X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=cgisimple.c;h=79ec6216da403489352f36e8d3a501b245964019;hp=a60de9b84840ff4accf16d560972b6f430791560;hb=ee95da23c1c8eb6dd19edf6f0474b750638db580;hpb=7cc74c8124cd3aaa00a01a17c591eee9a18d0a64 diff --git a/cgisimple.c b/cgisimple.c index a60de9b8..79ec6216 100644 --- a/cgisimple.c +++ b/cgisimple.c @@ -1,22 +1,19 @@ -const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.95 2009/09/06 14:18:35 fabiankeil Exp $"; +const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.119 2013/01/25 21:52:02 david__schmidt Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgisimple.c,v $ * * Purpose : Simple CGIs to get information about Privoxy's * status. - * - * Functions declared include: - * * - * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge + * Copyright : Written by and Copyright (C) 2001-2013 the * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and + * by and Copyright (C) 1997 Anonymous Coders and * Junkbusters Corporation. http://www.junkbusters.com * - * This program is free software; you can redistribute it + * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General * Public License as published by the Free Software * Foundation; either version 2 of the License, or (at @@ -46,9 +43,9 @@ const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.95 2009/09/06 14:18:35 fabian #include #include -#ifdef HAVE_ACCESS +#if defined (HAVE_ACCESS) && defined (HAVE_UNISTD_H) #include -#endif /* def HAVE_ACCESS */ +#endif /* def HAVE_ACCESS && HAVE_UNISTD_H */ #include "project.h" #include "cgi.h" @@ -80,7 +77,7 @@ static jb_err load_file(const char *filename, char **buffer, size_t *length); * Description : CGI function that is called for the CGI_SITE_1_HOST * and CGI_SITE_2_HOST/CGI_SITE_2_PATH base URLs. * Boring - only exports the default exports. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -118,7 +115,7 @@ jb_err cgi_default(struct client_state *csp, * * Description : CGI function that is called if an unknown action was * given. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -127,7 +124,7 @@ jb_err cgi_default(struct client_state *csp, * CGI Parameters : none * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_error_404(struct client_state *csp, @@ -165,7 +162,7 @@ jb_err cgi_error_404(struct client_state *csp, * NOTE: Turning this on in a production build * would be a BAD idea. An EXTREMELY BAD idea. * In short, don't do it. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -174,13 +171,27 @@ jb_err cgi_error_404(struct client_state *csp, * CGI Parameters : none * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_die (struct client_state *csp, struct http_response *rsp, const struct map *parameters) { + static const char status[] = "200 OK Privoxy shutdown request received"; + static const char body[] = + "\n" + "\n" + " Privoxy shutdown request received\n" + " \n" + " \n" + "\n" + "\n" + "

Privoxy shutdown request received

\n" + "

Privoxy is going to shut down after the next request.

\n" + "\n" + "\n"; + assert(csp); assert(rsp); assert(parameters); @@ -188,12 +199,21 @@ jb_err cgi_die (struct client_state *csp, /* quit */ g_terminate = 1; - /* - * I don't really care what gets sent back to the browser. - * Take the easy option - "out of memory" page. - */ + csp->flags &= ~CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE; + + rsp->content_length = 0; + rsp->head_length = 0; + rsp->is_static = 0; - return JB_ERR_MEMORY; + rsp->body = strdup(body); + rsp->status = strdup(status); + + if ((rsp->body == NULL) || (rsp->status == NULL)) + { + return JB_ERR_MEMORY; + } + + return JB_ERR_OK; } #endif /* def FEATURE_GRACEFUL_TERMINATION */ @@ -204,7 +224,7 @@ jb_err cgi_die (struct client_state *csp, * * Description : Show the client's request and what sed() would have * made of it. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -213,7 +233,7 @@ jb_err cgi_die (struct client_state *csp, * CGI Parameters : none * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_show_request(struct client_state *csp, @@ -231,11 +251,11 @@ jb_err cgi_show_request(struct client_state *csp, { return JB_ERR_MEMORY; } - + /* * Repair the damage done to the IOB by get_header() */ - for (p = csp->iob->buf; p < csp->iob->eod; p++) + for (p = csp->client_iob->buf; p < csp->client_iob->cur; p++) { if (*p == '\0') *p = '\n'; } @@ -245,7 +265,7 @@ jb_err cgi_show_request(struct client_state *csp, * be sending to the server if this wasn't a CGI call */ - if (map(exports, "client-request", 1, html_encode(csp->iob->buf), 0)) + if (map(exports, "client-request", 1, html_encode(csp->client_iob->buf), 0)) { free_map(exports); return JB_ERR_MEMORY; @@ -266,7 +286,7 @@ jb_err cgi_show_request(struct client_state *csp, * * Function : cgi_send_banner * - * Description : CGI function that returns a banner. + * Description : CGI function that returns a banner. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -281,7 +301,7 @@ jb_err cgi_show_request(struct client_state *csp, * equivalent). * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_banner(struct client_state *csp, @@ -294,7 +314,7 @@ jb_err cgi_send_banner(struct client_state *csp, * If type is auto, then determine the right thing * to do from the set-image-blocker action */ - if (imagetype == 'a') + if (imagetype == 'a') { /* * Default to pattern @@ -345,14 +365,14 @@ jb_err cgi_send_banner(struct client_state *csp, } #endif /* def FEATURE_IMAGE_BLOCKING */ } - + /* * Now imagetype is either the non-auto type we were called with, * or it was auto and has since been determined. In any case, we * can proceed to actually answering the request by sending a redirect * or an image as appropriate: */ - if (imagetype == 'r') + if (imagetype == 'r') { rsp->status = strdup("302 Local Redirect from Privoxy"); if (rsp->status == NULL) @@ -367,7 +387,7 @@ jb_err cgi_send_banner(struct client_state *csp, } else { - if ((imagetype == 'b') || (imagetype == 't')) + if ((imagetype == 'b') || (imagetype == 't')) { rsp->body = bindup(image_blank_data, image_blank_length); rsp->content_length = image_blank_length; @@ -409,7 +429,7 @@ jb_err cgi_send_banner(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_transparent_image(struct client_state *csp, @@ -453,7 +473,7 @@ jb_err cgi_transparent_image(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_default_favicon(struct client_state *csp, @@ -514,7 +534,7 @@ jb_err cgi_send_default_favicon(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_error_favicon(struct client_state *csp, @@ -576,7 +596,7 @@ jb_err cgi_send_error_favicon(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_stylesheet(struct client_state *csp, @@ -584,7 +604,7 @@ jb_err cgi_send_stylesheet(struct client_state *csp, const struct map *parameters) { jb_err err; - + assert(csp); assert(rsp); @@ -630,7 +650,7 @@ jb_err cgi_send_stylesheet(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_url_info_osd(struct client_state *csp, @@ -658,6 +678,48 @@ jb_err cgi_send_url_info_osd(struct client_state *csp, } +/********************************************************************* + * + * Function : get_content_type + * + * Description : Use the file extension to guess the content type + * header we should use to serve the file. + * + * Parameters : + * 1 : filename = Name of the file whose content type + * we care about + * + * Returns : The guessed content type. + * + *********************************************************************/ +static const char *get_content_type(const char *filename) +{ + int i; + struct content_type + { + const char *extension; + const char *content_type; + }; + static const struct content_type content_types[] = + { + {".css", "text/css"}, + {".jpg", "image/jpeg"}, + {".jpeg", "image/jpeg"}, + {".png", "image/png"}, + }; + + for (i = 0; i < SZ(content_types); i++) + { + if (strstr(filename, content_types[i].extension)) + { + return content_types[i].content_type; + } + } + + /* No match by extension, default to html */ + return "text/html"; +} + /********************************************************************* * * Function : cgi_send_user_manual @@ -674,22 +736,29 @@ jb_err cgi_send_url_info_osd(struct client_state *csp, * (relative to user-manual from config) * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_send_user_manual(struct client_state *csp, struct http_response *rsp, const struct map *parameters) { - const char * filename; + const char *filename; char *full_path; jb_err err = JB_ERR_OK; - size_t length; + const char *content_type; assert(csp); assert(rsp); assert(parameters); + if (0 == strncmpic(csp->config->usermanual, "http://", 