X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=cgiedit.c;h=6d742b7cb3c0a1192b175b17278117585f8db62b;hp=22dc693217852a122081247beb1049723b74347d;hb=132517cd11681ec17afb5c8ea510e3968dd6512d;hpb=cf3501494c49f38c413762a6b679c4a08fa1e314 diff --git a/cgiedit.c b/cgiedit.c index 22dc6932..6d742b7c 100644 --- a/cgiedit.c +++ b/cgiedit.c @@ -1,21 +1,28 @@ -const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.2 2001/09/16 17:05:14 jongfoster Exp $"; +const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.61 2008/03/24 18:12:52 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $ * * Purpose : CGI-based actionsfile editor. - * - * Functions declared include: - * * - * Copyright : Written by and Copyright (C) 2001 the SourceForge - * IJBSWA team. http://ijbswa.sourceforge.net + * Functions declared include: cgi_edit_* + * + * NOTE: The CGIs in this file use parameter names + * such as "f" and "s" which are really *BAD* choices. + * However, I'm trying to save bytes in the + * edit-actions-list HTML page - the standard actions + * file generated a 550kbyte page, which is ridiculous. + * + * Stick to the short names in this file for consistency. + * + * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge + * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and + * by and Copyright (C) 1997 Anonymous Coders and * Junkbusters Corporation. http://www.junkbusters.com * - * This program is free software; you can redistribute it + * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General * Public License as published by the Free Software * Foundation; either version 2 of the License, or (at @@ -35,6 +42,333 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.2 2001/09/16 17:05:14 jongfoster * * Revisions : * $Log: cgiedit.c,v $ + * Revision 1.61 2008/03/24 18:12:52 fabiankeil + * Use sizeof() more often. + * + * Revision 1.60 2008/03/15 14:52:35 fabiankeil + * Add CGI editor support for the "disable all filters of this type" + * directives "-client-header-filter", "-server-header-filter", + * "-client-header-tagger" and "-server-header-tagger". + * + * Revision 1.59 2008/03/08 16:25:56 fabiankeil + * After three file modification time mismatches, turn the CGI editor off. + * + * Revision 1.58 2007/11/28 17:57:01 fabiankeil + * Fix double free in cgi_edit_actions_list(). + * Reported by adlab in BR#1840145. + * + * Revision 1.57 2007/10/27 13:32:23 fabiankeil + * Plug minor 5-year-old memory leak. Spotted by + * Valgrind and triggered by Privoxy-Regression-Test. + * + * Revision 1.56 2007/08/05 13:47:03 fabiankeil + * #1763173 from Stefan Huehner: s@const static@static const@. + * + * Revision 1.55 2007/05/31 11:50:20 fabiankeil + * Re-enable support for old-school URLs like + * http://config.privoxy.org/edit-actions-list?f=default + * in the action editor. + * + * They are no longer used by the CGI pages, but make it easier + * to reach the editor directly, without knowing the requested + * file's index in csp->config->actions_file[]. + * + * Revision 1.54 2007/05/14 10:33:51 fabiankeil + * - Use strlcpy() and strlcat() instead of strcpy() and strcat(). + * + * Revision 1.53 2007/04/15 16:39:20 fabiankeil + * Introduce tags as alternative way to specify which + * actions apply to a request. At the moment tags can be + * created based on client and server headers. + * + * Revision 1.52 2007/04/12 10:41:23 fabiankeil + * - Don't mistake VC++'s _snprintf() for a snprintf() replacement. + * - Move some cgi_edit_actions_for_url() variables into structs. + * - Remove bogus comment. + * + * Revision 1.51 2007/04/08 13:21:05 fabiankeil + * Reference action files in CGI URLs by id instead + * of using the first part of the file name. + * Fixes BR 1694250 and BR 1590556. + * + * Revision 1.50 2007/03/29 11:40:34 fabiankeil + * Divide @filter-params@ into @client-header-filter-params@ + * @content-filter-params@ and @server-header-filter-params@. + * + * Revision 1.49 2007/03/20 15:16:34 fabiankeil + * Use dedicated header filter actions instead of abusing "filter". + * Replace "filter-client-headers" and "filter-client-headers" + * with "server-header-filter" and "client-header-filter". + * + * Revision 1.48 2007/02/13 14:35:25 fabiankeil + * Replace hash escaping code to prevent + * crashes, memory and file corruption. + * + * Revision 1.47 2006/12/28 18:04:25 fabiankeil + * Fixed gcc43 conversion warnings. + * + * Revision 1.46 2006/12/27 18:44:52 fabiankeil + * Stop shadowing string.h's index(). + * + * Revision 1.45 2006/12/21 12:57:48 fabiankeil + * Add config option "split-large-forms" + * to work around the browser bug reported + * in BR #1570678. + * + * Revision 1.44 2006/12/09 13:49:16 fabiankeil + * Fix configure option --disable-toggle. + * Thanks to Peter Thoenen for reporting this. + * + * Revision 1.43 2006/07/18 14:48:45 david__schmidt + * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) + * with what was really the latest development (the v_3_0_branch branch) + * + * Revision 1.41.2.12 2006/01/30 15:16:25 david__schmidt + * Remove a little residual debugging info + * + * Revision 1.41.2.11 2006/01/29 23:10:56 david__schmidt + * Multiple filter file support + * + * Revision 1.41.2.10 2005/07/04 03:13:43 david__schmidt + * Undo some damaging memory leak patches + * + * Revision 1.41.2.9 2005/07/04 00:31:04 david__schmidt + * Removing a double free + * + * Revision 1.41.2.8 2005/05/07 21:50:54 david__schmidt + * A few memory leaks plugged (mostly on error paths) + * + * Revision 1.41.2.7 2004/02/17 13:30:23 oes + * Moved cgi_error_disabled() from cgiedit.c to + * cgi.c to re-enable build with --disable-editor. + * Fixes Bug #892744. Thanks to Matthew Fischer + * for spotting. + * + * Revision 1.41.2.6 2003/12/18 08:13:48 oes + * One line lost in last commit + * + * Revision 1.41.2.5 2003/12/17 16:33:47 oes + * - All edit functions that redirect back to the list page + * now use cgi_redirect + * - All redirects now contain useless parameter "foo", whose + * value are raw seconds since epoch, in order to force + * Opera and Konqueror to properly reload the list. Closes + * bug #859993 + * + * Revision 1.41.2.4 2003/03/11 11:53:59 oes + * Cosmetic: Renamed cryptic variable + * + * Revision 1.41.2.3 2002/11/12 15:01:41 oes + * Fix: Don't free uninitialized struct editable_file + * + * Revision 1.41.2.2 2002/08/05 20:02:59 oes + * Bugfix: "Insert new section at top" did not work properly if first non-comment line in file was of type FILE_LINE_ACTION + * + * Revision 1.41.2.1 2002/08/02 12:43:14 oes + * Fixed bug #588514: first_time now set on a per-string basis in actions_from_radio; javascriptify now called on copies + * + * Revision 1.41 2002/05/21 19:09:45 oes + * - Made Add/Edit/Remove URL Submit and Cancel + * buttons jump back to relevant section in eal + * - Bugfix: remove-url-form needs p export + * + * Revision 1.40 2002/05/19 11:34:35 jongfoster + * Handling read-only actions files better - report the actual + * error, not "Out of memory"! + * + * Bug report: + * http://sourceforge.net/tracker/index.php?func=detail + * &aid=557905&group_id=11118&atid=111118 + * + * Revision 1.39 2002/05/12 21:39:15 jongfoster + * - Adding Doxygen-style comments to structures and #defines. + * - Correcting function comments + * + * Revision 1.38 2002/05/03 23:00:38 jongfoster + * Support for templates for "standard actions" buttons. + * See bug #549871 + * + * Revision 1.37 2002/04/30 11:14:52 oes + * Made csp the first parameter in *action_to_html + * + * Revision 1.36 2002/04/26 21:53:30 jongfoster + * Fixing a memory leak. (Near, but not caused by, my earlier commit). + * + * Revision 1.35 2002/04/26 21:50:02 jongfoster + * Honouring default exports in edit-actions-for-url-filter template. + * + * Revision 1.34 2002/04/26 12:54:17 oes + * Adaptions to changes in actions.c + * + * Revision 1.33 2002/04/24 02:17:47 oes + * - Moved get_char_param, get_string_param and get_number_param to cgi.c + * - Comments + * - Activated Jon's code for editing multiple AFs + * - cgi_edit_list_actions now provides context-sensitive + * help, looks up all action sets from standard.action and + * makes buttons for them in the catchall section + * - cgi_edit_action_submit now honors a p parameter, looks up + * the corresponding action set, and sets the catchall pattern's + * actions accordingly. + * + * Revision 1.32 2002/04/19 16:55:31 jongfoster + * Fixing newline problems. If we do our own text file newline + * mangling, we don't want the library to do any, so we need to + * open the files in *binary* mode. + * + * Revision 1.31 2002/04/18 19:21:08 jongfoster + * Added code to detect "conventional" action files, that start + * with a set of actions for all URLs (the pattern "/"). + * These are special-cased in the "edit-actions-list" CGI, so + * that a special UI can be written for them. + * + * Revision 1.30 2002/04/10 13:38:35 oes + * load_template signature changed + * + * Revision 1.29 2002/04/08 16:59:08 oes + * Fixed comment + * + * Revision 1.28 2002/03/27 12:30:29 oes + * Deleted unsused variable + * + * Revision 1.27 2002/03/26 23:06:04 jongfoster + * Removing duplicate @ifs on the toggle page + * + * Revision 1.26 2002/03/26 22:59:17 