-const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.59 2008/03/08 16:25:56 fabiankeil Exp $";
+const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.66 2009/05/16 13:27:20 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $
* or write to the Free Software Foundation, Inc., 59
* Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
- * Revisions :
- * $Log: cgiedit.c,v $
- * Revision 1.59 2008/03/08 16:25:56 fabiankeil
- * After three file modification time mismatches, turn the CGI editor off.
- *
- * Revision 1.58 2007/11/28 17:57:01 fabiankeil
- * Fix double free in cgi_edit_actions_list().
- * Reported by adlab in BR#1840145.
- *
- * Revision 1.57 2007/10/27 13:32:23 fabiankeil
- * Plug minor 5-year-old memory leak. Spotted by
- * Valgrind and triggered by Privoxy-Regression-Test.
- *
- * Revision 1.56 2007/08/05 13:47:03 fabiankeil
- * #1763173 from Stefan Huehner: s@const static@static const@.
- *
- * Revision 1.55 2007/05/31 11:50:20 fabiankeil
- * Re-enable support for old-school URLs like
- * http://config.privoxy.org/edit-actions-list?f=default
- * in the action editor.
- *
- * They are no longer used by the CGI pages, but make it easier
- * to reach the editor directly, without knowing the requested
- * file's index in csp->config->actions_file[].
- *
- * Revision 1.54 2007/05/14 10:33:51 fabiankeil
- * - Use strlcpy() and strlcat() instead of strcpy() and strcat().
- *
- * Revision 1.53 2007/04/15 16:39:20 fabiankeil
- * Introduce tags as alternative way to specify which
- * actions apply to a request. At the moment tags can be
- * created based on client and server headers.
- *
- * Revision 1.52 2007/04/12 10:41:23 fabiankeil
- * - Don't mistake VC++'s _snprintf() for a snprintf() replacement.
- * - Move some cgi_edit_actions_for_url() variables into structs.
- * - Remove bogus comment.
- *
- * Revision 1.51 2007/04/08 13:21:05 fabiankeil
- * Reference action files in CGI URLs by id instead
- * of using the first part of the file name.
- * Fixes BR 1694250 and BR 1590556.
- *
- * Revision 1.50 2007/03/29 11:40:34 fabiankeil
- * Divide @filter-params@ into @client-header-filter-params@
- * @content-filter-params@ and @server-header-filter-params@.
- *
- * Revision 1.49 2007/03/20 15:16:34 fabiankeil
- * Use dedicated header filter actions instead of abusing "filter".
- * Replace "filter-client-headers" and "filter-client-headers"
- * with "server-header-filter" and "client-header-filter".
- *
- * Revision 1.48 2007/02/13 14:35:25 fabiankeil
- * Replace hash escaping code to prevent
- * crashes, memory and file corruption.
- *
- * Revision 1.47 2006/12/28 18:04:25 fabiankeil
- * Fixed gcc43 conversion warnings.
- *
- * Revision 1.46 2006/12/27 18:44:52 fabiankeil
- * Stop shadowing string.h's index().
- *
- * Revision 1.45 2006/12/21 12:57:48 fabiankeil
- * Add config option "split-large-forms"
- * to work around the browser bug reported
- * in BR #1570678.
- *
- * Revision 1.44 2006/12/09 13:49:16 fabiankeil
- * Fix configure option --disable-toggle.
- * Thanks to Peter Thoenen for reporting this.
- *
- * Revision 1.43 2006/07/18 14:48:45 david__schmidt
- * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
- * with what was really the latest development (the v_3_0_branch branch)
- *
- * Revision 1.41.2.12 2006/01/30 15:16:25 david__schmidt
- * Remove a little residual debugging info
- *
- * Revision 1.41.2.11 2006/01/29 23:10:56 david__schmidt
- * Multiple filter file support
- *
- * Revision 1.41.2.10 2005/07/04 03:13:43 david__schmidt
- * Undo some damaging memory leak patches
- *
- * Revision 1.41.2.9 2005/07/04 00:31:04 david__schmidt
- * Removing a double free
- *
- * Revision 1.41.2.8 2005/05/07 21:50:54 david__schmidt
- * A few memory leaks plugged (mostly on error paths)
- *
- * Revision 1.41.2.7 2004/02/17 13:30:23 oes
- * Moved cgi_error_disabled() from cgiedit.c to
- * cgi.c to re-enable build with --disable-editor.
- * Fixes Bug #892744. Thanks to Matthew Fischer
- * for spotting.
