X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=cgiedit.c;h=c6058e7ab128b9911cd445a7ef1c0ee037a96ac4;hb=a90476caaea41cabf25cf48c85c324b482989dff;hp=312ecd753f50c9abe293d0d8b42d7cdd5630ddb9;hpb=a7c60ebfa31570ad116b7777c0e24b2b86a46599;p=privoxy.git
diff --git a/cgiedit.c b/cgiedit.c
index 312ecd75..c6058e7a 100644
--- a/cgiedit.c
+++ b/cgiedit.c
@@ -1,21 +1,28 @@
-const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.1 2001/09/16 15:47:37 jongfoster Exp $";
+const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.19 2002/03/16 18:38:14 jongfoster Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $
*
* Purpose : CGI-based actionsfile editor.
- *
- * Functions declared include:
- *
+ *
+ * Functions declared include: cgi_edit_*
+ *
+ * NOTE: The CGIs in this file use parameter names
+ * such as "f" and "s" which are really *BAD* choices.
+ * However, I'm trying to save bytes in the
+ * edit-actions-list HTML page - the standard actions
+ * file generated a 550kbyte page, which is ridiculous.
+ *
+ * Stick to the short names in this file for consistency.
*
* Copyright : Written by and Copyright (C) 2001 the SourceForge
* IJBSWA team. http://ijbswa.sourceforge.net
*
* Based on the Internet Junkbuster originally written
- * by and Copyright (C) 1997 Anonymous Coders and
+ * by and Copyright (C) 1997 Anonymous Coders and
* Junkbusters Corporation. http://www.junkbusters.com
*
- * This program is free software; you can redistribute it
+ * This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
* Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at
@@ -35,6 +42,123 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.1 2001/09/16 15:47:37 jongfoster
*
* Revisions :
* $Log: cgiedit.c,v $
+ * Revision 1.19 2002/03/16 18:38:14 jongfoster
+ * Stopping stupid or malicious users from breaking the actions
+ * file using the web-based editor.
+ *
+ * Revision 1.18 2002/03/16 14:57:44 jongfoster
+ * Full support for enabling/disabling modular filters.
+ *
+ * Revision 1.17 2002/03/16 14:26:42 jongfoster
+ * First version of modular filters support - READ ONLY!
+ * Fixing a double-free bug in the out-of-memory handling in map_radio().
+ *
+ * Revision 1.16 2002/03/07 03:46:17 oes
+ * Fixed compiler warnings
+ *
+ * Revision 1.15 2002/03/06 22:54:35 jongfoster
+ * Automated function-comment nitpicking.
+ *
+ * Revision 1.14 2002/03/05 00:24:51 jongfoster
+ * Patch to always edit the current actions file.
+ *
+ * Revision 1.13 2002/03/04 02:07:59 david__schmidt
+ * Enable web editing of actions file on OS/2 (it had been broken all this time!)
+ *
+ * Revision 1.12 2002/03/03 09:18:03 joergs
+ * Made jumbjuster work on AmigaOS again.
+ *
+ * Revision 1.11 2002/01/23 01:03:31 jongfoster
+ * Fixing gcc [CygWin] compiler warnings
+ *
+ * Revision 1.10 2002/01/23 00:22:59 jongfoster
+ * Adding new function cgi_edit_actions_section_swap(), to reorder
+ * the actions file.
+ *
+ * Adding get_url_spec_param() to get a validated URL pattern.
+ *
+ * Moving edit_read_line() out of this file and into loaders.c.
+ *
+ * Adding missing html_encode() to many CGI functions.
+ *
+ * Moving the functions that #include actionlist.h to the end of the file,
+ * because the Visual C++ 97 debugger gets extremely confused if you try
+ * to debug any code that comes after them in the file.