jongfoster + * Fixing /toggle to display status consistently. + * + * Revision 1.25 2002/03/26 22:29:54 swa + * we have a new homepage! + * + * Revision 1.24 2002/03/24 15:23:33 jongfoster + * Name changes + * + * Revision 1.23 2002/03/24 13:32:41 swa + * name change related issues + * + * Revision 1.22 2002/03/24 13:25:43 swa + * name change related issues + * + * Revision 1.21 2002/03/22 18:02:48 jongfoster + * Fixing remote toggle + * + * Revision 1.20 2002/03/16 20:28:34 oes + * Added descriptions to the filters so users will know what they select in the cgi editor + * + * Revision 1.19 2002/03/16 18:38:14 jongfoster + * Stopping stupid or malicious users from breaking the actions + * file using the web-based editor. + * + * Revision 1.18 2002/03/16 14:57:44 jongfoster + * Full support for enabling/disabling modular filters. + * + * Revision 1.17 2002/03/16 14:26:42 jongfoster + * First version of modular filters support - READ ONLY! + * Fixing a double-free bug in the out-of-memory handling in map_radio(). + * + * Revision 1.16 2002/03/07 03:46:17 oes + * Fixed compiler warnings + * + * Revision 1.15 2002/03/06 22:54:35 jongfoster + * Automated function-comment nitpicking. + * + * Revision 1.14 2002/03/05 00:24:51 jongfoster + * Patch to always edit the current actions file. + * + * Revision 1.13 2002/03/04 02:07:59 david__schmidt + * Enable web editing of actions file on OS/2 (it had been broken all this time!) + * + * Revision 1.12 2002/03/03 09:18:03 joergs + * Made jumbjuster work on AmigaOS again. + * + * Revision 1.11 2002/01/23 01:03:31 jongfoster + * Fixing gcc [CygWin] compiler warnings + * + * Revision 1.10 2002/01/23 00:22:59 jongfoster + * Adding new function cgi_edit_actions_section_swap(), to reorder + * the actions file. + * + * Adding get_url_spec_param() to get a validated URL pattern. + * + * Moving edit_read_line() out of this file and into loaders.c. + * + * Adding missing html_encode() to many CGI functions. + * + * Moving the functions that #include actionlist.h to the end of the file, + * because the Visual C++ 97 debugger gets extremely confused if you try + * to debug any code that comes after them in the file. + * + * Major optimizations in cgi_edit_actions_list() to reduce the size of + * the generated HTML (down 40% from 550k to 304k), with major side-effects + * throughout the editor and templates. In particular, the length of the + * URLs throughout the editor has been drastically reduced, by cutting + * paramater names down to 1 character and CGI names down to 3-4 + * characters, by removing all non-essential CGI paramaters even at the + * expense of having to re-read the actions file for the most trivial + * page, and by using relative rather than absolute URLs. This means + * that this (typical example): + * + * + * + * is now this: + * + * + * + * Revision 1.9 2002/01/17 20:56:22 jongfoster + * Replacing hard references to the URL of the config interface + * with #defines from project.h + * + * Revision 1.8 2001/11/30 23:35:51 jongfoster + * Renaming actionsfile to ijb.action + * + * Revision 1.7 2001/11/13 00:28:24 jongfoster + * - Renaming parameters from edit-actions-for-url so that they only + * contain legal JavaScript characters. If we wanted to write + * JavaScript that worked with Netscape 4, this is nessacery. + * (Note that at the moment the JavaScript doesn't actually work + * with Netscape 4, but now this is purely a template issue, not + * one affecting code). + * - Adding new CGIs for use by non-JavaScript browsers: + * edit-actions-url-form + * edit-actions-add-url-form + * edit-actions-remove-url-form + * - Fixing || bug. + * + * Revision 1.6 2001/10/29 03:48:09 david__schmidt + * OS/2 native needed a snprintf() routine. Added one to miscutil, brackedted + * by and __OS2__ ifdef. + * + * Revision 1.5 2001/10/25 03:40:48 david__schmidt + * Change in porting tactics: OS/2's EMX porting layer doesn't allow multiple + * threads to call select() simultaneously. So, it's time to do a real, live, + * native OS/2 port. See defines for __EMX__ (the porting layer) vs. __OS2__ + * (native). Both versions will work, but using __OS2__ offers multi-threading. + * + * Revision 1.4 2001/10/23 21:48:19 jongfoster + * Cleaning up error handling in CGI functions - they now send back + * a HTML error page and should never cause a FATAL error. (Fixes one + * potential source of "denial of service" attacks). + * + * CGI actions file editor that works and is actually useful. + * + * Ability to toggle JunkBuster remotely using a CGI call. + * + * You can turn off both the above features in the main configuration + * file, e.g. if you are running a multi-user proxy. + * + * Revision 1.3 2001/10/14 22:12:49 jongfoster + * New version of CGI-based actionsfile editor. + * Major changes, including: + * - Completely new file parser and file output routines + * - edit-actions CGI renamed edit-actions-for-url + * - All CGIs now need a filename parameter, except for... + * - New CGI edit-actions which doesn't need a filename, + * to allow you to start the editor up. + * - edit-actions-submit now works, and now automatically + * redirects you back to the main edit-actions-list handler. + * * Revision 1.2 2001/09/16 17:05:14 jongfoster * Removing unused #include showarg.h * @@ -57,15 +391,10 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.2 2001/09/16 17:05:14 jongfoster #include #include #include -#include #include #include #include -#include - -#ifdef _WIN32 -#define snprintf _snprintf -#endif /* def _WIN32 */ +#include #include "project.h" #include "cgi.h" @@ -76,29 +405,61 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.2 2001/09/16 17:05:14 jongfoster #include "actions.h" #include "miscutil.h" #include "errlog.h" +#include "loaders.h" +#ifdef FEATURE_TOGGLE +/* loadcfg.h is for global_toggle_state only */ +#include "loadcfg.h" +#endif /* def FEATURE_TOGGLE */ +#include "urlmatch.h" const char cgiedit_h_rcs[] = CGIEDIT_H_VERSION; #ifdef FEATURE_CGI_EDIT_ACTIONS +/** + * A line in an editable_file. + */ struct file_line { + /** Next entry in the linked list */ struct file_line * next; + + /** The raw data, to write out if this line is unmodified. */ char * raw; + + /** Comments and/or whitespace to put before this line if it's modified + and then written out. */ char * prefix; + + /** The actual data, as a string. Line continuation and comment removal + are performed on the data read from file before it's stored here, so + it will be a single line of data. */ char * unprocessed; - int type; + /** The type of data on this line. One of the FILE_LINE_xxx constants. */ + int type; + + /** The actual data, processed into some sensible data type. */ union { + + /** An action specification. */ struct action_spec action[1]; + /** A name=value pair. */ struct { + + /** The name in the name=value pair. */ char * name; + + /** The value in the name=value pair, as a string. */ char * svalue; + + /** The value in the name=value pair, as an integer. */ int ivalue; + } setting; /* Add more data types here... e.g. @@ -115,432 +476,612 @@ struct file_line */ } data; + }; +/** This file_line has not been processed yet. */ #define FILE_LINE_UNPROCESSED 1 + +/** This file_line is blank. Can only appear at the end of a file, due to + the way the parser works. */ #define FILE_LINE_BLANK 2 + +/** This file_line says {{alias}}. */ #define FILE_LINE_ALIAS_HEADER 3 + +/** This file_line defines an alias. */ #define FILE_LINE_ALIAS_ENTRY 4 + +/** This file_line defines an {action}. */ #define FILE_LINE_ACTION 5 + +/** This file_line specifies a URL pattern. */ #define FILE_LINE_URL 6 + +/** This file_line says {{settings}}. */ #define FILE_LINE_SETTINGS_HEADER 7 + +/** This file_line is in a {{settings}} block. */ #define FILE_LINE_SETTINGS_ENTRY 8 + +/** This file_line says {{description}}. */ #define FILE_LINE_DESCRIPTION_HEADER 9 + +/** This file_line is in a {{description}} block. */ #define FILE_LINE_DESCRIPTION_ENTRY 10 -/* FIXME: Following list of prototypes is not complete */ +/* + * Number of file modification time mismatches + * before the CGI editor gets turned off. + */ +#define ACCEPTABLE_TIMESTAMP_MISMATCHES 3 + +/** + * A configuration file, in a format that can be edited and written back to + * disk. + */ +struct editable_file +{ + struct file_line * lines; /**< The contents of the file. A linked list of lines. */ + const char * filename; /**< Full pathname - e.g. "/etc/privoxy/wibble.action". */ + unsigned identifier; /**< The file name's position in csp->config->actions_file[]. */ + const char * version_str; /**< Last modification time, as a string. For CGI param. */ + /**< Can be used in URL without using url_param(). */ + unsigned version; /**< Last modification time - prevents chaos with + the browser's "back" button. Note that this is a + time_t cast to an unsigned. When comparing, always + cast the time_t to an unsigned, and *NOT* vice-versa. + This may lose the top few bits, but they're not + significant anyway. */ + int newline; /**< Newline convention - one of the NEWLINE_xxx constants. + Note that changing this after the file has been + read in will cause a mess. */ + struct file_line * parse_error; /**< On parse