X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=cgi.c;h=4a523b21a8e4d3efc8cdce3fa1f8596351b2cfa4;hb=a2dc27748cbcd8cf95ac96197291fac3c4cba4fc;hp=cc02f95ad193eae69754d8f59fa8ef8bcf31f39d;hpb=9fdbeb69d643ad96e34612479da816667832f8ff;p=privoxy.git
diff --git a/cgi.c b/cgi.c
index cc02f95a..4a523b21 100644
--- a/cgi.c
+++ b/cgi.c
@@ -1,4 +1,4 @@
-const char cgi_rcs[] = "$Id: cgi.c,v 1.35 2001/10/23 21:48:19 jongfoster Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.69 2002/05/14 21:28:40 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
@@ -12,7 +12,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.35 2001/10/23 21:48:19 jongfoster Exp $";
*
*
* Copyright : Written by and Copyright (C) 2001 the SourceForge
- * IJBSWA team. http://ijbswa.sourceforge.net
+ * Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
@@ -38,6 +38,144 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.35 2001/10/23 21:48:19 jongfoster Exp $";
*
* Revisions :
* $Log: cgi.c,v $
+ * Revision 1.69 2002/05/14 21:28:40 oes
+ * - Fixed add_help_link to link to the (now split) actions
+ * part of the config chapter
+ * - Renamed helplink export to actions-help-prefix
+ *
+ * Revision 1.68 2002/05/12 21:36:29 jongfoster
+ * Correcting function comments
+ *
+ * Revision 1.67 2002/04/30 12:02:07 oes
+ * Nit: updated a comment
+ *
+ * Revision 1.66 2002/04/26 18:32:57 jongfoster
+ * Fixing a memory leak on error
+ *
+ * Revision 1.65 2002/04/26 12:53:51 oes
+ * - New function add_help_link
+ * - default_exports now exports links to the user manual
+ * and a prefix for links into the config chapter
+ *
+ * Revision 1.64 2002/04/24 02:17:21 oes
+ * - Better descriptions for CGIs
+ * - Hide edit-actions, more shortcuts
+ * - Moved get_char_param, get_string_param and get_number_param here
+ * from cgiedit.c
+ *
+ * Revision 1.63 2002/04/15 19:06:43 jongfoster
+ * Typos
+ *
+ * Revision 1.62 2002/04/10 19:59:46 jongfoster
+ * Fixes to #include in templates:
+ * - Didn't close main file if loading an included template fails.
+ * - I'm paranoid and want to disallow "#include /etc/passwd".
+ *
+ * Revision 1.61 2002/04/10 13:37:48 oes
+ * Made templates modular: template_load now recursive with max depth 1
+ *
+ * Revision 1.60 2002/04/08 20:50:25 swa
+ * fixed JB spelling
+ *
+ * Revision 1.59 2002/04/05 15:51:51 oes
+ * - added send-stylesheet CGI
+ * - bugfix: error-pages now get correct request protocol
+ * - fixed
+ * - kludged CGI descriptions and menu not to break JS syntax
+ *
+ * Revision 1.58 2002/03/29 03:33:13 david__schmidt
+ * Fix Mac OSX compiler warnings
+ *
+ * Revision 1.57 2002/03/26 22:29:54 swa
+ * we have a new homepage!
+ *
+ * Revision 1.56 2002/03/24 17:50:46 jongfoster
+ * Fixing compile error if actions file editor disabled
+ *
+ * Revision 1.55 2002/03/24 16:55:06 oes
+ * Making GIF checkerboard transparent
+ *
+ * Revision 1.54 2002/03/24 16:18:15 jongfoster
+ * Removing old logo
+ *
+ * Revision 1.53 2002/03/24 16:06:00 oes
+ * Correct transparency for checkerboard PNG. Thanks, Magnus!
+ *
+ * Revision 1.52 2002/03/24 15:23:33 jongfoster
+ * Name changes
+ *
+ * Revision 1.51 2002/03/24 13:25:43 swa
+ * name change related issues
+ *
+ * Revision 1.50 2002/03/16 23:54:06 jongfoster
+ * Adding graceful termination feature, to help look for memory leaks.
