-const char filters_rcs[] = "$Id: filters.c,v 1.100 2008/02/23 16:33:43 fabiankeil Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.106 2008/05/03 16:40:44 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.c,v $
* `filter_popups', `forward_url', 'redirect_url',
* `ij_untrusted_url', `intercept_url', `pcrs_filter_respose',
* `ijb_send_banner', `trust_url', `gif_deanimate_response',
- * `jpeg_inspect_response', `execute_single_pcrs_command',
- * `rewrite_url', `get_last_url'
+ * `execute_single_pcrs_command', `rewrite_url',
+ * `get_last_url'
*
- * Copyright : Written by and Copyright (C) 2001, 2004-2007 the SourceForge
+ * Copyright : Written by and Copyright (C) 2001, 2004-2008 the SourceForge
* Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
*
* Revisions :
* $Log: filters.c,v $
+ * Revision 1.106 2008/05/03 16:40:44 fabiankeil
+ * Change content_filters_enabled()'s parameter from
+ * csp->action to action so it can be also used in the
+ * CGI code. Don't bother checking if there are filters
+ * loaded, as that's somewhat besides the point.
+ *
+ * Revision 1.105 2008/03/28 15:13:39 fabiankeil
+ * Remove inspect-jpegs action.
+ *
+ * Revision 1.104 2008/03/27 18:27:24 fabiankeil
+ * Remove kill-popups action.
+ *
+ * Revision 1.103 2008/03/06 16:33:45 fabiankeil
+ * If limit-connect isn't used, don't limit CONNECT requests to port 443.
+ *
+ * Revision 1.102 2008/03/01 14:00:44 fabiankeil
+ * Let the block action take the reason for the block
+ * as argument and show it on the "blocked" page.
+ *
+ * Revision 1.101 2008/02/23 16:57:12 fabiankeil
+ * Rename url_actions() to get_url_actions() and let it
+ * use the standard parameter ordering.
+ *
* Revision 1.100 2008/02/23 16:33:43 fabiankeil
* Let forward_url() use the standard parameter ordering
* and mark its second parameter immutable.
#endif /* def FEATURE_ACL */
+/*********************************************************************
+ *
+ * Function : connect_port_is_forbidden
+ *
+ * Description : Check to see if CONNECT requests to the destination
+ * port of this request are forbidden. The check is
+ * independend of the actual request method.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : True if yes, false otherwise.
+ *
+ *********************************************************************/
+int connect_port_is_forbidden(const struct client_state *csp)
+{
+ return ((csp->action->flags & ACTION_LIMIT_CONNECT) &&
+ !match_portlist(csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port));
+}
+
+
/*********************************************************************
*
* Function : block_url
if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0);
if (!err) err = map(exports, "path", 1, html_encode(csp->http->path), 0);
if (!err) err = map(exports, "path-ue", 1, url_encode(csp->http->path), 0);
-
+ if (!err)
+ {
+ const char *block_reason;
+ if (csp->action->string[ACTION_STRING_BLOCK] != NULL)
+ {
+ block_reason = csp->action->string[ACTION_STRING_BLOCK];
+ }
+ else
+ {
+ assert(connect_port_is_forbidden(csp));
+ block_reason = "Forbidden CONNECT port.";
+ }
+ err = map(exports, "block-reason", 1, html_encode(block_reason), 0);
+ }
if (err)
{
free_map(exports);
/*
* If not, do we maybe trust its referrer?
*/
- err = parse_http_url(referer, rhttp, csp);
+ err = parse_http_url(referer, rhttp, REQUIRE_PROTOCOL);
if (err)
{
return 1;
}
-/*********************************************************************
- *
- * Function : jpeg_inspect_response
- *
- * Description :
- *
- * Parameters :
- * 1 : csp = Current client state (buffers, headers, etc...)
- *
- * Returns : a pointer to the (newly allocated) modified buffer
- * or NULL in case something went wrong.
- *
- *********************************************************************/
-static char *jpeg_inspect_response(struct client_state *csp)
-{
- struct binbuffer *in = NULL;
- struct binbuffer *out = NULL;
- char *p = NULL;
- size_t size;
-
- size = (size_t)(csp->iob->eod - csp->iob->cur);
-
- if (NULL == (in = (struct binbuffer *)zalloc(sizeof *in )))
- {
- log_error(LOG_LEVEL_DEANIMATE, "failed! (jpeg no mem 1)");
- return NULL;
- }
-
- if (NULL == (out = (struct binbuffer *)zalloc(sizeof *out)))
- {
- log_error(LOG_LEVEL_DEANIMATE, "failed! (jpeg no mem 2)");
- return NULL;
- }
-
- in->buffer = csp->iob->cur;
- in->size = size;
-
- /*
- * Calling jpeg_inspect has the side-effect of creating and
- * modifying the image buffer of "out" directly.
- */
- if (jpeg_inspect(in, out))
- {
- log_error(LOG_LEVEL_DEANIMATE, "failed! (jpeg parsing)");
- freez(in);
- buf_free(out);
- return(NULL);
-
- }
- else
- {
- csp->content_length = out->offset;
- csp->flags |= CSP_FLAG_MODIFIED;
- p = out->buffer;
- freez(in);
- freez(out);
- return(p);
- }
-
-}
-
-
/*********************************************************************
*
* Function : get_filter_function
{
filter_function = gif_deanimate_response;
}
- else if ((csp->content_type & CT_JPEG) &&
- (csp->action->flags & ACTION_JPEG_INSPECT))
- {
- filter_function = jpeg_inspect_response;
- }
return filter_function;
}
* enabled for the current request.
*
* Parameters :
- * 1 : csp = Current client state (buffers, headers, etc...)
+ * 1 : action = Action spec to check.
*
* Returns : TRUE for yes, FALSE otherwise
*
*********************************************************************/
-inline int content_filters_enabled(const struct client_state *csp)
+int content_filters_enabled(const struct current_action_spec *action)
{
- return (((csp->rlist != NULL) &&
- (!list_is_empty(csp->action->multi[ACTION_MULTI_FILTER]))) ||
- (csp->action->flags & (ACTION_DEANIMATE|ACTION_JPEG_INSPECT|ACTION_NO_POPUPS)));
+ return ((action->flags & ACTION_DEANIMATE) ||
+ !list_is_empty(action->multi[ACTION_MULTI_FILTER]));
}
/*