error, this is the offending line. */ + const char * parse_error_text; /**< On parse error, this is the problem. + (Statically allocated) */ +}; + +/** + * Information about the filter types. + * Used for macro replacement in cgi_edit_actions_for_url. + */ +struct filter_type_info +{ + const int multi_action_index; /**< The multi action index as defined in project.h */ + const char *macro_name; /**< Name of the macro that has to be replaced + with the prepared templates. + For example "content-filter-params" */ + const char *type; /**< Name of the filter type, + for example "server-header-filter". */ + /* XXX: check if these two can be combined. */ + const char *disable_all_option; /**< Name of the catch-all radio option that has + to be checked or unchecked for this filter type. */ + const char *disable_all_param; /**< Name of the parameter that causes all filters of + this type to be disabled. */ + const char *abbr_type; /**< Abbreviation of the filter type, usually the + first or second character capitalized */ + const char *anchor; /**< Anchor for the User Manual link, + for example "SERVER-HEADER-FILTER" */ +}; + +/* Accessed by index, keep the order in the way the FT_ macros are defined. */ +static const struct filter_type_info filter_type_info[] = +{ + { + ACTION_MULTI_FILTER, + "content-filter-params", "filter", + "filter-all", "filter_all", + "F", "FILTER" + }, + { + ACTION_MULTI_CLIENT_HEADER_FILTER, + "client-header-filter-params", "client-header-filter", + "client-header-filter-all", "client_header_filter_all", + "C", "CLIENT-HEADER-FILTER" + }, + { + ACTION_MULTI_SERVER_HEADER_FILTER, + "server-header-filter-params", "server-header-filter", + "server-header-filter-all", "server_header_filter_all", + "S", "SERVER-HEADER-FILTER" + }, + { + ACTION_MULTI_CLIENT_HEADER_TAGGER, + "client-header-tagger-params", "client-header-tagger", + "client-header-tagger-all", "client_header_tagger_all", + "L", "CLIENT-HEADER-TAGGER" + }, + { + ACTION_MULTI_SERVER_HEADER_TAGGER, + "server-header-tagger-params", "server-header-tagger", + "server-header-tagger-all", "server_header_tagger_all", + "E", "SERVER-HEADER-TAGGER" + }, +}; + /* FIXME: Following non-static functions should be prototyped in .h or made static */ -static int simple_read_line(char **dest, FILE *fp); -static int edit_read_line (FILE *fp, char **raw_out, char **prefix_out, char **data_out); - int edit_read_file (FILE *fp, struct file_line ** pfile); - int edit_write_file (const char * filename, const struct file_line * file); - void edit_free_file (struct file_line * file); +/* Functions to read and write arbitrary config files */ +jb_err edit_read_file(struct client_state *csp, + const struct map *parameters, + int require_version, + struct editable_file **pfile); +jb_err edit_write_file(struct editable_file * file); +void edit_free_file(struct editable_file * file); + +/* Functions to read and write actions files */ +jb_err edit_parse_actions_file(struct editable_file * file); +jb_err edit_read_actions_file(struct client_state *csp, + struct http_response *rsp, + const struct map *parameters, + int require_version, + struct editable_file **pfile); + +/* Error handlers */ +jb_err cgi_error_modified(struct client_state *csp, + struct http_response *rsp, + const char *filename); +jb_err cgi_error_parse(struct client_state *csp, + struct http_response *rsp, + struct editable_file *file); +jb_err cgi_error_file(struct client_state *csp, + struct http_response *rsp, + const char *filename); +jb_err cgi_error_file_read_only(struct client_state *csp, + struct http_response *rsp, + const char *filename); + +/* Internal arbitrary config file support functions */ +static jb_err edit_read_file_lines(FILE *fp, struct file_line ** pfile, int *newline); +static void edit_free_file_lines(struct file_line * first_line); + +/* Internal actions file support functions */ +static int match_actions_file_header_line(const char * line, const char * name); +static jb_err split_line_on_equals(const char * line, char ** pname, char ** pvalue); + +/* Internal parameter parsing functions */ +static jb_err get_url_spec_param(struct client_state *csp, + const struct map *parameters, + const char *name, + char **pvalue); + + +/* Internal actionsfile <==> HTML conversion functions */ +static jb_err map_radio(struct map * exports, + const char * optionname, + const char * values, + int value); +static jb_err actions_to_radio(struct map * exports, + const struct action_spec *action); +static jb_err actions_from_radio(const struct map * parameters, + struct action_spec *action); + + +static jb_err map_copy_parameter_html(struct map *out, + const struct map *in, + const char *name); +#if 0 /* unused function */ +static jb_err map_copy_parameter_url(struct map *out, + const struct map *in, + const char *name); +#endif /* unused function */ + +static jb_err get_file_name_param(struct client_state *csp, + const struct map *parameters, + const char *param_name, + const char **pfilename); + +/* Internal convenience functions */ +static char *section_target(const unsigned sectionid); + +/********************************************************************* + * + * Function : section_target + * + * Description : Given an unsigned (section id) n, produce a dynamically + * allocated string of the form #l, for use in link + * targets. + * + * XXX: The hash should be moved into the templates + * to make this function more generic and render + * stringify() obsolete. + * + * Parameters : + * 1 : sectionid = start line number of section + * + * Returns : String with link target, or NULL if out of + * memory + * + *********************************************************************/ +static char *section_target(const unsigned sectionid) +{ + char buf[30]; + + snprintf(buf, sizeof(buf), "#l%d", sectionid); + return(strdup(buf)); -/* FIXME: This should be in project.h and used everywhere */ -#define JB_ERR_OK 0 /* Success, no error */ -#define JB_ERR_MEMORY 1 /* Out of memory */ -#define JB_ERR_CGI_PARAMS 2 /* Missing or corrupt CGI parameters */ -#define JB_ERR_FILE 3 /* Error opening, reading or writing a file */ -#define JB_ERR_PARSE 4 /* Error parsing file */ -#define JB_ERR_MODIFIED 5 /* File has been modified outside of the */ - /* CGI actions editor. */ +} /********************************************************************* * - * Function : simple_read_line + * Function : stringify + * + * Description : Convert a number into a dynamically allocated string. + * + * Parameters : + * 1 : number = The number to convert. + * + * Returns : String with link target, or NULL if out of memory + * + *********************************************************************/ +static char *stringify(const unsigned number) +{ + char buf[6]; + + snprintf(buf, sizeof(buf), "%i", number); + return strdup(buf); +} + + +/********************************************************************* * - * Description : Read a single line from a file and return it. - * This is basically a version of fgets() that malloc()s - * it's own line buffer. Note that the buffer will - * always be a multiple of BUFFER_SIZE bytes long. - * Therefore if you are going to keep the string for - * an extended period of time, you should probably - * strdup() it and free() the original, to save memory. + * Function : map_copy_parameter_html * + * Description : Copy a CGI parameter from one map to another, HTML + * encoding it. * * Parameters : - * 1 : dest = destination for newly malloc'd pointer to - * line data. Will be set to NULL on error. - * 2 : fp = File to read from + * 1 : out = target map + * 2 : in = source map + * 3 : name = name of cgi parameter to copy * - * Returns : JB_ERR_OK on success + * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory - * JB_ERR_FILE on EOF. + * JB_ERR_CGI_PARAMS if the parameter doesn't exist + * in the source map * *********************************************************************/ -static int simple_read_line(char **dest, FILE *fp) +static jb_err map_copy_parameter_html(struct map *out, + const struct map *in, + const char *name) { - int len; - char * buf; - char * newbuf; + const char * value; + jb_err err; - assert(fp); - assert(dest); + assert(out); + assert(in); + assert(name); - *dest = NULL; + value = lookup(in, name); + err = map(out, name, 1, html_encode(value), 0); - if (NULL == (buf = malloc(BUFFER_SIZE))) + if (err) { - return JB_ERR_MEMORY; + /* Out of memory */ + return err; } - - *buf = '\0'; - len = 0; - - while (FOREVER) + else if (*value == '\0') { - newbuf = buf + len; - if ((!fgets(newbuf, BUFFER_SIZE, fp)) || (*newbuf == '\0')) - { - /* (*newbuf == '\0') should never happen unless fgets fails */ - if (*buf == '\0') - { - free(buf); - return JB_ERR_FILE; - } - else - { - *dest = buf; - return JB_ERR_OK; - } - } - len = strlen(buf); - if ((buf[len - 1] == '\n') || (buf[len - 1] == '\r')) - { - *dest = buf; - return JB_ERR_OK; - } - - if (NULL == (newbuf = realloc(buf, len + BUFFER_SIZE))) - { - free(buf); - return JB_ERR_MEMORY; - } - buf = newbuf; + return JB_ERR_CGI_PARAMS; + } + else + { + return JB_ERR_OK; } } +#if 0 /* unused function */ /********************************************************************* * - * Function : edit_read_line - * - * Description : Read a single non-empty line from a file and return - * it. Trims comments, leading and trailing whitespace - * and respects escaping of newline and comment char. - * Provides the line in 2 alternative forms: raw and - * preprocessed. - * - raw is the raw data read from the file. If the - * line is not modified, then this should be written - * to the new file. - * - prefix is any comments and blank lines that were - * read from the file. If the line is modified, then - * this should be written out to the file followed - * by the modified data. (If this string is non-empty - * then it will have a newline at the end). - * - data is the actual data that will be parsed - * further by appropriate routines. - * On EOF, the 3 strings will all be set to NULL and - * 0 will be returned. + * Function : map_copy_parameter_url + * + * Description : Copy a CGI parameter from one map to another, URL + * encoding it. * * Parameters : - * 1 : fp = File to read from - * 2 : raw_out = destination for newly malloc'd pointer to - * raw line data. May be NULL if you don't want it. - * 3 : prefix_out = destination for newly malloc'd pointer to - * comments. May be NULL if you don't want it. - * 4 : data_out = destination for newly malloc'd pointer to - * line data with comments and leading/trailing spaces - * removed, and line continuation performed. May be - * NULL if you don't want it. + * 1 : out = target map + * 2 : in = source map + * 3 : name = name of cgi parameter to copy * - * Returns : JB_ERR_OK on success + * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory - * JB_ERR_FILE on EOF. + * JB_ERR_CGI_PARAMS if the parameter doesn't exist + * in the source map * *********************************************************************/ -static int edit_read_line(FILE *fp, char **raw_out, char **prefix_out, char **data_out) +static jb_err map_copy_parameter_url(struct map *out, + const struct map *in, + const char *name) { - char *p; /* Temporary pointer */ - char *linebuf; /* Line read from file */ - char *linestart; /* Start of linebuf, usually first non-whitespace char */ - char newline[3]; /* Used to store the newline - "\n", "\r", or "\r\n" */ - int contflag = 0; /* Nonzero for line continuation - i.e. line ends '\' */ - char *raw; /* String to be stored in raw_out */ - char *prefix; /* String to be stored in prefix_out */ - char *data; /* String to be stored in data_out */ - int rval = JB_ERR_OK; + const char * value; + jb_err err; - assert(fp); + assert(out); + assert(in); + assert(name); - /* Set output parameters to NULL */ - if (raw_out) + value = lookup(in, name); + err = map(out, name, 1, url_encode(value), 0); + + if (err) { - *raw_out = NULL; + /* Out of memory */ + return err; } - if (prefix_out) + else if (*value == '\0') { - *prefix_out = NULL; + return JB_ERR_CGI_PARAMS; } - if (data_out) + else { - *data_out = NULL; + return JB_ERR_OK; } +} +#endif /* 0 - unused function */ + - /* Set string variables to new, empty strings. */ +/********************************************************************* + * + * Function : cgi_edit_actions_url_form + * + * Description : CGI function that displays a form for + * edit-actions-url + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : rsp = http_response data structure for output + * 3 : parameters = map of cgi parameters + * + * CGI Parameters + * i : (action index) Identifies the file to edit + * v : (version) File's last-modified time + * p : (pattern) Line number of pattern to edit + * + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out-of-memory + * JB_ERR_CGI_PARAMS if the CGI parameters are not + * specified or not valid. + * + *********************************************************************/ +jb_err cgi_edit_actions_url_form(struct client_state *csp, + struct http_response *rsp, + const struct map *parameters) +{ + struct map * exports; + unsigned patternid; + struct editable_file * file; + struct file_line * cur_line; + unsigned line_number; + unsigned section_start_line_number = 0; + jb_err err; - raw = malloc(1); - prefix = malloc(1); - data = malloc(1); + assert(csp); + assert(rsp); + assert(parameters); - if ((raw == NULL) || (prefix == NULL) || (data == NULL)) + if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS)) { - freez(raw); - freez(prefix); - freez(data); - return JB_ERR_MEMORY; + return cgi_error_disabled(csp, rsp); } - *raw = '\0'; - *prefix = '\0'; - *data = '\0'; - - /* Main loop. Loop while we need more data & it's not EOF. */ + err = get_number_param(csp, parameters, "p", &patternid); + if (err) + { + return err; + } - while ( (contflag || (*data == '\0')) - && (JB_ERR_OK == (rval = simple_read_line(&linebuf, fp)))) + err = edit_read_actions_file(csp, rsp, parameters, 1, &file); + if (err) { - if (string_append(&raw,linebuf)) - { - free(prefix); - free(data); - free(linebuf); - return JB_ERR_MEMORY; - } - - /* Trim off newline */ - p = linebuf + strlen(linebuf); - if ((p != linebuf) && ((p[-1] == '\r') || (p[-1] == '\n'))) - { - p--; - if ((p != linebuf) && ((p[-1] == '\r') || (p[-1] == '\n'))) - { - p--; - } - } - strcpy(newline, p); - *p = '\0'; + /* No filename specified, can't read file, modified, or out of memory. */ + return (err == JB_ERR_FILE ? JB_ERR_OK : err); + } - /* Line continuation? Trim escape and set flag. */ - contflag = ((p != linebuf) && (*--p == '\\')); - if (contflag) - { - *p = '\0'; - } + cur_line = file->lines; - /* Trim leading spaces if we're at the start of the line */ - linestart = linebuf; - if (*data == '\0') + for (line_number = 1; (cur_line != NULL) && (line_number < patternid); line_number++) + { + if (cur_line->type == FILE_LINE_ACTION) { - /* Trim leading spaces */ - while (*linestart && isspace((int)(unsigned char)*linestart)) - { - linestart++; - } + section_start_line_number = line_number; } + cur_line = cur_line->next; + } - /* Handle comment characters. */ - p = linestart; - while ((p = strchr(p, '#')) != NULL) - { - /* Found a comment char.. */ - if ((p != linebuf) && (*(p-1) == '\\')) - { - /* ..and it's escaped, left-shift the line over the escape. */ - char *q = p - 1; - while ((*q = *(q + 1)) != '\0') - { - q++; - } - /* Now scan from just after the "#". */ - } - else - { - /* Real comment. Save it... */ - if (p == linestart) - { - /* Special case: Line only contains a comment, so all the - * previous whitespace is considered part of the comment. - * Undo the whitespace skipping, if any. - */ - linestart = linebuf; - p = linestart; - } - string_append(&prefix,p); - if (string_append(&prefix,newline)) - { - free(raw); - free(data); - free(linebuf); - return JB_ERR_MEMORY; - } - *newline = '\0'; + if ( (cur_line == NULL) + || (line_number != patternid) + || (patternid < 1) + || (cur_line->type != FILE_LINE_URL)) + { + /* Invalid "patternid" parameter */ + edit_free_file(file); + return JB_ERR_CGI_PARAMS; + } - /* ... and chop off the rest of the line */ - *p = '\0'; - } - } /* END while (there's a # character) */ + if (NULL == (exports = default_exports(csp, NULL))) + { + edit_free_file(file); + return JB_ERR_MEMORY; + } - /* Write to the buffer */ - if (*linestart) - { - if (string_append(&data, linestart)) - { - free(raw); - free(prefix); - free(linebuf); - return JB_ERR_MEMORY; - } - } + err = map(exports, "f", 1, stringify(file->identifier), 0); + if (!err) err = map(exports, "v", 1, file->version_str, 1); + if (!err) err = map(exports, "p", 1, url_encode(lookup(parameters, "p")), 0); + if (!err) err = map(exports, "u", 1, html_encode(cur_line->unprocessed), 0); + if (!err) err = map(exports, "jumptarget", 1, section_target(section_start_line_number), 0); - free(linebuf); - } /* END while(we need more data) */ + edit_free_file(file); - /* Handle simple_read_line() errors - ignore EOF */ - if ((rval != JB_ERR_OK) && (rval != JB_ERR_FILE)) + if (err) { - free(raw); - free(prefix); - free(data); - return rval; + free_map(exports); + return err; } + return template_fill_for_cgi(csp, "edit-actions-url-form", exports, rsp); +} - if (*raw) - { - /* Got at least some data */ - - /* Remove trailing whitespace */ - chomp(data); - if (raw_out) - { - *raw_out = raw; - } - else - { - free(raw); - } - if (prefix_out) - { - *prefix_out = prefix; - } - else - { - free(prefix); - } - if (data_out) - { - *data_out = data; - } - else - { - free(data); - } - return(0); +/********************************************************************* + * + * Function : cgi_edit_actions_add_url_form + * + * Description : CGI function that displays a form for + * edit-actions-url + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : rsp = http_response data structure for output + * 3 : parameters = map of cgi parameters + * + * CGI Parameters : + * f : (filename) Identifies the file to edit + * v : (version) File's last-modified time + * s : (section) Line number of section to edit + * + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out-of-memory + * JB_ERR_CGI_PARAMS if the CGI parameters are not + * specified or not valid. + * + *********************************************************************/ +jb_err cgi_edit_actions_add_url_form(struct client_state *csp, + struct