X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=cgisimple.c;h=641379606a11c7a097af942a44b05e0f5bc6682b;hp=bc0131b74d6e1b9b550bf7b876c6b66709707992;hb=2bd9da82bd20174e904cae1cce5f19cdfb14fa96;hpb=fc38802c68b57157c6e3c763d15dbd9f8e85e170
diff --git a/cgisimple.c b/cgisimple.c
index bc0131b7..64137960 100644
--- a/cgisimple.c
+++ b/cgisimple.c
@@ -1,4 +1,4 @@
-const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.6 2001/10/14 22:00:32 jongfoster Exp $";
+const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.9 2001/11/30 23:09:15 jongfoster Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgisimple.c,v $
@@ -36,6 +36,26 @@ const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.6 2001/10/14 22:00:32 jongfos
*
* Revisions :
* $Log: cgisimple.c,v $
+ * Revision 1.9 2001/11/30 23:09:15 jongfoster
+ * Now reports on FEATURE_CGI_EDIT_ACTIONS
+ * Removing FEATURE_DENY_GZIP from template
+ *
+ * Revision 1.8 2001/11/13 00:14:07 jongfoster
+ * Fixing stupid bug now I've figured out what || means.
+ * (It always returns 0 or 1, not one of it's paramaters.)
+ *
+ * Revision 1.7 2001/10/23 21:48:19 jongfoster
+ * Cleaning up error handling in CGI functions - they now send back
+ * a HTML error page and should never cause a FATAL error. (Fixes one
+ * potential source of "denial of service" attacks).
+ *
+ * CGI actions file editor that works and is actually useful.
+ *
+ * Ability to toggle JunkBuster remotely using a CGI call.
+ *
+ * You can turn off both the above features in the main configuration
+ * file, e.g. if you are running a multi-user proxy.
+ *
* Revision 1.6 2001/10/14 22:00:32 jongfoster
* Adding support for a 404 error when an invalid CGI page is requested.
*
@@ -82,6 +102,7 @@ const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.6 2001/10/14 22:00:32 jongfos
#include "miscutil.h"
#include "loadcfg.h"
#include "parsers.h"
+#include "urlmatch.h"
const char cgisimple_h_rcs[] = CGISIMPLE_H_VERSION;
@@ -509,7 +530,7 @@ jb_err cgi_show_status(struct client_state *csp,
}
err = map(exports, "options", 1, csp->config->proxy_args, 1);
- err = err || show_defines(exports);
+ if (!err) err = show_defines(exports);
#ifdef FEATURE_STATISTICS
local_urls_read = urls_read;
@@ -527,23 +548,23 @@ jb_err cgi_show_status(struct client_state *csp,
if (local_urls_read == 0)
{
- err = err || map_block_killer(exports, "have-stats");
+ if (!err) err = map_block_killer(exports, "have-stats");
}
else
{
- err = err || map_block_killer(exports, "have-no-stats");
+ if (!err) err = map_block_killer(exports, "have-no-stats");
perc_rej = (float)local_urls_rejected * 100.0F /
(float)local_urls_read;
sprintf(buf, "%d", local_urls_read);
- err = err || map(exports, "requests-received", 1, buf, 1);
+ if (!err) err = map(exports, "requests-received", 1, buf, 1);
sprintf(buf, "%d", local_urls_rejected);
- err = err || map(exports, "requests-blocked", 1, buf, 1);
+ if (!err) err = map(exports, "requests-blocked", 1, buf, 1);
sprintf(buf, "%6.2f", perc_rej);
- err = err || map(exports, "percent-blocked", 1, buf, 1);
+ if (!err) err = map(exports, "percent-blocked", 1, buf, 1);
}
#else /* ndef FEATURE_STATISTICS */
@@ -552,33 +573,33 @@ jb_err cgi_show_status(struct client_state *csp,
if (csp->actions_list)
{
- err = err || map(exports, "actions-filename", 1, csp->actions_list->filename, 1);
+ if (!err) err = map(exports, "actions-filename", 1, csp->actions_list->filename, 1);
