X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=cgi.c;h=7c84b69f79c3e23dfb7c76f430840a3a3f5dfb37;hp=fca27d7f4ef1363052ee3bc19b610795f8f80bea;hb=a9f0837233938408364f067bf89def53b677f68f;hpb=3010d66d9bf05c41787d589e6a9584dbbded8206 diff --git a/cgi.c b/cgi.c index fca27d7f..7c84b69f 100644 --- a/cgi.c +++ b/cgi.c @@ -1,4 +1,4 @@ -const char cgi_rcs[] = "$Id: cgi.c,v 1.165 2016/05/03 13:22:30 fabiankeil Exp $"; +const char cgi_rcs[] = "$Id: cgi.c,v 1.170 2017/01/23 16:12:18 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgi.c,v $ @@ -8,7 +8,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.165 2016/05/03 13:22:30 fabiankeil Exp $" * This only contains the framework functions, the * actual handler functions are declared elsewhere. * - * Copyright : Written by and Copyright (C) 2001-2004, 2006-2008 + * Copyright : Written by and Copyright (C) 2001-2017 * members of the Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -101,10 +101,15 @@ static const struct cgi_dispatcher cgi_dispatchers[] = { "View the source code version numbers", TRUE }, #ifdef FEATURE_CLIENT_TAGS + /* + * This is marked as harmless because despite the description + * used in the menu the actual toggling is done through another + * path ("/toggle-client-tag"). + */ { "client-tags", cgi_show_client_tags, "View or toggle the tags that can be set based on the clients address", - FALSE }, + TRUE }, #endif { "show-request", cgi_show_request, @@ -120,6 +125,12 @@ static const struct cgi_dispatcher cgi_dispatchers[] = { "Toggle Privoxy on or off", FALSE }, #endif /* def FEATURE_TOGGLE */ +#ifdef FEATURE_CLIENT_TAGS + { "toggle-client-tag", + cgi_toggle_client_tag, + NULL, + FALSE }, +#endif #ifdef FEATURE_CGI_EDIT_ACTIONS { "edit-actions", /* Edit the actions list */ cgi_edit_actions, @@ -430,6 +441,7 @@ static int referrer_is_safe(const struct client_state *csp) { char *referrer; static const char alternative_prefix[] = "http://" CGI_SITE_1_HOST "/"; + const char *trusted_cgi_referrer = csp->config->trusted_cgi_referrer; referrer = grep_cgi_referrer(csp); @@ -448,6 +460,18 @@ static int referrer_is_safe(const struct client_state *csp) return TRUE; } + else if ((trusted_cgi_referrer != NULL) && (0 == strncmp(referrer, + trusted_cgi_referrer, strlen(trusted_cgi_referrer)))) + { + /* + * After some more testing this block should be merged with + * the previous one or the log level should bedowngraded. + */ + log_error(LOG_LEVEL_INFO, "Granting access to %s based on trusted referrer %s", + csp->http->url, referrer); + + return TRUE; + } else { /* Untrustworthy referrer */ @@ -1040,6 +1064,8 @@ jb_err cgi_error_disabled(const struct client_state *csp, assert(csp); assert(rsp); + rsp->status = strdup_or_die("403 Request not trusted or feature disabled"); + if (NULL == (exports = default_exports(csp, "cgi-error-disabled"))) { return JB_ERR_MEMORY; @@ -1376,7 +1402,7 @@ char *add_help_link(const char *item, } else { - string_append(&result, "https://"); + string_append(&result, "http://"); string_append(&result, CGI_SITE_2_HOST); string_append(&result, "/user-manual/"); }