http_response *rsp, + const struct map *parameters) +{ + struct map *exports; + jb_err err; + + assert(csp); + assert(rsp); + assert(parameters); + + if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS)) + { + return cgi_error_disabled(csp, rsp); } - else + + if (NULL == (exports = default_exports(csp, NULL))) { - /* EOF and no data there. */ + return JB_ERR_MEMORY; + } - free(raw); - free(prefix); - free(data); + err = map_copy_parameter_html(exports, parameters, "f"); + if (!err) err = map_copy_parameter_html(exports, parameters, "v"); + if (!err) err = map_copy_parameter_html(exports, parameters, "s"); - return JB_ERR_FILE; + if (err) + { + free_map(exports); + return err; } + + return template_fill_for_cgi(csp, "edit-actions-add-url-form", exports, rsp); } /********************************************************************* * - * Function : edit_read_file + * Function : cgi_edit_actions_remove_url_form * - * Description : Read a complete file into memory. - * Handles whitespace, comments and line continuation. + * Description : CGI function that displays a form for + * edit-actions-url * * Parameters : - * 1 : fp = File to read from - * 2 : pfile = Destination for a linked list of file_lines. - * Will be set to NULL on error. + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : rsp = http_response data structure for output + * 3 : parameters = map of cgi parameters * - * Returns : JB_ERR_OK on success + * CGI Parameters : + * f : (number) The action file identifier. + * v : (version) File's last-modified time + * p : (pattern) Line number of pattern to edit + * + * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory + * JB_ERR_CGI_PARAMS if the CGI parameters are not + * specified or not valid. * *********************************************************************/ -int edit_read_file(FILE *fp, struct file_line ** pfile) +jb_err cgi_edit_actions_remove_url_form(struct client_state *csp, + struct http_response *rsp, + const struct map *parameters) { - struct file_line * first_line; /* Keep for return value or to free */ - struct file_line * cur_line; /* Current line */ - struct file_line * prev_line; /* Entry with prev_line->next = cur_line */ - int rval; - - assert(fp); - assert(pfile); + struct map * exports; + unsigned patternid; + struct editable_file * file; + struct file_line * cur_line; + unsigned line_number; + unsigned section_start_line_number = 0; + jb_err err; - *pfile = NULL; + assert(csp); + assert(rsp); + assert(parameters); - cur_line = first_line = zalloc(sizeof(struct file_line)); - if (cur_line == NULL) + if (0 == (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS)) { - return JB_ERR_MEMORY; + return cgi_error_disabled(csp, rsp); } - cur_line->type = FILE_LINE_UNPROCESSED; - - rval = edit_read_line(fp, &cur_line->raw, &cur_line->prefix, &cur_line->unprocessed); - if (rval) + err = get_number_param(csp, parameters, "p", &patternid); + if (err) { - /* Out of memory or empty file. */ - /* Note that empty file is not an error we propogate up */ - free(cur_line); - return ((rval == JB_ERR_FILE) ? JB_ERR_OK : rval); + return err; } - do + err = edit_read_actions_file(csp, rsp, parameters, 1, &file); + if (err) { - prev_line = cur_line; - cur_line = prev_line->next = zalloc(sizeof(struct file_line)); - if (cur_line == NULL) - { - /* Out of memory */ - edit_free_file(first_line); - return JB_ERR_MEMORY; - } + /* No filename specified, can't read file, modified, or out of memory. */ + return (err == JB_ERR_FILE ? JB_ERR_OK : err); + } - cur_line->type = FILE_LINE_UNPROCESSED; + cur_line = file->lines; - rval = edit_read_line(fp, &cur_line->raw, &cur_line->prefix, &cur_line->unprocessed); - if ((rval != JB_ERR_OK) && (rval != JB_ERR_FILE)) + for (line_number = 1; (cur_line != NULL) && (line_number < patternid); line_number++) + { + if (cur_line->type == FILE_LINE_ACTION) { - /* Out of memory */ - edit_free_file(first_line); - return JB_ERR_MEMORY; - } + section_start_line_number = line_number; + } + cur_line = cur_line->next; + } + if ( (cur_line == NULL) + || (line_number != patternid) + || (patternid < 1) + || (cur_line->type != FILE_LINE_URL)) + { + /* Invalid "patternid" parameter */ + edit_free_file(file); + return JB_ERR_CGI_PARAMS; } - while (rval != JB_ERR_FILE); - /* EOF */ + if (NULL == (exports = default_exports(csp, NULL))) + { + edit_free_file(file); + return JB_ERR_MEMORY; + } - /* We allocated one too many - free it */ - prev_line->next = NULL; - free(cur_line); + err = map(exports, "f", 1, stringify(file->identifier), 0); + if (!err) err = map(exports, "v", 1, file->version_str, 1); + if (!err) err = map(exports, "p", 1, url_encode(lookup(parameters, "p")), 0); + if (!err) err = map(exports, "u", 1, html_encode(cur_line->unprocessed), 0); + if (!err) err = map(exports, "jumptarget", 1, section_target(section_start_line_number), 0); + if (!err) err = map(exports, "actions-file", 1, html_encode(file->filename), 0); - *pfile = first_line; - return JB_ERR_OK; + edit_free_file(file); + + if (err) + { + free_map(exports); + return err; + } + + return template_fill_for_cgi(csp, "edit-actions-remove-url-form", exports, rsp); } @@ -551,29 +1092,37 @@ int edit_read_file(FILE *fp, struct file_line ** pfile) * Description : Write a complete file to disk. * * Parameters : - * 1 : filename = File to write to. - * 2 : file = Data structure to write. + * 1 : file = File to write. * * Returns : JB_ERR_OK on success * JB_ERR_FILE on error writing to file. + * JB_ERR_MEMORY on out of memory * *********************************************************************/ -int edit_write_file(const char * filename, const struct file_line * file) +jb_err edit_write_file(struct editable_file * file) { FILE * fp; + struct file_line * cur_line; + struct stat statbuf[1]; + char version_buf[22]; /* 22 = ceil(log10(2^64)) + 2 = max number of + digits in time_t, assuming this is a 64-bit + machine, plus null terminator, plus one + for paranoia */ - assert(filename); + assert(file); + assert(file->filename); - if (NULL == (fp = fopen(filename, "wt"))) + if (NULL == (fp = fopen(file->filename, "wb"))) { return JB_ERR_FILE; } - while (file != NULL) + cur_line = file->lines; + while (cur_line != NULL) { - if (file->raw) + if (cur_line->raw) { - if (fputs(file->raw, fp) < 0) + if (fputs(cur_line->raw, fp) < 0) { fclose(fp); return JB_ERR_FILE; @@ -581,22 +1130,94 @@ int edit_write_file(const char * filename, const struct file_line * file) } else { - if (file->prefix) + if (cur_line->prefix) { - if (fputs(file->prefix, fp) < 0) + if (fputs(cur_line->prefix, fp) < 0) { fclose(fp); return JB_ERR_FILE; } } - if (file->unprocessed) + if (cur_line->unprocessed) { - if (fputs(file->unprocessed, fp) < 0) + + if (NULL != strchr(cur_line->unprocessed, '#')) { - fclose(fp); - return JB_ERR_FILE; + /* Must quote '#' characters */ + int numhash = 0; + size_t len; + char * src; + char * dest; + char * str; + + /* Count number of # characters, so we know length of output string */ + src = cur_line->unprocessed; + while (NULL != (src = strchr(src, '#'))) + { + numhash++; + src++; + } + assert(numhash > 0); + + /* Allocate new memory for string */ + len = strlen(cur_line->unprocessed) + (size_t)numhash; + if (NULL == (str = malloc(len + 1))) + { + /* Uh oh, just trashed file! */ + fclose(fp); + return JB_ERR_MEMORY; + } + + /* Copy string but quote hashes */ + src = cur_line->unprocessed; + dest = str; + while (*src) + { + if (*src == '#') + { + *dest++ = '\\'; + numhash--; + assert(numhash >= 0); + } + *dest++ = *src++; + } + *dest = '\0'; + + assert(numhash == 0); + assert(strlen(str) == len); + assert(str == dest - len); + assert(src - len <= cur_line->unprocessed); + + if ((strlen(str) != len) || (numhash != 0)) + { + /* + * Escaping didn't work as expected, go spread the news. + * Only reached in non-debugging builds. + */ + log_error(LOG_LEVEL_ERROR, + "Looks like hash escaping failed. %s might be corrupted now.", + file->filename); + } + + if (fputs(str, fp) < 0) + { + free(str); + fclose(fp); + return JB_ERR_FILE; + } + + free(str); + } + else + { + /* Can write without quoting '#' characters. */ + if (fputs(cur_line->unprocessed, fp) < 0) + { + fclose(fp); + return JB_ERR_FILE; + } } - if (fputs("\n", fp) < 0) + if (fputs(NEWLINE(file->newline), fp) < 0) { fclose(fp); return JB_ERR_FILE; @@ -608,10 +1229,32 @@ int edit_write_file(const char * filename, const struct file_line * file) assert(0); } } - file = file->next; + cur_line = cur_line->next; } fclose(fp); + + + /* Update the version stamp in the file structure, since we just + * wrote to the file & changed it's date. + */ + if (stat(file->filename, statbuf) < 0) + { + /* Error, probably file not found. */ + return JB_ERR_FILE; + } + file->version = (unsigned)statbuf->st_mtime; + + /* Correct file->version_str */ + freez(file->version_str); + snprintf(version_buf, sizeof(version_buf), "%u", file->version); + version_buf[sizeof(version_buf)-1] = '\0'; + file->version_str = strdup(version_buf); + if (version_buf == NULL) + { + return JB_ERR_MEMORY; + } + return JB_ERR_OK; } @@ -620,7 +1263,7 @@ int edit_write_file(const char * filename, const struct file_line * file) * * Function : edit_free_file * - * Description : Free a complete file in memory. + * Description : Free a complete file in memory. * * Parameters : * 1 : file = Data structure to free. @@ -628,18 +1271,48 @@ int edit_write_file(const char * filename, const struct file_line * file) * Returns : N/A * *********************************************************************/ -void edit_free_file(struct file_line * file) +void edit_free_file(struct editable_file * file) { - struct file_line * next; + if (!file) + { + /* Silently ignore NULL pointer */ + return; + } + + edit_free_file_lines(file->lines); + freez(file->version_str); + file->version = 0; + file->parse_error_text = NULL; /* Statically allocated */ + file->parse_error = NULL; + + free(file); +} + + +/********************************************************************* + * + * Function : edit_free_file_lines + * + * Description : Free an entire linked list of file lines. + * + * Parameters : + * 1 : first_line = Data structure to free. + * + * Returns : N/A + * + *********************************************************************/ +static void edit_free_file_lines(struct file_line * first_line) +{ + struct file_line * next_line; - while (file != NULL) + while (first_line != NULL) { - next = file->next; - file->next = NULL; - freez(file->raw); - freez(file->prefix); - freez(file->unprocessed); - switch(file->type) + next_line = first_line->next; + first_line->next = NULL; + freez(first_line->raw); + freez(first_line->prefix); + freez(first_line->unprocessed); + switch(first_line->type) { case 0: /* special case if memory zeroed */ case FILE_LINE_UNPROCESSED: @@ -654,21 +1327,21 @@ void edit_free_file(struct file_line * file) break; case FILE_LINE_ACTION: - free_action(file->data.action); + free_action(first_line->data.action); break; case FILE_LINE_SETTINGS_ENTRY: - freez(file->data.setting.name); - freez(file->data.setting.svalue); + freez(first_line->data.setting.name); + freez(first_line->data.setting.svalue); break; default: /* Should never happen */ assert(0); break; } - file->type = 0; /* paranoia */ - free(file); - file = next; + first_line->type = 0; /* paranoia */ + free(first_line); + first_line = next_line; } } @@ -677,18 +1350,18 @@ void edit_free_file(struct file_line * file) * * Function : match_actions_file_header_line * - * Description : Match an actions file {{header}} line + * Description : Match an actions file {{header}} line * * Parameters : - * 1 : line - String from file - * 2 : name - Header to match against + * 1 : line = String from file + * 2 : name = Header to match against * * Returns : 0 iff they match. * *********************************************************************/ static int match_actions_file_header_line(const char * line, const char * name) { - int len; + size_t len; assert(line); assert(name); @@ -735,13 +1408,13 @@ static int match_actions_file_header_line(const char * line, const char * name) * * Function : match_actions_file_header_line * - * Description : Match an actions file {{header}} line + * Description : Match an actions file {{header}} line * * Parameters : - * 1 : line - String from file. Must not start with + * 1 : line = String from file. Must not start with * whitespace (else infinite loop!) - * 2 : name - Destination for name - * 2 : name - Destination for value + * 2 : pname = Destination for name + * 2 : pvalue = Destination for value * * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory @@ -750,11 +1423,11 @@ static int match_actions_file_header_line(const char * line, const char * name) * values *after* the "=" sign are legal). * *********************************************************************/ -static int split_line_on_equals(const char * line, char ** pname, char ** pvalue) +static jb_err split_line_on_equals(const char * line, char ** pname, char ** pvalue) { const char * name_end; const char * value_start; - int name_len; + size_t name_len; assert(line); assert(pname); @@ -783,7 +1456,7 @@ static int split_line_on_equals(const char * line, char ** pname, char ** pvalue name_end--; } - name_len = name_end - line + 1; /* Length excluding \0 */ + name_len = (size_t)(name_end - line) + 1; /* Length excluding \0 */ if (NULL == (*pname = (char *) malloc(name_len + 1))) { return JB_ERR_MEMORY; @@ -813,7 +1486,7 @@ static int split_line_on_equals(const char * line, char ** pname, char ** pvalue * * Function : edit_parse_actions_file * - * Description : Parse an actions file in memory. + * Description : Parse an actions file in memory. * * Passed linked list must have the "data" member * zeroed, and must contain valid "next" and @@ -831,24 +1504,24 @@ static int split_line_on_equals(const char * line, char ** pname, char ** pvalue * JB_ERR_PARSE on error * *********************************************************************/ -int edit_parse_actions_file(struct file_line * file) +jb_err edit_parse_actions_file(struct editable_file * file) { struct file_line * cur_line; - int len; + size_t len; const char * text; /* Text from a line */ char * name; /* For lines of the form name=value */ char * value; /* For lines of the form name=value */ struct action_alias * alias_list = NULL; - int rval = JB_ERR_OK; + jb_err err = JB_ERR_OK; /* alias_list contains the aliases defined in this file. * It might be better to use the "file_line.data" fields * in the relavent places instead. */ - cur_line = file; + cur_line = file->lines; - /* A note about blank line support: Blank lines should only + /* A note about blank line support: Blank lines should only * ever occur as the last line in the file. This function * is more forgiving than that - FILE_LINE_BLANK can occur * anywhere. @@ -869,6 +1542,8 @@ int edit_parse_actions_file(struct file_line * file) && (cur_line->unprocessed[0] != '{') ) { /* File doesn't start with a header */ + file->parse_error = cur_line; + file->parse_error_text = "First (non-comment) line of the file must contain a header."; return JB_ERR_PARSE; } @@ -884,13 +1559,19 @@ int edit_parse_actions_file(struct file_line * file) { cur_line->type = FILE_LINE_SETTINGS_ENTRY; - rval = split_line_on_equals(cur_line->unprocessed, + err = split_line_on_equals(cur_line->unprocessed, &cur_line->data.setting.name, &cur_line->data.setting.svalue); - if (rval != JB_ERR_OK) + if (err == JB_ERR_MEMORY) + { + return err; + } + else if (err != JB_ERR_OK) { - /* Line does not contain a name=value pair, or out-of-memory */ - return rval; + /* Line does not contain a name=value pair */ + file->parse_error = cur_line; + file->parse_error_text = "Expected a name=value pair on this {{description}} line, but couldn't find one."; + return JB_ERR_PARSE; } } else @@ -936,11 +1617,17 @@ int edit_parse_actions_file(struct file_line * file) cur_line->type = FILE_LINE_ALIAS_ENTRY; - rval = split_line_on_equals(cur_line->unprocessed, &name, &value); - if (rval != JB_ERR_OK) + err = split_line_on_equals(cur_line->unprocessed, &name, &value); + if (err == JB_ERR_MEMORY) + { + return err; + } + else if (err != JB_ERR_OK) { - /* Line does not contain a name=value pair, or out-of-memory */ - return rval; + /* Line does not contain a name=value pair */ + file->parse_error = cur_line; + file->parse_error_text = "Expected a name=value pair on this {{alias}} line, but couldn't find one."; + return JB_ERR_PARSE; } if ((new_alias = zalloc(sizeof(*new_alias))) == NULL) @@ -952,14 +1639,25 @@ int edit_parse_actions_file(struct file_line * file) return JB_ERR_MEMORY; } - if (get_actions(value, alias_list, new_alias->action)) + err = get_actions(value, alias_list, new_alias->action); + if (err) { /* Invalid action or out of memory */ free(name); free(value); free(new_alias); free_alias_list(alias_list); - return JB_ERR_PARSE; /* FIXME: or JB_ERR_MEMORY */ + if (err == JB_ERR_MEMORY) + { + return err; + } + else + { + /* Line does not contain a name=value pair */ + file->parse_error = cur_line; + file->parse_error_text = "This alias does not specify a valid set of actions."; + return JB_ERR_PARSE; + } } free(value); @@ -989,6 +1687,10 @@ int edit_parse_actions_file(struct file_line * file) { /* No closing } on header */ free_alias_list(alias_list); + file->parse_error = cur_line; + file->parse_error_text = "Headers starting with '{' must have a " + "closing bracket ('}'). Headers starting with two brackets ('{{') " + "must close with two brackets ('}}')."; return JB_ERR_PARSE; } @@ -996,6 +1698,12 @@ int edit_parse_actions_file(struct file_line * file) { /* An invalid {{ header. */ free_alias_list(alias_list); + file->parse_error = cur_line; + file->parse_error_text = "Unknown or unexpected two-bracket header. " + "Please remember that the system (two-bracket) headers must " + "appear in the order {{settings}}, {{description}}, {{alias}}, " + "and must appear before any actions (one-bracket) headers. " + "Also note that system headers may not be repeated."; return JB_ERR_PARSE; } @@ -1010,12 +1718,6 @@ int edit_parse_actions_file(struct file_line * file) { len--; } - if (len <= 0) - { - /* A line containing just { } */ - free_alias_list(alias_list); - return JB_ERR_PARSE; - } cur_line->type = FILE_LINE_ACTION; @@ -1030,12 +1732,23 @@ int edit_parse_actions_file(struct file_line * file) value[len] = '\0'; /* Get actions */ - if (get_actions(value, alias_list, cur_line->data.action)) + err = get_actions(value, alias_list, cur_line->data.action); + if (err) { /* Invalid action or out of memory */ free(value); free_alias_list(alias_list); - return JB_ERR_PARSE; /* FIXME: or JB_ERR_MEMORY */ + if (err == JB_ERR_MEMORY) + { + return err; + } + else + { + /* Line does not contain a name=value pair */ + file->parse_error = cur_line; + file->parse_error_text = "This header does not specify a valid set of actions."; + return JB_ERR_PARSE; + } } /* Done with string - it was clobbered anyway */ @@ -1069,188 +1782,351 @@ int edit_parse_actions_file(struct file_line * file) /********************************************************************* * - * Function : edit_read_file + * Function : edit_read_file_lines * - * Description : Read a complete actions file into memory and - * parses it. + * Description : Read all the lines of a file into memory. + * Handles whitespace, comments and line continuation. * * Parameters : - * 1 : filename = Path to file to read from + * 1 : fp = File to read from. On return, this will be + * at EOF but it will not have been closed. * 2 : pfile = Destination for a linked list of file_lines. * Will be set to NULL on error. + * 3 : newline = How to handle newlines. * * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory - * JB_ERR_FILE if the file cannot be opened or - * contains no data * *********************************************************************/ -int edit_read_actions_file(const char * filename, struct file_line ** pfile) +jb_err edit_read_file_lines(FILE *fp, struct file_line ** pfile, int *newline) { - struct file_line * file; - FILE * fp; - int rval; + struct file_line * first_line; /* Keep for return value or to free */ + struct file_line * cur_line; /* Current line */ + struct file_line * prev_line; /* Entry with prev_line->next = cur_line */ + jb_err rval; - assert(filename); + assert(fp); assert(pfile); *pfile = NULL; - if (NULL == (fp = fopen(filename,"rt"))) + cur_line = first_line = zalloc(sizeof(struct file_line)); + if (cur_line == NULL) { - return JB_ERR_FILE; + return JB_ERR_MEMORY; } - rval = edit_read_file(fp, &file); - - fclose(fp); + cur_line->type = FILE_LINE_UNPROCESSED; - if (JB_ERR_OK != rval) + rval = edit_read_line(fp, &cur_line->raw, &cur_line->prefix, &cur_line->unprocessed, newline, NULL); + if (rval) { - return rval; + /* Out of memory or empty file. */ + /* Note that empty file is not an error we propogate up */ + free(cur_line); + return ((rval == JB_ERR_FILE) ? JB_ERR_OK : rval); } - if (JB_ERR_OK != (rval = edit_parse_actions_file(file))) + do { - edit_free_file(file); - return rval; + prev_line = cur_line; + cur_line = prev_line->next = zalloc(sizeof(struct file_line)); + if (cur_line == NULL) + { + /* Out of memory */ + edit_free_file_lines(first_line); + return JB_ERR_MEMORY; + } + + cur_line->type = FILE_LINE_UNPROCESSED; + + rval = edit_read_line(fp, &cur_line->raw, &cur_line->prefix, &cur_line->unprocessed, newline, NULL); + if ((rval != JB_ERR_OK) && (rval != JB_ERR_FILE)) + { + /* Out of memory */ + edit_free_file_lines(first_line); + return JB_ERR_MEMORY; + } + } + while (rval != JB_ERR_FILE); - *pfile = file; + /* EOF */ + + /* We allocated one too many - free it */ + prev_line->next = NULL; + free(cur_line); + + *pfile = first_line; return JB_ERR_OK; } /********************************************************************* * - * Function : get_file_name_param - * - * Description : Get the name of the file to edit from the parameters - * passed to a CGI function. This function handles - * security checks such as blocking urls containing - * "/" or ".", prepending the config file directory, - * and adding the specified suffix. - * - * (This is an essential security check, otherwise - * users may be able to pass "../../../etc/passwd" - * and overwrite the password file [linux], "prn:" - * and print random data [Windows], etc...) + * Function : edit_read_file * - * This function only allows filenames contining the - * characters '-', '_', 'A'-'Z', 'a'-'z', and '0'-'9'. - * That's probably too restrictive but at least it's - * secure. + * Description : Read a complete file into memory. + * Handles CGI parameter parsing. If requested, also + * checks the file's modification timestamp. * * Parameters : - * 1 : csp = Current client state (buffers, headers, etc...) - * 2 : parameters = map of cgi parameters - * 3 : suffix = File extension, e.g. ".actions" - * 4 : pfilename = destination for full filename. Caller - * free()s. Set to NULL on error. - * 5 : pparam = destination for partial filename, - * suitable for use in another URL. Allocated as part - * of the map "parameters", so don't free it. - * Set to NULL if not specified. + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : parameters = map of cgi parameters. + * 3 : require_version = true to check "ver" parameter. + * 4 : pfile = Destination for the file. Will be set + * to NULL on error. * - * CGI Parameters : None + * CGI Parameters : + * f : The action file identifier. + * ver : (Only if require_version is nonzero) + * Timestamp of the actions file. If wrong, this + * function fails with JB_ERR_MODIFIED. * - * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out-of-memory * JB_ERR_CGI_PARAMS if "filename" was not specified * or is not valid. + * JB_ERR_FILE if the file cannot be opened or + * contains no data + * JB_ERR_MODIFIED if version checking was requested and + * failed - the file was modified outside + * of this CGI editor instance. * *********************************************************************/ -static int get_file_name_param(struct client_state *csp, - struct map *parameters, - char *suffix, - char **pfilename, - const char **pparam) +jb_err edit_read_file(struct client_state *csp, + const struct map *parameters, + int require_version, + struct editable_file **pfile) { - const char *param; - const char *s; - char *name; - char *fullpath; - char ch; - int len; + struct file_line * lines; + FILE * fp; + jb_err err; + const char *filename = NULL; + struct editable_file * file; + unsigned version = 0; + struct stat statbuf[1]; + char version_buf[22]; + int newline = NEWLINE_UNKNOWN; + unsigned i; assert(csp); assert(parameters); - assert(suffix); - assert(pfilename); - assert(pparam); + assert(pfile); - *pfilename = NULL; - *pparam = NULL; + *pfile = NULL; - param = lookup(parameters, "filename"); - if (!*param) + err = get_number_param(csp, parameters, "f", &i); + if ((JB_ERR_OK == err) && (i < MAX_AF_FILES) && (NULL != csp->config->actions_file[i])) { - return JB_ERR_CGI_PARAMS; + filename = csp->config->actions_file[i]; + } + else if (JB_ERR_CGI_PARAMS == err) + { + /* + * Probably an old-school URL like + * http://config.privoxy.org/edit-actions-list?f=default + */ + err = get_file_name_param(csp, parameters, "f", &filename); } - *pparam = param; - - len = strlen(param); - if (len >= FILENAME_MAX) + if (NULL == filename || stat(filename, statbuf) < 0) { - /* Too long. */ - return JB_ERR_CGI_PARAMS; + /* Error, probably file not found. */ + return JB_ERR_FILE; } + version = (unsigned) statbuf->st_mtime; - /* Check every character to see if it's legal */ - s = param; - while ((ch = *s++) != '\0') + if (require_version) { - if ( ((ch < 'A') || (ch > 'Z')) - && ((ch < 'a') || (ch > 'z')) - && ((ch < '0') || (ch > '9')) - && (ch != '-') - && (ch != '_') ) + unsigned specified_version; + err = get_number_param(csp, parameters, "v", &specified_version); + if (err) { - /* Probable hack attempt. */ - return JB_ERR_CGI_PARAMS; + return err; + } + + if (version != specified_version) + { + return JB_ERR_MODIFIED; } } - /* Append extension */ - name = malloc(len + strlen(suffix) + 1); - if (name == NULL) + if (NULL == (fp = fopen(filename,"rb"))) { - return JB_ERR_MEMORY; + return JB_ERR_FILE; } - strcpy(name, param); - strcpy(name + len, suffix); - /* Prepend path */ - fullpath = make_path(csp->config->confdir, name); - free(name); - if (fullpath == NULL) + err = edit_read_file_lines(fp, &lines, &newline); + + fclose(fp); + + if (err) { - return JB_ERR_MEMORY; + return err; + } + + file = (struct editable_file *) zalloc(sizeof(*file)); + if (err) + { + edit_free_file_lines(lines); + return err; } - /* Success */ - *pfilename = fullpath; + file->lines = lines; + file->newline = newline; + file->filename = filename; + file->version = version; + file->identifier = i; + + /* Correct file->version_str */ + freez(file->version_str); + snprintf(version_buf, sizeof(version_buf), "%u", file->version); + version_buf[sizeof(version_buf)-1] = '\0'; + file->version_str = strdup(version_buf); + if (version_buf == NULL) + { + edit_free_file(file); + return JB_ERR_MEMORY; + } + *pfile = file; return JB_ERR_OK; } /********************************************************************* * - * Function : get_number_param + * Function : edit_read_actions_file + * + * Description : Read a complete actions file into memory. + * Handles CGI parameter parsing. If requested, also + * checks the file's modification timestamp. * - * Description : Get a non-negative integer from the parameters - * passed to a CGI