FILES; i++)
{
- char current_mode = 'x';
- struct list_entry *filter_name;
- char * this_line;
- struct map *line_exports;
- char number[20];
-
- filter_name = cur_line->data.action->multi_add[ACTION_MULTI_FILTER]->first;
- while ((filter_name != NULL)
- && (0 != strcmp(filter_group->name, filter_name->str)))
+ if ((csp->rlist[i] != NULL) && (csp->rlist[i]->f != NULL))
{
- filter_name = filter_name->next;
- }
-
- if (filter_name != NULL)
- {
- current_mode = 'y';
- }
- else
- {
- filter_name = cur_line->data.action->multi_remove[ACTION_MULTI_FILTER]->first;
- while ((filter_name != NULL)
- && (0 != strcmp(filter_group->name, filter_name->str)))
- {
- filter_name = filter_name->next;
- }
- if (filter_name != NULL)
+ filter_group = csp->rlist[i]->f;
+ for (;(!err) && (filter_group != NULL); filter_group = filter_group->next)
{
- current_mode = 'n';
- }
- }
+ char current_mode = 'x';
+ char number[20];
+ struct list_entry *filter_name;
+ struct map *line_exports;
+ const int type = filter_group->type;
+ const int multi_action_index = filter_type_info[type].multi_action_index;
+
+ assert(type < MAX_FILTER_TYPES);
+
+ filter_name = cur_line->data.action->multi_add[multi_action_index]->first;
+ while ((filter_name != NULL)
+ && (0 != strcmp(filter_group->name, filter_name->str)))
+ {
+ filter_name = filter_name->next;
+ }
+
+ if (filter_name != NULL)
+ {
+ current_mode = 'y';
+ }
+ else
+ {
+ filter_name = cur_line->data.action->multi_remove[multi_action_index]->first;
+ while ((filter_name != NULL)
+ && (0 != strcmp(filter_group->name, filter_name->str)))
+ {
+ filter_name = filter_name->next;
+ }
+ if (filter_name != NULL)
+ {
+ current_mode = 'n';
+ }
+ }
- /* Generate a unique serial number */
- snprintf(number, sizeof(number), "%x", index++);
- number[sizeof(number) - 1] = '\0';
+ /* Generate a unique serial number */
+ snprintf(number, sizeof(number), "%x", filter_identifier++);
+ number[sizeof(number) - 1] = '\0';
- line_exports = new_map();
- if (line_exports == NULL)
- {
- err = JB_ERR_MEMORY;
- freez(result);
- }
- else
- {
- if (!err) err = map(line_exports, "index", 1, number, 1);
- if (!err) err = map(line_exports, "name", 1, filter_group->name, 1);
- if (!err) err = map(line_exports, "description", 1, filter_group->description, 1);
- if (!err) err = map_radio(line_exports, "this-filter", "ynx", current_mode);
+ line_exports = new_map();
+ if (line_exports == NULL)
+ {
+ err = JB_ERR_MEMORY;
+ }
+ else
+ {
+ char *filter_line;
- this_line = NULL;
- if (!err)
- {
- this_line = strdup(filter_template);
- if (this_line == NULL) err = JB_ERR_MEMORY;
- }
- if (!err) err = template_fill(&this_line, line_exports);
- string_join(&result, this_line);
+ if (!err) err = map(line_exports, "index", 1, number, 1);
+ if (!err) err = map(line_exports, "name", 1, filter_group->name, 1);
+ if (!err) err = map(line_exports, "description", 1, filter_group->description, 1);
+ if (!err) err = map_radio(line_exports, "this-filter", "ynx", current_mode);
+ if (!err) err = map(line_exports, "filter-type", 1, filter_type_info[type].type, 1);
+ if (!err) err = map(line_exports, "abbr-filter-type", 1, filter_type_info[type].abbr_type, 1);
+ if (!err) err = map(line_exports, "anchor", 1, filter_type_info[type].anchor, 1);
- free_map(line_exports);
+ if (!err)
+ {
+ filter_line = strdup(filter_template);
+ if (filter_line == NULL) err = JB_ERR_MEMORY;
+ }
+ if (!err) err = template_fill(&filter_line, line_exports);