}
else
{
- err = err || map(exports, "actions-filename", 1, "None specified", 1);
+ if (!err) err = map(exports, "actions-filename", 1, "None specified", 1);
}
if (csp->rlist)
{
- err = err || map(exports, "re-filter-filename", 1, csp->rlist->filename, 1);
+ if (!err) err = map(exports, "re-filter-filename", 1, csp->rlist->filename, 1);
}
else
{
- err = err || map(exports, "re-filter-filename", 1, "None specified", 1);
+ if (!err) err = map(exports, "re-filter-filename", 1, "None specified", 1);
}
#ifdef FEATURE_TRUST
if (csp->tlist)
{
- err = err || map(exports, "trust-filename", 1, csp->tlist->filename, 1);
+ if (!err) err = map(exports, "trust-filename", 1, csp->tlist->filename, 1);
}
else
{
- err = err || map(exports, "trust-filename", 1, "None specified", 1);
+ if (!err) err = map(exports, "trust-filename", 1, "None specified", 1);
}
#else
- err = err || map_block_killer(exports, "trust-support");
+ if (!err) err = map_block_killer(exports, "trust-support");
#endif /* ndef FEATURE_TRUST */
if (err)
@@ -618,7 +639,7 @@ jb_err cgi_show_url_info(struct client_state *csp,
struct http_response *rsp,
const struct map *parameters)
{
- const char *url_param_const;
+ char *url_param;
char *host = NULL;
struct map *exports;
@@ -631,9 +652,72 @@ jb_err cgi_show_url_info(struct client_state *csp,
return JB_ERR_MEMORY;
}
- url_param_const = lookup(parameters, "url");
- if (*url_param_const == '\0')
+ /*
+ * Get the url= parameter (if present) and remove any leading/trailing spaces.
+ */
+ url_param = strdup(lookup(parameters, "url"));
+ if (url_param == NULL)
+ {
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+ chomp(url_param);
+
+ /*
+ * Handle prefixes. 4 possibilities:
+ * 1) "http://" or "https://" prefix present and followed by URL - OK
+ * 2) Only the "http://" or "https://" part is present, no URL - change
+ * to empty string so it will be detected later as "no URL".
+ * 3) Parameter specified but doesn't contain "http(s?)://" - add a
+ * "http://" prefix.
+ * 4) Parameter not specified or is empty string - let this fall through
+ * for now, next block of code will handle it.
+ */
+ if (0 == strncmp(url_param, "http://", 7))
{
+ if (url_param[7] == '\0')
+ {
+ /*
+ * Empty URL (just prefix).
+ * Make it totally empty so it's caught by the next if()
+ */
+ url_param[0] = '\0';
+ }
+ }
+ else if (0 == strncmp(url_param, "https://", 8))
+ {
+ if (url_param[8] == '\0')
+ {
+ /*
+ * Empty URL (just prefix).
+ * Make it totally empty so it's caught by the next if()
+ */
+ url_param[0] = '\0';
+ }
+ }
+ else if (url_param[0] != '\0')
+ {
+ /*
+ * Unknown prefix - assume http://
+ */
+ char * url_param_prefixed = malloc(7 + 1 + strlen(url_param));
+ if (NULL == url_param_prefixed)
+ {
+ free(url_param);
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+ strcpy(url_param_prefixed, "http://");
+ strcpy(url_param_prefixed + 7, url_param);
+ free(url_param);
+ url_param = url_param_prefixed;
+ }
+
+
+ if (url_param[0] == '\0')
+ {
+ /* URL paramater not specified, display query form only. */
+ free(url_param);
if (map_block_killer(exports, "url-given")
|| map(exports, "url", 1, "", 1))
{
@@ -643,28 +727,17 @@ jb_err cgi_show_url_info(struct client_state *csp,
}
else
{
- char *url_param;
+ /* Given a URL, so query it. */
+ jb_err err;
char *matches;
- char *path;
char *s;
- int port = 80;
int hits = 0;
struct file_list *fl;
