X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=cgi.c;h=062b9761e235db6efa27bf7825a31aa431f39162;hp=85baf63551cbe379d23acddcc7aa9401653b52fa;hb=dd4f4abf1ba67c74a5853cda6ff2162e1b417d03;hpb=2fd9e77391df631c1c0d3cf52466cd3e94df83d5
diff --git a/cgi.c b/cgi.c
index 85baf635..062b9761 100644
--- a/cgi.c
+++ b/cgi.c
@@ -1,4 +1,4 @@
-const char cgi_rcs[] = "$Id: cgi.c,v 1.53 2002/03/24 16:06:00 oes Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.62 2002/04/10 19:59:46 jongfoster Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
@@ -12,7 +12,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.53 2002/03/24 16:06:00 oes Exp $";
*
*
* Copyright : Written by and Copyright (C) 2001 the SourceForge
- * Privoxy team. http://ijbswa.sourceforge.net
+ * Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
@@ -38,6 +38,38 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.53 2002/03/24 16:06:00 oes Exp $";
*
* Revisions :
* $Log: cgi.c,v $
+ * Revision 1.62 2002/04/10 19:59:46 jongfoster
+ * Fixes to #include in templates:
+ * - Didn't close main file if loading an included template fails.
+ * - I'm paranoid and want to disallow "#include /etc/passwd".
+ *
+ * Revision 1.61 2002/04/10 13:37:48 oes
+ * Made templates modular: template_load now recursive with max depth 1
+ *
+ * Revision 1.60 2002/04/08 20:50:25 swa
+ * fixed JB spelling
+ *
+ * Revision 1.59 2002/04/05 15:51:51 oes
+ * - added send-stylesheet CGI
+ * - bugfix: error-pages now get correct request protocol
+ * - fixed
+ * - kludged CGI descriptions and menu not to break JS syntax
+ *
+ * Revision 1.58 2002/03/29 03:33:13 david__schmidt
+ * Fix Mac OSX compiler warnings
+ *
+ * Revision 1.57 2002/03/26 22:29:54 swa
+ * we have a new homepage!
+ *
+ * Revision 1.56 2002/03/24 17:50:46 jongfoster
+ * Fixing compile error if actions file editor disabled
+ *
+ * Revision 1.55 2002/03/24 16:55:06 oes
+ * Making GIF checkerboard transparent
+ *
+ * Revision 1.54 2002/03/24 16:18:15 jongfoster
+ * Removing old logo
+ *
* Revision 1.53 2002/03/24 16:06:00 oes
* Correct transparency for checkerboard PNG. Thanks, Magnus!
*
@@ -123,7 +155,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.53 2002/03/24 16:06:00 oes Exp $";
*
* CGI actions file editor that works and is actually useful.
*
- * Ability to toggle JunkBuster remotely using a CGI call.
+ * Ability to toggle Junkbuster remotely using a CGI call.
*
* You can turn off both the above features in the main configuration
* file, e.g. if you are running a multi-user proxy.
@@ -345,6 +377,11 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.53 2002/03/24 16:06:00 oes Exp $";
const char cgi_h_rcs[] = CGI_H_VERSION;
+/*
+ * List of CGI functions: name, handler, description
+ * Note: Do NOT use single quotes in the description;
+ * this will break the dynamic "blocked" template!