+ string_join(&prepared_templates[type], filter_line);
+
+ free_map(line_exports);
+ }
+ }
}
}
-
freez(filter_template);
- if (!err)
+ /* Replace all filter macros with the aggregated templates */
+ for (i = 0; i < MAX_FILTER_TYPES; i++)
{
- err = map(exports, "filter-params", 1, result, 0);
+ if (err) break;
+ err = map(exports, filter_type_info[i].macro_name, 1, prepared_templates[i], 0);
}
- else
+
+ if (err)
{
- freez(result);
+ /* Free aggregated templates */
+ for (i = 0; i < MAX_FILTER_TYPES; i++)
+ {
+ freez(prepared_templates[i]);
+ }
}
}
- if (!err) err = map_radio(exports, "filter-all", "nx",
- (cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER] ? 'n' : 'x'));
+ /* Check or uncheck the "disable all of this type" radio buttons. */
+ for (i = 0; i < MAX_FILTER_TYPES; i++)
+ {
+ const int a = filter_type_info[i].multi_action_index;
+ const int disable_all = cur_line->data.action->multi_remove_all[a];
+ if (err) break;
+ err = map_radio(exports, filter_type_info[i].disable_all_option, "nx", (disable_all ? 'n' : 'x'));
+ }
edit_free_file(file);
unsigned sectionid;
char * actiontext;
char * newtext;
+ size_t newtext_size;
size_t len;
struct editable_file * file;
struct file_line * cur_line;
unsigned line_number;
- char * target;
+ char target[1024];
jb_err err;
- int index;
+ int filter_identifier;
+ int i;
const char * action_set_name;
- char ch;
struct file_list * fl;
struct url_actions * b;
get_string_param(parameters, "p", &action_set_name);
if (action_set_name != NULL)
{
- for (index = 0; index < MAX_ACTION_FILES; index++)
+ for (filter_identifier = 0; filter_identifier < MAX_AF_FILES; filter_identifier++)
{
- if (((fl = csp->actions_list[index]) != NULL) && ((b = fl->f) != NULL))
+ if (((fl = csp->actions_list[filter_identifier]) != NULL) && ((b = fl->f) != NULL))
{
for (b = b->next; NULL != b; b = b->next)
{
if (!strncmp(b->url->spec, "standard.", 9) && !strcmp(b->url->spec + 9, action_set_name))
{
- copy_action(cur_line->data.action, b->action);
+ copy_action(cur_line->data.action, b->action);
goto found;
}
}
err = actions_from_radio(parameters, cur_line->data.action);
}
- if(err)
+ if (err)
{
/* Out of memory */
edit_free_file(file);
return err;
}
- ch = get_char_param(parameters, "filter_all");
- if (ch == 'N')
- {
- list_remove_all(cur_line->data.action->multi_add[ACTION_MULTI_FILTER]);
- list_remove_all(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER]);
- cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER] = 1;
- }
- else if (ch == 'X')
+ /* Check the "disable all of this type" parameters. */
+ for (i = 0; i < MAX_FILTER_TYPES; i++)
{
- cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER] = 0;
+ const int multi_action_index = filter_type_info[i].multi_action_index;
+ const char ch = get_char_param(parameters, filter_type_info[i].disable_all_param);
+
+ if (ch == 'N')
+ {
+ list_remove_all(cur_line->data.action->multi_add[multi_action_index]);
+ list_remove_all(cur_line->data.action->multi_remove[multi_action_index]);
+ cur_line->data.action->multi_remove_all[multi_action_index] = 1;
+ }
+ else if (ch == 'X')
+ {
+ cur_line->data.action->multi_remove_all[multi_action_index] = 0;
+ }
}
- for (index = 0; !err; index++)
+ for (filter_identifier = 0; !err; filter_identifier++)
{
char key_value[30];
char key_name[30];
+ char key_type[30];
const char *name;
- char value;
+ char value; /*
+ * Filter state. Valid states are: 'Y' (active),
+ * 'N' (inactive) and 'X' (no change).
+ * XXX: bad name.
