-const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.15 2002/03/06 22:54:35 jongfoster Exp $";
+const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.20 2002/03/16 20:28:34 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $
*
* Revisions :
* $Log: cgiedit.c,v $
+ * Revision 1.20 2002/03/16 20:28:34 oes
+ * Added descriptions to the filters so users will know what they select in the cgi editor
+ *
+ * Revision 1.19 2002/03/16 18:38:14 jongfoster
+ * Stopping stupid or malicious users from breaking the actions
+ * file using the web-based editor.
+ *
+ * Revision 1.18 2002/03/16 14:57:44 jongfoster
+ * Full support for enabling/disabling modular filters.
+ *
+ * Revision 1.17 2002/03/16 14:26:42 jongfoster
+ * First version of modular filters support - READ ONLY!
+ * Fixing a double-free bug in the out-of-memory handling in map_radio().
+ *
+ * Revision 1.16 2002/03/07 03:46:17 oes
+ * Fixed compiler warnings
+ *
* Revision 1.15 2002/03/06 22:54:35 jongfoster
* Automated function-comment nitpicking.
*
* (Statically allocated) */
};
+#define CGI_ACTION_PARAM_LEN_MAX 500
+
/* FIXME: Following non-static functions should be prototyped in .h or made static */
/* Functions to read and write arbitrary config files */
const struct map *parameters,
const char *name,
char **pvalue);
+static jb_err get_string_param(const struct map *parameters,
+ const char *param_name,
+ const char **pparam);
/* Internal actionsfile <==> HTML conversion functions */
static jb_err map_radio(struct map * exports,
}
+/*********************************************************************
+ *
+ * Function : get_char_param
+ *
+ * Description : Get a single-character parameter passed to a CGI
+ * function.
+ *
+ * Parameters :
+ * 1 : parameters = map of cgi parameters
+ * 2 : param_name = The name of the parameter to read
+ *
+ * Returns : Uppercase character on success, '\0' on error.
+ *
+ *********************************************************************/
+static char get_char_param(const struct map *parameters,
+ const char *param_name)
+{
+ char ch;
+
+ assert(parameters);
+ assert(param_name);
+
+ ch = *(lookup(parameters, param_name));
+ if ((ch >= 'a') && (ch <= 'z'))
+ {
+ ch = ch - 'a' + 'A';
+ }
+
+ return ch;
+}
+
+
+/*********************************************************************
+ *
+ * Function : get_string_param
+ *
+ * Description : Get a string paramater, to be used as an
+ * ACTION_STRING or ACTION_MULTI paramater.
+ * Validates the input to prevent stupid/malicious
+ * users from corrupting their action file.
+ *
+ * Parameters :
+ * 1 : parameters = map of cgi parameters
+ * 2 : param_name = The name of the parameter to read
+ * 3 : pparam = destination for paramater. Allocated as
+ * part of the map "parameters", so don't free it.
+ * Set to NULL if not specified.
+ *
+ * Returns : JB_ERR_OK on success, or if the paramater
+ * was not specified.
+ * JB_ERR_MEMORY on out-of-memory.
+ * JB_ERR_CGI_PARAMS if the paramater is not valid.
+ *
+ *********************************************************************/
+static jb_err get_string_param(const struct map *parameters,
+ const char *param_name,
+ const char **pparam)
+{
+ const char *param;
+ const char *s;
+ char ch;
+
+ assert(parameters);
+ assert(param_name);
+ assert(pparam);
+
+ *pparam = NULL;
+
+ param = lookup(parameters, param_name);
+ if (!*param)
+ {
+ return JB_ERR_OK;
+ }
+
+ if (strlen(param) >= CGI_ACTION_PARAM_LEN_MAX)
+ {
+ /*
+ * Too long.
+ *
+ * Note that the length limit is arbitrary, it just seems
+ * sensible to limit it to *something*. There's no
+ * technical reason for any limit at all.