+ */
static const struct cgi_dispatcher cgi_dispatchers[] = {
{ "",
cgi_default,
@@ -352,7 +389,8 @@ static const struct cgi_dispatcher cgi_dispatchers[] = {
#ifdef FEATURE_GRACEFUL_TERMINATION
{ "die",
cgi_die,
- "Shut down - Do not deploy this build in a production environment, this is a one click Denial Of Service attack!!!" },
+ "Shut down - Do not deploy this build in a production environment, "
+ "this is a one click Denial Of Service attack!!!" },
#endif
{ "show-status",
cgi_show_status,
@@ -362,14 +400,14 @@ static const struct cgi_dispatcher cgi_dispatchers[] = {
"Show the source code version numbers" },
{ "show-request",
cgi_show_request,
- "Show the client's request headers." },
+ "Show the request headers." },
{ "show-url-info",
cgi_show_url_info,
"Show which actions apply to a URL and why" },
+#ifdef FEATURE_CGI_EDIT_ACTIONS
{ "toggle",
cgi_toggle,
"Toggle Privoxy on or off" },
-#ifdef FEATURE_CGI_EDIT_ACTIONS
{ "edit-actions",
cgi_edit_actions,
"Edit the actions list" },
@@ -439,6 +477,9 @@ static const struct cgi_dispatcher cgi_dispatchers[] = {
{ "send-banner",
cgi_send_banner,
NULL /* Send a built-in image */ },
+ { "send-stylesheet",
+ cgi_send_stylesheet,
+ NULL /* Send templates/cgi-style.css */ },
{ "t",
cgi_transparent_image,
NULL /* Send a transparent image (short name) */ },
@@ -489,10 +530,10 @@ const char image_blank_data[] =
*/
const char image_pattern_data[] =
"\107\111\106\070\071\141\004\000\004\000\200\000\000\310\310"
- "\310\377\377\377\041\376\025\111\040\165\163\145\144\040\164"
- "\157\040\142\145\040\141\040\142\141\156\156\145\162\000\054"
- "\000\000\000\000\004\000\004\000\000\002\005\104\174\147\270"
- "\005\000\073";
+ "\310\377\377\377\041\376\016\111\040\167\141\163\040\141\040"
+ "\142\141\156\156\145\162\000\041\371\004\001\012\000\001\000"
+ "\054\000\000\000\000\004\000\004\000\000\002\005\104\174\147"
+ "\270\005\000\073";
/*
* 1x1 transparant GIF.
@@ -519,7 +560,7 @@ static struct map *parse_cgi_parameters(char *argstring);
* Function : dispatch_cgi
*
* Description : Checks if a request URL has either the magical
- * hostname CGI_SITE_1_HOST (usully http://i.j.b/) or
+ * hostname CGI_SITE_1_HOST (usually http://p.p/) or
* matches CGI_SITE_2_HOST CGI_SITE_2_PATH (usually
* http://ijbswa.sourceforge.net/config). If so, it passes
* the (rest of the) path onto dispatch_known_cgi, which
@@ -768,6 +809,7 @@ struct http_response *error_response(struct client_state *csp,
if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0);
if (!err) err = map(exports, "path", 1, html_encode(csp->http->path), 0);
if (!err) err = map(exports, "error", 1, html_encode_and_free_original(safe_strerror(sys_err)), 0);
+ if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1);
if (!err)
{
err = map(exports, "host-ip", 1, html_encode(csp->http->host_ip_addr_str), 0);
@@ -913,9 +955,9 @@ jb_err cgi_error_no_template(struct client_state *csp,
"Privoxy encountered an error while processing your request:
\r\n"
"Could not load template file ";
static const char body_suffix[] =
- "
\r\n"
+ " or one of it's included components.\r\n"
"Please contact your proxy administrator.
\r\n"
- "If you are the proxy administrator, please put the required file "
+ "
If you are the proxy administrator, please put the required file(s)"
"in the (confdir)/templates directory. The "
"location of the (confdir) directory "
"is specified in the main Privoxy config "
@@ -1093,7 +1135,7 @@ struct http_response *finish_http_response(struct http_response *rsp)
}
if (!err)
{
- sprintf(buf, "Content-Length: %d", rsp->content_length);
+ sprintf(buf, "Content-Length: %d", (int)rsp->content_length);
err = enlist(rsp->headers, buf);
}
@@ -1217,25 +1259,31 @@ void free_http_response(struct http_response *rsp)
*
* Description : CGI support function that loads a given HTML
* template from the confdir, ignoring comment
- * lines.