+ * If you enable this (which, by design, has to be done by hand
+ * editing config.h) and then go to http://i.j.b/die, then the program
+ * will exit cleanly after the *next* request. It should free all the
+ * memory that was used.
+ *
+ * Revision 1.49 2002/03/13 00:27:04 jongfoster
+ * Killing warnings
+ *
+ * Revision 1.48 2002/03/08 17:47:07 jongfoster
+ * Adding comments
+ *
+ * Revision 1.47 2002/03/08 16:41:33 oes
+ * Added GIF images again
+ *
+ * Revision 1.46 2002/03/07 03:48:38 oes
+ * - Changed built-in images from GIF to PNG
+ * (with regard to Unisys patent issue)
+ * - Added a 4x4 pattern PNG which is less intrusive
+ * than the logo but also clearly marks the deleted banners
+ *
+ * Revision 1.45 2002/03/06 22:54:35 jongfoster
+ * Automated function-comment nitpicking.
+ *
+ * Revision 1.44 2002/03/05 22:43:45 david__schmidt
+ * - Better error reporting on OS/2
+ * - Fix double-slash comment (oops)
+ *
+ * Revision 1.43 2002/03/05 21:33:45 david__schmidt
+ * - Re-enable OS/2 building after new parms were added
+ * - Fix false out of memory report when resolving CGI templates when no IP
+ * address is available of failed attempt (a la no such domain)
+ *
+ * Revision 1.42 2002/01/21 00:33:20 jongfoster
+ * Replacing strsav() with the safer string_append() or string_join().
+ * Adding map_block_keep() to save a few bytes in the edit-actions-list HTML.
+ * Adding missing html_encode() to error message generators.
+ * Adding edit-actions-section-swap and many "shortcuts" to the list of CGIs.
+ *
+ * Revision 1.41 2002/01/17 20:56:22 jongfoster
+ * Replacing hard references to the URL of the config interface
+ * with #defines from project.h
+ *
+ * Revision 1.40 2002/01/09 14:26:46 oes
+ * Added support for thread-safe gmtime_r call.
+ *
+ * Revision 1.39 2001/11/16 00:48:13 jongfoster
+ * Fixing a compiler warning
+ *
+ * Revision 1.38 2001/11/13 00:31:21 jongfoster
+ * - Adding new CGIs for use by non-JavaScript browsers:
+ * edit-actions-url-form
+ * edit-actions-add-url-form
+ * edit-actions-remove-url-form
+ * - Fixing make_menu()'s HTML generation - it now quotes the href parameter.
+ * - Fixing || bug.
+ *
+ * Revision 1.37 2001/11/01 14:28:47 david__schmidt
+ * Show enablement/disablement status in almost all templates.
+ * There is a little trickiness here: apparent recursive resolution of
+ * @if-enabled-then@ caused the toggle template to show status out-of-phase with
+ * the actual enablement status. So a similar construct,
+ * @if-enabled-display-then@, is used to resolve the status display on non-'toggle'
+ * templates.
+ *
+ * Revision 1.36 2001/10/26 17:33:27 oes
+ * marginal bugfix
+ *
* Revision 1.35 2001/10/23 21:48:19 jongfoster
* Cleaning up error handling in CGI functions - they now send back
* a HTML error page and should never cause a FATAL error. (Fixes one
@@ -45,7 +183,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.35 2001/10/23 21:48:19 jongfoster Exp $";
*
* CGI actions file editor that works and is actually useful.
*
- * Ability to toggle JunkBuster remotely using a CGI call.
+ * Ability to toggle Junkbuster remotely using a CGI call.
*
* You can turn off both the above features in the main configuration
* file, e.g. if you are running a multi-user proxy.
