X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=cgisimple.c;h=5099a579e765d43ca1e3219fa5bb34e4d02f45ac;hp=08bb8c852218acf99dfcb6403c1c77be6f0cfbb3;hb=873efe14859c0fb3f53a905eb346c36cf5fe7eda;hpb=8ef1cce0e3dfe6b68730d19d68cbb628219ebf39 diff --git a/cgisimple.c b/cgisimple.c index 08bb8c85..5099a579 100644 --- a/cgisimple.c +++ b/cgisimple.c @@ -1,22 +1,18 @@ -const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.87 2008/08/29 15:59:22 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgisimple.c,v $ * * Purpose : Simple CGIs to get information about Privoxy's * status. - * - * Functions declared include: - * * - * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge - * Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2020 the + * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and + * by and Copyright (C) 1997 Anonymous Coders and * Junkbusters Corporation. http://www.junkbusters.com * - * This program is free software; you can redistribute it + * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General * Public License as published by the Free Software * Foundation; either version 2 of the License, or (at @@ -34,401 +30,8 @@ const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.87 2008/08/29 15:59:22 fabian * or write to the Free Software Foundation, Inc., 59 * Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Revisions : - * $Log: cgisimple.c,v $ - * Revision 1.87 2008/08/29 15:59:22 fabiankeil - * Fix two comments. - * - * Revision 1.86 2008/06/28 14:19:05 fabiankeil - * Protocol detection is done case-insensitive, fix assertion - * to do the same. Yay for Privoxy-Regression-Test and zzuf. - * - * Revision 1.85 2008/05/26 17:30:55 fabiankeil - * Provide an OpenSearch Description to access the - * show-url-info page through "search engine plugins". - * - * Revision 1.84 2008/05/26 16:16:55 fabiankeil - * Spell error correctly. - * - * Revision 1.83 2008/05/12 14:51:30 fabiankeil - * Don't complain about an invalid URL if show-url-info is requested - * without parameters. Regression introduced in 1.81 by yours truly. - * - * Revision 1.82 2008/05/10 20:01:47 fabiankeil - * Fix an assertion that could erroneously - * trigger in case of memory shortage. - * - * Revision 1.81 2008/05/05 09:54:39 fabiankeil - * In cgi_show_url_info(), make sure ftp URLs are - * declared invalid. Also simplify the code that adds - * "http://" if no protocol has been specified. - * - * Revision 1.80 2008/05/04 16:18:32 fabiankeil - * Provide parse_http_url() with a third parameter to specify - * whether or not URLs without protocol are acceptable. - * - * Revision 1.79 2008/05/04 13:30:56 fabiankeil - * Streamline parse_http_url()'s prototype. - * - * Revision 1.78 2008/05/03 16:50:11 fabiankeil - * Leverage content_filters_enabled() in cgi_show_url_info(). - * - * Revision 1.77 2008/05/02 09:47:48 fabiankeil - * In cgi_show_url_info, pass an initialized http structure - * to parse_http_url() as that will be required soonish and - * assert that https URLs are recognized correctly. - * - * Revision 1.76 2008/04/28 09:13:30 fabiankeil - * In load_file(), remember the error reason and fclose() - * and return later on instead of right away. - * - * Revision 1.75 2008/04/27 13:52:52 fabiankeil - * Move CGI file loading code into load_file() and - * add checks for unexpected errors. - * - * Revision 1.74 2008/04/26 15:50:56 fabiankeil - * Fix macro name in cgi_show_file() error path. - * - * Revision 1.73 2008/04/26 12:21:55 fabiankeil - * Forget about JB_ERR_PARSE. JB_ERR_CGI_PARAMS to the rescue. - * - * Revision 1.72 2008/04/26 10:34:15 fabiankeil - * If zlib support is unavailable and there are content filters active - * but the prevent-compression action is disabled, include a warning - * on the show-url-info page that compression might prevent filtering. - * - * Revision 1.71 2008/04/25 13:33:56 fabiankeil - * - Factor cgi_show_file() out of cgi_show_status(). - * - Adjust cgi_show_status()'s parameter description to match reality. - * - * Revision 1.70 2008/04/24 16:12:38 fabiankeil - * In cgi_show_status(), load the requested file at once. - * Using string_join() for every line really doesn't scale. - * - * Revision 1.69 2008/04/17 14:40:48 fabiankeil - * Provide get_http_time() with the buffer size so it doesn't - * have to blindly assume that the buffer is big enough. - * - * Revision 1.68 2008/03/27 18:27:21 fabiankeil - * Remove kill-popups action. - * - * Revision 1.67 2008/03/27 17:00:05 fabiankeil - * Turn the favicon blobs into locals. - * - * Revision 1.66 2008/02/23 16:57:12 fabiankeil - * Rename url_actions() to get_url_actions() and let it - * use the standard parameter ordering. - * - * Revision 1.65 2008/02/23 16:33:43 fabiankeil - * Let forward_url() use the standard parameter ordering - * and mark its second parameter immutable. - * - * Revision 1.64 2008/02/03 13:56:07 fabiankeil - * Add SOCKS5 support for show-url-info CGI page. - * - * Revision 1.63 2008/02/01 06:04:31 fabiankeil - * If edit buttons on the show-url-info CGI page are hidden, explain why. - * - * Revision 1.62 2008/02/01 05:52:40 fabiankeil - * Hide edit buttons on the show-url-info CGI page if enable-edit-action - * is disabled. Patch by Lee with additional white space adjustments. - * - * Revision 1.61 2008/01/26 11:13:25 fabiankeil - * If enable-edit-actions is disabled, hide the edit buttons and explain why. - * - * Revision 1.60 2007/10/27 13:12:13 fabiankeil - * Finish 1.49 and check write access before - * showing edit buttons on show-url-info page. - * - * Revision 1.59 2007/10/19 16:42:36 fabiankeil - * Plug memory leak I introduced five months ago. - * Yay Valgrind and Privoxy-Regression-Test. - * - * Revision 1.58 2007/07/21 12:19:50 fabiankeil - * If show-url-info is called with an URL that Privoxy - * would reject as invalid, don't show unresolved forwarding - * variables, "final matches" or claim the site's secure. - * - * Revision 1.57 2007/06/01 16:53:05 fabiankeil - * Adjust cgi_show_url_info() to show what forward-override{} - * would do with the requested URL (instead of showing how the - * request for the CGI page would be forwarded if it wasn't a - * CGI request). - * - * Revision 1.56 2007/05/21 10:50:35 fabiankeil - * - Use strlcpy() instead of strcpy(). - * - Stop treating actions files special. Expect a complete file name - * (with or without path) like it's done for the rest of the files. - * Closes FR#588084. - * - Don't rerun sed() in cgi_show_request(). - * - * Revision 1.55 2007/04/13 13:36:46 fabiankeil - * Reference action files in CGI URLs by id instead - * of using the first part of the file name. - * Fixes BR 1694250 and BR 1590556. - * - * Revision 1.54 2007/04/09 18:11:35 fabiankeil - * Don't mistake VC++'s _snprintf() for a snprintf() replacement. - * - * Revision 1.53 2007/04/08 13:21:04 fabiankeil - * Reference action files in CGI URLs by id instead - * of using the first part of the file name. - * Fixes BR 1694250 and BR 1590556. - * - * Revision 1.52 2007/02/13 15:10:26 fabiankeil - * Apparently fopen()ing in "binary" mode doesn't require - * #ifdefs, it's already done without them in cgiedit.c. - * - * Revision 1.51 2007/02/10 16:55:22 fabiankeil - * - Show forwarding settings on the show-url-info page - * - Fix some HTML syntax errors. - * - * Revision 1.50 2007/01/23 15:51:17 fabiankeil - * Add favicon delivery functions. - * - * Revision 1.49 2007/01/20 16:29:38 fabiankeil - * Suppress edit buttons for action files if Privoxy has - * no write access. Suggested by Roland in PR 1564026. - * - * Revision 1.48 2007/01/20 15:31:31 fabiankeil - * Display warning if show-url-info CGI page - * is used while Privoxy is toggled off. - * - * Revision 1.47 2007/01/12 15:07:10 fabiankeil - * Use zalloc in cgi_send_user_manual. - * - * Revision 1.46 2007/01/02 12:49:46 fabiankeil - * Add FEATURE_ZLIB to the list of conditional - * defines at the show-status page. - * - * Revision 1.45 2006/12/28 18:16:41 fabiankeil - * Fixed gcc43 compiler warnings, zero out cgi_send_user_manual's - * body memory before using it, replaced sprintf calls with snprintf. - * - * Revision 1.44 2006/12/22 14:19:27 fabiankeil - * Removed checks whether or not AF_FILES have - * data structures associated with them in cgi_show_status. - * It doesn't matter as we're only interested in the file names. - * - * For the action files the checks were always true, - * but they prevented empty filter files from being - * listed. Fixes parts of BR 1619208. - * - * Revision 1.43 2006/12/17 17:57:56 fabiankeil - * - Added FEATURE_GRACEFUL_TERMINATION to the - * "conditional #defines" section - * - Escaped ampersands in generated HTML. - * - Renamed re-filter-filename to re-filter-filenames - * - * Revision 1.42 2006/11/21 15:43:12 fabiankeil - * Add special treatment for WIN32 to make sure - * cgi_send_user_manual opens the files in binary mode. - * Fixes BR 1600411 and unbreaks image delivery. - * - * Remove outdated comment. - * - * Revision 1.41 2006/10/09 19:18:28 roro - * Redirect http://p.p/user-manual (without trailing slash) to - * http://p.p/user-manual/ (with trailing slash), otherwise links will be broken. - * - * Revision 1.40 2006/09/09 13:05:33 fabiankeil - * Modified cgi_send_user_manual to serve binary - * content without destroying it first. Should also be - * faster now. Added ".jpg" check for Content-Type guessing. - * - * Revision 1.39 2006/09/08 09:49:23 fabiankeil - * Deliver documents in the user-manual directory - * with "Content-Type text/css" if their filename - * ends with ".css". - * - * Revision 1.38 2006/09/06 18:45:03 fabiankeil - * Incorporate modified version of Roland Rosenfeld's patch to - * optionally access the user-manual via Privoxy. Closes patch 679075. - * - * Formatting changed to Privoxy style, added call to - * cgi_error_no_template if the requested file doesn't - * exist and modified check whether or not Privoxy itself - * should serve the manual. Should work cross-platform now. - * - * Revision 1.37 2006/07/18 14:48:45 david__schmidt - * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) - * with what was really the latest development (the v_3_0_branch branch) - * - * Revision 1.35.2.7 2006/01/29 23:10:56 david__schmidt - * Multiple filter file support - * - * Revision 1.35.2.6 2005/07/04 03:13:43 david__schmidt - * Undo some damaging memory leak patches - * - * Revision 1.35.2.5 2005/05/07 21:50:55 david__schmidt - * A few memory leaks plugged (mostly on error paths) - * - * Revision 1.35.2.4 2005/04/04 02:21:24 david__schmidt - * Another instance of: - * Don't show "Edit" buttons #ifndef FEATURE_CGI_EDIT_ACTIONS - * Thanks to Magnus Holmgren for the patch - * - * Revision 1.35.2.3 2003/12/17 16:34:15 oes - * - Prevent line wrap beween "View/Edit" link buttons on status page - * - Some (mostly irrelevant) fixes for Out-of-mem-case handling - * - * Revision 1.35.2.2 2003/04/03 13:48:28 oes - * Don't show "Edit" buttons #ifndef FEATURE_CGI_EDIT_ACTIONS - * - * Revision 1.35.2.1 2002/07/04 15:02:38 oes - * Added ability to send redirects to send-banner CGI, so that it can completely mimic the image blocking action if called with type=auto - * - * Revision 1.35.2.1 2002/07/01 17:32:04 morcego - * Applying patch from Andreas as provided by Hal on the list. - * Message-ID: <20020701121218.V1606@feenix.burgiss.net> - * - * Revision 1.35 2002/05/12 21:44:44 jongfoster - * Adding amiga.[ch] revision information, if on an amiga. - * - * Revision 1.34 2002/04/30 12:06:12 oes - * Deleted unused code from default_cgi - * - * Revision 1.33 2002/04/30 11:14:52 oes - * Made csp the first parameter in *action_to_html - * - * Revision 1.32 2002/04/26 18:29:13 jongfoster - * Fixing this Visual C++ warning: - * cgisimple.c(775) : warning C4018: '<' : signed/unsigned mismatch - * - * Revision 1.31 2002/04/26 12:54:36 oes - * - Kill obsolete REDIRECT_URL code - * - Error handling fixes - * - Style sheet related HTML snipplet changes - * - cgi_show_url_info: - * - Matches now in table, actions on single lines, - * linked to help - * - standard.action suppressed - * - Buttons to View and Edit AFs - * - * Revision 1.30 2002/04/24 02:18:08 oes - * - show-status is now the starting point for editing - * the actions files, generate list of all AFs with buttons - * for viewing and editing, new look for file list (Jon: - * buttons now aligned ;-P ), view mode now supports multiple - * AFs, name changes, no view links for unspecified files, - * no edit link for standard.action. - * - * - Jon's multiple AF patch: cgi_show_url_info now uses all - * AFs and marks the output accordingly - * - * Revision 1.29 2002/04/10 13:38:35 oes - * load_template signature changed - * - * Revision 1.28 2002/04/07 15:42:12 jongfoster - * Fixing send-banner?type=auto when the image-blocker is - * a redirect to send-banner - * - * Revision 1.27 2002/04/05 15:50:48 oes - * added send-stylesheet CGI - * - * Revision 1.26 2002/04/04 00:36:36 gliptak - * always use pcre for matching - * - * Revision 1.25 2002/04/03 22:28:03 gliptak - * Removed references to gnu_regex - * - * Revision 1.24 2002/04/02 16:12:47 oes - * Fix: moving misplaced lines into #ifdef FEATURE_FORCE - * - * Revision 1.23 2002/03/26 22:29:54 swa - * we have a new homepage! - * - * Revision 1.22 2002/03/24 16:18:15 jongfoster - * Removing old logo - * - * Revision 1.21 2002/03/24 15:23:33 jongfoster - * Name changes - * - * Revision 1.20 2002/03/24 13:25:43 swa - * name change related issues - * - * Revision 1.19 2002/03/16 23:54:06 jongfoster - * Adding graceful termination feature, to help look for memory leaks. - * If you enable this (which, by design, has to be done by hand - * editing config.h) and then go to http://i.j.b/die, then the program - * will exit cleanly after the *next* request. It should free all the - * memory that was used. - * - * Revision 1.18 2002/03/12 01:44:49 oes - * Changed default for "blocked" image from jb logo to checkboard pattern - * - * Revision 1.17 2002/03/08 16:43:18 oes - * Added choice beween GIF and PNG built-in images - * - * Revision 1.16 2002/03/07 03:48:38 oes - * - Changed built-in images from GIF to PNG - * (with regard to Unisys patent issue) - * - Added a 4x4 pattern PNG which is less intrusive - * than the logo but also clearly marks the deleted banners - * - * Revision 1.15 2002/03/06 22:54:35 jongfoster - * Automated function-comment nitpicking. - * - * Revision 1.14 2002/03/02 04:14:50 david__schmidt - * Clean up a little CRLF unpleasantness that suddenly appeared - * - * Revision 1.13 2002/02/21 00:10:37 jongfoster - * Adding send-banner?type=auto option - * - * Revision 1.12 2002/01/23 01:03:32 jongfoster - * Fixing gcc [CygWin] compiler warnings - * - * Revision 1.11 2002/01/23 00:01:04 jongfoster - * Adding cgi_transparent_gif() for http://i.j.b/t - * Adding missing html_encode() to many CGI functions. - * Adding urlmatch.