+ */
+ return JB_ERR_CGI_PARAMS;
+ }
+
+ /* Check every character to see if it's legal */
+ s = param;
+ while ((ch = *s++) != '\0')
+ {
+ if ( ((unsigned char)ch < (unsigned char)' ')
+ || (ch == '}') )
+ {
+ /* Probable hack attempt, or user accidentally used '}'. */
+ return JB_ERR_CGI_PARAMS;
+ }
+ }
+
+ /* Success */
+ *pparam = param;
+
+ return JB_ERR_OK;
+}
+
+
/*********************************************************************
*
* Function : get_number_param
*p = c;
if (map(exports, buf, 1, "", 1))
{
- free(buf);
return JB_ERR_MEMORY;
}
}
}
*p = value;
- if (map(exports, buf, 0, "checked", 1))
- {
- free(buf);
- return JB_ERR_MEMORY;
- }
-
- return JB_ERR_OK;
+ return map(exports, buf, 0, "checked", 1);
}
struct file_line * cur_line;
unsigned line_number;
jb_err err;
+ struct file_list *filter_file;
+ struct re_filterfile_spec *filter_group;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
{
if (!err) err = actions_to_radio(exports, cur_line->data.action);
+ filter_file = csp->rlist;
+ filter_group = ((filter_file != NULL) ? filter_file->f : NULL);
+
+ if (!err) err = map_conditional(exports, "any-filters-defined", (filter_group != NULL));
+
+ if (err)
+ {
+ edit_free_file(file);
+ free_map(exports);
+ return err;
+ }
+
+ if (filter_group == NULL)
+ {
+ err = map(exports, "filter-params", 1, "", 1);
+ }
+ else
+ {
+ /* We have some entries in the filter list */
+ char * result;
+ int index = 0;
+ char * filter_template;
+
+ err = template_load(csp, &filter_template, "edit-actions-for-url-filter");
+ if (err)
+ {
+ edit_free_file(file);
+ free_map(exports);
+ if (err == JB_ERR_FILE)
+ {
+ return cgi_error_no_template(csp, rsp, "edit-actions-for-url-filter");
+ }
+ return err;
+ }
+
+ result = strdup("");
+
+ for (;(!err) && (filter_group != NULL); filter_group = filter_group->next)
+ {
+ char current_mode = 'x';
+ struct list_entry *filter_name;
+ char * this_line;
+ struct map *line_exports;
+ char number[20];
+
+ filter_name = cur_line->data.action->multi_add[ACTION_MULTI_FILTER]->first;
+ while ((filter_name != NULL)
+ && (0 != strcmp(filter_group->name, filter_name->str)))
+ {
+ filter_name = filter_name->next;
+ }
+
+ if (filter_name != NULL)
+ {
+ current_mode = 'y';
+ }
+ else
+ {
+ filter_name = cur_line->data.action->multi_remove[ACTION_MULTI_FILTER]->first;
+ while ((filter_name != NULL)
+ && (0 != strcmp(filter_group->name, filter_name->str)))
+ {
+ filter_name = filter_name->next;
+ }
+ if (filter_name != NULL)
+ {
+ current_mode = 'n';
+ }
+ }
+
+ /* Generate a unique serial number */
+ snprintf(number, sizeof(number), "%x", index++);
+ number[sizeof(number) - 1] = '\0';
+
+ line_exports = new_map();
+ if (line_exports == NULL)
+ {
+ err = JB_ERR_MEMORY;
+ freez(result);
+ }
+ else
+ {
+ if (!err) err = map(line_exports, "index", 1, number, 1);
+ if (!err) err = map(line_exports, "name", 1, filter_group->name, 1);
+ if (!err) err = map(line_exports, "description", 1, filter_group->description, 1);
+ if (!err) err = map_radio(line_exports, "this-filter", "ynx", current_mode);
+
+ this_line = NULL;
+ if (!err)
+ {
+ this_line = strdup(filter_template);
+ if (this_line == NULL) err = JB_ERR_MEMORY;
+ }
+ if (!err) err = template_fill(&this_line, line_exports);
+ string_join(&result, this_line);
+
+ free_map(line_exports);
+ }
+ }
+ if (!err)
+ {
+ err = map(exports, "filter-params", 1, result, 0);
