-const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.41 2006/10/09 19:18:28 roro Exp $";
+const char cgisimple_rcs[] = "$Id: cgisimple.c,v 1.140 2016/05/08 10:46:18 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgisimple.c,v $
*
* Purpose : Simple CGIs to get information about Privoxy's
* status.
- *
- * Functions declared include:
- *
*
- * Copyright : Written by and Copyright (C) 2001 the SourceForge
+ * Copyright : Written by and Copyright (C) 2001-2016 the
* Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
- * by and Copyright (C) 1997 Anonymous Coders and
+ * by and Copyright (C) 1997 Anonymous Coders and
* Junkbusters Corporation. http://www.junkbusters.com
*
- * This program is free software; you can redistribute it
+ * This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
* Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at
* or write to the Free Software Foundation, Inc., 59
* Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
- * Revisions :
- * $Log: cgisimple.c,v $
- * Revision 1.41 2006/10/09 19:18:28 roro
- * Redirect http://p.p/user-manual (without trailing slash) to
- * http://p.p/user-manual/ (with trailing slash), otherwise links will be broken.
- *
- * Revision 1.40 2006/09/09 13:05:33 fabiankeil
- * Modified cgi_send_user_manual to serve binary
- * content without destroying it first. Should also be
- * faster now. Added ".jpg" check for Content-Type guessing.
- *
- * Revision 1.39 2006/09/08 09:49:23 fabiankeil
- * Deliver documents in the user-manual directory
- * with "Content-Type text/css" if their filename
- * ends with ".css".
- *
- * Revision 1.38 2006/09/06 18:45:03 fabiankeil
- * Incorporate modified version of Roland Rosenfeld's patch to
- * optionally access the user-manual via Privoxy. Closes patch 679075.
- *
- * Formatting changed to Privoxy style, added call to
- * cgi_error_no_template if the requested file doesn't
- * exist and modified check whether or not Privoxy itself
- * should serve the manual. Should work cross-platform now.
- *
- * Revision 1.37 2006/07/18 14:48:45 david__schmidt
- * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
- * with what was really the latest development (the v_3_0_branch branch)
- *
- * Revision 1.35.2.7 2006/01/29 23:10:56 david__schmidt
- * Multiple filter file support
- *
- * Revision 1.35.2.6 2005/07/04 03:13:43 david__schmidt
- * Undo some damaging memory leak patches
- *
- * Revision 1.35.2.5 2005/05/07 21:50:55 david__schmidt
- * A few memory leaks plugged (mostly on error paths)
- *
- * Revision 1.35.2.4 2005/04/04 02:21:24 david__schmidt
- * Another instance of:
- * Don't show "Edit" buttons #ifndef FEATURE_CGI_EDIT_ACTIONS
- * Thanks to Magnus Holmgren for the patch
- *
- * Revision 1.35.2.3 2003/12/17 16:34:15 oes
- * - Prevent line wrap beween "View/Edit" link buttons on status page
- * - Some (mostly irrelevant) fixes for Out-of-mem-case handling
- *
- * Revision 1.35.2.2 2003/04/03 13:48:28 oes
- * Don't show "Edit" buttons #ifndef FEATURE_CGI_EDIT_ACTIONS
- *
- * Revision 1.35.2.1 2002/07/04 15:02:38 oes
- * Added ability to send redirects to send-banner CGI, so that it can completely mimic the image blocking action if called with type=auto
- *
- * Revision 1.35.2.1 2002/07/01 17:32:04 morcego
- * Applying patch from Andreas as provided by Hal on the list.
- * Message-ID: <20020701121218.V1606@feenix.burgiss.net>
- *
- * Revision 1.35 2002/05/12 21:44:44 jongfoster
- * Adding amiga.[ch] revision information, if on an amiga.