[ch] to http://i.j.b/show-version - * - * Revision 1.10 2002/01/17 21:10:37 jongfoster - * Changes to cgi_show_url_info to use new matching code from urlmatch.c. - * Also fixing a problem in the same function with improperly quoted URLs - * in output HTML, and adding code to handle https:// URLs correctly. - * - * Revision 1.9 2001/11/30 23:09:15 jongfoster - * Now reports on FEATURE_CGI_EDIT_ACTIONS - * Removing FEATURE_DENY_GZIP from template - * - * Revision 1.8 2001/11/13 00:14:07 jongfoster - * Fixing stupid bug now I've figured out what || means. - * (It always returns 0 or 1, not one of it's paramaters.) - * - * Revision 1.7 2001/10/23 21:48:19 jongfoster - * Cleaning up error handling in CGI functions - they now send back - * a HTML error page and should never cause a FATAL error. (Fixes one - * potential source of "denial of service" attacks). - * - * CGI actions file editor that works and is actually useful. - * - * Ability to toggle JunkBuster remotely using a CGI call. - * - * You can turn off both the above features in the main configuration - * file, e.g. if you are running a multi-user proxy. - * - * Revision 1.6 2001/10/14 22:00:32 jongfoster - * Adding support for a 404 error when an invalid CGI page is requested. - * - * Revision 1.5 2001/10/07 15:30:41 oes - * Removed FEATURE_DENY_GZIP - * - * Revision 1.4 2001/10/02 15:31:12 oes - * Introduced show-request cgi - * - * Revision 1.3 2001/09/22 16:34:44 jongfoster - * Removing unneeded #includes - * - * Revision 1.2 2001/09/19 18:01:11 oes - * Fixed comments; cosmetics - * - * Revision 1.1 2001/09/16 17:08:54 jongfoster - * Moving simple CGI functions from cgi.c to new file cgisimple.c - * - * **********************************************************************/ - + #include "config.h" @@ -439,9 +42,9 @@ const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.87 2008/08/29 15:59:22 fabian #include #include -#ifdef HAVE_ACCESS +#if defined (HAVE_ACCESS) && defined (HAVE_UNISTD_H) #include -#endif /* def HAVE_ACCESS */ +#endif /* def HAVE_ACCESS && HAVE_UNISTD_H */ #include "project.h" #include "cgi.h" @@ -456,10 +59,10 @@ const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.87 2008/08/29 15:59:22 fabian #include "parsers.h" #include "urlmatch.h" #include "errlog.h" +#ifdef FEATURE_CLIENT_TAGS +#include "client-tags.h" +#endif -const char cgisimple_h_rcs[] = CGISIMPLE_H_VERSION; - -static char *show_rcs(void); static jb_err show_defines(struct map *exports); static jb_err cgi_show_file(struct client_state *csp, struct http_response *rsp, @@ -473,7 +76,7 @@ static jb_err load_file(const char *filename, char **buffer, size_t *length); * Description : CGI function that is called for the CGI_SITE_1_HOST * and CGI_SITE_2_HOST/CGI_SITE_2_PATH base URLs. * Boring - only exports the default exports. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -491,6 +94,8 @@ jb_err cgi_default(struct client_state *csp, { struct map *exports; + (void)parameters; + assert(csp); assert(rsp); @@ -509,7 +114,7 @@ jb_err cgi_default(struct client_state *csp, * * Description : CGI function that is called if an unknown action was * given. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -518,7 +123,7 @@ jb_err cgi_default(struct client_state *csp, * CGI Parameters : none * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_error_404(struct client_state *csp, @@ -536,12 +141,7 @@ jb_err cgi_error_404(struct client_state *csp, return JB_ERR_MEMORY; } - rsp->status = strdup("404 Privoxy configuration page not found"); - if (rsp->status == NULL) - { - free_map(exports); - return JB_ERR_MEMORY; - } + rsp->status = strdup_or_die("404 Privoxy configuration page not found"); return template_fill_for_cgi(csp, "cgi-error-404", exports, rsp); } @@ -556,7 +156,7 @@ jb_err cgi_error_404(struct client_state *csp, * NOTE: Turning this on in a production build * would be a BAD idea. An EXTREMELY BAD idea. * In short, don't do it. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -565,13 +165,26 @@ jb_err cgi_error_404(struct client_state *csp, * CGI Parameters : none * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_die (struct client_state *csp, struct http_response *rsp, const struct map *parameters) { + static const char status[] = "200 OK Privoxy shutdown request received"; + static const char body[] = + "\n" + "\n" + " Privoxy shutdown request received\n" + " \n" + " \n" + "\n" + "\n" + "

Privoxy shutdown request received

\n" + "

Privoxy is going to shut down after the next request.

\n" + "\n" + "\n"; + assert(csp); assert(rsp); assert(parameters); @@ -579,12 +192,16 @@ jb_err cgi_die (struct client_state *csp, /* quit */ g_terminate = 1; - /* - * I don't really care what gets sent back to the browser. - * Take the easy option - "out of memory" page. - */ + csp->flags &= ~CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE; + + rsp->content_length = 0; + rsp->head_length = 0; + rsp->is_static = 0; + + rsp->body = strdup_or_die(body); + rsp->status = strdup_or_die(status); - return JB_ERR_MEMORY; + return JB_ERR_OK; } #endif /* def FEATURE_GRACEFUL_TERMINATION */ @@ -595,7 +212,7 @@ jb_err cgi_die (struct client_state *csp, * * Description : Show the client's request and what sed() would have * made of it. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -604,7 +221,7 @@ jb_err cgi_die (struct client_state *csp, * CGI Parameters : none * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_show_request(struct client_state *csp, @@ -622,11 +239,11 @@ jb_err cgi_show_request(struct client_state *csp, { return JB_ERR_MEMORY; } - + /* * Repair the damage done to the IOB by get_header() */ - for (p = csp->iob->buf; p < csp->iob->eod; p++) + for (p = csp->client_iob->buf; p < csp->client_iob->cur; p++) { if (*p == '\0') *p = '\n'; } @@ -636,14 +253,20 @@ jb_err cgi_show_request(struct client_state *csp, * be sending to the server if this wasn't a CGI call */ - if (map(exports, "client-request", 1, html_encode(csp->iob->buf), 0)) + if (map(exports, "client-request", 1, html_encode(csp->client_iob->buf), 0)) { free_map(exports); return JB_ERR_MEMORY; } if (map(exports, "processed-request", 1, - html_encode_and_free_original(list_to_text(csp->headers)), 0)) + html_encode_and_free_original( +#ifdef FEATURE_HTTPS_INSPECTION + csp->http->ssl ? + list_to_text(csp->https_headers) : +#endif + list_to_text(csp->headers) + ), 0)) { free_map(exports); return JB_ERR_MEMORY; @@ -653,11 +276,249 @@ jb_err cgi_show_request(struct client_state *csp, } +#ifdef FEATURE_CLIENT_TAGS +/********************************************************************* + * + * Function : cgi_create_client_tag_form + * + * Description : Creates a HTML form to enable or disable a given + * client tag. + * XXX: Could use a template. + * + * Parameters : + * 1 : form = Buffer to fill with the generated form + * 2 : size = Size of the form buffer + * 3 : tag = Name of the tag this form should affect + * 4 : toggle_state = Desired state after the button pressed 0 + * 5 : expires = Whether or not the tag should be enabled. + * Only checked if toggle_state is 1. + * + * Returns : void + * + *********************************************************************/ +static void cgi_create_client_tag_form(char *form, size_t size, + const char *tag, int toggle_state, int expires) +{ + char *button_name; + + if (toggle_state == 1) + { + button_name = (expires == 1) ? "Enable" : "Enable temporarily"; + } + else + { + assert(toggle_state == 0); + button_name = "Disable"; + } + + snprintf(form, size, + "
\n" + " \n" + " \n" + " \n" + " \n" + "
", tag, toggle_state, !expires, button_name); +} + +/********************************************************************* + * + * Function : cgi_show_client_tags + * + * Description : Shows the tags that can be set based on the client + * address (opt-in). + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : rsp = http_response data structure for output + * 3 : parameters = map of cgi parameters + * + * CGI Parameters : none + * + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out-of-memory error. + * + *********************************************************************/ +jb_err cgi_show_client_tags(struct client_state *csp, + struct http_response *rsp, + const struct map *parameters) +{ + struct map *exports; + struct client_tag_spec *this_tag; + jb_err err = JB_ERR_OK; + char *client_tag_status; + char buf[1000]; + time_t refresh_delay; + + assert(csp); + assert(rsp); + assert(parameters); + + if (NULL == (exports = default_exports(csp, "client-tags"))) + { + return JB_ERR_MEMORY; + } + assert(csp->client_address != NULL); + + this_tag = csp->config->client_tags; + if (this_tag->name == NULL) + { + client_tag_status = strdup_or_die("

No tags have been configured.