+ }
+ else
+ {
+ freez(result);
+ }
+ }
+
+ if (!err) err = map_radio(exports, "filter-all", "nx",
+ (cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER] ? 'n' : 'x'));
+
edit_free_file(file);
if (err)
unsigned line_number;
char * target;
jb_err err;
+ int index;
+ char ch;
if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
{
return err;
}
+ ch = get_char_param(parameters, "filter_all");
+ if (ch == 'N')
+ {
+ list_remove_all(cur_line->data.action->multi_add[ACTION_MULTI_FILTER]);
+ list_remove_all(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER]);
+ cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER] = 1;
+ }
+ else if (ch == 'X')
+ {
+ cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER] = 0;
+ }
+
+ for (index = 0; !err; index++)
+ {
+ char key_value[30];
+ char key_name[30];
+ const char *name;
+ char value;
+
+ /* Generate the keys */
+ snprintf(key_value, sizeof(key_value), "filter_r%x", index);
+ key_value[sizeof(key_value) - 1] = '\0';
+ snprintf(key_name, sizeof(key_name), "filter_n%x", index);
+ key_name[sizeof(key_name) - 1] = '\0';
+
+ err = get_string_param(parameters, key_name, &name);
+ if (err) break;
+
+ if (name == NULL)
+ {
+ /* End of list */
+ break;
+ }
+
+
+ value = get_char_param(parameters, key_value);
+ if (value == 'Y')
+ {
+ list_remove_item(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
+ if (!err) err = enlist(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
+ list_remove_item(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER], name);
+ }
+ else if (value == 'N')
+ {
+ list_remove_item(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
+ if (!cur_line->data.action->multi_remove_all[ACTION_MULTI_FILTER])
+ {
+ list_remove_item(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER], name);
+ if (!err) err = enlist(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER], name);
+ }
+ }
+ else if (value == 'X')
+ {
+ list_remove_item(cur_line->data.action->multi_add[ACTION_MULTI_FILTER], name);
+ list_remove_item(cur_line->data.action->multi_remove[ACTION_MULTI_FILTER], name);
+ }
+ }
+
+ if(err)
+ {
+ /* Out of memory */
+ edit_free_file(file);
+ return err;
+ }
+
if (NULL == (actiontext = actions_to_text(cur_line->data.action)))
{
/* Out of memory */
return JB_ERR_MEMORY;
}
- mode = *(lookup(parameters, "set"));
+ mode = get_char_param(parameters, "set");
- if (mode == 'e')
+ if (mode == 'E')
{
/* Enable */
g_bToggleIJB = 1;
}
- else if (mode == 'd')
+ else if (mode == 'D')
{
/* Disable */
g_bToggleIJB = 0;
}
- else if (mode == 't')
+ else if (mode == 'T')
{
/* Toggle */
g_bToggleIJB = !g_bToggleIJB;
return err;
}
- template_name = (*(lookup(parameters, "mini"))
+ template_name = (get_char_param(parameters, "mini")
? "toggle-mini"
: "toggle");
}
+/*********************************************************************
+ *
+ * Function : javascriptify
+ *
+ * Description : Converts a string into a form JavaScript will like.
+ *
+ * Netscape 4's JavaScript sucks - it doesn't use
+ * "id" parameters, so you have to set the "name"
+ * used to submit a form element to something JavaScript
+ * will like. (Or access the elements by index in an
+ * array. That array contains >60 elements and will
+ * be changed whenever we add a new action to the
+ * editor, so I'm NOT going to use indexes that have
+ * to be figured out by hand.)