+ */
+ char type; /*
+ * Abbreviated filter type. Valid types are: 'F' (content filter),
+ * 'S' (server-header filter) and 'C' (client-header filter).
+ */
+ int multi_action_index = 0;
/* Generate the keys */
- snprintf(key_value, sizeof(key_value), "filter_r%x", index);
- key_value[sizeof(key_value) - 1] = '\0';
- snprintf(key_name, sizeof(key_name), "filter_n%x", index);
- key_name[sizeof(key_name) - 1] = '\0';
+ snprintf(key_value, sizeof(key_value), "filter_r%x", filter_identifier);
+ key_value[sizeof(key_value) - 1] = '\0'; /* XXX: Why? */
+ snprintf(key_name, sizeof(key_name), "filter_n%x", filter_identifier);
+ key_name[sizeof(key_name) - 1] = '\0'; /* XXX: Why? */
+ snprintf(key_type, sizeof(key_type), "filter_t%x", filter_identifier);
err = get_string_param(parameters, key_name, &name);
if (err) break;
break;
}
+ type = get_char_param(parameters, key_type);
+ switch (type)
+ {
+ case 'F':
+ multi_action_index = ACTION_MULTI_FILTER;
+ break;
+ case 'S':
+ multi_action_index = ACTION_MULTI_SERVER_HEADER_FILTER;
+ break;
+ case 'C':
+ multi_action_index = ACTION_MULTI_CLIENT_HEADER_FILTER;
+ break;
+ case 'L':
+ multi_action_index = ACTION_MULTI_CLIENT_HEADER_TAGGER;
+ break;
+ case 'E':
+ multi_action_index = ACTION_MULTI_SERVER_HEADER_TAGGER;
+ break;
+ default:
+ log_error(LOG_LEVEL_ERROR,
+ "Unknown filter type: %c for filter %s. Filter ignored.", type, name);
+ continue;
+ }
+ assert(multi_action_index);
+
value = get_char_param(parameters, key_value);
if (value == 'Y')
{
- list_remove_item(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
- if (!err) err = enlist(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
- list_remove_item(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER], name);
+ list_remove_item(cur_line->data.action->multi_add[multi_action_index], name);
+ if (!err) err = enlist(cur_line->data.action->multi_add[multi_action_index], name);
+ list_remove_item(cur_line->data.action->multi_remove[multi_action_index], name);
}
else if (value == 'N')
{
- list_remove_item(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
- if (!cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER])
+ list_remove_item(cur_line->data.action->multi_add[multi_action_index], name);
+ if (!cur_line->data.action->multi_remove_all[multi_action_index])
{
- list_remove_item(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER], name);
- if (!err) err = enlist(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER], name);
+ list_remove_item(cur_line->data.action->multi_remove[multi_action_index], name);
+ if (!err) err = enlist(cur_line->data.action->multi_remove[multi_action_index], name);
}
}
else if (value == 'X')
{
- list_remove_item(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
- list_remove_item(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER], name);
+ list_remove_item(cur_line->data.action->multi_add[multi_action_index], name);
+ list_remove_item(cur_line->data.action->multi_remove[multi_action_index], name);
}
}
len = 1;
}
- if (NULL == (newtext = malloc(len + 2)))
+ newtext_size = len + 2;
+ if (NULL == (newtext = malloc(newtext_size)))
{
/* Out of memory */
free(actiontext);
edit_free_file(file);
return JB_ERR_MEMORY;
}
- strcpy(newtext, actiontext);
+ strlcpy(newtext, actiontext, newtext_size);
free(actiontext);
newtext[0] = '{';
newtext[len] = '}';
if (err == JB_ERR_FILE)
{
/* Read-only file. */
- err = cgi_error_file_read_only(csp, rsp, file->identifier);
+ err = cgi_error_file_read_only(csp, rsp, file->filename);
}
edit_free_file(file);
return err;
}
- target = strdup(CGI_PREFIX "edit-actions-list?f=");
- string_append(&target, file->identifier);
+ snprintf(target, sizeof(target), CGI_PREFIX "edit-actions-list?foo=%lu&f=%i#l%d",
+ (long) time(NULL), file->identifier, sectionid);