\n"); + } + else + { + client_tag_status = strdup_or_die("\n" + "\n" + "\n"); + while ((this_tag != NULL) && (this_tag->name != NULL)) + { + int tag_state; + + privoxy_mutex_lock(&client_tags_mutex); + tag_state = client_has_requested_tag(csp->client_address, this_tag->name); + privoxy_mutex_unlock(&client_tags_mutex); + if (!err) err = string_append(&client_tag_status, "\n"); + if (err) + { + break; + } + this_tag = this_tag->next; + } + if (!err) err = string_append(&client_tag_status, "
Tag nameCurrent stateChange stateDescription
"); + if (!err) err = string_append(&client_tag_status, this_tag->name); + if (!err) err = string_append(&client_tag_status, ""); + if (!err) err = string_append(&client_tag_status, tag_state == 1 ? "Enabled" : "Disabled"); + if (!err) err = string_append(&client_tag_status, ""); + cgi_create_client_tag_form(buf, sizeof(buf), this_tag->name, !tag_state, 1); + if (!err) err = string_append(&client_tag_status, buf); + if (tag_state == 0) + { + cgi_create_client_tag_form(buf, sizeof(buf), this_tag->name, !tag_state, 0); + if (!err) err = string_append(&client_tag_status, buf); + } + if (!err) err = string_append(&client_tag_status, ""); + if (!err) err = string_append(&client_tag_status, this_tag->description); + if (!err) err = string_append(&client_tag_status, "
\n"); + if (err) + { + free_map(exports); + return JB_ERR_MEMORY; + } + } + refresh_delay = get_next_tag_timeout_for_client(csp->client_address); + if (refresh_delay != 0) + { + snprintf(buf, sizeof(buf), "%u", csp->config->client_tag_lifetime); + if (map(exports, "refresh-delay", 1, buf, 1)) + { + freez(client_tag_status); + free_map(exports); + return JB_ERR_MEMORY; + } + } + else + { + err = map_block_killer(exports, "tags-expire"); + if (err != JB_ERR_OK) + { + freez(client_tag_status); + return err; + } + } + + if (map(exports, "client-tags", 1, client_tag_status, 0)) + { + free_map(exports); + return JB_ERR_MEMORY; + } + + if (map(exports, "client-ip-addr", 1, csp->client_address, 1)) + { + free_map(exports); + return JB_ERR_MEMORY; + } + + return template_fill_for_cgi(csp, "client-tags", exports, rsp); +} + + +/********************************************************************* + * + * Function : cgi_toggle_client_tag + * + * Description : Toggles a client tag and redirects to the show-tags + * page + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : rsp = http_response data structure for output + * 3 : parameters = map of cgi parameters + * + * CGI Parameters : none + * 1 : tag = Name of the tag to enable or disable + * 2 : toggle-state = How to toggle the tag (0/1) + * 3 : expires = Set to 1 if the tag should be enabled + * temporarily, otherwise set to 0 + * + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out-of-memory error. + * + *********************************************************************/ +jb_err cgi_toggle_client_tag(struct client_state *csp, + struct http_response *rsp, + const struct map *parameters) +{ + const char *toggled_tag; + const char *toggle_state; + const char *tag_expires; + time_t time_to_live; + + assert(csp); + assert(rsp); + assert(parameters); + + toggled_tag = lookup(parameters, "tag"); + if (*toggled_tag == '\0') + { + log_error(LOG_LEVEL_ERROR, "Received tag toggle request without tag"); + } + else + { + tag_expires = lookup(parameters, "expires"); + if (*tag_expires == '0') + { + time_to_live = 0; + } + else + { + time_to_live = csp->config->client_tag_lifetime; + } + toggle_state = lookup(parameters, "toggle-state"); + if (*toggle_state == '1') + { + enable_client_specific_tag(csp, toggled_tag, time_to_live); + } + else + { + disable_client_specific_tag(csp, toggled_tag); + } + } + rsp->status = strdup_or_die("302 Done dealing with toggle request"); + if (enlist_unique_header(rsp->headers, + "Location", CGI_PREFIX "client-tags")) + { + return JB_ERR_MEMORY; + } + return JB_ERR_OK; + +} +#endif /* def FEATURE_CLIENT_TAGS */ + + /********************************************************************* * * Function : cgi_send_banner * - * Description : CGI function that returns a banner. + * Description : CGI function that returns a banner. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -672,7 +533,7 @@ jb_err cgi_show_request(struct client_state *csp, * equivalent). * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_banner(struct client_state *csp, @@ -685,7 +546,7 @@ jb_err cgi_send_banner(struct client_state *csp, * If type is auto, then determine the right thing * to do from the set-image-blocker action */ - if (imagetype == 'a') + if (imagetype == 'a') { /* * Default to pattern @@ -736,20 +597,16 @@ jb_err cgi_send_banner(struct client_state *csp, } #endif /* def FEATURE_IMAGE_BLOCKING */ } - + /* * Now imagetype is either the non-auto type we were called with, * or it was auto and has since been determined. In any case, we * can proceed to actually answering the request by sending a redirect * or an image as appropriate: */ - if (imagetype == 'r') + if (imagetype == 'r') { - rsp->status = strdup("302 Local Redirect from Privoxy"); - if (rsp->status == NULL) - { - return JB_ERR_MEMORY; - } + rsp->status = strdup_or_die("302 Local Redirect from Privoxy"); if (enlist_unique_header(rsp->headers, "Location", csp->action->string[ACTION_STRING_IMAGE_BLOCKER])) { @@ -758,7 +615,7 @@ jb_err cgi_send_banner(struct client_state *csp, } else { - if ((imagetype == 'b') || (imagetype == 't')) + if ((imagetype == 'b') || (imagetype == 't')) { rsp->body = bindup(image_blank_data, image_blank_length); rsp->content_length = image_blank_length; @@ -800,13 +657,16 @@ jb_err cgi_send_banner(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_transparent_image(struct client_state *csp, struct http_response *rsp, const struct map *parameters) { + (void)csp; + (void)parameters; + rsp->body = bindup(image_blank_data, image_blank_length); rsp->content_length = image_blank_length; @@ -841,7 +701,7 @@ jb_err cgi_transparent_image(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_default_favicon(struct client_state *csp, @@ -865,6 +725,9 @@ jb_err cgi_send_default_favicon(struct client_state *csp, "\017\000\000"; static const size_t favicon_length = sizeof(default_favicon_data) - 1; + (void)csp; + (void)parameters; + rsp->body = bindup(default_favicon_data, favicon_length); rsp->content_length = favicon_length; @@ -899,7 +762,7 @@ jb_err cgi_send_default_favicon(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_error_favicon(struct client_state *csp, @@ -923,6 +786,9 @@ jb_err cgi_send_error_favicon(struct client_state *csp, "\017\000\000"; static const size_t favicon_length = sizeof(error_favicon_data) - 1; + (void)csp; + (void)parameters; + rsp->body = bindup(error_favicon_data, favicon_length); rsp->content_length = favicon_length; @@ -958,7 +824,7 @@ jb_err cgi_send_error_favicon(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_stylesheet(struct client_state *csp, @@ -966,10 +832,12 @@ jb_err cgi_send_stylesheet(struct client_state *csp, const struct map *parameters) { jb_err err; - + assert(csp); assert(rsp); + (void)parameters; + err = template_load(csp, &rsp->body, "cgi-style.css", 0); if (err == JB_ERR_FILE) @@ -1010,7 +878,7 @@ jb_err cgi_send_stylesheet(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_url_info_osd(struct client_state *csp, @@ -1020,6 +888,9 @@ jb_err cgi_send_url_info_osd(struct client_state *csp, jb_err err = JB_ERR_MEMORY; struct map *exports = default_exports(csp, NULL); + (void)csp; + (void)parameters; + if (NULL != exports) { err = template_fill_for_cgi(csp, "url-info-osd.xml", exports, rsp); @@ -1035,6 +906,48 @@ jb_err cgi_send_url_info_osd(struct client_state *csp, } +/********************************************************************* + * + * Function : get_content_type + * + * Description : Use the file extension to guess the content type + * header we should use to serve the file. + * + * Parameters : + * 1 : filename = Name of the file whose content type + * we care about + * + * Returns : The guessed content type. + * + *********************************************************************/ +static const char *get_content_type(const char *filename) +{ + int i; + struct content_type + { + const char extension[6]; + const char content_type[11]; + }; + static const struct content_type content_types[] = + { + {".css", "text/css"}, + {".jpg", "image/jpeg"}, + {".jpeg", "image/jpeg"}, + {".png", "image/png"}, + }; + + for (i = 0; i < SZ(content_types); i++) + { + if (strstr(filename, content_types[i].extension)) + { + return content_types[i].content_type; + } + } + + /* No match by extension, default to html */ + return "text/html"; +} + /********************************************************************* * * Function : cgi_send_user_manual @@ -1051,22 +964,29 @@ jb_err cgi_send_url_info_osd(struct client_state *csp, * (relative to user-manual from config) * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_user_manual(struct client_state *csp, struct http_response *rsp, const struct map *parameters) { - const char * filename; + const char *filename; char *full_path; jb_err err = JB_ERR_OK; - size_t length; + const char *content_type; assert(csp); assert(rsp); assert(parameters); + if (0 == strncmpic(csp->config->usermanual, "http://", 7)) + { + log_error(LOG_LEVEL_CGI, "Request for local user-manual " + "received while user-manual delivery is disabled."); + return cgi_error_404(csp, rsp, parameters); + } + if (!parameters->first) { /* requested http://p.p/user-manual (without trailing slash) */ @@ -1074,17 +994,24 @@ jb_err cgi_send_user_manual(struct client_state *csp, } get_string_param(parameters, "file", &filename); - /* Check paramter for hack attempts */ - if (filename && strchr(filename, '/')) + if (filename == NULL) { - return JB_ERR_CGI_PARAMS; + /* It's '/' so serve the index.html if there is one. */ + filename = "index.html"; } - if (filename && strstr(filename, "..")) + else if (NULL != strchr(filename, '/') || NULL != strstr(filename, "..")) { + /* + * We currently only support a flat file + * hierarchy for the documentation. + */ + log_error(LOG_LEVEL_ERROR, + "Rejecting the request to serve '%s' as it contains '/' or '..'", + filename); return JB_ERR_CGI_PARAMS; } - full_path = make_path(csp->config->usermanual, filename ? filename : "index.html"); + full_path = make_path(csp->config->usermanual, filename); if (full_path == NULL) { return JB_ERR_MEMORY; @@ -1103,73 +1030,149 @@ jb_err cgi_send_user_manual(struct client_state *csp, } freez(full_path); - /* Guess correct Content-Type based on the filename's ending */ - if (filename) - { - length = strlen(filename); - } - else - { - length = 0; - } - if((length>=4) && !strcmp(&filename[length-4], ".css")) - { - err = enlist(rsp->headers, "Content-Type: text/css"); - } - else if((length>=4) && !strcmp(&filename[length-4], ".jpg")) - { - err = enlist(rsp->headers, "Content-Type: image/jpeg"); - } - else - { - err = enlist(rsp->headers, "Content-Type: text/html"); - } + content_type = get_content_type(filename); + log_error(LOG_LEVEL_CGI, + "Content-Type guessed for %s: %s", filename, content_type); + + return enlist_unique_header(rsp->headers, "Content-Type", content_type); - return err; } +#ifdef FEATURE_EXTENDED_STATISTICS /********************************************************************* * - * Function : cgi_show_version + * Function : get_block_reason_statistics_table * - * Description : CGI function that returns a a web page describing the - * file versions of Privoxy. + * Description : Produces the block reason statistic table content. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) - * 2 : rsp = http_response data structure for output - * 3 : parameters = map of cgi parameters * - * CGI Parameters : none - * - * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * Returns : Pointer to the HTML statistic table content or + * NULL on out of memory * *********************************************************************/ -jb_err cgi_show_version(struct client_state *csp, - struct http_response *rsp, - const struct map *parameters) +static char *get_block_reason_statistics_table(const struct client_state *csp) { - struct map *exports; + char buf[BUFFER_SIZE]; + char *statistics; + int i; + struct file_list *fl; + jb_err err = JB_ERR_OK; - assert(csp); - assert(rsp); - assert(parameters); + statistics = strdup_or_die(""); - if (NULL == (exports = default_exports(csp, "show-version"))) + /* Run through all action files. */ + for (i = 0; i < MAX_AF_FILES; i++) { - return JB_ERR_MEMORY; + struct url_actions *b; + struct action_spec *last_action = NULL; + + if (((fl = csp->actions_list[i]) == NULL) || ((b = fl->f) == NULL)) + { + /* Skip empty files */ + continue; + } + + /* Go through all the actions. */ + for (b = b->next; NULL != b; b = b->next) + { + if (last_action == b->action) + { + continue; + } + if ((b->action->add & ACTION_BLOCK)) + { + unsigned long long count; + const char *block_reason = b->action->string[ACTION_STRING_BLOCK]; + const char *encoded_block_reason = html_encode(block_reason); + + if (encoded_block_reason == NULL) + { + freez(statistics); + return NULL; + } + get_block_reason_count(block_reason, &count); + snprintf(buf, sizeof(buf), + "%s%llu\n", + encoded_block_reason, count); + freez(encoded_block_reason); + + if (!err) err = string_append(&statistics, buf); + } + last_action = b->action; + } } - if (map(exports, "sourceversions", 1, show_rcs(), 0)) + return statistics; + +} + + +/********************************************************************* + * + * Function : get_filter_statistics_table + * + * Description : Produces the filter statistic table content. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : Pointer to the HTML statistic table content or + * NULL on out of memory + * + *********************************************************************/ +static char *get_filter_statistics_table(const struct client_state *csp) +{ + char buf[BUFFER_SIZE]; + char *statistics; + int i; + struct file_list *fl; + struct re_filterfile_spec *b; + jb_err err = JB_ERR_OK; + + statistics = strdup_or_die(""); + + for (i = 0; i < MAX_AF_FILES; i++) { - free_map(exports); - return JB_ERR_MEMORY; - } + fl = csp->rlist[i]; + if ((NULL == fl) || (NULL == fl->f)) + { + /* + * Either there are no filter files left or this + * filter file just contains no valid filters. + * + * Continue to be sure we don't miss valid filter + * files that are chained after empty or invalid ones. + */ + continue; + } + + for (b = fl->f; b != NULL; b = b->next) + { + if (b->type == FT_CONTENT_FILTER) + { + unsigned long long executions; + unsigned long long response_bodies_modified; + unsigned long long hits; + + get_filter_statistics(b->name, &executions, &response_bodies_modified, &hits); + snprintf(buf, sizeof(buf), + "%s%llu" + "%llu" + "%llu\n", + b->name, executions, response_bodies_modified, hits); + + if (!err) err = string_append(&statistics, buf); + } + } + } + + return statistics; - return template_fill_for_cgi(csp, "show-version", exports, rsp); } +#endif /* def FEATURE_EXTENDED_STATISTICS */ /********************************************************************* @@ -1193,7 +1196,7 @@ jb_err cgi_show_version(struct client_state *csp, * Default is to show menu and other information. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_show_status(struct client_state *csp, @@ -1239,7 +1242,7 @@ jb_err cgi_show_status(struct client_state *csp, if (!err) err = map(exports, "options", 1, csp->config->proxy_args, 1); if (!err) err = show_defines(exports); - if (err) + if (err) { free_map(exports); return JB_ERR_MEMORY; @@ -1281,10 +1284,39 @@ jb_err cgi_show_status(struct client_state *csp, } #else /* ndef FEATURE_STATISTICS */ - err = err || map_block_killer(exports, "statistics"); + if (!err) err = map_block_killer(exports, "statistics"); #endif /* ndef FEATURE_STATISTICS */ - - /* + +#ifdef FEATURE_EXTENDED_STATISTICS + if (!err) + { + char *block_reason_statistics = get_block_reason_statistics_table(csp); + if (block_reason_statistics != NULL) + { + err = map(exports, "block-reason-statistics", 1, block_reason_statistics, 0); + } + else + { + err = map_block_killer(exports, "extended-statistics"); + } + } + if (!err) + { + char *filter_statistics = get_filter_statistics_table(csp); + if (filter_statistics != NULL) + { + err = map(exports, "filter-statistics", 1, filter_statistics, 0); + } + else + { + err = map_block_killer(exports, "extended-statistics"); + } + } +#else /* ndef FEATURE_EXTENDED_STATISTICS */ + if (!err) err = map_block_killer(exports, "extended-statistics"); +#endif /* def FEATURE_EXTENDED_STATISTICS */ + + /* * List all action files in use, together with view and edit links, * except for standard.action, which should only be viewable. (Not * enforced in the editor itself) @@ -1298,19 +1330,18 @@ jb_err cgi_show_status(struct client_state *csp, if (!err) err = string_append(&s, ""); if (!err) err = string_join(&s, html_encode(csp->actions_list[i]->filename)); snprintf(buf, sizeof(buf), - "View", i); + "View", i); if (!err) err = string_append(&s, buf); #ifdef FEATURE_CGI_EDIT_ACTIONS if ((csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS) - && (NULL == strstr(csp->actions_list[i]->filename, "standard.action")) && (NULL != csp->config->actions_file_short[i])) { #ifdef HAVE_ACCESS if (access(csp->config->actions_file[i], W_OK) == 0) { #endif /* def HAVE_ACCESS */ - snprintf(buf, sizeof(buf), "  Edit", i); + snprintf(buf, sizeof(buf), "  Edit", i); if (!err) err = string_append(&s, buf); #ifdef HAVE_ACCESS } @@ -1325,16 +1356,17 @@ jb_err cgi_show_status(struct client_state *csp, if (!err) err = string_append(&s, "\n"); } } - if (*s != '\0') + if (!err && *s != '\0') { - if (!err) err = map(exports, "actions-filenames", 1, s, 0); + err = map(exports, "actions-filenames", 1, s, 0); } else { if (!err) err = map(exports, "actions-filenames", 1, "None specified", 1); + freez(s); } - /* + /* * List all re_filterfiles in use, together with view options. * FIXME: Shouldn't include hardwired HTML here, use line template instead! */ @@ -1345,20 +1377,21 @@ jb_err cgi_show_status(struct client_state *csp, { if (!err) err = string_append(&s, ""); if (!err) err = string_join(&s, html_encode(csp->rlist[i]->filename)); - snprintf(buf, 100, - "View", i); + snprintf(buf, sizeof(buf), + "View", i); if (!err) err = string_append(&s, buf); if (!err) err = string_append(&s, "\n"); } } - if (*s != '\0') + if (!err && *s != '\0') { - if (!err) err = map(exports, "re-filter-filenames", 1, s, 0); + err = map(exports, "re-filter-filenames", 1, s, 0); } else { if (!err) err = map(exports, "re-filter-filenames", 1, "None specified", 1); if (!err) err = map_block_killer(exports, "have-filterfile"); + freez(s); } #ifdef FEATURE_TRUST @@ -1382,6 +1415,8 @@ jb_err cgi_show_status(struct client_state *csp, } #endif /* ndef CGI_EDIT_ACTIONS */ + if (!err) err = map(exports, "force-prefix", 1, FORCE_PREFIX, 1); + if (err) { free_map(exports); @@ -1391,7 +1426,7 @@ jb_err cgi_show_status(struct client_state *csp, return template_fill_for_cgi(csp, "show-status", exports, rsp); } - + /********************************************************************* * * Function : cgi_show_url_info @@ -1412,7 +1447,7 @@ jb_err cgi_show_status(struct client_state *csp, * the template. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_show_url_info(struct client_state *csp, @@ -1435,12 +1470,7 @@ jb_err cgi_show_url_info(struct client_state *csp, /* * Get the url= parameter (if present) and remove any leading/trailing spaces. */ - url_param = strdup(lookup(parameters, "url")); - if (url_param == NULL) - { - free_map(exports); - return JB_ERR_MEMORY; - } + url_param = strdup_or_die(lookup(parameters, "url")); chomp(url_param); /* @@ -1448,7 +1478,7 @@ jb_err cgi_show_url_info(struct client_state *csp, * 1) "http://" or "https://" prefix present and followed by URL - OK * 2) Only the "http://" or "https://" part is present, no URL - change * to empty string so it will be detected later as "no URL". - * 3) Parameter specified but doesn't contain "http(s?)://" - add a + * 3) Parameter specified but doesn't start with "http(s?)://" - add a * "http://" prefix. * 4) Parameter not specified or is empty string - let this fall through * for now, next block of code will handle it. @@ -1459,7 +1489,7 @@ jb_err cgi_show_url_info(struct client_state *csp, { /* * Empty URL (just prefix). - * Make it totally empty so it's caught by the next if() + * Make it totally empty so it's caught by the next if () */ url_param[0] = '\0'; } @@ -1470,15 +1500,20 @@ jb_err cgi_show_url_info(struct client_state *csp, { /* * Empty URL (just prefix). - * Make it totally empty so it's