- *
- * Revision 1.34 2002/04/30 12:06:12 oes
- * Deleted unused code from default_cgi
- *
- * Revision 1.33 2002/04/30 11:14:52 oes
- * Made csp the first parameter in *action_to_html
- *
- * Revision 1.32 2002/04/26 18:29:13 jongfoster
- * Fixing this Visual C++ warning:
- * cgisimple.c(775) : warning C4018: '<' : signed/unsigned mismatch
- *
- * Revision 1.31 2002/04/26 12:54:36 oes
- * - Kill obsolete REDIRECT_URL code
- * - Error handling fixes
- * - Style sheet related HTML snipplet changes
- * - cgi_show_url_info:
- * - Matches now in table, actions on single lines,
- * linked to help
- * - standard.action suppressed
- * - Buttons to View and Edit AFs
- *
- * Revision 1.30 2002/04/24 02:18:08 oes
- * - show-status is now the starting point for editing
- * the actions files, generate list of all AFs with buttons
- * for viewing and editing, new look for file list (Jon:
- * buttons now aligned ;-P ), view mode now supports multiple
- * AFs, name changes, no view links for unspecified files,
- * no edit link for standard.action.
- *
- * - Jon's multiple AF patch: cgi_show_url_info now uses all
- * AFs and marks the output accordingly
- *
- * Revision 1.29 2002/04/10 13:38:35 oes
- * load_template signature changed
- *
- * Revision 1.28 2002/04/07 15:42:12 jongfoster
- * Fixing send-banner?type=auto when the image-blocker is
- * a redirect to send-banner
- *
- * Revision 1.27 2002/04/05 15:50:48 oes
- * added send-stylesheet CGI
- *
- * Revision 1.26 2002/04/04 00:36:36 gliptak
- * always use pcre for matching
- *
- * Revision 1.25 2002/04/03 22:28:03 gliptak
- * Removed references to gnu_regex
- *
- * Revision 1.24 2002/04/02 16:12:47 oes
- * Fix: moving misplaced lines into #ifdef FEATURE_FORCE
- *
- * Revision 1.23 2002/03/26 22:29:54 swa
- * we have a new homepage!
- *
- * Revision 1.22 2002/03/24 16:18:15 jongfoster
- * Removing old logo
- *
- * Revision 1.21 2002/03/24 15:23:33 jongfoster
- * Name changes
- *
- * Revision 1.20 2002/03/24 13:25:43 swa
- * name change related issues
- *
- * Revision 1.19 2002/03/16 23:54:06 jongfoster
- * Adding graceful termination feature, to help look for memory leaks.
- * If you enable this (which, by design, has to be done by hand
- * editing config.h) and then go to http://i.j.b/die, then the program
- * will exit cleanly after the *next* request. It should free all the
- * memory that was used.
- *
- * Revision 1.18 2002/03/12 01:44:49 oes
- * Changed default for "blocked" image from jb logo to checkboard pattern
- *
- * Revision 1.17 2002/03/08 16:43:18 oes
- * Added choice beween GIF and PNG built-in images
- *
- * Revision 1.16 2002/03/07 03:48:38 oes
- * - Changed built-in images from GIF to PNG
- * (with regard to Unisys patent issue)
- * - Added a 4x4 pattern PNG which is less intrusive
- * than the logo but also clearly marks the deleted banners
- *
- * Revision 1.15 2002/03/06 22:54:35 jongfoster
- * Automated function-comment nitpicking.
- *
- * Revision 1.14 2002/03/02 04:14:50 david__schmidt
- * Clean up a little CRLF unpleasantness that suddenly appeared
- *
- * Revision 1.13 2002/02/21 00:10:37 jongfoster
- * Adding send-banner?type=auto option
- *
- * Revision 1.12 2002/01/23 01:03:32 jongfoster
- * Fixing gcc [CygWin] compiler warnings
- *
- * Revision 1.11 2002/01/23 00:01:04 jongfoster
- * Adding cgi_transparent_gif() for http://i.j.b/t
- * Adding missing html_encode() to many CGI functions.
