Bump copyright
Use stringify() instead of section_target() ... and remove section_target(). Like the XXX comment suggested this could be done my moving the hash into the templates which seems preferable anyway.
Add missing client-body-tagger data to the action_type_info[] struct ... so lookups based on the action index work correctly again. Prevents assertion failures or segfaults when trying to edit an action file with the CGI editor. The type of failure depended on whether or not assertions were enabled and on whether or not Privoxy had been compiled with FEATURE_EXTERNAL_FILTERS. Regression introduced in Privoxy 3.0.34. Patch submitted by Aaron Li in #940.
cgi_edit_actions_for_url(): Wrap line sooner
action_render_string_actions_template(): Assert that the multi action index is valid
cgi_edit_actions_for_url(): Assert that the multi action index is valid
cgi_edit_actions_for_url(): Add missing space
action_render_string_actions_template: Fix spelling in description and re-flow
action_render_string_actions_template(): Adjust space around function parameters
get_url_spec_param(): Free memory of compiled pattern spec before bailing OVE-20211201-0003. CVE-2021-44540.
action_render_string_actions_template(): Reposition an asterisk
cgi_edit_process_string_action(): Fix an error message
Allow to edit the add-header action through the CGI editor .. by generalizing the code that got added with the suppress-tag action. Closes: SF patch request #146
Add support for filering client request bodies ... by using CLIENT-BODY-FILTER filters which can be enabled with the client-body-filter action.
action_render_string_filters_template(): Declare a variable at the beginning ... of the function to silence a compiler warning when building with -std=c89: cc -c -pipe -fstack-protector-all -ggdb -Wshadow -Wconversion -I/usr/local/include/ -pthread -Wall -std=c89 cgiedit.c -o cgiedit.o cgiedit.c:4436:9: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat] for (int i=0; i < SZ(desc); ++i) ^ 1 warning generated.
Add the new action suppress-tag{} Usage: in user.filters: --begin-- CLIENT-HEADER-TAGGER: maximum-url-length Tag for URLS longer than 600 characters. s@(^GET\s+\/.{600,}\s+HTTP\/\d\.\d\s*$)@MAXIMUM-URL-LENGTH@i --end-- in user.actions: --begin-- {+client-header-tagger{maximum-url-length}} / {+block{Maximum URL length of 600 bytes reached.}} TAG:^MAXIMUM-URL-LENGTH {+suppress-tag{MAXIMUM-URL-LENGTH}} .google.* --end-- will block all URLs with length > 600 bytes except for google. Currently the online action editor supports modification/removal of any number of existing tags and the creation of a single suppress tag per one submit. The submit scheme that is used is similar to the existing filter one but: 1. It uses 'string_filter[_r|_n|_o|_t][hex_index]' keys for existing string filter values (id/name(value)/old_name(old value)/filter type) and 'new_string_filter[_r|_n|_t][hex_index]' for new string filter values. 'String filter values' here are parameters of the suppress-tag action that are simple strings rather than parameters of, for example, the client-header-tagger action that must be described in filters file. 2. String filter values are accessed by the value rather by the index. Indexes must start from 0 and when there is no key with index+1 in parameters - we've done with existing or new string filters processing. Possible further improvements: 1. Extend suppress-tag action edit scheme to add-header action edit that is not supported now. 2. If needed, multiple suppress-tag addition can be added with some browser JS code. Sponsored by: Robert Klemme
cgi_edit_actions_submit(): Check the toggle state of filters until no filters are left Previously we would stop looking after the first filter index wasn't found in the request URL. This worked in case of "split-large-forms 0" but resulted in filter state being ignored in case of "split-large-forms 1" which leads to request URLs that only contain a subset of the filters. Reported by withoutname in #921.
Fix spelling of FEATURE_HTTPS_INSPECTION ... so the action editor actually allows to set https-inspection and ignore-certificate-errors. Reported by: Roland
Fix typos
Allow to configure https-inspection and ignore-certificate-errors with the CGI editor Sponsored by: Robert Klemme