-const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.3 2001/10/14 22:12:49 jongfoster Exp $";
+const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.4 2001/10/23 21:48:19 jongfoster Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $
*
* Purpose : CGI-based actionsfile editor.
- *
+ *
* Functions declared include:
- *
+ *
*
* Copyright : Written by and Copyright (C) 2001 the SourceForge
* IJBSWA team. http://ijbswa.sourceforge.net
*
* Based on the Internet Junkbuster originally written
- * by and Copyright (C) 1997 Anonymous Coders and
+ * by and Copyright (C) 1997 Anonymous Coders and
* Junkbusters Corporation. http://www.junkbusters.com
*
- * This program is free software; you can redistribute it
+ * This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
* Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at
*
* Revisions :
* $Log: cgiedit.c,v $
+ * Revision 1.4 2001/10/23 21:48:19 jongfoster
+ * Cleaning up error handling in CGI functions - they now send back
+ * a HTML error page and should never cause a FATAL error. (Fixes one
+ * potential source of "denial of service" attacks).
+ *
+ * CGI actions file editor that works and is actually useful.
+ *
+ * Ability to toggle JunkBuster remotely using a CGI call.
+ *
+ * You can turn off both the above features in the main configuration
+ * file, e.g. if you are running a multi-user proxy.
+ *
* Revision 1.3 2001/10/14 22:12:49 jongfoster
* New version of CGI-based actionsfile editor.
* Major changes, including:
#define snprintf _snprintf
#endif /* def _WIN32 */
+#ifdef __OS2__
+/*
+ * FIXME: gotta write a snprintf routine. snprintf. You guys kill me.
+ */
+#define snprintf(X,Y,Z) sprintf(X,Z)
+#endif /* __OS2__ */
+
#include "project.h"
#include "cgi.h"
#include "cgiedit.h"
char * prefix;
char * unprocessed;
int type;
-
+
union
{
struct action_spec action[1];
* significant anyway.
*/
struct file_line * parse_error; /* On parse error, this is the offending line. */
- const char * parse_error_text; /* On parse error, this is the problem.
+ const char * parse_error_text; /* On parse error, this is the problem.
* (Statically allocated) */
};
/* Internal actionsfile <==> HTML conversion functions */
static jb_err map_radio(struct map * exports,
- const char * optionname,
+ const char * optionname,
const char * values,
char value);
static jb_err actions_to_radio(struct map * exports,
{
return JB_ERR_MEMORY;
}
-
+
*buf = '\0';
len = 0;
*dest = buf;
return JB_ERR_OK;
}
-
+
if (NULL == (newbuf = realloc(buf, len + BUFFER_SIZE)))
{
free(buf);
* and respects escaping of newline and comment char.
* Provides the line in 2 alternative forms: raw and
* preprocessed.
- * - raw is the raw data read from the file. If the
+ * - raw is the raw data read from the file. If the
* line is not modified, then this should be written
* to the new file.
* - prefix is any comments and blank lines that were
free(linebuf);
return JB_ERR_MEMORY;
}
-
+
/* Trim off newline */
p = linebuf + strlen(linebuf);
if ((p != linebuf) && ((p[-1] == '\r') || (p[-1] == '\n')))
{
/* Got at least some data */
- /* Remove trailing whitespace */
+ /* Remove trailing whitespace */
chomp(data);
if (raw_out)
file->version = (unsigned)statbuf->st_mtime;
/* Correct file->version_str */
- freez((char *)file->version_str);
+ freez(file->version_str);
snprintf(version_buf, 22, "%u", file->version);
version_buf[21] = '\0';
file->version_str = strdup(version_buf);
*
* Function : edit_free_file
*
- * Description : Free a complete file in memory.
+ * Description : Free a complete file in memory.
*
* Parameters :
* 1 : file = Data structure to free.
}
edit_free_file_lines(file->lines);
- freez((char *)file->filename);
- freez((char *)file->identifier);
- freez((char *)file->version_str);
+ freez(file->filename);
+ freez(file->identifier);
+ freez(file->version_str);
file->version = 0;
file->parse_error_text = NULL; /* Statically allocated */
file->parse_error = NULL;
*
* Function : edit_free_file
*
- * Description : Free an entire linked list of file lines.
+ * Description : Free an entire linked list of file lines.
*
* Parameters :
* 1 : first_line = Data structure to free.
*
* Function : match_actions_file_header_line
*
- * Description : Match an actions file {{header}} line
+ * Description : Match an actions file {{header}} line
*
* Parameters :
* 1 : line - String from file
*
* Function : match_actions_file_header_line
*
- * Description : Match an actions file {{header}} line
+ * Description : Match an actions file {{header}} line
*
* Parameters :
* 1 : line - String from file. Must not start with
*
* Function : edit_parse_actions_file
*
- * Description : Parse an actions file in memory.
+ * Description : Parse an actions file in memory.
*
* Passed linked list must have the "data" member
* zeroed, and must contain valid "next" and
cur_line = file->lines;
- /* A note about blank line support: Blank lines should only
+ /* A note about blank line support: Blank lines should only
* ever occur as the last line in the file. This function
* is more forgiving than that - FILE_LINE_BLANK can occur
* anywhere.
*
* Function : edit_read_file_lines
*
- * Description : Read all the lines of a file into memory.
+ * Description : Read all the lines of a file into memory.
* Handles whitespace, comments and line continuation.
*
* Parameters :
}
/* Correct file->version_str */
- freez((char *)file->version_str);
+ freez(file->version_str);
snprintf(version_buf, 22, "%u", file->version);
version_buf[21] = '\0';
file->version_str = strdup(version_buf);
*
* <limits.h> defines UINT_MAX
*
- * (UINT_MAX - ch) / 10 is the largest number that
+ * (UINT_MAX - ch) / 10 is the largest number that
* can be safely multiplied by 10 then have ch added.
*/
if (value > ((UINT_MAX - (unsigned)ch) / 10U))
*
*********************************************************************/
static jb_err map_radio(struct map * exports,
- const char * optionname,
+ const char * optionname,
const char * values,
char value)
{
char * buf;
char * p;
char c;
-
+
assert(exports);
assert(optionname);
assert(values);
*
* Description : CGI function that is called when a file is modified
* outside the CGI editor.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_error_modified(struct client_state *csp,
*
* Description : CGI function that is called when a file cannot
* be parsed by the CGI editor.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_error_parse(struct client_state *csp,
*
* Description : CGI function that is called when a file cannot be
* opened by the CGI editor.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_error_file(struct client_state *csp,
*
* Description : CGI function that is called if the parameters
* (query string) for a CGI were wrong.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_error_disabled(struct client_state *csp,
}
return err;
}
-
+
err = template_load(csp, &url_template, "edit-actions-list-url");
if (err)
{
snprintf(buf, 50, "%d", line_number);
err = map(section_exports, "sectionid", 1, buf, 1);
- err = err || map(section_exports, "actions", 1,
+ err = err || map(section_exports, "actions", 1,
actions_to_html(cur_line->data.action), 0);
if ((cur_line->next != NULL) && (cur_line->next->type == FILE_LINE_URL))
snprintf(buf, 50, "%d", url_1_2);
err = err || map(url_exports, "url-1-2", 1, buf, 1);
- err = err || map(url_exports, "url", 1,
+ err = err || map(url_exports, "url", 1,
html_encode(cur_line->unprocessed), 0);
if (err)
struct http_response *rsp,
const struct map *parameters)
{
- int sectionid;
+ unsigned sectionid;
char * actiontext;
char * newtext;
int len;