@@ -53,7 +191,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.35 2001/10/23 21:48:19 jongfoster Exp $";
* Revision 1.34 2001/10/18 22:22:09 david__schmidt
* Only show "Local support" on templates conditionally:
* - if either 'admin-address' or 'proxy-info-url' are uncommented in config
- * - if not, no Local support section appears are removed automatically
+ * - if not, no Local support section appears
*
* Revision 1.33 2001/10/14 22:28:41 jongfoster
* Fixing stupid typo.
@@ -245,6 +383,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.35 2001/10/23 21:48:19 jongfoster Exp $";
#include JunkBuster ran out of memory whilst processing your request. Privoxy ran out of memory while processing your request. Please contact your proxy administrator, or try again later JunkBuster encountered an error whilst processing your request: Privoxy encountered an error while processing your request: Could not load template file 500 Internal JunkBuster Proxy Error
\r\n"
- "500 Internal Privoxy Error
\r\n"
+ "500 Internal JunkBuster Proxy Error
\r\n"
- "500 Internal Privoxy Error
\r\n"
+ "";
static const char body_suffix[] =
- "
Please contact your proxy administrator.
\r\n" - "If you are the proxy administrator, please put the required file " + "
If you are the proxy administrator, please put the required file(s)"
"in the (confdir)/templates
directory. The "
"location of the (confdir)
directory "
- "is specified in the main JunkBuster config
"
- "file. (It's typically the JunkBuster install directory"
+ "is specified in the main Privoxy config
"
+ "file. (It's typically the Privoxy install directory"
#ifndef _WIN32
- ", or /etc/junkbuster/
"
+ ", or /etc/privoxy/
"
#endif /* ndef _WIN32 */
").
Privoxy encountered an error while processing your request:
\r\n" + "Unexpected internal error: "; + static const char body_suffix[] = + "
\r\n" + "Please " + "" + "file a bug report.
\r\n" + "\r\n" + "\r\n"; + char errnumbuf[30]; + assert(csp); + assert(rsp); + + /* Reset rsp, if needed */ + freez(rsp->status); + freez(rsp->head); + freez(rsp->body); + rsp->content_length = 0; + rsp->head_length = 0; + rsp->is_static = 0; + + sprintf(errnumbuf, "%d", error_to_report); + + rsp->body = malloc(strlen(body_prefix) + strlen(errnumbuf) + strlen(body_suffix) + 1); + if (rsp->body == NULL) + { + return JB_ERR_MEMORY; + } + strcpy(rsp->body, body_prefix); + strcat(rsp->body, errnumbuf); + strcat(rsp->body, body_suffix); + + rsp->status = strdup(status); + if (rsp->body == NULL) + { + return JB_ERR_MEMORY; + } + + return JB_ERR_OK; +} + + /********************************************************************* * * Function : cgi_error_bad_param @@ -794,8 +1300,8 @@ jb_err cgi_error_no_template(struct client_state *csp, * (query string) for a CGI were wrong. * * Parameters : - * 1 : csp = Current client state (buffers, headers, etc...) - * 2 : rsp = http_response data structure for output + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : rsp = http_response data structure for output * * CGI Parameters : none * @@ -820,6 +1326,47 @@ jb_err cgi_error_bad_param(struct client_state *csp, } +/********************************************************************* + * + * Function : add_help_link + * + * Description : Produce a copy of the string given as item, + * embedded in an HTML link to its corresponding + * section (item name in uppercase) in the actions + * chapter of the user manual, (whose URL is given in + * the config and defaults to our web site). + * + * FIXME: I currently only work for actions, and would + * like to be generalized for other topics. + * + * Parameters : + * 1 : item = item (will NOT be free()d.) + * It is assumed to be HTML-safe. + * 2 : config = The current configuration. + * + * Returns : String with item embedded in