edit_free_file(file);
- if (target == NULL)
- {
- /* Out of memory */
- return JB_ERR_MEMORY;
- }
-
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- free(target);
- return JB_ERR_MEMORY;
- }
- err = enlist_unique_header(rsp->headers, "Location", target);
- free(target);
-
- return err;
+ return cgi_redirect(rsp, target);
}
struct editable_file * file;
struct file_line * cur_line;
unsigned line_number;
- char * target;
+ unsigned section_start_line_number = 0;
+ char target[1024];
jb_err err;
+ assert(csp);
+ assert(rsp);
+ assert(parameters);
+
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
{
return cgi_error_disabled(csp, rsp);
while ((cur_line != NULL) && (line_number < patternid))
{
+ if (cur_line->type == FILE_LINE_ACTION)
+ {
+ section_start_line_number = line_number;
+ }
cur_line = cur_line->next;
line_number++;
}
if (err == JB_ERR_FILE)
{
/* Read-only file. */
- err = cgi_error_file_read_only(csp, rsp, file->identifier);
+ err = cgi_error_file_read_only(csp, rsp, file->filename);
}
edit_free_file(file);
return err;
}
- target = strdup(CGI_PREFIX "edit-actions-list?f=");
- string_append(&target, file->identifier);
+ snprintf(target, sizeof(target), CGI_PREFIX "edit-actions-list?foo=%lu&f=%i#l%d",
+ (long) time(NULL), file->identifier, section_start_line_number);
edit_free_file(file);
- if (target == NULL)
- {
- /* Out of memory */
- return JB_ERR_MEMORY;
- }
-
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- free(target);
- return JB_ERR_MEMORY;
- }
- err = enlist_unique_header(rsp->headers, "Location", target);
- free(target);
-
- return err;
+ return cgi_redirect(rsp, target);
}
struct editable_file * file;
struct file_line * cur_line;
unsigned line_number;
- char * target;
+ char target[1024];
jb_err err;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
if (err == JB_ERR_FILE)
{
/* Read-only file. */
- err = cgi_error_file_read_only(csp, rsp, file->identifier);
+ err = cgi_error_file_read_only(csp, rsp, file->filename);
}
edit_free_file(file);
return err;
}
- target = strdup(CGI_PREFIX "edit-actions-list?f=");
- string_append(&target, file->identifier);
+ snprintf(target, sizeof(target), CGI_PREFIX "edit-actions-list?foo=%lu&f=%i#l%d",
+ (long) time(NULL), file->identifier, sectionid);
edit_free_file(file);
- if (target == NULL)
- {
- /* Out of memory */
- return JB_ERR_MEMORY;
- }
-
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- free(target);
- return JB_ERR_MEMORY;
- }
- err = enlist_unique_header(rsp->headers, "Location", target);
- free(target);
-
- return err;
+ return cgi_redirect(rsp, target);
}
struct file_line * cur_line;
struct file_line * prev_line;
unsigned line_number;
- char * target;
+ unsigned section_start_line_number = 0;
+ char target[1024];
jb_err err;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
while ((cur_line != NULL) && (line_number < patternid))
{
+ if (cur_line->type == FILE_LINE_ACTION)
+ {
+ section_start_line_number = line_number;
+ }
prev_line = cur_line;
cur_line = cur_line->next;
line_number++;
if (err == JB_ERR_FILE)
{
/* Read-only file. */
- err = cgi_error_file_read_only(csp, rsp, file->identifier);
+ err = cgi_error_file_read_only(csp, rsp, file->filename);
}
edit_free_file(file);
return err;
}
- target = strdup(CGI_PREFIX "edit-actions-list?f=");
- string_append(&target, file->identifier);
+ snprintf(target, sizeof(target), CGI_PREFIX "edit-actions-list?foo=%lu&f=%i#l%d",
+ (long) time(NULL), file->identifier, section_start_line_number);
edit_free_file(file);
- if (target == NULL)
- {
- /* Out of memory */
- return JB_ERR_MEMORY;
- }
-
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- free(target);
- return JB_ERR_MEMORY;
- }
- err = enlist_unique_header(rsp->headers, "Location", target);
- free(target);
-
- return err;