struct url_actions *b;
- struct url_spec url[1];
+ struct http_request url_to_query[1];
struct current_action_spec action[1];
- if (NULL == (url_param = strdup(url_param_const)))
- {
- free_map(exports);
- return JB_ERR_MEMORY;
- }
-
- host = url_param;
- host += (strncmp(url_param, "http://", 7)) ? 0 : 7;
-
- if (map(exports, "url", 1, host, 1)
- || map(exports, "url-html", 1, html_encode(host), 0))
+ if (map(exports, "url", 1, html_encode(url_param), 0))
{
free(url_param);
free_map(exports);
@@ -673,8 +746,7 @@ jb_err cgi_show_url_info(struct client_state *csp,
init_current_action(action);
- s = current_action_to_text(action);
- if (map(exports, "default", 1, s , 0))
+ if (map(exports, "default", 1, current_action_to_text(action), 0))
{
free_current_action(action);
free(url_param);
@@ -684,10 +756,8 @@ jb_err cgi_show_url_info(struct client_state *csp,
if (((fl = csp->actions_list) == NULL) || ((b = fl->f) == NULL))
{
- jb_err err;
-
- err = map(exports, "matches", 1, "none" , 1)
- || map(exports, "final", 1, lookup(exports, "default"), 1);
+ err = map(exports, "matches", 1, "none" , 1);
+ if (!err) err = map(exports, "final", 1, lookup(exports, "default"), 1);
free_current_action(action);
free(url_param);
@@ -701,44 +771,23 @@ jb_err cgi_show_url_info(struct client_state *csp,
return template_fill_for_cgi(csp, "show-url-info", exports, rsp);
}
- s = strchr(host, '/');
- if (s != NULL)
- {
- path = strdup(s);
- *s = '\0';
- }
- else
- {
- path = strdup("");
- }
- if (NULL == path)
+ err = parse_http_url(url_param, url_to_query, csp);
+
+ free(url_param);
+
+ if (err == JB_ERR_MEMORY)
{
free_current_action(action);
- free(url_param);
free_map(exports);
return JB_ERR_MEMORY;
}
-
- s = strchr(host, ':');
- if (s != NULL)
+ else if (err)
{
- *s++ = '\0';
- port = atoi(s);
- s = NULL;
- }
+ /* Invalid URL */
- *url = dsplit(host);
+ err = map(exports, "matches", 1, "[Invalid URL specified!]" , 1);
+ if (!err) err = map(exports, "final", 1, lookup(exports, "default"), 1);
- /* if splitting the domain fails, punt */
- if (url->dbuf == NULL)
- {
- jb_err err;
-
- err = map(exports, "matches", 1, "none" , 1)
- || map(exports, "final", 1, lookup(exports, "default"), 1);
-
- freez(url_param);
- freez(path);
free_current_action(action);
if (err)
@@ -750,53 +799,47 @@ jb_err cgi_show_url_info(struct client_state *csp,
return template_fill_for_cgi(csp, "show-url-info", exports, rsp);
}
+ /*
+ * We have a warning about SSL paths. Hide it for insecure sites.
+ */
+ if (!url_to_query->ssl)
+ {
+ if (map_block_killer(exports, "https"))
+ {
+ free_current_action(action);
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+ }
+
matches = strdup("");
for (b = b->next; NULL != b; b = b->next)
{
- if ((b->url->port == 0) || (b->url->port == port))
+ if (url_match(b->url, url_to_query))
{
- if ((b->url->domain[0] == '\0') || (domaincmp(b->url, url) == 0))
+ s = actions_to_text(b->action);
+ if (s == NULL)
{
- if ((b->url->path == NULL) ||
-#ifdef REGEX
- (regexec(b->url->preg, path, 0, NULL, 0) == 0)
-#else
- (strncmp(b->url->path, path, b->url->pathlen) == 0)
-#endif
- )
- {
- s = actions_to_text(b->action);
- if (s == NULL)
- {
- freez(url->dbuf);
- freez(url->dvec);
-
- free(url_param);
- free(path);
- free_current_action(action);
- free_map(exports);
- return JB_ERR_MEMORY;
- }
- string_append(&matches, "{");
- string_append(&matches, s);
- string_append(&matches, " }
\n");