- *
- * Revision 1.41.2.6 2003/12/18 08:13:48 oes
- * One line lost in last commit
- *
- * Revision 1.41.2.5 2003/12/17 16:33:47 oes
- * - All edit functions that redirect back to the list page
- * now use cgi_redirect
- * - All redirects now contain useless parameter "foo", whose
- * value are raw seconds since epoch, in order to force
- * Opera and Konqueror to properly reload the list. Closes
- * bug #859993
- *
- * Revision 1.41.2.4 2003/03/11 11:53:59 oes
- * Cosmetic: Renamed cryptic variable
- *
- * Revision 1.41.2.3 2002/11/12 15:01:41 oes
- * Fix: Don't free uninitialized struct editable_file
- *
- * Revision 1.41.2.2 2002/08/05 20:02:59 oes
- * Bugfix: "Insert new section at top" did not work properly if first non-comment line in file was of type FILE_LINE_ACTION
- *
- * Revision 1.41.2.1 2002/08/02 12:43:14 oes
- * Fixed bug #588514: first_time now set on a per-string basis in actions_from_radio; javascriptify now called on copies
- *
- * Revision 1.41 2002/05/21 19:09:45 oes
- * - Made Add/Edit/Remove URL Submit and Cancel
- * buttons jump back to relevant section in eal
- * - Bugfix: remove-url-form needs p export
- *
- * Revision 1.40 2002/05/19 11:34:35 jongfoster
- * Handling read-only actions files better - report the actual
- * error, not "Out of memory"!
- *
- * Bug report:
- * http://sourceforge.net/tracker/index.php?func=detail
- * &aid=557905&group_id=11118&atid=111118
- *
- * Revision 1.39 2002/05/12 21:39:15 jongfoster
- * - Adding Doxygen-style comments to structures and #defines.
- * - Correcting function comments
- *
- * Revision 1.38 2002/05/03 23:00:38 jongfoster
- * Support for templates for "standard actions" buttons.
- * See bug #549871
- *
- * Revision 1.37 2002/04/30 11:14:52 oes
- * Made csp the first parameter in *action_to_html
- *
- * Revision 1.36 2002/04/26 21:53:30 jongfoster
- * Fixing a memory leak. (Near, but not caused by, my earlier commit).
- *
- * Revision 1.35 2002/04/26 21:50:02 jongfoster
- * Honouring default exports in edit-actions-for-url-filter template.
- *
- * Revision 1.34 2002/04/26 12:54:17 oes
- * Adaptions to changes in actions.c
- *
- * Revision 1.33 2002/04/24 02:17:47 oes
- * - Moved get_char_param, get_string_param and get_number_param to cgi.c
- * - Comments
- * - Activated Jon's code for editing multiple AFs
- * - cgi_edit_list_actions now provides context-sensitive
- * help, looks up all action sets from standard.action and
- * makes buttons for them in the catchall section
- * - cgi_edit_action_submit now honors a p parameter, looks up
- * the corresponding action set, and sets the catchall pattern's
- * actions accordingly.
- *
- * Revision 1.32 2002/04/19 16:55:31 jongfoster
- * Fixing newline problems. If we do our own text file newline
- * mangling, we don't want the library to do any, so we need to
- * open the files in *binary* mode.
- *
- * Revision 1.31 2002/04/18 19:21:08 jongfoster
- * Added code to detect "conventional" action files, that start
- * with a set of actions for all URLs (the pattern "/").
- * These are special-cased in the "edit-actions-list" CGI, so
- * that a special UI can be written for them.
- *
- * Revision 1.30 2002/04/10 13:38:35 oes
- * load_template signature changed
- *
- * Revision 1.29 2002/04/08 16:59:08 oes
- * Fixed comment
- *
- * Revision 1.28 2002/03/27 12:30:29 oes
- * Deleted unsused variable
- *
- * Revision 1.27 2002/03/26 23:06:04 jongfoster
- * Removing duplicate @ifs on the toggle page
- *
- * Revision 1.26 2002/03/26 22:59:17 jongfoster
- * Fixing /toggle to display status consistently.
- *
- * Revision 1.25 2002/03/26 22:29:54 swa
- * we have a new homepage!
- *
- * Revision 1.24 2002/03/24 15:23:33 jongfoster
- * Name changes
- *
- * Revision 1.23 2002/03/24 13:32:41 swa
- * name change related issues
- *
- * Revision 1.22 2002/03/24 13:25:43 swa
- * name change related issues
- *
- * Revision 1.21 2002/03/22 18:02:48 jongfoster
- * Fixing remote toggle
- *
- * Revision 1.20 2002/03/16 20:28:34 oes
- * Added descriptions to the filters so users will know what they select in the cgi editor
- *
- * Revision 1.19 2002/03/16 18:38:14 jongfoster
- * Stopping stupid or malicious users from breaking the actions
- * file using the web-based editor.