caught by the next if() + * Make it totally empty so it's caught by the next if () */ url_param[0] = '\0'; } } - else if ((url_param[0] != '\0') && (NULL == strstr(url_param, "://"))) + else if ((url_param[0] != '\0') + && ((NULL == strstr(url_param, "://") + || (strstr(url_param, "://") > strstr(url_param, "/"))))) { - /* No prefix - assume http:// */ - char *url_param_prefixed = strdup("http://"); + /* + * No prefix or at least no prefix before + * the first slash - assume http:// + */ + char *url_param_prefixed = strdup_or_die("http://"); if (JB_ERR_OK != string_join(&url_param_prefixed, url_param)) { @@ -1498,13 +1533,14 @@ jb_err cgi_show_url_info(struct client_state *csp, map_block_killer(exports, "privoxy-is-toggled-off") ) { + freez(url_param); free_map(exports); return JB_ERR_MEMORY; } if (url_param[0] == '\0') { - /* URL paramater not specified, display query form only. */ + /* URL parameter not specified, display query form only. */ free(url_param); if (map_block_killer(exports, "url-given") || map(exports, "url", 1, "", 1)) @@ -1525,7 +1561,7 @@ jb_err cgi_show_url_info(struct client_state *csp, struct http_request url_to_query[1]; struct current_action_spec action[1]; int i; - + if (map(exports, "url", 1, html_encode(url_param), 0)) { free(url_param); @@ -1577,11 +1613,14 @@ jb_err cgi_show_url_info(struct client_state *csp, } /* - * We have a warning about SSL paths. Hide it for unencrypted sites. + * We have a warning about SSL paths. Hide it for unencrypted sites + * and unconditionally if https inspection is enabled. */ +#ifndef FEATURE_HTTPS_INSPECTION if (!url_to_query->ssl) +#endif { - if (map_block_killer(exports, "https")) + if (map_block_killer(exports, "https-and-no-https-inspection")) { free_current_action(action); free_map(exports); @@ -1590,7 +1629,7 @@ jb_err cgi_show_url_info(struct client_state *csp, } } - matches = strdup(""); + matches = strdup_or_die("
"); for (i = 0; i < MAX_AF_FILES; i++) { @@ -1721,6 +1760,9 @@ jb_err cgi_show_url_info(struct client_state *csp, case SOCKS_5: socks_type = "socks5"; break; + case SOCKS_5T: + socks_type = "socks5t"; + break; default: log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type); } @@ -1813,7 +1855,7 @@ jb_err cgi_show_url_info(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_robots_txt(struct client_state *csp, @@ -1823,7 +1865,10 @@ jb_err cgi_robots_txt(struct client_state *csp, char buf[100]; jb_err err; - rsp->body = strdup( + (void)csp; + (void)parameters; + + rsp->body = strdup_or_die( "# This is the Privoxy control interface.\n" "# It isn't very useful to index it, and you're likely to break stuff.\n" "# So go away!\n" @@ -1831,10 +1876,6 @@ jb_err cgi_robots_txt(struct client_state *csp, "User-agent: *\n" "Disallow: /\n" "\n"); - if (rsp->body == NULL) - { - return JB_ERR_MEMORY; - } err = enlist_unique(rsp->headers, "Content-Type: text/plain", 13); @@ -1851,208 +1892,246 @@ jb_err cgi_robots_txt(struct client_state *csp, * * Function : show_defines * - * Description : Add to a map the state od all conditional #defines + * Description : Add to a map the state of all conditional #defines * used when building * * Parameters : * 1 : exports = map to extend * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ static jb_err show_defines(struct map *exports) { jb_err err = JB_ERR_OK; + int i; + struct feature { + const char name[31]; + const unsigned char is_available; + }; + static const struct feature features[] = { + { + "FEATURE_64_BIT_TIME_T", +#if (SIZEOF_TIME_T == 8) + 1, +#else + 0, +#endif + }, + { + "FEATURE_ACCEPT_FILTER", +#ifdef FEATURE_ACCEPT_FILTER + 1, +#else + 0, +#endif + }, + { + "FEATURE_ACL", #ifdef FEATURE_ACL - if (!err) err = map_conditional(exports, "FEATURE_ACL", 1); -#else /* ifndef FEATURE_ACL */ - if (!err) err = map_conditional(exports, "FEATURE_ACL", 0); -#endif /* ndef FEATURE_ACL */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_BROTLI", +#ifdef FEATURE_BROTLI + 1, +#else + 0, +#endif + }, + { + "FEATURE_CGI_EDIT_ACTIONS", #ifdef FEATURE_CGI_EDIT_ACTIONS - if (!err) err = map_conditional(exports, "FEATURE_CGI_EDIT_ACTIONS", 1); -#else /* ifndef FEATURE_CGI_EDIT_ACTIONS */ - if (!err) err = map_conditional(exports, "FEATURE_CGI_EDIT_ACTIONS", 0); -#endif /* ndef FEATURE_CGI_EDIT_ACTIONS */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_CLIENT_TAGS", +#ifdef FEATURE_CLIENT_TAGS + 1, +#else + 0, +#endif + }, + { + "FEATURE_COMPRESSION", +#ifdef FEATURE_COMPRESSION + 1, +#else + 0, +#endif + }, + { + "FEATURE_CONNECTION_KEEP_ALIVE", +#ifdef FEATURE_CONNECTION_KEEP_ALIVE + 1, +#else + 0, +#endif + }, + { + "FEATURE_CONNECTION_SHARING", +#ifdef FEATURE_CONNECTION_SHARING + 1, +#else + 0, +#endif + }, + { + "FEATURE_EXTERNAL_FILTERS", +#ifdef FEATURE_EXTERNAL_FILTERS + 1, +#else + 0, +#endif + }, + { + "FEATURE_FAST_REDIRECTS", #ifdef FEATURE_FAST_REDIRECTS - if (!err) err = map_conditional(exports, "FEATURE_FAST_REDIRECTS", 1); -#else /* ifndef FEATURE_FAST_REDIRECTS */ - if (!err) err = map_conditional(exports, "FEATURE_FAST_REDIRECTS", 0); -#endif /* ndef FEATURE_FAST_REDIRECTS */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_FORCE_LOAD", #ifdef FEATURE_FORCE_LOAD - if (!err) err = map_conditional(exports, "FEATURE_FORCE_LOAD", 1); - if (!err) err = map(exports, "FORCE_PREFIX", 1, FORCE_PREFIX, 1); -#else /* ifndef FEATURE_FORCE_LOAD */ - if (!err) err = map_conditional(exports, "FEATURE_FORCE_LOAD", 0); - if (!err) err = map(exports, "FORCE_PREFIX", 1, "(none - disabled)", 1); -#endif /* ndef FEATURE_FORCE_LOAD */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_GRACEFUL_TERMINATION", #ifdef FEATURE_GRACEFUL_TERMINATION - if (!err) err = map_conditional(exports, "FEATURE_GRACEFUL_TERMINATION", 1); -#else /* ifndef FEATURE_GRACEFUL_TERMINATION */ - if (!err) err = map_conditional(exports, "FEATURE_GRACEFUL_TERMINATION", 0); -#endif /* ndef FEATURE_GRACEFUL_TERMINATION */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_HTTPS_INSPECTION", +#ifdef FEATURE_HTTPS_INSPECTION + 1, +#else + 0, +#endif + }, + { + "FEATURE_IMAGE_BLOCKING", #ifdef FEATURE_IMAGE_BLOCKING - if (!err) err = map_conditional(exports, "FEATURE_IMAGE_BLOCKING", 1); -#else /* ifndef FEATURE_IMAGE_BLOCKING */ - if (!err) err = map_conditional(exports, "FEATURE_IMAGE_BLOCKING", 0); -#endif /* ndef FEATURE_IMAGE_BLOCKING */ - -#ifdef FEATURE_IMAGE_DETECT_MSIE - if (!err) err = map_conditional(exports, "FEATURE_IMAGE_DETECT_MSIE", 1); -#else /* ifndef FEATURE_IMAGE_DETECT_MSIE */ - if (!err) err = map_conditional(exports, "FEATURE_IMAGE_DETECT_MSIE", 0); -#endif /* ndef FEATURE_IMAGE_DETECT_MSIE */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_IPV6_SUPPORT", +#ifdef HAVE_RFC2553 + 1, +#else + 0, +#endif + }, + { + "FEATURE_NO_GIFS", #ifdef FEATURE_NO_GIFS - if (!err) err = map_conditional(exports, "FEATURE_NO_GIFS", 1); -#else /* ifndef FEATURE_NO_GIFS */ - if (!err) err = map_conditional(exports, "FEATURE_NO_GIFS", 0); -#endif /* ndef FEATURE_NO_GIFS */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_PTHREAD", #ifdef FEATURE_PTHREAD - if (!err) err = map_conditional(exports, "FEATURE_PTHREAD", 1); -#else /* ifndef FEATURE_PTHREAD */ - if (!err) err = map_conditional(exports, "FEATURE_PTHREAD", 0); -#endif /* ndef FEATURE_PTHREAD */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_STATISTICS", #ifdef FEATURE_STATISTICS - if (!err) err = map_conditional(exports, "FEATURE_STATISTICS", 1); -#else /* ifndef FEATURE_STATISTICS */ - if (!err) err = map_conditional(exports, "FEATURE_STATISTICS", 0); -#endif /* ndef FEATURE_STATISTICS */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_STRPTIME_SANITY_CHECKS", +#ifdef FEATURE_STRPTIME_SANITY_CHECKS + 1, +#else + 0, +#endif + }, + { + "FEATURE_TOGGLE", #ifdef FEATURE_TOGGLE - if (!err) err = map_conditional(exports, "FEATURE_TOGGLE", 1); -#else /* ifndef FEATURE_TOGGLE */ - if (!err) err = map_conditional(exports, "FEATURE_TOGGLE", 0); -#endif /* ndef FEATURE_TOGGLE */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_TRUST", #ifdef FEATURE_TRUST - if (!err) err = map_conditional(exports, "FEATURE_TRUST", 1); -#else /* ifndef FEATURE_TRUST */ - if (!err) err = map_conditional(exports, "FEATURE_TRUST", 0); -#endif /* ndef FEATURE_TRUST */ - + 1, +#else + 0, +#endif + }, + { + "FEATURE_ZLIB", #ifdef FEATURE_ZLIB - if (!err) err = map_conditional(exports, "FEATURE_ZLIB", 1); -#else /* ifndef FEATURE_ZLIB */ - if (!err) err = map_conditional(exports, "FEATURE_ZLIB", 0); -#endif /* ndef FEATURE_ZLIB */ - -#ifdef STATIC_PCRE - if (!err) err = map_conditional(exports, "STATIC_PCRE", 1); -#else /* ifndef STATIC_PCRE */ - if (!err) err = map_conditional(exports, "STATIC_PCRE", 0); -#endif /* ndef STATIC_PCRE */ - -#ifdef STATIC_PCRS - if (!err) err = map_conditional(exports, "STATIC_PCRS", 1); -#else /* ifndef STATIC_PCRS */ - if (!err) err = map_conditional(exports, "STATIC_PCRS", 0); -#endif /* ndef STATIC_PCRS */ - - return err; -} - - -/********************************************************************* - * - * Function : show_rcs - * - * Description : Create a string with the rcs info for all sourcefiles - * - * Parameters : None - * - * Returns : A string, or NULL on out-of-memory. - * - *********************************************************************/ -static char *show_rcs(void) -{ - char *result = strdup(""); - char buf[BUFFER_SIZE]; + 1, +#else + 0, +#endif + }, + { + "FEATURE_DYNAMIC_PCRE", +#ifdef FEATURE_DYNAMIC_PCRE + 1, +#else + 0, +#endif + }, + { + "FEATURE_EXTENDED_STATISTICS", +#ifdef FEATURE_EXTENDED_STATISTICS + 1, +#else + 0, +#endif + }, + { + "FEATURE_PCRE_HOST_PATTERNS", +#ifdef FEATURE_PCRE_HOST_PATTERNS + 1, +#else + 0, +#endif + } + }; - /* Instead of including *all* dot h's in the project (thus creating a - * tremendous amount of dependencies), I will concede to declaring them - * as extern's. This forces the developer to add to this list, but oh well. - */ + for (i = 0; i < SZ(features); i++) + { + err = map_conditional(exports, features[i].name, features[i].is_available); + if (err) + { + break; + } + } -#define SHOW_RCS(__x) \ - { \ - extern const char __x[]; \ - snprintf(buf, sizeof(buf), " %s\n", __x); \ - string_append(&result, buf); \ - } - - /* In alphabetical order */ - SHOW_RCS(actions_h_rcs) - SHOW_RCS(actions_rcs) -#ifdef AMIGA - SHOW_RCS(amiga_h_rcs) - SHOW_RCS(amiga_rcs) -#endif /* def AMIGA */ - SHOW_RCS(cgi_h_rcs) - SHOW_RCS(cgi_rcs) -#ifdef FEATURE_CGI_EDIT_ACTIONS - SHOW_RCS(cgiedit_h_rcs) - SHOW_RCS(cgiedit_rcs) -#endif /* def FEATURE_CGI_EDIT_ACTIONS */ - SHOW_RCS(cgisimple_h_rcs) - SHOW_RCS(cgisimple_rcs) -#ifdef __MINGW32__ - SHOW_RCS(cygwin_h_rcs) -#endif - SHOW_RCS(deanimate_h_rcs) - SHOW_RCS(deanimate_rcs) - SHOW_RCS(encode_h_rcs) - SHOW_RCS(encode_rcs) - SHOW_RCS(errlog_h_rcs) - SHOW_RCS(errlog_rcs) - SHOW_RCS(filters_h_rcs) - SHOW_RCS(filters_rcs) - SHOW_RCS(gateway_h_rcs) - SHOW_RCS(gateway_rcs) - SHOW_RCS(jbsockets_h_rcs) - SHOW_RCS(jbsockets_rcs) - SHOW_RCS(jcc_h_rcs) - SHOW_RCS(jcc_rcs) - SHOW_RCS(list_h_rcs) - SHOW_RCS(list_rcs) - SHOW_RCS(loadcfg_h_rcs) - SHOW_RCS(loadcfg_rcs) - SHOW_RCS(loaders_h_rcs) - SHOW_RCS(loaders_rcs) - SHOW_RCS(miscutil_h_rcs) - SHOW_RCS(miscutil_rcs) - SHOW_RCS(parsers_h_rcs) - SHOW_RCS(parsers_rcs) - SHOW_RCS(pcrs_rcs) - SHOW_RCS(pcrs_h_rcs) - SHOW_RCS(project_h_rcs) - SHOW_RCS(ssplit_h_rcs) - SHOW_RCS(ssplit_rcs) - SHOW_RCS(urlmatch_h_rcs) - SHOW_RCS(urlmatch_rcs) -#ifdef _WIN32 -#ifndef _WIN_CONSOLE - SHOW_RCS(w32log_h_rcs) - SHOW_RCS(w32log_rcs) - SHOW_RCS(w32res_h_rcs) - SHOW_RCS(w32taskbar_h_rcs) - SHOW_RCS(w32taskbar_rcs) -#endif /* ndef _WIN_CONSOLE */ - SHOW_RCS(win32_h_rcs) - SHOW_RCS(win32_rcs) -#endif /* def _WIN32 */ - -#undef SHOW_RCS - - return result; + return err; } @@ -2078,7 +2157,7 @@ static char *show_rcs(void) * Default is to show menu and other information. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ static jb_err cgi_show_file(struct client_state *csp, @@ -2135,8 +2214,8 @@ static jb_err cgi_show_file(struct client_state *csp, return JB_ERR_MEMORY; } - if ( map(exports, "file-description", 1, file_description, 1) - || map(exports, "filepath", 1, html_encode(filename), 0) ) + if (map(exports, "file-description", 1, file_description, 1) + || map(exports, "filepath", 1, html_encode(filename), 0)) { free_map(exports); return JB_ERR_MEMORY; @@ -2156,6 +2235,7 @@ static jb_err cgi_show_file(struct client_state *csp, s = html_encode_and_free_original(s); if (NULL == s) { + free_map(exports); return JB_ERR_MEMORY; } @@ -2172,7 +2252,7 @@ static jb_err cgi_show_file(struct client_state *csp, return JB_ERR_CGI_PARAMS; } - + /********************************************************************* * * Function : load_file @@ -2193,12 +2273,13 @@ static jb_err cgi_show_file(struct client_state *csp, static jb_err load_file(const char *filename, char **buffer, size_t *length) { FILE *fp; - int ret; + long ret; jb_err err = JB_ERR_OK; fp = fopen(filename, "rb"); if (NULL == fp) { + log_error(LOG_LEVEL_ERROR, "Failed to open %s: %E", filename); return JB_ERR_FILE; } @@ -2226,19 +2307,18 @@ static jb_err load_file(const char *filename, char **buffer, size_t *length) filename); } - *buffer = (char *)zalloc(*length + 1); - if (NULL == *buffer) - { - err = JB_ERR_MEMORY; - } - else if (!fread(*buffer, *length, 1, fp)) + *buffer = zalloc_or_die(*length + 1); + + if (1 != fread(*buffer, *length, 1, fp)) { /* - * May happen if the file size changes between fseek() and - * fread(). If it does, we just log it and serve what we got. + * May theoretically happen if the file size changes between + * fseek() and fread() because it's edited in-place. Privoxy + * and common text editors don't do that, thus we just fail. */ log_error(LOG_LEVEL_ERROR, "Couldn't completely read file %s.", filename); + freez(*buffer); err = JB_ERR_FILE; }