+ return cgi_redirect(rsp, target);
}
struct file_line * cur_line;
struct file_line * prev_line;
unsigned line_number;
- char * target;
+ char target[1024];
jb_err err;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
if (err == JB_ERR_FILE)
{
/* Read-only file. */
- err = cgi_error_file_read_only(csp, rsp, file->identifier);
+ err = cgi_error_file_read_only(csp, rsp, file->filename);
}
edit_free_file(file);
return err;
}
- target = strdup(CGI_PREFIX "edit-actions-list?f=");
- string_append(&target, file->identifier);
+ snprintf(target, sizeof(target), CGI_PREFIX "edit-actions-list?foo=%lu&f=%i",
+ (long) time(NULL), file->identifier);
edit_free_file(file);
- if (target == NULL)
- {
- /* Out of memory */
- return JB_ERR_MEMORY;
- }
-
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- free(target);
- return JB_ERR_MEMORY;
- }
- err = enlist_unique_header(rsp->headers, "Location", target);
- free(target);
-
- return err;
+ return cgi_redirect(rsp, target);
}
struct editable_file * file;
struct file_line * cur_line;
unsigned line_number;
- char * target;
+ char target[1024];
jb_err err;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
line_number = 1;
cur_line = file->lines;
- if (sectionid < 1U)
+ if (sectionid <= 1U)
{
/* Add to start of file */
- if (cur_line != NULL)
+ if (cur_line != NULL && cur_line->type != FILE_LINE_ACTION)
{
/* There's something in the file, find the line before the first
* action.
line_number++;
}
}
+ else
+ {
+ /* File starts with action line, so insert at top */
+ cur_line = NULL;
+ }
}
else
{
if (err == JB_ERR_FILE)
{
/* Read-only file. */
- err = cgi_error_file_read_only(csp, rsp, file->identifier);
+ err = cgi_error_file_read_only(csp, rsp, file->filename);
}
edit_free_file(file);
return err;
}
- target = strdup(CGI_PREFIX "edit-actions-list?f=");
- string_append(&target, file->identifier);
+ snprintf(target, sizeof(target), CGI_PREFIX "edit-actions-list?foo=%lu&f=%i",
+ (long) time(NULL), file->identifier);
edit_free_file(file);
- if (target == NULL)
- {
- /* Out of memory */
- return JB_ERR_MEMORY;
- }
-
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- free(target);
- return JB_ERR_MEMORY;
- }
- err = enlist_unique_header(rsp->headers, "Location", target);
- free(target);
-
- return err;
+ return cgi_redirect(rsp, target);
}
struct file_line * line_end_section2;
struct file_line * line_after_section2;
unsigned line_number;
- char * target;
+ char target[1024];
jb_err err;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
if (err == JB_ERR_FILE)
{
/* Read-only file. */
- err = cgi_error_file_read_only(csp, rsp, file->identifier);
+ err = cgi_error_file_read_only(csp, rsp, file->filename);
}
edit_free_file(file);
return err;
}
} /* END if (section1 != section2) */
- target = strdup(CGI_PREFIX "edit-actions-list?f=");
- string_append(&target, file->identifier);
+ snprintf(target, sizeof(target), CGI_PREFIX "edit-actions-list?foo=%lu&f=%i",
+ (long) time(NULL), file->identifier);
edit_free_file(file);
- if (target == NULL)
- {
- /* Out of memory */
- return JB_ERR_MEMORY;
- }
-
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- free(target);
- return JB_ERR_MEMORY;
- }
- err = enlist_unique_header(rsp->headers, "Location", target);
- free(target);
-
- return err;
-}
-
-
-/*********************************************************************
- *
- * Function : cgi_toggle
- *
- * Description : CGI function that adds a new empty section to
- * an actions file.
- *
- * Parameters :
- * 1 : csp = Current client state (buffers, headers, etc...)
- * 2 : rsp = http_response data structure for output
- * 3 : parameters = map of cgi parameters
- *
- * CGI Parameters :
- * set : If present, how to change toggle setting:
- * "enable", "disable", "toggle", or none (default).