+ *
+ * Major optimizations in cgi_edit_actions_list() to reduce the size of
+ * the generated HTML (down 40% from 550k to 304k), with major side-effects
+ * throughout the editor and templates. In particular, the length of the
+ * URLs throughout the editor has been drastically reduced, by cutting
+ * paramater names down to 1 character and CGI names down to 3-4
+ * characters, by removing all non-essential CGI paramaters even at the
+ * expense of having to re-read the actions file for the most trivial
+ * page, and by using relative rather than absolute URLs. This means
+ * that this (typical example):
+ *
+ *
+ *
+ * is now this:
+ *
+ *
+ *
+ * Revision 1.9 2002/01/17 20:56:22 jongfoster
+ * Replacing hard references to the URL of the config interface
+ * with #defines from project.h
+ *
+ * Revision 1.8 2001/11/30 23:35:51 jongfoster
+ * Renaming actionsfile to ijb.action
+ *
+ * Revision 1.7 2001/11/13 00:28:24 jongfoster
+ * - Renaming parameters from edit-actions-for-url so that they only
+ * contain legal JavaScript characters. If we wanted to write
+ * JavaScript that worked with Netscape 4, this is nessacery.
+ * (Note that at the moment the JavaScript doesn't actually work
+ * with Netscape 4, but now this is purely a template issue, not
+ * one affecting code).
+ * - Adding new CGIs for use by non-JavaScript browsers:
+ * edit-actions-url-form
+ * edit-actions-add-url-form
+ * edit-actions-remove-url-form
+ * - Fixing || bug.
+ *
+ * Revision 1.6 2001/10/29 03:48:09 david__schmidt
+ * OS/2 native needed a snprintf() routine. Added one to miscutil, brackedted
+ * by and __OS2__ ifdef.
+ *
+ * Revision 1.5 2001/10/25 03:40:48 david__schmidt
+ * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple
+ * threads to call select() simultaneously. So, it's time to do a real, live,
+ * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__
+ * (native). Both versions will work, but using __OS2__ offers multi-threading.
+ *
+ * Revision 1.4 2001/10/23 21:48:19 jongfoster
+ * Cleaning up error handling in CGI functions - they now send back
+ * a HTML error page and should never cause a FATAL error. (Fixes one
+ * potential source of "denial of service" attacks).
+ *
+ * CGI actions file editor that works and is actually useful.
+ *
+ * Ability to toggle JunkBuster remotely using a CGI call.
+ *
+ * You can turn off both the above features in the main configuration
+ * file, e.g. if you are running a multi-user proxy.
+ *
+ * Revision 1.3 2001/10/14 22:12:49 jongfoster
+ * New version of CGI-based actionsfile editor.
+ * Major changes, including:
+ * - Completely new file parser and file output routines
+ * - edit-actions CGI renamed edit-actions-for-url
+ * - All CGIs now need a filename parameter, except for...
+ * - New CGI edit-actions which doesn't need a filename,
+ * to allow you to start the editor up.
+ * - edit-actions-submit now works, and now automatically
+ * redirects you back to the main edit-actions-list handler.
+ *
+ * Revision 1.2 2001/09/16 17:05:14 jongfoster
+ * Removing unused #include showarg.h
+ *
* Revision 1.1 2001/09/16 15:47:37 jongfoster
* First version of CGI-based edit interface. This is very much a
* work-in-progress, and you can't actually use it to edit anything
@@ -52,11 +176,13 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.1 2001/09/16 15:47:37 jongfoster
*/
#include
-#include
#include
+#include
#include
#include
#include
+#include
+#include
#ifdef _WIN32
#define snprintf _snprintf
@@ -65,436 +191,4308 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.1 2001/09/16 15:47:37 jongfoster
#include "project.h"
#include "cgi.h"
#include "cgiedit.h"
+#include "cgisimple.h"
#include "list.h"
#include "encode.h"
-#include "ssplit.h"
-#include "jcc.h"
-#include "filters.h"
#include "actions.h"
-#include "errlog.h"
#include "miscutil.h"
+#include "errlog.h"
+#include "loaders.h"
#include "loadcfg.h"
+/* loadcfg.h is for g_bToggleIJB only */
+#include "urlmatch.h"
const char cgiedit_h_rcs[] = CGIEDIT_H_VERSION;
#ifdef FEATURE_CGI_EDIT_ACTIONS
+struct file_line
+{
+ struct file_line * next;
+ char * raw;
+ char * prefix;
+ char * unprocessed;
+ int type;
+
+ union
+ {
+ struct action_spec action[1];
+
+ struct
+ {
+ char * name;
+ char * svalue;
+ int ivalue;
+ } setting;
+
+ /* Add more data types here... e.g.