function. + * If this function detects an error in the categories + * JB_ERR_FILE, JB_ERR_MODIFIED, or JB_ERR_PARSE, + * then it handles it by filling in the specified + * response structure and returning JB_ERR_FILE. * * Parameters : - * 1 : csp = Current client state (buffers, headers, etc...) - * 2 : parameters = map of cgi parameters - * 3 : name = Name of CGI parameter to read - * 4 : pvalue = destination for value. - * Set to -1 on error. + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : rsp = HTTP response. Only filled in on error. + * 2 : parameters = map of cgi parameters. + * 3 : require_version = true to check "ver" parameter. + * 4 : pfile = Destination for the file. Will be set + * to NULL on error. * - * CGI Parameters : None + * CGI Parameters : + * f : The actions file identifier. + * ver : (Only if require_version is nonzero) + * Timestamp of the actions file. If wrong, this + * function fails with JB_ERR_MODIFIED. + * + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out-of-memory + * JB_ERR_CGI_PARAMS if "filename" was not specified + * or is not valid. + * JB_ERR_FILE if the file does not contain valid data, + * or if file cannot be opened or + * contains no data, or if version + * checking was requested and failed. + * + *********************************************************************/ +jb_err edit_read_actions_file(struct client_state *csp, + struct http_response *rsp, + const struct map *parameters, + int require_version, + struct editable_file **pfile) +{ + jb_err err; + struct editable_file *file; + static int acceptable_failures = ACCEPTABLE_TIMESTAMP_MISMATCHES - 1; + + assert(csp); + assert(parameters); + assert(pfile); + + *pfile = NULL; + + err = edit_read_file(csp, parameters, require_version, &file); + if (err) + { + /* Try to handle if possible */ + if (err == JB_ERR_FILE) + { + err = cgi_error_file(csp, rsp, lookup(parameters, "f")); + } + else if (err == JB_ERR_MODIFIED) + { + assert(require_version); + err = cgi_error_modified(csp, rsp, lookup(parameters, "f")); + log_error(LOG_LEVEL_ERROR, + "Blocking CGI edit request due to modification time mismatch."); + if (acceptable_failures > 0) + { + log_error(LOG_LEVEL_INFO, + "The CGI editor will be turned off after another %d mismatche(s).", + acceptable_failures); + acceptable_failures--; + } + else + { + log_error(LOG_LEVEL_INFO, + "Timestamp mismatch limit reached, turning CGI editor off. " + "Reload the configuration file to reenable it."); + csp->config->feature_flags &= ~RUNTIME_FEATURE_CGI_EDIT_ACTIONS; + } + } + if (err == JB_ERR_OK) + { + /* + * Signal to higher-level CGI code that there was a problem but we + * handled it, they should just return JB_ERR_OK. + */ + err = JB_ERR_FILE; + } + return err; + } + + err = edit_parse_actions_file(file); + if (err) + { + if (err == JB_ERR_PARSE) + { + err = cgi_error_parse(csp, rsp, file); + if (err == JB_ERR_OK) + { + /* + * Signal to higher-level CGI code that there was a problem but we + * handled it, they should just return JB_ERR_OK. + */ + err = JB_ERR_FILE; + } + } + edit_free_file(file); + return err; + } + + *pfile = file; + return JB_ERR_OK; +} + + +/********************************************************************* + * + * Function : get_file_name_param + * + * Description : Get the name of the file to edit from the parameters + * passed to a CGI function using the old syntax. + * This function handles security checks and only + * accepts files that Privoxy already knows. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : parameters = map of cgi parameters + * 3 : param_name = The name of the parameter to read + * 4 : pfilename = pointer to the filename in + * csp->config->actions_file[] if found. Set to NULL on error. * * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out-of-memory @@ -1258,173 +2134,584 @@ static int get_file_name_param(struct client_state *csp, * or is not valid. * *********************************************************************/ -static int get_number_param(struct client_state *csp, - struct map *parameters, - char *name, - int *pvalue) +static jb_err get_file_name_param(struct client_state *csp, + const struct map *parameters, + const char *param_name, + const char **pfilename) { const char *param; + const char suffix[] = ".action"; + const char *s; + char *name; + char *fullpath; char ch; - int value; + size_t len; + size_t name_size; + int i; assert(csp); assert(parameters); - assert(name); - assert(pvalue); + assert(pfilename); - *pvalue = -1; + *pfilename = NULL; - param = lookup(parameters, name); + param = lookup(parameters, param_name); if (!*param) { return JB_ERR_CGI_PARAMS; } - /* We don't use atoi because I want to check this carefully... */ + len = strlen(param); + if (len >= FILENAME_MAX) + { + /* Too long. */ + return JB_ERR_CGI_PARAMS; + } - value = 0; - while ((ch = *param++) != '\0') + /* + * Check every character to see if it's legal. + * Totally unnecessary but we do it anyway. + */ + s = param; + while ((ch = *s++) != '\0') { - if ((ch < '0') || (ch > '9')) + if ( ((ch < 'A') || (ch > 'Z')) + && ((ch < 'a') || (ch > 'z')) + && ((ch < '0') || (ch > '9')) + && (ch != '-') + && (ch != '_') ) { + /* Probable hack attempt. */ return JB_ERR_CGI_PARAMS; } + } - ch -= '0'; + /* Append extension */ + name_size = len + strlen(suffix) + 1; + name = malloc(name_size); + if (name == NULL) + { + return JB_ERR_MEMORY; + } + strlcpy(name, param, name_size); + strlcat(name, suffix, name_size); - /* Note: - * - * defines INT_MAX - * - * (INT_MAX - ch) / 10 is the largest number that - * can be safely multiplied by 10 then have ch added. - */ - if (value > ((INT_MAX - ch) / 10)) + /* Prepend path */ + fullpath = make_path(csp->config->confdir, name); + free(name); + + if (fullpath == NULL) + { + return JB_ERR_MEMORY; + } + + /* Check if the file is known */ + for (i = 0; i < MAX_AF_FILES; i++) + { + if (NULL != csp->config->actions_file[i] && + !strcmp(fullpath, csp->config->actions_file[i])) + { + /* Success */ + *pfilename = csp->config->actions_file[i]; + freez(fullpath); + + return JB_ERR_OK; + } + } + freez(fullpath); + + return JB_ERR_CGI_PARAMS; +} + + +/********************************************************************* + * + * Function : get_url_spec_param + * + * Description : Get a URL pattern from the parameters + * passed to a CGI function. Removes leading/trailing + * spaces and validates it. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : parameters = map of cgi parameters + * 3 : name = Name of CGI parameter to read + * 4 : pvalue = destination for value. Will be malloc()'d. + * Set to NULL on error. + * + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out-of-memory + * JB_ERR_CGI_PARAMS if the parameter was not specified + * or is not valid. + * + *********************************************************************/ +static jb_err get_url_spec_param(struct client_state *csp, + const struct map *parameters, + const char *name, + char **pvalue) +{ + const char *orig_param; + char *param; + char *s; + struct url_spec compiled[1]; + jb_err err; + + assert(csp); + assert(parameters); + assert(name); + assert(pvalue); + + *pvalue = NULL; + + orig_param = lookup(parameters, name); + if (!*orig_param) + { + return JB_ERR_CGI_PARAMS; + } + + /* Copy and trim whitespace */ + param = strdup(orig_param); + if (param == NULL) + { + return JB_ERR_MEMORY; + } + chomp(param); + + /* Must be non-empty, and can't allow 1st character to be '{' */ + if (param[0] == '\0' || param[0] == '{') + { + free(param); + return JB_ERR_CGI_PARAMS; + } + + /* Check for embedded newlines */ + for (s = param; *s != '\0'; s++) + { + if ((*s == '\r') || (*s == '\n')) { + free(param); return JB_ERR_CGI_PARAMS; } + } - value = value * 10 + ch; + /* Check that regex is valid */ + s = strdup(param); + if (s == NULL) + { + free(param); + return JB_ERR_MEMORY; } + err = create_url_spec(compiled, s); + free(s); + if (err) + { + free(param); + return (err == JB_ERR_MEMORY) ? JB_ERR_MEMORY : JB_ERR_CGI_PARAMS; + } + free_url_spec(compiled); + + if (param[strlen(param) - 1] == '\\') + { + /* + * Must protect trailing '\\' from becoming line continuation character. + * Two methods: 1) If it's a domain only, add a trailing '/'. + * 2) For path, add the do-nothing PCRE expression (?:) to the end + */ + if (strchr(param, '/') == NULL) + { + err = string_append(¶m, "/"); + } + else + { + err = string_append(¶m, "(?:)"); + } + if (err) + { + return err; + } - /* Success */ - *pvalue = value; + /* Check that the modified regex is valid */ + s = strdup(param); + if (s == NULL) + { + free(param); + return JB_ERR_MEMORY; + } + err = create_url_spec(compiled, s); + free(s); + if (err) + { + free(param); + return (err == JB_ERR_MEMORY) ? JB_ERR_MEMORY : JB_ERR_CGI_PARAMS; + } + free_url_spec(compiled); + } + *pvalue = param; return JB_ERR_OK; } - /********************************************************************* * - * Function : cgi_edit_actions + * Function : map_radio * - * Description : CGI function that allows the user to choose which - * actions file to edit. + * Description : Map a set of radio button values. E.g. if you have + * 3 radio buttons, declare them as: + *