- * mini : If present, use mini reply template.
- *
- * Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory
- *
- *********************************************************************/
-jb_err cgi_toggle(struct client_state *csp,
- struct http_response *rsp,
- const struct map *parameters)
-{
- struct map *exports;
- char mode;
- const char *template_name;
-
- assert(csp);
- assert(rsp);
- assert(parameters);
-
- if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_TOGGLE))
- {
- return cgi_error_disabled(csp, rsp);
- }
-
- mode = get_char_param(parameters, "set");
-
- if (mode == 'E')
- {
- /* Enable */
- g_bToggleIJB = 1;
- }
- else if (mode == 'D')
- {
- /* Disable */
- g_bToggleIJB = 0;
- }
- else if (mode == 'T')
- {
- /* Toggle */
- g_bToggleIJB = !g_bToggleIJB;
- }
-
- if (NULL == (exports = default_exports(csp, "toggle")))
- {
- return JB_ERR_MEMORY;
- }
-
- template_name = (get_char_param(parameters, "mini")
- ? "toggle-mini"
- : "toggle");
-
- return template_fill_for_cgi(csp, template_name, exports, rsp);
+ return cgi_redirect(rsp, target);
}
static jb_err actions_to_radio(struct map * exports,
const struct action_spec *action)
{
- unsigned mask = action->mask;
- unsigned add = action->add;
+ unsigned long mask;
+ unsigned long add;
int mapped_param;
int checked;
char current_mode;
static jb_err actions_from_radio(const struct map * parameters,
struct action_spec *action)
{
- static int first_time = 1;
const char * param;
char * param_dup;
char ch;
* but in this case we're safe and don't need semaphores.
* Be careful if you modify this function.
* - Jon
+ * The js_name_arr's are never free()d, but this is no
+ * problem, since they will only be created once and
+ * used by all threads thereafter. -oes
*/
#define JAVASCRIPTIFY(dest_var, string) \
{ \
- static char js_name_arr[] = string; \
+ static int first_time = 1; \
+ static char *js_name_arr; \
if (first_time) \
{ \
+ js_name_arr = strdup(string); \
javascriptify(js_name_arr); \
} \
dest_var = js_name_arr; \
+ first_time = 0; \
} \
#define DEFINE_ACTION_BOOL(name, bit) \
#undef DEFINE_ACTION_ALIAS
#undef JAVASCRIPTIFY
- first_time = 0;
-
return err;
}
+#endif /* def FEATURE_CGI_EDIT_ACTIONS */
-#endif /* def FEATURE_CGI_EDIT_ACTIONS */
+#ifdef FEATURE_TOGGLE
+/*********************************************************************
+ *
+ * Function : cgi_toggle
+ *
+ * Description : CGI function that adds a new empty section to
+ * an actions file.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : rsp = http_response data structure for output
+ * 3 : parameters = map of cgi parameters
+ *
+ * CGI Parameters :
+ * set : If present, how to change toggle setting:
+ * "enable", "disable", "toggle", or none (default).
+ * mini : If present, use mini reply template.
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory
+ *
+ *********************************************************************/
+jb_err cgi_toggle(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
+{
+ struct map *exports;
+ char mode;
+ const char *template_name;
+
+ assert(csp);
+ assert(rsp);
+ assert(parameters);
+
+ if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_TOGGLE))
+ {
+ return cgi_error_disabled(csp, rsp);
+ }
+
+ mode = get_char_param(parameters, "set");
+
+ if (mode == 'E')
+ {
+ /* Enable */
+ global_toggle_state = 1;
+ }
+ else if (mode == 'D')
+ {
+ /* Disable */
+ global_toggle_state = 0;
+ }
+ else if (mode == 'T')
+ {
+ /* Toggle */
+ global_toggle_state = !global_toggle_state;
+ }
+
+ if (NULL == (exports = default_exports(csp, "toggle")))
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ template_name = (get_char_param(parameters, "mini")
+ ? "toggle-mini"
+ : "toggle");
+
+ return template_fill_for_cgi(csp, template_name, exports, rsp);
+}
+#endif /* def FEATURE_TOGGLE */
/*