link, or NULL on + * out-of-memory + * + *********************************************************************/ +char *add_help_link(const char *item, + struct configuration_spec *config) +{ + char *result; + + if (!item) return NULL; + + result = strdup("usermanual); + string_append(&result, ACTIONS_HELP_PREFIX); + string_join (&result, string_toupper(item)); + string_append(&result, "\">"); + string_append(&result, item); + string_append(&result, " "); + + return result; +} + + /********************************************************************* * * Function : get_http_time @@ -855,7 +1402,14 @@ void get_http_time(int time_offset, char *buf) current_time += time_offset; /* get and save the gmt */ - t = gmtime(¤t_time); + { +#ifdef HAVE_GMTIME_R + struct tm dummy; + t = gmtime_r(¤t_time, &dummy); +#else + t = gmtime(¤t_time); +#endif + } /* Format: "Sun, 06 Nov 1994 08:49:37 GMT" */ snprintf(buf, 30, @@ -912,8 +1466,11 @@ struct http_response *finish_http_response(struct http_response *rsp) { rsp->content_length = rsp->body ? strlen(rsp->body) : 0; } - sprintf(buf, "Content-Length: %d", rsp->content_length); - err = err || enlist(rsp->headers, buf); + if (!err) + { + sprintf(buf, "Content-Length: %d", (int)rsp->content_length); + err = enlist(rsp->headers, buf); + } /* * Fill in the default headers: @@ -926,23 +1483,29 @@ struct http_response *finish_http_response(struct http_response *rsp) * * See http://www.w3.org/Protocols/rfc2068/rfc2068 */ - err = err || enlist_unique(rsp->headers, "Content-Type: text/html", 13); + if (!err) err = enlist_unique(rsp->headers, "Content-Type: text/html", 13); if (rsp->is_static) { /* * Set Expires to about 10 min into the future so it'll get reloaded - * occasionally, e.g. if IJB gets upgraded. + * occasionally, e.g. if Privoxy gets upgraded. */ - get_http_time(0, buf); - err = err || enlist_unique_header(rsp->headers, "Date", buf); + if (!err) + { + get_http_time(0, buf); + err = enlist_unique_header(rsp->headers, "Date", buf); + } /* Some date in the past. */ - err = err || enlist_unique_header(rsp->headers, "Last-Modified", "Sat, 17 Jun 2000 12:00:00 GMT"); + if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", "Sat, 17 Jun 2000 12:00:00 GMT"); - get_http_time(10 * 60, buf); /* 10 * 60sec = 10 minutes */ - err = err || enlist_unique_header(rsp->headers, "Expires", buf); + if (!err) + { + get_http_time(10 * 60, buf); /* 10 * 60sec = 10 minutes */ + err = enlist_unique_header(rsp->headers, "Expires", buf); + } } else { @@ -951,11 +1514,12 @@ struct http_response *finish_http_response(struct http_response *rsp) * setting. However, to be certain, we also set both "Last-Modified" * and "Expires" to the current time. */ - err = err || enlist_unique_header(rsp->headers, "Cache-Control", "no-cache"); + if (!err) err = enlist_unique_header(rsp->headers, "Cache-Control", "no-cache"); + get_http_time(0, buf); - err = err || enlist_unique_header(rsp->headers, "Date", buf); - err = err || enlist_unique_header(rsp->headers, "Last-Modified", buf); - err = err || enlist_unique_header(rsp->headers, "Expires", buf); + if (!err) err = enlist_unique_header(rsp->headers, "Date", buf); + if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", buf); + if (!err) err = enlist_unique_header(rsp->headers, "Expires", buf); } @@ -1028,25 +1592,31 @@ void free_http_response(struct http_response *rsp) * * Description : CGI support function that loads a given HTML * template from the confdir, ignoring comment - * lines. + * lines and following #include statements up to + * a depth of 1. * * Parameters : - * 1 : csp = Current client state (buffers, headers, etc...) - * 2 : template_ptr = Destination for pointer to loaded + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : template_ptr = Destination