- string_append(&matches, b->url->spec);
- string_append(&matches, "
\n
\n");
- free(s);
-
- merge_current_action(action, b->action); /* FIXME: Add error checking */
- hits++;
- }
+ free_http_request(url_to_query);
+ free(url_param);
+ free_current_action(action);
+ free_map(exports);
+ return JB_ERR_MEMORY;
}
+ string_append(&matches, "{");
+ string_append(&matches, s);
+ string_append(&matches, " }
\n");
+ string_append(&matches, b->url->spec);
+ string_append(&matches, "
\n
\n");
+ free(s);
+
+ merge_current_action(action, b->action); /* FIXME: Add error checking */
+ hits++;
}
}
- freez(url->dbuf);
- freez(url->dvec);
-
- free(url_param);
- free(path);
+ free_http_request(url_to_query);
if (matches == NULL)
{
@@ -874,7 +917,7 @@ jb_err cgi_robots_txt(struct client_state *csp,
rsp->is_static = 1;
get_http_time(7 * 24 * 60 * 60, buf); /* 7 days into future */
- err = err || enlist_unique_header(rsp->headers, "Expires", buf);
+ if (!err) err = enlist_unique_header(rsp->headers, "Expires", buf);
return (err ? JB_ERR_MEMORY : JB_ERR_OK);
}
@@ -899,96 +942,102 @@ static jb_err show_defines(struct map *exports)
jb_err err = JB_ERR_OK;
#ifdef FEATURE_ACL
- err = err || map_conditional(exports, "FEATURE_ACL", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_ACL", 1);
#else /* ifndef FEATURE_ACL */
- err = err || map_conditional(exports, "FEATURE_ACL", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_ACL", 0);
#endif /* ndef FEATURE_ACL */
+#ifdef FEATURE_CGI_EDIT_ACTIONS
+ if (!err) err = map_conditional(exports, "FEATURE_CGI_EDIT_ACTIONS", 1);
+#else /* ifndef FEATURE_COOKIE_JAR */
+ if (!err) err = map_conditional(exports, "FEATURE_CGI_EDIT_ACTIONS", 0);
+#endif /* ndef FEATURE_COOKIE_JAR */
+
#ifdef FEATURE_COOKIE_JAR
- err = err || map_conditional(exports, "FEATURE_COOKIE_JAR", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_COOKIE_JAR", 1);
#else /* ifndef FEATURE_COOKIE_JAR */
- err = err || map_conditional(exports, "FEATURE_COOKIE_JAR", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_COOKIE_JAR", 0);
#endif /* ndef FEATURE_COOKIE_JAR */
#ifdef FEATURE_FAST_REDIRECTS
- err = err || map_conditional(exports, "FEATURE_FAST_REDIRECTS", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_FAST_REDIRECTS", 1);
#else /* ifndef FEATURE_FAST_REDIRECTS */
- err = err || map_conditional(exports, "FEATURE_FAST_REDIRECTS", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_FAST_REDIRECTS", 0);
#endif /* ndef FEATURE_FAST_REDIRECTS */
#ifdef FEATURE_FORCE_LOAD
- err = err || map_conditional(exports, "FEATURE_FORCE_LOAD", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_FORCE_LOAD", 1);
#else /* ifndef FEATURE_FORCE_LOAD */
- err = err || map_conditional(exports, "FEATURE_FORCE_LOAD", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_FORCE_LOAD", 0);
#endif /* ndef FEATURE_FORCE_LOAD */
#ifdef FEATURE_IMAGE_BLOCKING
- err = err || map_conditional(exports, "FEATURE_IMAGE_BLOCKING", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_IMAGE_BLOCKING", 1);
#else /* ifndef FEATURE_IMAGE_BLOCKING */
- err = err || map_conditional(exports, "FEATURE_IMAGE_BLOCKING", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_IMAGE_BLOCKING", 0);
#endif /* ndef FEATURE_IMAGE_BLOCKING */
#ifdef FEATURE_IMAGE_DETECT_MSIE
- err = err || map_conditional(exports, "FEATURE_IMAGE_DETECT_MSIE", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_IMAGE_DETECT_MSIE", 1);