+
+
+ struct url_spec url[1];
+
+ struct
+ {
+ struct action_spec action[1];
+ const char * name;
+ } alias;
+
+ */
+
+ } data;
+};
+
+#define FILE_LINE_UNPROCESSED 1
+#define FILE_LINE_BLANK 2
+#define FILE_LINE_ALIAS_HEADER 3
+#define FILE_LINE_ALIAS_ENTRY 4
+#define FILE_LINE_ACTION 5
+#define FILE_LINE_URL 6
+#define FILE_LINE_SETTINGS_HEADER 7
+#define FILE_LINE_SETTINGS_ENTRY 8
+#define FILE_LINE_DESCRIPTION_HEADER 9
+#define FILE_LINE_DESCRIPTION_ENTRY 10
+
+
+struct editable_file
+{
+ struct file_line * lines;
+ const char * filename; /* Full pathname - e.g. "/etc/junkbuster/wibble.action" */
+ const char * identifier; /* Filename stub - e.g. "wibble". Use for CGI param. */
+ /* Pre-encoded with url_encode() for ease of use. */
+ const char * version_str; /* Last modification time, as a string. For CGI param */
+ /* Can be used in URL without using url_param(). */
+ unsigned version; /* Last modification time - prevents chaos with
+ * the browser's "back" button. Note that this is a
+ * time_t cast to an unsigned. When comparing, always
+ * cast the time_t to an unsigned, and *NOT* vice-versa.
+ * This may lose the top few bits, but they're not
+ * significant anyway.
+ */
+ int newline; /* Newline convention - one of the NEWLINE_xxx constants.
+ * Note that changing this after the file has been
+ * read in will cause a mess.
+ */
+ struct file_line * parse_error; /* On parse error, this is the offending line. */
+ const char * parse_error_text; /* On parse error, this is the problem.
+ * (Statically allocated) */
+};
+
+#define CGI_ACTION_PARAM_LEN_MAX 500
+
+/* FIXME: Following non-static functions should be prototyped in .h or made static */
+
+/* Functions to read and write arbitrary config files */
+jb_err edit_read_file(struct client_state *csp,
+ const struct map *parameters,
+ int require_version,
+ const char *suffix,
+ struct editable_file **pfile);
+jb_err edit_write_file(struct editable_file * file);
+void edit_free_file(struct editable_file * file);
+
+/* Functions to read and write actions files */
+jb_err edit_parse_actions_file(struct editable_file * file);
+jb_err edit_read_actions_file(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters,
+ int require_version,
+ struct editable_file **pfile);
+
+/* Error handlers */
+jb_err cgi_error_modified(struct client_state *csp,
+ struct http_response *rsp,
+ const char *filename);
+jb_err cgi_error_parse(struct client_state *csp,
+ struct http_response *rsp,
+ struct editable_file *file);
+jb_err cgi_error_file(struct client_state *csp,
+ struct http_response *rsp,
+ const char *filename);
+jb_err cgi_error_disabled(struct client_state *csp,
+ struct http_response *rsp);
+
+/* Internal arbitrary config file support functions */
+static jb_err edit_read_file_lines(FILE *fp, struct file_line ** pfile, int *newline);
+static void edit_free_file_lines(struct file_line * first_line);
+
+/* Internal actions file support functions */
+static int match_actions_file_header_line(const char * line, const char * name);
+static jb_err split_line_on_equals(const char * line, char ** pname, char ** pvalue);
+
+/* Internal parameter parsing functions */
+static jb_err get_file_name_param(struct client_state *csp,
+ const struct map *parameters,
+ const char *param_name,
+ const char *suffix,
+ char **pfilename,
+ const char **pparam);
+static jb_err get_number_param(struct client_state *csp,
+ const struct map *parameters,
+ char *name,
+ unsigned *pvalue);
+static jb_err get_url_spec_param(struct client_state *csp,
+ const struct map *parameters,
+ const char *name,
+ char **pvalue);
+static jb_err get_string_param(const struct map *parameters,
+ const char *param_name,
+ const char **pparam);
+
+/* Internal actionsfile <==> HTML conversion functions */
+static jb_err map_radio(struct map * exports,
+ const char * optionname,
+ const char * values,
+ int value);
+static jb_err actions_to_radio(struct map * exports,
+ const struct action_spec *action);
+static jb_err actions_from_radio(const struct map * parameters,
+ struct action_spec *action);
+
+
+static jb_err map_copy_parameter_html(struct map *out,
+ const struct map *in,
+ const char *name);
+#if 0 /* unused function */
+static jb_err map_copy_parameter_url(struct map *out,
+ const struct map *in,
+ const char *name);
+#endif /* unused function */
/*********************************************************************
*
- * Function : cgi_edit_actions_list
+ * Function : map_copy_parameter_html
*
- * Description : CGI function that edits the actions list.
