+}
+#endif /* def FEATURE_FAST_REDIRECTS */
+
+
+/*********************************************************************
+ *
+ * Function : redirect_url
+ *
+ * Description : Checks if Privoxy should answer the request with
+ * a HTTP redirect and generates the redirect if
+ * necessary.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : NULL if the request can pass, HTTP redirect otherwise.
+ *
+ *********************************************************************/
+struct http_response *redirect_url(struct client_state *csp)
+{
+ struct http_response *rsp;
+#ifdef FEATURE_FAST_REDIRECTS
+ /*
+ * XXX: Do we still need FEATURE_FAST_REDIRECTS
+ * as compile-time option? The user can easily disable
+ * it in his action file.
+ */
+ char * redirect_mode;
+#endif /* def FEATURE_FAST_REDIRECTS */
+ char *old_url = NULL;
+ char *new_url = NULL;
+ char *redirection_string;
+
+ if ((csp->action->flags & ACTION_REDIRECT))
+ {
+ redirection_string = csp->action->string[ACTION_STRING_REDIRECT];
+
+ /*
+ * If the redirection string begins with 's',
+ * assume it's a pcrs command, otherwise treat it as
+ * properly formatted URL and use it for the redirection
+ * directly.
+ *
+ * According to RFC 2616 section 14.30 the URL
+ * has to be absolute and if the user tries:
+ * +redirect{shit/this/will/be/parsed/as/pcrs_command.html}
+ * she would get undefined results anyway.
+ *
+ */
+
+ if (*redirection_string == 's')
+ {
+ old_url = csp->http->url;
+ new_url = rewrite_url(old_url, redirection_string);
+ }
+ else
+ {
+ log_error(LOG_LEVEL_REDIRECTS,
+ "No pcrs command recognized, assuming that \"%s\" is already properly formatted.",
+ redirection_string);
+ new_url = strdup(redirection_string);
+ }
+ }
+
+#ifdef FEATURE_FAST_REDIRECTS
+ if ((csp->action->flags & ACTION_FAST_REDIRECTS))
+ {
+ redirect_mode = csp->action->string[ACTION_STRING_FAST_REDIRECTS];
+
+ /*
+ * If it exists, use the previously rewritten URL as input
+ * otherwise just use the old path.
+ */
+ old_url = (new_url != NULL) ? new_url : strdup(csp->http->path);
+ new_url = get_last_url(old_url, redirect_mode);
+ freez(old_url);
+ }
+
+ /*
+ * Disable redirect checkers, so that they
+ * will be only run more than once if the user
+ * also enables them through tags.
+ *
+ * From a performance point of view
+ * it doesn't matter, but the duplicated
+ * log messages are annoying.
+ */
+ csp->action->flags &= ~ACTION_FAST_REDIRECTS;
+#endif /* def FEATURE_FAST_REDIRECTS */
+ csp->action->flags &= ~ACTION_REDIRECT;
+
+ /* Did any redirect action trigger? */
+ if (new_url)
+ {
+ if (url_requires_percent_encoding(new_url))
+ {
+ char *encoded_url;
+ log_error(LOG_LEVEL_REDIRECTS, "Percent-encoding redirect URL: %N",
+ strlen(new_url), new_url);
+ encoded_url = percent_encode_url(new_url);
+ freez(new_url);
+ if (encoded_url == NULL)
+ {
+ return cgi_error_memory();
+ }
+ new_url = encoded_url;
+ assert(FALSE == url_requires_percent_encoding(new_url));
+ }
+
+ if (0 == strcmpic(new_url, csp->http->url))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "New URL \"%s\" and old URL \"%s\" are the same. Redirection loop prevented.",
+ csp->http->url, new_url);
+ freez(new_url);
+ }
+ else
+ {
+ log_error(LOG_LEVEL_REDIRECTS, "New URL is: %s", new_url);
+
+ if (NULL == (rsp = alloc_http_response()))
+ {
+ freez(new_url);
+ return cgi_error_memory();