- *
- * Revision 1.18 2002/03/16 14:57:44 jongfoster
- * Full support for enabling/disabling modular filters.
- *
- * Revision 1.17 2002/03/16 14:26:42 jongfoster
- * First version of modular filters support - READ ONLY!
- * Fixing a double-free bug in the out-of-memory handling in map_radio().
- *
- * Revision 1.16 2002/03/07 03:46:17 oes
- * Fixed compiler warnings
- *
- * Revision 1.15 2002/03/06 22:54:35 jongfoster
- * Automated function-comment nitpicking.
- *
- * Revision 1.14 2002/03/05 00:24:51 jongfoster
- * Patch to always edit the current actions file.
- *
- * Revision 1.13 2002/03/04 02:07:59 david__schmidt
- * Enable web editing of actions file on OS/2 (it had been broken all this time!)
- *
- * Revision 1.12 2002/03/03 09:18:03 joergs
- * Made jumbjuster work on AmigaOS again.
- *
- * Revision 1.11 2002/01/23 01:03:31 jongfoster
- * Fixing gcc [CygWin] compiler warnings
- *
- * Revision 1.10 2002/01/23 00:22:59 jongfoster
- * Adding new function cgi_edit_actions_section_swap(), to reorder
- * the actions file.
- *
- * Adding get_url_spec_param() to get a validated URL pattern.
- *
- * Moving edit_read_line() out of this file and into loaders.c.
- *
- * Adding missing html_encode() to many CGI functions.
- *
- * Moving the functions that #include actionlist.h to the end of the file,
- * because the Visual C++ 97 debugger gets extremely confused if you try
- * to debug any code that comes after them in the file.
- *
- * Major optimizations in cgi_edit_actions_list() to reduce the size of
- * the generated HTML (down 40% from 550k to 304k), with major side-effects
- * throughout the editor and templates. In particular, the length of the
- * URLs throughout the editor has been drastically reduced, by cutting
- * paramater names down to 1 character and CGI names down to 3-4
- * characters, by removing all non-essential CGI paramaters even at the
- * expense of having to re-read the actions file for the most trivial
- * page, and by using relative rather than absolute URLs. This means
- * that this (typical example):
- *
- * <a href="http://ijbswa.sourceforge.net/config/edit-actions-url-form?
- * filename=ijb&ver=1011487572&section=12&pattern=13
- * &oldval=www.oesterhelt.org%2Fdeanimate-demo">
- *
- * is now this:
- *
- * <a href="eau?f=ijb&v=1011487572&p=13">
- *
- * Revision 1.9 2002/01/17 20:56:22 jongfoster
- * Replacing hard references to the URL of the config interface
- * with #defines from project.h
- *
- * Revision 1.8 2001/11/30 23:35:51 jongfoster
- * Renaming actionsfile to ijb.action
- *
- * Revision 1.7 2001/11/13 00:28:24 jongfoster
- * - Renaming parameters from edit-actions-for-url so that they only
- * contain legal JavaScript characters. If we wanted to write
- * JavaScript that worked with Netscape 4, this is nessacery.
- * (Note that at the moment the JavaScript doesn't actually work
- * with Netscape 4, but now this is purely a template issue, not
- * one affecting code).
- * - Adding new CGIs for use by non-JavaScript browsers:
- * edit-actions-url-form
- * edit-actions-add-url-form
- * edit-actions-remove-url-form
- * - Fixing || bug.
- *
- * Revision 1.6 2001/10/29 03:48:09 david__schmidt
- * OS/2 native needed a snprintf() routine. Added one to miscutil, brackedted
- * by and __OS2__ ifdef.
- *
- * Revision 1.5 2001/10/25 03:40:48 david__schmidt
- * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple
- * threads to call select() simultaneously. So, it's time to do a real, live,
- * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__
- * (native). Both versions will work, but using __OS2__ offers multi-threading.
- *
- * Revision 1.4 2001/10/23 21:48:19 jongfoster
- * Cleaning up error handling in CGI functions - they now send back
- * a HTML error page and should never cause a FATAL error. (Fixes one
- * potential source of "denial of service" attacks).
- *
- * CGI actions file editor that works and is actually useful.
- *
- * Ability to toggle JunkBuster remotely using a CGI call.
- *
- * You can turn off both the above features in the main configuration
- * file, e.g. if you are running a multi-user proxy.