+ * Description : Copy a CGI parameter from one map to another, HTML
+ * encoding it.
*
* Parameters :
- * 1 : csp = Current client state (buffers, headers, etc...)
- * 2 : rsp = http_response data structure for output
- * 3 : parameters = map of cgi parameters
- *
- * CGI Parameters : None
+ * 1 : out = target map
+ * 2 : in = source map
+ * 3 : name = name of cgi parameter to copy
*
- * Returns : 0
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory
+ * JB_ERR_CGI_PARAMS if the parameter doesn't exist
+ * in the source map
*
*********************************************************************/
-int cgi_edit_actions_list(struct client_state *csp, struct http_response *rsp,
- struct map *parameters)
+static jb_err map_copy_parameter_html(struct map *out,
+ const struct map *in,
+ const char *name)
{
- struct file_list *fl;
- struct url_actions *actions;
- char * actions_html;
- char * next_actions_html;
- char * section_template;
- char * url_template;
- char * sections;
- char * urls;
- struct map * exports = default_exports(csp, NULL);
- struct map * section_exports;
- struct map * url_exports;
- int urlid;
- char buf[50];
- char * s;
- int url_1_2;
-
- if (((fl = csp->actions_list) == NULL) || ((actions = fl->f) == NULL))
- {
- /* FIXME: Oops, no file to edit */
- free_map(exports);
- return cgi_default(csp, rsp, parameters);
- }
+ const char * value;
+ jb_err err;
- /* Should do all global exports above this point */
-
- section_template = template_load(csp, "edit-actions-list-section");
- url_template = template_load(csp, "edit-actions-list-url");
+ assert(out);
+ assert(in);
+ assert(name);
- template_fill(§ion_template, exports);
- template_fill(&url_template, exports);
+ value = lookup(in, name);
+ err = map(out, name, 1, html_encode(value), 0);
- urlid = 0;
- sections = strdup("");
-
- ++urlid;
- actions = actions->next;
- if (actions != NULL)
+ if (err)
{
- actions_html = actions_to_html(actions->action);
+ /* Out of memory */
+ return err;
}
-
- while (actions != NULL)
+ else if (*value == '\0')
{
- section_exports = new_map();
-
- snprintf(buf, 50, "%d", urlid);
- map(section_exports, "sectionid", 1, buf, 1);
+ return JB_ERR_CGI_PARAMS;
+ }
+ else
+ {
+ return JB_ERR_OK;
+ }
+}
- map(section_exports, "actions", 1, actions_html, 1);
- /* Should do all section-specific exports above this point */
+#if 0 /* unused function */
+/*********************************************************************
+ *
+ * Function : map_copy_parameter_html
+ *
+ * Description : Copy a CGI parameter from one map to another, URL
+ * encoding it.
+ *
+ * Parameters :
+ * 1 : out = target map
+ * 2 : in = source map
+ * 3 : name = name of cgi parameter to copy
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory
+ * JB_ERR_CGI_PARAMS if the parameter doesn't exist
+ * in the source map
+ *
+ *********************************************************************/
+static jb_err map_copy_parameter_url(struct map *out,
+ const struct map *in,
+ const char *name)
+{
+ const char * value;
+ jb_err err;
- urls = strdup("");
- url_1_2 = 2;
+ assert(out);
+ assert(in);
+ assert(name);
- next_actions_html = NULL;
- do
- {
- freez(next_actions_html);
+ value = lookup(in, name);
+ err = map(out, name, 1, url_encode(value), 0);
- url_exports = new_map();
+ if (err)
+ {
+ /* Out of memory */
+ return err;
+ }
+ else if (*value == '\0')
+ {
+ return JB_ERR_CGI_PARAMS;
+ }
+ else
+ {
+ return JB_ERR_OK;
+ }
+}
+#endif /* 0 - unused function */
- snprintf(buf, 50, "%d", urlid);
- map(url_exports, "urlid", 1, buf, 1);
+/*********************************************************************
+ *
+ * Function : cgi_edit_actions_url_form
+ *
+ * Description : CGI function that displays a form for
+ * edit-actions-url
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : rsp = http_response data structure for output
+ * 3 : parameters = map of cgi parameters
+ *
+ * CGI Parameters
+ * f : (filename) Identifies the file to edit
+ * v : (version) File's last-modified time
+ * p : (pattern) Line number of pattern to edit
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory
+ * JB_ERR_CGI_PARAMS if the CGI parameters are not
+ * specified or not valid.