+ }
+
+ if (enlist_unique_header(rsp->headers, "Location", new_url)
+ || (NULL == (rsp->status = strdup("302 Local Redirect from Privoxy"))))
+ {
+ freez(new_url);
+ free_http_response(rsp);
+ return cgi_error_memory();
+ }
+ rsp->crunch_reason = REDIRECTED;
+ freez(new_url);
+
+ return finish_http_response(csp, rsp);
+ }
+ }
+
+ /* Only reached if no redirect is required */
+ return NULL;
+
+}
+
+
+#ifdef FEATURE_IMAGE_BLOCKING
+/*********************************************************************
+ *
+ * Function : is_imageurl
+ *
+ * Description : Given a URL, decide whether it is an image or not,
+ * using either the info from a previous +image action
+ * or, #ifdef FEATURE_IMAGE_DETECT_MSIE, and the browser
+ * is MSIE and not on a Mac, tell from the browser's accept
+ * header.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : True (nonzero) if URL is an image, false (0)
+ * otherwise
+ *
+ *********************************************************************/
+int is_imageurl(const struct client_state *csp)
+{
+#ifdef FEATURE_IMAGE_DETECT_MSIE
+ char *tmp;
+
+ tmp = get_header_value(csp->headers, "User-Agent:");
+ if (tmp && strstr(tmp, "MSIE") && !strstr(tmp, "Mac_"))
+ {
+ tmp = get_header_value(csp->headers, "Accept:");
+ if (tmp && strstr(tmp, "image/gif"))
+ {
+ /* Client will accept HTML. If this seems counterintuitive,
+ * blame Microsoft.
+ */
+ return(0);
+ }
+ else
+ {
+ return(1);
+ }
+ }
+#endif /* def FEATURE_IMAGE_DETECT_MSIE */
+
+ return ((csp->action->flags & ACTION_IMAGE) != 0);
+
+}
+#endif /* def FEATURE_IMAGE_BLOCKING */
+
+
+#ifdef FEATURE_TRUST
+/*********************************************************************
+ *
+ * Function : is_untrusted_url
+ *
+ * Description : Should we "distrust" this URL (and block it)?
+ *
+ * Yes if it matches a line in the trustfile, or if the
+ * referrer matches a line starting with "+" in the
+ * trustfile.
+ * No otherwise.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : 0 => trusted, 1 => untrusted
+ *
+ *********************************************************************/
+int is_untrusted_url(const struct client_state *csp)
+{
+ struct file_list *fl;
+ struct block_spec *b;
+ struct url_spec **trusted_url;
+ struct http_request rhttp[1];
+ const char * referer;
+ jb_err err;
+
+ /*
+ * If we don't have a trustlist, we trust everybody
+ */
+ if (((fl = csp->tlist) == NULL) || ((b = fl->f) == NULL))
+ {
+ return 0;
+ }
+
+ memset(rhttp, '\0', sizeof(*rhttp));
+
+ /*
+ * Do we trust the request URL itself?
+ */
+ for (b = b->next; b ; b = b->next)
+ {
+ if (url_match(b->url, csp->http))
+ {
+ return b->reject;
+ }
+ }
+
+ if (NULL == (referer = get_header_value(csp->headers, "Referer:")))
+ {
+ /* no referrer was supplied */
+ return 1;
+ }
+
+
+ /*
+ * If not, do we maybe trust its referrer?
+ */
+ err = parse_http_url(referer, rhttp, REQUIRE_PROTOCOL);
+ if (err)
+ {
+ return 1;
+ }
+
+ for (trusted_url = csp->config->trust_list; *trusted_url != NULL; trusted_url++)
+ {
+ if (url_match(*trusted_url, rhttp))
+ {
+ /* if the URL's referrer is from a trusted referrer, then
+ * add the target spec to the trustfile as an unblocked
+ * domain and return 0 (which means it's OK).
+ */
+
+ FILE *fp;
+
+ if (NULL != (fp = fopen(csp->config->trustfile, "a")))
+ {
+ char * path;
+ char * path_end;
+ char * new_entry = strdup("~");