+ *
+ * Currently the only thing we have to worry about
+ * is "-" ==> "_" conversion.
+ *
+ * This is a length-preserving operation so it is
+ * carried out in-place, no memory is allocated
+ * or freed.
+ *
+ * Parameters :
+ * 1 : identifier = String to make JavaScript-friendly.
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void javascriptify(char * identifier)
+{
+ char * p = identifier;
+ while (NULL != (p = strchr(p, '-')))
+ {
+ *p++ = '_';
+ }
+}
+
+
/*********************************************************************
*
* Function : actions_to_radio
}
-/*********************************************************************
- *
- * Function : javascriptify
- *
- * Description : Converts a string into a form JavaScript will like.
- *
- * Netscape 4's JavaScript sucks - it doesn't use
- * "id" parameters, so you have to set the "name"
- * used to submit a form element to something JavaScript
- * will like. (Or access the elements by index in an
- * array. That array contains >60 elements and will
- * be changed whenever we add a new action to the
- * editor, so I'm NOT going to use indexes that have
- * to be figured out by hand.)
- *
- * Currently the only thing we have to worry about
- * is "-" ==> "_" conversion.
- *
- * This is a length-preserving operation so it is
- * carried out in-place, no memory is allocated
- * or freed.
- *
- * Parameters :
- * 1 : identifier = String to make JavaScript-friendly.
- *
- * Returns : N/A
- *
- *********************************************************************/
-static void javascriptify(char * identifier)
-{
- char * p = identifier;
- while (NULL != (p = strchr(p, '-')))
- {
- *p++ = '_';
- }
-}
-
-
/*********************************************************************
*
* Function : actions_from_radio
*
*********************************************************************/
static jb_err actions_from_radio(const struct map * parameters,
- struct action_spec *action)
+ struct action_spec *action)
{
static int first_time = 1;
const char * param;
char * param_dup;
char ch;
const char * js_name;
+ jb_err err = JB_ERR_OK;
assert(parameters);
assert(action);
#define DEFINE_ACTION_BOOL(name, bit) \
JAVASCRIPTIFY(js_name, name); \
- param = lookup(parameters, js_name); \
- ch = ijb_toupper(param[0]); \
+ ch = get_char_param(parameters, js_name); \
if (ch == 'Y') \
{ \
action->add |= bit; \
#define DEFINE_ACTION_STRING(name, bit, index) \
JAVASCRIPTIFY(js_name, name); \
- param = lookup(parameters, js_name); \
- ch = ijb_toupper(param[0]); \
+ ch = get_char_param(parameters, js_name); \
if (ch == 'Y') \
{ \
+ param = NULL; \
JAVASCRIPTIFY(js_name, name "-mode"); \
- param = lookup(parameters, js_name); \
- if ((*param == '\0') || (0 == strcmp(param, "CUSTOM"))) \
- { \
- JAVASCRIPTIFY(js_name, name "-param"); \
- param = lookup(parameters, js_name); \
+ if (!err) err = get_string_param(parameters, js_name, ¶m); \
+ if ((param == NULL) || (0 == strcmp(param, "CUSTOM"))) \
+ { \
+ JAVASCRIPTIFY(js_name, name "-param"); \
+ if (!err) err = get_string_param(parameters, js_name, ¶m); \
} \
- if (*param != '\0') \
+ if (param != NULL) \
{ \
if (NULL == (param_dup = strdup(param))) \
{ \
#define DEFINE_ACTION_MULTI(name, index) \
JAVASCRIPTIFY(js_name, name); \
- param = lookup(parameters, js_name); \
- ch = ijb_toupper((int)param[0]); \
+ ch = get_char_param(parameters, js_name); \
if (ch == 'Y') \
{ \
/* FIXME */ \
first_time = 0;
- return JB_ERR_OK;
+ return err;
}
projects / privoxy.git / blobdiff