+ *
+ *********************************************************************/
+jb_err cgi_edit_actions_url_form(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
+{
+ struct map * exports;
+ unsigned patternid;
+ struct editable_file * file;
+ struct file_line * cur_line;
+ unsigned line_number;
+ jb_err err;
- snprintf(buf, 50, "%d", url_1_2);
- map(url_exports, "url-1-2", 1, buf, 1);
+ assert(csp);
+ assert(rsp);
+ assert(parameters);
- s = html_encode(actions->url->spec);
- map(url_exports, "url", 1, s, 1);
+ if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
+ {
+ return cgi_error_disabled(csp, rsp);
+ }
- s = strdup(url_template);
- template_fill(&s, section_exports);
- template_fill(&s, url_exports);
- urls = strsav(urls, s);
- free_map(url_exports);
+ err = get_number_param(csp, parameters, "p", &patternid);
+ if (err)
+ {
+ return err;
+ }
- ++urlid;
- url_1_2 = 3 - url_1_2;
- actions = actions->next;
- if (actions)
- {
- next_actions_html = actions_to_html(actions->action);
- }
- }
- while (actions && (0 == strcmp(actions_html, next_actions_html)));
+ err = edit_read_actions_file(csp, rsp, parameters, 1, &file);
+ if (err)
+ {
+ /* No filename specified, can't read file, modified, or out of memory. */
+ return (err == JB_ERR_FILE ? JB_ERR_OK : err);
+ }
- map(section_exports, "urls", 1, urls, 0);
+ cur_line = file->lines;
- /* Could also do section-specific exports here, but it wouldn't be as fast */
+ for (line_number = 1; (cur_line != NULL) && (line_number < patternid); line_number++)
+ {
+ cur_line = cur_line->next;
+ }
- s = strdup(section_template);
- template_fill(&s, section_exports);
- sections = strsav(sections, s);
- free_map(section_exports);
+ if ( (cur_line == NULL)
+ || (line_number != patternid)
+ || (patternid < 1)
+ || (cur_line->type != FILE_LINE_URL))
+ {
+ /* Invalid "patternid" parameter */
+ edit_free_file(file);
+ return JB_ERR_CGI_PARAMS;
+ }
- freez(actions_html);
- actions_html = next_actions_html;
+ if (NULL == (exports = default_exports(csp, NULL)))
+ {
+ edit_free_file(file);
+ return JB_ERR_MEMORY;
}
- map(exports, "sections", 1, sections, 0);
+ err = map(exports, "f", 1, file->identifier, 1);
+ if (!err) err = map(exports, "v", 1, file->version_str, 1);
+ if (!err) err = map(exports, "p", 1, url_encode(lookup(parameters, "p")), 0);
+ if (!err) err = map(exports, "u", 1, html_encode(cur_line->unprocessed), 0);
- /* Could also do global exports here, but it wouldn't be as fast */
+ edit_free_file(file);
- rsp->body = template_load(csp, "edit-actions-list");
- template_fill(&rsp->body, exports);
- free_map(exports);
+ if (err)
+ {
+ free_map(exports);
+ return err;
+ }
- return(0);
+ return template_fill_for_cgi(csp, "edit-actions-url-form", exports, rsp);
}
/*********************************************************************
*
- * Function : map_radio
+ * Function : cgi_edit_actions_add_url_form
*
- * Description : Map a set of radio button values. E.g. if you have
- * 3 radio buttons, declare them as:
- *