#else /* ifndef FEATURE_IMAGE_DETECT_MSIE */
- err = err || map_conditional(exports, "FEATURE_IMAGE_DETECT_MSIE", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_IMAGE_DETECT_MSIE", 0);
#endif /* ndef FEATURE_IMAGE_DETECT_MSIE */
#ifdef FEATURE_KILL_POPUPS
- err = err || map_conditional(exports, "FEATURE_KILL_POPUPS", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_KILL_POPUPS", 1);
#else /* ifndef FEATURE_KILL_POPUPS */
- err = err || map_conditional(exports, "FEATURE_KILL_POPUPS", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_KILL_POPUPS", 0);
#endif /* ndef FEATURE_KILL_POPUPS */
#ifdef FEATURE_PTHREAD
- err = err || map_conditional(exports, "FEATURE_PTHREAD", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_PTHREAD", 1);
#else /* ifndef FEATURE_PTHREAD */
- err = err || map_conditional(exports, "FEATURE_PTHREAD", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_PTHREAD", 0);
#endif /* ndef FEATURE_PTHREAD */
#ifdef FEATURE_STATISTICS
- err = err || map_conditional(exports, "FEATURE_STATISTICS", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_STATISTICS", 1);
#else /* ifndef FEATURE_STATISTICS */
- err = err || map_conditional(exports, "FEATURE_STATISTICS", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_STATISTICS", 0);
#endif /* ndef FEATURE_STATISTICS */
#ifdef FEATURE_TOGGLE
- err = err || map_conditional(exports, "FEATURE_TOGGLE", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_TOGGLE", 1);
#else /* ifndef FEATURE_TOGGLE */
- err = err || map_conditional(exports, "FEATURE_TOGGLE", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_TOGGLE", 0);
#endif /* ndef FEATURE_TOGGLE */
#ifdef FEATURE_TRUST
- err = err || map_conditional(exports, "FEATURE_TRUST", 1);
+ if (!err) err = map_conditional(exports, "FEATURE_TRUST", 1);
#else /* ifndef FEATURE_TRUST */
- err = err || map_conditional(exports, "FEATURE_TRUST", 0);
+ if (!err) err = map_conditional(exports, "FEATURE_TRUST", 0);
#endif /* ndef FEATURE_TRUST */
#ifdef REGEX_GNU
- err = err || map_conditional(exports, "REGEX_GNU", 1);
+ if (!err) err = map_conditional(exports, "REGEX_GNU", 1);
#else /* ifndef REGEX_GNU */
- err = err || map_conditional(exports, "REGEX_GNU", 0);
+ if (!err) err = map_conditional(exports, "REGEX_GNU", 0);
#endif /* def REGEX_GNU */
#ifdef REGEX_PCRE
- err = err || map_conditional(exports, "REGEX_PCRE", 1);
+ if (!err) err = map_conditional(exports, "REGEX_PCRE", 1);
#else /* ifndef REGEX_PCRE */
- err = err || map_conditional(exports, "REGEX_PCRE", 0);
+ if (!err) err = map_conditional(exports, "REGEX_PCRE", 0);
#endif /* def REGEX_PCRE */
#ifdef STATIC_PCRE
- err = err || map_conditional(exports, "STATIC_PCRE", 1);
+ if (!err) err = map_conditional(exports, "STATIC_PCRE", 1);
#else /* ifndef STATIC_PCRE */
- err = err || map_conditional(exports, "STATIC_PCRE", 0);
+ if (!err) err = map_conditional(exports, "STATIC_PCRE", 0);
#endif /* ndef STATIC_PCRE */
#ifdef STATIC_PCRS
- err = err || map_conditional(exports, "STATIC_PCRS", 1);
+ if (!err) err = map_conditional(exports, "STATIC_PCRS", 1);
#else /* ifndef STATIC_PCRS */
- err = err || map_conditional(exports, "STATIC_PCRS", 0);
+ if (!err) err = map_conditional(exports, "STATIC_PCRS", 0);
#endif /* ndef STATIC_PCRS */
- err = err || map(exports, "FORCE_PREFIX", 1, FORCE_PREFIX, 1);
+ if (!err) err = map(exports, "FORCE_PREFIX", 1, FORCE_PREFIX, 1);
return err;
}