for pointer to loaded * template text. - * 3 : template = name of the HTML template to be used + * 3 : templatename = name of the HTML template to be used + * 4 : recursive = Flag set if this function calls itself + * following an #include statament * * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory error. * JB_ERR_FILE if the template file cannot be read * *********************************************************************/ -jb_err template_load(struct client_state *csp, char ** template_ptr, - const char *templatename) +jb_err template_load(struct client_state *csp, char **template_ptr, + const char *templatename, int recursive) { + jb_err err; char *templates_dir_path; char *full_path; char *file_buffer; + char *included_module; + const char *p; FILE *fp; char buf[BUFFER_SIZE]; @@ -1056,9 +1626,21 @@ jb_err template_load(struct client_state *csp, char ** template_ptr, *template_ptr = NULL; - /* - * Open template file or fail - */ + /* Validate template name. Paranoia. */ + for (p = templatename; *p != 0; p++) + { + if ( ((*p < 'a') || (*p > 'z')) + && ((*p < 'A') || (*p > 'Z')) + && ((*p < '0') || (*p > '9')) + && (*p != '-') + && (*p != '.')) + { + /* Illegal character */ + return JB_ERR_FILE; + } + } + + /* Generate full path */ templates_dir_path = make_path(csp->config->confdir, "templates"); if (templates_dir_path == NULL) @@ -1073,6 +1655,8 @@ jb_err template_load(struct client_state *csp, char ** template_ptr, return JB_ERR_MEMORY; } + /* Allocate buffer */ + file_buffer = strdup(""); if (file_buffer == NULL) { @@ -1080,6 +1664,8 @@ jb_err template_load(struct client_state *csp, char ** template_ptr, return JB_ERR_MEMORY; } + /* Open template file */ + if (NULL == (fp = fopen(full_path, "r"))) { log_error(LOG_LEVEL_ERROR, "Cannot open template file %s: %E", full_path); @@ -1090,15 +1676,34 @@ jb_err template_load(struct client_state *csp, char ** template_ptr, free(full_path); /* - * Read the file, ignoring comments. + * Read the file, ignoring comments, and honoring #include + * statements, unless we're already called recursively. * * FIXME: The comment handling could break with lines >BUFFER_SIZE long. * This is unlikely in practise. */ while (fgets(buf, BUFFER_SIZE, fp)) { + if (!recursive && !strncmp(buf, "#include ", 9)) + { + if (JB_ERR_OK != (err = template_load(csp, &included_module, chomp(buf + 9), 1))) + { + free(file_buffer); + fclose(fp); + return err; + } + + if (string_join(&file_buffer, included_module)) + { + fclose(fp); + return JB_ERR_MEMORY; + } + + continue; + } + /* skip lines starting with '#' */ - if(*buf == '#') + if (*buf == '#') { continue; } @@ -1130,11 +1735,11 @@ jb_err template_load(struct client_state *csp, char ** template_ptr, * interpretation. * * Parameters : - * 1 : template_ptr = IN: Template to be filled out. + * 1 : template_ptr = IN: Template to be filled out. * Will be free()d. * OUT: Filled out template. * Caller must free(). - * 2 : exports = map with fill in symbol -> name pairs + * 2 : exports = map with fill in symbol -> name pairs * * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory error @@ -1237,10 +1842,11 @@ jb_err template_fill(char **template_ptr, const struct map *exports) * this function also frees the passed "exports" map. * * Parameters : - * 1 : csp = Client state - * 2 : templatename = name of the HTML template to be used - * 3 : exports = map with fill in symbol -> name pairs. + * 1 : csp = Client state + * 2 : templatename = name of the HTML template to be used + * 3 : exports = map with fill in symbol -> name pairs. * Will be freed by this function. + * 4 : rsp = Response structure to fill in. * * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory error @@ -1258,7 +1864,7 @@ jb_err template_fill_for_cgi(struct client_state *csp, assert(exports); assert(rsp); - err = template_load(csp, &rsp->body, templatename); + err = template_load(csp, &rsp->body, templatename, 0); if (err == JB_ERR_FILE) { free_map(exports); @@ -1293,7 +1899,7 @@ jb_err template_fill_for_cgi(struct client_state *csp, struct map *default_exports(const struct client_state *csp, const char *caller) { char buf[20]; - int err = 0; + jb_err err; struct map * exports; int local_help_exists = 0; @@ -1305,46 +1911,48 @@ struct map *default_exports(const struct client_state *csp, const char *caller) return NULL; } - - err = map(exports, "version", 1, VERSION, 1) - || map(exports, "my-ip-address", 1, csp->my_ip_addr_str ? csp->my_ip_addr_str : "unknown", 1) - || map(exports, "my-hostname", 1, csp->my_hostname ? csp->my_hostname : "unknown", 1) - || map(exports, "homepage", 1, HOME_PAGE_URL, 1) - || map(exports, "default-cgi", 1, HOME_PAGE_URL "/config", 1) - || map(exports, "menu", 1, make_menu(caller), 0) - || map(exports, "code-status", 1, CODE_STATUS, 1); + err = map(exports, "version", 1, html_encode(VERSION), 0); + if (!err) err = map(exports, "my-ip-address", 1, html_encode(csp->my_ip_addr_str ? csp->my_ip_addr_str : "unknown"), 0); + if (!err) err = map(exports, "my-hostname", 1, html_encode(csp->my_hostname ? csp->my_hostname : "unknown"), 0); + if (!err) err = map(exports, "homepage", 1, html_encode(HOME_PAGE_URL), 0); + if (!err) err = map(exports, "default-cgi", 1, html_encode(CGI_PREFIX), 0); + if (!err) err = map(exports, "menu", 1, make_menu(caller), 0); + if (!err) err = map(exports, "code-status", 1, CODE_STATUS, 1); + if (!err) err = map(exports, "user-manual", 1, csp->config->usermanual ,1); + if (!err) err = map(exports, "actions-help-prefix", 1, ACTIONS_HELP_PREFIX ,1); + if (!err) err = map_conditional(exports, "enabled-display", g_bToggleIJB); snprintf(buf, 20, "%d", csp->config->hport); - err = err || map(exports, "my-port", 1, buf, 1); + if (!err) err = map(exports, "my-port", 1, buf, 1); if(!strcmp(CODE_STATUS, "stable")) { - err = err || map_block_killer(exports, "unstable"); + if (!err) err = map_block_killer(exports, "unstable"); } - if(csp->config->admin_address != NULL) + if (csp->config->admin_address != NULL) { - err = err || map(exports, "admin-address", 1, csp->config->admin_address, 1); + if (!err) err = map(exports, "admin-address", 1, html_encode(csp->config->admin_address), 0); local_help_exists = 1; } else { - err = err || map_block_killer(exports, "have-adminaddr-info"); + if (!err) err = map_block_killer(exports, "have-adminaddr-info"); } - if(csp->config->proxy_info_url != NULL) + if (csp->config->proxy_info_url != NULL) { - err = err || map(exports, "proxy-info-url", 1, csp->config->proxy_info_url, 1); + if (!err) err = map(exports, "proxy-info-url", 1, html_encode(csp->config->proxy_info_url), 0); local_help_exists = 1; } else { - err = err || map_block_killer(exports, "have-proxy-info"); - } + if (!err) err = map_block_killer(exports, "have-proxy-info"); + } if (local_help_exists == 0) { - err = err || map_block_killer(exports, "have-help-info"); + if (!err) err = map_block_killer(exports, "have-help-info"); } if (err) @@ -1388,6 +1996,44 @@ jb_err map_block_killer(struct map *exports, const char *name) } +/********************************************************************* + * + * Function : map_block_keep + * + * Description : Convenience function. Removes the markers used + * by map-block-killer, to save a few bytes. + * i.e. removes "@if-"); - ret = strsav(ret, cur_entry->name); - ret = strsav(ret, " | "); - ret = strsav(ret, cur_entry->value); - ret = strsav(ret, " |
"); + string_join (&ret, html_encode(cur_entry->name)); + string_append(&ret, " | "); + string_join (&ret, html_encode(cur_entry->value)); + string_append(&ret, " |