- *
- * Revision 1.3 2001/10/14 22:12:49 jongfoster
- * New version of CGI-based actionsfile editor.
- * Major changes, including:
- * - Completely new file parser and file output routines
- * - edit-actions CGI renamed edit-actions-for-url
- * - All CGIs now need a filename parameter, except for...
- * - New CGI edit-actions which doesn't need a filename,
- * to allow you to start the editor up.
- * - edit-actions-submit now works, and now automatically
- * redirects you back to the main edit-actions-list handler.
- *
- * Revision 1.2 2001/09/16 17:05:14 jongfoster
- * Removing unused #include showarg.h
- *
- * Revision 1.1 2001/09/16 15:47:37 jongfoster
- * First version of CGI-based edit interface. This is very much a
- * work-in-progress, and you can't actually use it to edit anything
- * yet. You must #define FEATURE_CGI_EDIT_ACTIONS for these changes
- * to have any effect.
- *
- *
**********************************************************************/
-\f
+
#include "config.h"
{
char buf[30];
- snprintf(buf, 30, "#l%d", sectionid);
+ snprintf(buf, sizeof(buf), "#l%d", sectionid);
return(strdup(buf));
}
if ( (cur_line == NULL)
|| (line_number != patternid)
- || (patternid < 1)
+ || (patternid < 1U)
|| (cur_line->type != FILE_LINE_URL))
{
/* Invalid "patternid" parameter */
if ( (cur_line == NULL)
|| (line_number != patternid)
- || (patternid < 1)
+ || (patternid < 1U)
|| (cur_line->type != FILE_LINE_URL))
{
/* Invalid "patternid" parameter */
/* Correct file->version_str */
freez(file->version_str);
- snprintf(version_buf, 22, "%u", file->version);
- version_buf[21] = '\0';
+ snprintf(version_buf, sizeof(version_buf), "%u", file->version);
+ version_buf[sizeof(version_buf)-1] = '\0';
file->version_str = strdup(version_buf);
if (version_buf == NULL)
{
text++;
len--;
}
- while ( (len > 0)
+ while ( (len > (size_t)0)
&& ( (text[len - 1] == ' ')
|| (text[len - 1] == '\t') ) )
{
* Probably an old-school URL like
* http://config.privoxy.org/edit-actions-list?f=default
*/
- err = get_file_name_param(csp, parameters, "f", &filename);
+ get_file_name_param(csp, parameters, "f", &filename);
}
if (NULL == filename || stat(filename, statbuf) < 0)
/* Correct file->version_str */
freez(file->version_str);
- snprintf(version_buf, 22, "%u", file->version);
- version_buf[21] = '\0';
+ snprintf(version_buf, sizeof(version_buf), "%u", file->version);
+ version_buf[sizeof(version_buf)-1] = '\0';
file->version_str = strdup(version_buf);
if (version_buf == NULL)
{
struct http_response *rsp,
const struct map *parameters)
{
+ (void)parameters;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
{
*/
if (!err) err = map_conditional(exports, "all-urls-present", 1);
- snprintf(buf, 150, "%d", line_number);
+ snprintf(buf, sizeof(buf), "%d", line_number);
if (!err) err = map(exports, "all-urls-s", 1, buf, 1);
- snprintf(buf, 150, "%d", line_number + 2);
+ snprintf(buf, sizeof(buf), "%d", line_number + 2);
if (!err) err = map(exports, "all-urls-s-next", 1, buf, 1);
if (!err) err = map(exports, "all-urls-actions", 1,
actions_to_html(csp, cur_line->data.action), 0);
return JB_ERR_MEMORY;
}
- snprintf(buf, 150, "%d", line_number);
+ snprintf(buf, sizeof(buf), "%d", line_number);
err = map(section_exports, "s", 1, buf, 1);
if (!err) err = map(section_exports, "actions", 1,
actions_to_html(csp, cur_line->data.action), 0);
if (prev_section_line_number != ((unsigned)(-1)))
{
/* Not last section */
- snprintf(buf, 150, "%d", prev_section_line_number);
+ snprintf(buf, sizeof(buf), "%d", prev_section_line_number);
if (!err) err = map(section_exports, "s-prev", 1, buf, 1);
if (!err) err = map_block_keep(section_exports, "s-prev-exists");
}
return JB_ERR_MEMORY;
}
- snprintf(buf, 150, "%d", line_number);
+ snprintf(buf, sizeof(buf), "%d", line_number);
err = map(url_exports, "p", 1, buf, 1);
- snprintf(buf, 150, "%d", url_1_2);
+ snprintf(buf, sizeof(buf), "%d", url_1_2);
if (!err) err = map(url_exports, "url-1-2", 1, buf, 1);
if (!err) err = map(url_exports, "url-html", 1,
/* Could also do section-specific exports here, but it wouldn't be as fast */
- snprintf(buf, 150, "%d", line_number);
+ snprintf(buf, sizeof(buf), "%d", line_number);
if (!err) err = map(section_exports, "s-next", 1, buf, 1);
if ( (cur_line != NULL)
{
if (!strncmp(b->url->spec, "standard.", 9) && !strcmp(b->url->spec + 9, action_set_name))
{
- copy_action(cur_line->data.action, b->action);
+ copy_action(cur_line->data.action, b->action);
goto found;
}
}
return cgi_redirect(rsp, target);
}
-#ifdef FEATURE_TOGGLE
-/*********************************************************************
- *
- * Function : cgi_toggle
- *
- * Description : CGI function that adds a new empty section to
- * an actions file.
