-const char cgi_rcs[] = "$Id: cgi.c,v 1.165 2016/05/03 13:22:30 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
* This only contains the framework functions, the
* actual handler functions are declared elsewhere.
*
- * Copyright : Written by and Copyright (C) 2001-2004, 2006-2008
+ * Copyright : Written by and Copyright (C) 2001-2017
* members of the Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
/* jcc.h is for mutex semaphore globals only */
#include "jcc.h"
-const char cgi_h_rcs[] = CGI_H_VERSION;
-
/*
* List of CGI functions: name, handler, description
* Note: Do NOT use single quotes in the description;
"View the current configuration",
#endif
TRUE },
- { "show-version",
- cgi_show_version,
- "View the source code version numbers",
- TRUE },
#ifdef FEATURE_CLIENT_TAGS
+ /*
+ * This is marked as harmless because despite the description
+ * used in the menu the actual toggling is done through another
+ * path ("/toggle-client-tag").
+ */
{ "client-tags",
cgi_show_client_tags,
"View or toggle the tags that can be set based on the clients address",
- FALSE },
+ TRUE },
#endif
{ "show-request",
cgi_show_request,
"Toggle Privoxy on or off",
FALSE },
#endif /* def FEATURE_TOGGLE */
+#ifdef FEATURE_CLIENT_TAGS
+ { "toggle-client-tag",
+ cgi_toggle_client_tag,
+ NULL,
+ FALSE },
+#endif
#ifdef FEATURE_CGI_EDIT_ACTIONS
{ "edit-actions", /* Edit the actions list */
cgi_edit_actions,
{
char *referrer;
static const char alternative_prefix[] = "http://" CGI_SITE_1_HOST "/";
+ const char *trusted_cgi_referrer = csp->config->trusted_cgi_referrer;
referrer = grep_cgi_referrer(csp);
return TRUE;
}
+ else if ((trusted_cgi_referrer != NULL) && (0 == strncmp(referrer,
+ trusted_cgi_referrer, strlen(trusted_cgi_referrer))))
+ {
+ /*
+ * After some more testing this block should be merged with
+ * the previous one or the log level should bedowngraded.
+ */
+ log_error(LOG_LEVEL_INFO, "Granting access to %s based on trusted referrer %s",
+ csp->http->url, referrer);
+
+ return TRUE;
+ }
else
{
/* Untrustworthy referrer */
assert(csp);
assert(rsp);
+ rsp->status = strdup_or_die("403 Request not trusted or feature disabled");
+
if (NULL == (exports = default_exports(csp, "cgi-error-disabled")))
{
return JB_ERR_MEMORY;
}
else
{
- string_append(&result, "https://");
+ string_append(&result, "http://");
string_append(&result, CGI_SITE_2_HOST);
string_append(&result, "/user-manual/");
}
err = template_load(csp, &rsp->body, templatename, 0);
if (err == JB_ERR_FILE)
{
- free_map(exports);
- return cgi_error_no_template(csp, rsp, templatename);
+ err = cgi_error_no_template(csp, rsp, templatename);
}
- else if (err)
+ else if (err == JB_ERR_OK)
{
- free_map(exports);
- return err; /* JB_ERR_MEMORY */
+ err = template_fill(&rsp->body, exports);
}
- err = template_fill(&rsp->body, exports);
free_map(exports);
return err;
}