7)) + { + log_error(LOG_LEVEL_CGI, "Request for local user-manual " + "received while user-manual delivery is disabled."); + return cgi_error_404(csp, rsp, parameters); + } + if (!parameters->first) { /* requested http://p.p/user-manual (without trailing slash) */ @@ -697,17 +766,24 @@ jb_err cgi_send_user_manual(struct client_state *csp, } get_string_param(parameters, "file", &filename); - /* Check paramter for hack attempts */ - if (filename && strchr(filename, '/')) + if (filename == NULL) { - return JB_ERR_CGI_PARAMS; + /* It's '/' so serve the index.html if there is one. */ + filename = "index.html"; } - if (filename && strstr(filename, "..")) + else if (NULL != strchr(filename, '/') || NULL != strstr(filename, "..")) { + /* + * We currently only support a flat file + * hierarchy for the documentation. + */ + log_error(LOG_LEVEL_ERROR, + "Rejecting the request to serve '%s' as it contains '/' or '..'", + filename); return JB_ERR_CGI_PARAMS; } - full_path = make_path(csp->config->usermanual, filename ? filename : "index.html"); + full_path = make_path(csp->config->usermanual, filename); if (full_path == NULL) { return JB_ERR_MEMORY; @@ -726,29 +802,12 @@ jb_err cgi_send_user_manual(struct client_state *csp, } freez(full_path); - /* Guess correct Content-Type based on the filename's ending */ - if (filename) - { - length = strlen(filename); - } - else - { - length = 0; - } - if((length>=4) && !strcmp(&filename[length-4], ".css")) - { - err = enlist(rsp->headers, "Content-Type: text/css"); - } - else if((length>=4) && !strcmp(&filename[length-4], ".jpg")) - { - err = enlist(rsp->headers, "Content-Type: image/jpeg"); - } - else - { - err = enlist(rsp->headers, "Content-Type: text/html"); - } + content_type = get_content_type(filename); + log_error(LOG_LEVEL_CGI, + "Content-Type guessed for %s: %s", filename, content_type); + + return enlist_unique_header(rsp->headers, "Content-Type", content_type); - return err; } @@ -767,7 +826,7 @@ jb_err cgi_send_user_manual(struct client_state *csp, * CGI Parameters : none * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_show_version(struct client_state *csp, @@ -816,7 +875,7 @@ jb_err cgi_show_version(struct client_state *csp, * Default is to show menu and other information. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_show_status(struct client_state *csp, @@ -862,7 +921,7 @@ jb_err cgi_show_status(struct client_state *csp, if (!err) err = map(exports, "options", 1, csp->config->proxy_args, 1); if (!err) err = show_defines(exports); - if (err) + if (err) { free_map(exports); return JB_ERR_MEMORY; @@ -906,8 +965,8 @@ jb_err cgi_show_status(struct client_state *csp, #else /* ndef FEATURE_STATISTICS */ err = err || map_block_killer(exports, "statistics"); #endif /* ndef FEATURE_STATISTICS */ - - /* + + /* * List all action files in use, together with view and edit links, * except for standard.action, which should only be viewable. (Not * enforced in the editor itself) @@ -948,7 +1007,7 @@ jb_err cgi_show_status(struct client_state *csp, if (!err) err = string_append(&s, "\n"); } } - if (*s != '\0') + if (*s != '\0') { if (!err) err = map(exports, "actions-filenames", 1, s, 0); } @@ -957,7 +1016,7 @@ jb_err cgi_show_status(struct client_state *csp, if (!err) err = map(exports, "actions-filenames", 1, "None specified", 1); } - /* + /* * List all re_filterfiles in use, together with view options. * FIXME: Shouldn't include hardwired HTML here, use line template instead! */ @@ -974,7 +1033,7 @@ jb_err cgi_show_status(struct client_state *csp, if (!err) err = string_append(&s, "\n"); } } - if (*s != '\0') + if (*s != '\0') { if (!err) err = map(exports, "re-filter-filenames", 1, s, 0); } @@ -1014,7 +1073,7 @@ jb_err cgi_show_status(struct client_state *csp, return template_fill_for_cgi(csp, "show-status", exports, rsp); } - + /********************************************************************* * * Function : cgi_show_url_info @@ -1035,7 +1094,7 @@ jb_err cgi_show_status(struct client_state *csp, * the template. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_show_url_info(struct client_state *csp, @@ -1071,7 +1130,7 @@ jb_err cgi_show_url_info(struct client_state *csp, * 1) "http://" or "https://" prefix present and followed by URL - OK * 2) Only the "http://" or "https://" part is present, no URL - change * to empty string so it will be detected later as "no URL". - * 3) Parameter specified but doesn't contain "http(s?)://" - add a + * 3) Parameter specified but doesn't start with "http(s?)://" - add a * "http://" prefix. * 4) Parameter not specified or is empty string - let this fall through * for now, next block of code will handle it. @@ -1082,7 +1141,7 @@ jb_err cgi_show_url_info(struct client_state *csp, { /* * Empty URL (just prefix). - * Make it totally empty so it's caught by the next if() + * Make it totally empty so it's caught by the next if () */ url_param[0] = '\0'; } @@ -1093,14 +1152,19 @@ jb_err cgi_show_url_info(struct client_state *csp, { /* * Empty URL (just prefix). - * Make it totally empty so it's caught by the next if() + * Make it totally empty so it's caught by the next if () */ url_param[0] = '\0'; } } - else if ((url_param[0] != '\0') && (NULL == strstr(url_param, "://"))) + else if ((url_param[0] != '\0') + && ((NULL == strstr(url_param, "://") + || (strstr(url_param, "://") > strstr(url_param, "/"))))) { - /* No prefix - assume http:// */ + /* + * No prefix or at least no prefix before + * the first slash - assume http:// + */ char *url_param_prefixed = strdup("http://"); if (JB_ERR_OK != string_join(&url_param_prefixed, url_param)) @@ -1148,7 +1212,7 @@ jb_err cgi_show_url_info(struct client_state *csp, struct http_request url_to_query[1]; struct current_action_spec action[1]; int i; - + if (map(exports, "url", 1, html_encode(url_param), 0)) { free(url_param); @@ -1344,6 +1408,9 @@ jb_err cgi_show_url_info(struct client_state *csp, case SOCKS_5: socks_type = "socks5"; break; + case SOCKS_5T: + socks_type = "socks5t"; + break; default: log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type); } @@ -1436,7 +1503,7 @@ jb_err cgi_show_url_info(struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_robots_txt(struct client_state *csp, @@ -1484,7 +1551,7 @@ jb_err cgi_robots_txt(struct client_state *csp, * 1 : exports = map to extend * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ static jb_err show_defines(struct map *exports) @@ -1509,6 +1576,12 @@ static jb_err show_defines(struct map *exports) if (!err) err = map_conditional(exports, "FEATURE_CGI_EDIT_ACTIONS", 0); #endif /* ndef FEATURE_CGI_EDIT_ACTIONS */ +#ifdef FEATURE_COMPRESSION + if (!err) err = map_conditional(exports, "FEATURE_COMPRESSION", 1); +#else /* ifndef FEATURE_COMPRESSION */ + if (!err) err = map_conditional(exports, "FEATURE_COMPRESSION", 0); +#endif /* ndef FEATURE_COMPRESSION */ + #ifdef FEATURE_CONNECTION_KEEP_ALIVE if (!err) err = map_conditional(exports, "FEATURE_CONNECTION_KEEP_ALIVE", 1); #else /* ifndef FEATURE_CONNECTION_KEEP_ALIVE */ @@ -1577,6 +1650,12 @@ static jb_err show_defines(struct map *exports) if (!err) err = map_conditional(exports, "FEATURE_STATISTICS", 0); #endif /* ndef FEATURE_STATISTICS */ +#ifdef FEATURE_STRPTIME_SANITY_CHECKS + if (!err) err = map_conditional(exports, "FEATURE_STRPTIME_SANITY_CHECKS", 1); +#else /* ifndef FEATURE_STRPTIME_SANITY_CHECKS */ + if (!err) err = map_conditional(exports, "FEATURE_STRPTIME_SANITY_CHECKS", 0); +#endif /* ndef FEATURE_STRPTIME_SANITY_CHECKS */ + #ifdef FEATURE_TOGGLE if (!err) err = map_conditional(exports, "FEATURE_TOGGLE", 1); #else /* ifndef FEATURE_TOGGLE */ @@ -1728,7 +1807,7 @@ static char *show_rcs(void) * Default is to show menu and other information. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ static jb_err cgi_show_file(struct client_state *csp, @@ -1785,8 +1864,8 @@ static jb_err cgi_show_file(struct client_state *csp, return JB_ERR_MEMORY; } - if ( map(exports, "file-description", 1, file_description, 1) - || map(exports, "filepath", 1, html_encode(filename), 0) ) + if (map(exports, "file-description", 1, file_description, 1) + || map(exports, "filepath", 1, html_encode(filename), 0)) { free_map(exports); return JB_ERR_MEMORY; @@ -1822,7 +1901,7 @@ static jb_err cgi_show_file(struct client_state *csp, return JB_ERR_CGI_PARAMS; } - + /********************************************************************* * * Function : load_file @@ -1849,6 +1928,7 @@ static jb_err load_file(const char *filename, char **buffer, size_t *length) fp = fopen(filename, "rb"); if (NULL == fp) { + log_error(LOG_LEVEL_ERROR, "Failed to open %s: %E", filename); return JB_ERR_FILE; }