- *
- * Parameters :
- * 1 : csp = Current client state (buffers, headers, etc...)
- * 2 : rsp = http_response data structure for output
- * 3 : parameters = map of cgi parameters
- *
- * CGI Parameters :
- * set : If present, how to change toggle setting:
- * "enable", "disable", "toggle", or none (default).
- * mini : If present, use mini reply template.
- *
- * Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory
- *
- *********************************************************************/
-jb_err cgi_toggle(struct client_state *csp,
- struct http_response *rsp,
- const struct map *parameters)
-{
- struct map *exports;
- char mode;
- const char *template_name;
-
- assert(csp);
- assert(rsp);
- assert(parameters);
-
- if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_TOGGLE))
- {
- return cgi_error_disabled(csp, rsp);
- }
-
- mode = get_char_param(parameters, "set");
-
- if (mode == 'E')
- {
- /* Enable */
- global_toggle_state = 1;
- }
- else if (mode == 'D')
- {
- /* Disable */
- global_toggle_state = 0;
- }
- else if (mode == 'T')
- {
- /* Toggle */
- global_toggle_state = !global_toggle_state;
- }
-
- if (NULL == (exports = default_exports(csp, "toggle")))
- {
- return JB_ERR_MEMORY;
- }
-
- template_name = (get_char_param(parameters, "mini")
- ? "toggle-mini"
- : "toggle");
-
- return template_fill_for_cgi(csp, template_name, exports, rsp);
-}
-#endif /* def FEATURE_TOGGLE */
/*********************************************************************
*
static jb_err actions_to_radio(struct map * exports,
const struct action_spec *action)
{
- unsigned mask = action->mask;
- unsigned add = action->add;
+ unsigned long mask;
+ unsigned long add;
int mapped_param;
int checked;
char current_mode;
return err;
}
+#endif /* def FEATURE_CGI_EDIT_ACTIONS */
-#endif /* def FEATURE_CGI_EDIT_ACTIONS */
+#ifdef FEATURE_TOGGLE
+/*********************************************************************
+ *
+ * Function : cgi_toggle
+ *
+ * Description : CGI function that adds a new empty section to
+ * an actions file.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : rsp = http_response data structure for output
+ * 3 : parameters = map of cgi parameters
+ *
+ * CGI Parameters :
+ * set : If present, how to change toggle setting:
+ * "enable", "disable", "toggle", or none (default).
+ * mini : If present, use mini reply template.
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory
+ *
+ *********************************************************************/
+jb_err cgi_toggle(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
+{
+ struct map *exports;
+ char mode;
+ const char *template_name;
+
+ assert(csp);
+ assert(rsp);
+ assert(parameters);
+
+ if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_TOGGLE))
+ {
+ return cgi_error_disabled(csp, rsp);
+ }
+
+ mode = get_char_param(parameters, "set");
+
+ if (mode == 'E')
+ {
+ /* Enable */
+ global_toggle_state = 1;
+ }
+ else if (mode == 'D')
+ {
+ /* Disable */
+ global_toggle_state = 0;
+ }
+ else if (mode == 'T')
+ {
+ /* Toggle */
+ global_toggle_state = !global_toggle_state;
+ }
+
+ if (NULL == (exports = default_exports(csp, "toggle")))
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ template_name = (get_char_param(parameters, "mini")
+ ? "toggle-mini"
+ : "toggle");
+
+ return template_fill_for_cgi(csp, template_name, exports, rsp);
+}
+#endif /* def FEATURE_TOGGLE */
/*
projects / privoxy.git / blobdiff