+ * lines and following #include statements up to
+ * a depth of 1.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : template_ptr = Destination for pointer to loaded
* template text.
* 3 : template = name of the HTML template to be used
+ * 4 : recursive = Flag set if this function calls itself
+ * following an #include statament
*
* Returns : JB_ERR_OK on success
* JB_ERR_MEMORY on out-of-memory error.
* JB_ERR_FILE if the template file cannot be read
*
*********************************************************************/
-jb_err template_load(struct client_state *csp, char ** template_ptr,
- const char *templatename)
+jb_err template_load(struct client_state *csp, char **template_ptr,
+ const char *templatename, int recursive)
{
+ jb_err err;
char *templates_dir_path;
char *full_path;
char *file_buffer;
+ char *included_module;
+ const char *p;
FILE *fp;
char buf[BUFFER_SIZE];
@@ -1245,9 +1293,21 @@ jb_err template_load(struct client_state *csp, char ** template_ptr,
*template_ptr = NULL;
- /*
- * Open template file or fail
- */
+ /* Validate template name. Paranoia. */
+ for (p = templatename; *p != 0; p++)
+ {
+ if ( ((*p < 'a') || (*p > 'z'))
+ && ((*p < 'A') || (*p > 'Z'))
+ && ((*p < '0') || (*p > '9'))
+ && (*p != '-')
+ && (*p != '.'))
+ {
+ /* Illegal character */
+ return JB_ERR_FILE;
+ }
+ }
+
+ /* Generate full path */
templates_dir_path = make_path(csp->config->confdir, "templates");
if (templates_dir_path == NULL)
@@ -1262,6 +1322,8 @@ jb_err template_load(struct client_state *csp, char ** template_ptr,
return JB_ERR_MEMORY;
}
+ /* Allocate buffer */
+
file_buffer = strdup("");
if (file_buffer == NULL)
{
@@ -1269,6 +1331,8 @@ jb_err template_load(struct client_state *csp, char ** template_ptr,
return JB_ERR_MEMORY;
}
+ /* Open template file */
+
if (NULL == (fp = fopen(full_path, "r")))
{
log_error(LOG_LEVEL_ERROR, "Cannot open template file %s: %E", full_path);
@@ -1279,15 +1343,34 @@ jb_err template_load(struct client_state *csp, char ** template_ptr,
free(full_path);
/*
- * Read the file, ignoring comments.
+ * Read the file, ignoring comments, and honoring #include
+ * statements, unless we're already called recursively.
*
* FIXME: The comment handling could break with lines >BUFFER_SIZE long.
* This is unlikely in practise.
*/
while (fgets(buf, BUFFER_SIZE, fp))
{
+ if (!recursive && !strncmp(buf, "#include ", 9))
+ {
+ if (JB_ERR_OK != (err = template_load(csp, &included_module, chomp(buf + 9), 1)))
+ {
+ free(file_buffer);
+ fclose(fp);
+ return err;
+ }
+
+ if (string_join(&file_buffer, included_module))
+ {
+ fclose(fp);
+ return JB_ERR_MEMORY;
+ }
+
+ continue;
+ }
+
/* skip lines starting with '#' */
- if(*buf == '#')
+ if (*buf == '#')
{
continue;
}
@@ -1447,7 +1530,7 @@ jb_err template_fill_for_cgi(struct client_state *csp,
assert(exports);
assert(rsp);
- err = template_load(csp, &rsp->body, templatename);
+ err = template_load(csp, &rsp->body, templatename, 0);
if (err == JB_ERR_FILE)
{
free_map(exports);
@@ -1696,7 +1779,7 @@ char *make_menu(const char *self)
string_append(&result, d->name);
string_append(&result, "\">");
string_append(&result, d->description);
- string_append(&result, "\n");
+ string_append(&result, "");
}
}