- * Adding urlmatch.[ch] to http://i.j.b/show-version
- *
- * Revision 1.10 2002/01/17 21:10:37 jongfoster
- * Changes to cgi_show_url_info to use new matching code from urlmatch.c.
- * Also fixing a problem in the same function with improperly quoted URLs
- * in output HTML, and adding code to handle https:// URLs correctly.
- *
- * Revision 1.9 2001/11/30 23:09:15 jongfoster
- * Now reports on FEATURE_CGI_EDIT_ACTIONS
- * Removing FEATURE_DENY_GZIP from template
- *
- * Revision 1.8 2001/11/13 00:14:07 jongfoster
- * Fixing stupid bug now I've figured out what || means.
- * (It always returns 0 or 1, not one of it's paramaters.)
- *
- * Revision 1.7 2001/10/23 21:48:19 jongfoster
- * Cleaning up error handling in CGI functions - they now send back
- * a HTML error page and should never cause a FATAL error. (Fixes one
- * potential source of "denial of service" attacks).
- *
- * CGI actions file editor that works and is actually useful.
- *
- * Ability to toggle JunkBuster remotely using a CGI call.
- *
- * You can turn off both the above features in the main configuration
- * file, e.g. if you are running a multi-user proxy.
- *
- * Revision 1.6 2001/10/14 22:00:32 jongfoster
- * Adding support for a 404 error when an invalid CGI page is requested.
- *
- * Revision 1.5 2001/10/07 15:30:41 oes
- * Removed FEATURE_DENY_GZIP
- *
- * Revision 1.4 2001/10/02 15:31:12 oes
- * Introduced show-request cgi
- *
- * Revision 1.3 2001/09/22 16:34:44 jongfoster
- * Removing unneeded #includes
- *
- * Revision 1.2 2001/09/19 18:01:11 oes
- * Fixed comments; cosmetics
- *
- * Revision 1.1 2001/09/16 17:08:54 jongfoster
- * Moving simple CGI functions from cgi.c to new file cgisimple.c
- *
- *
**********************************************************************/
-\f
+
#include "config.h"
#include <string.h>
#include <assert.h>
-#ifdef _WIN32
-#define snprintf _snprintf
-#endif /* def _WIN32 */
+#if defined (HAVE_ACCESS) && defined (HAVE_UNISTD_H)
+#include <unistd.h>
+#endif /* def HAVE_ACCESS && HAVE_UNISTD_H */
#include "project.h"
#include "cgi.h"
#include "parsers.h"
#include "urlmatch.h"
#include "errlog.h"
+#ifdef FEATURE_CLIENT_TAGS
+#include "client-tags.h"
+#endif
const char cgisimple_h_rcs[] = CGISIMPLE_H_VERSION;
-
static char *show_rcs(void);
static jb_err show_defines(struct map *exports);
-
+static jb_err cgi_show_file(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters);
+static jb_err load_file(const char *filename, char **buffer, size_t *length);
/*********************************************************************
*
* Description : CGI function that is called for the CGI_SITE_1_HOST
* and CGI_SITE_2_HOST/CGI_SITE_2_PATH base URLs.
* Boring - only exports the default exports.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
{
struct map *exports;
+ (void)parameters;
+
assert(csp);
assert(rsp);
*
* Description : CGI function that is called if an unknown action was
* given.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_error_404(struct client_state *csp,
return JB_ERR_MEMORY;
}
- rsp->status = strdup("404 Privoxy configuration page not found");
- if (rsp->status == NULL)
- {
- free_map(exports);
- return JB_ERR_MEMORY;
- }
+ rsp->status = strdup_or_die("404 Privoxy configuration page not found");
return template_fill_for_cgi(csp, "cgi-error-404", exports, rsp);
}
* NOTE: Turning this on in a production build
* would be a BAD idea. An EXTREMELY BAD idea.
* In short, don't do it.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_die (struct client_state *csp,
struct http_response *rsp,
const struct map *parameters)
{
+ static const char status[] = "200 OK Privoxy shutdown request received";
+ static const char body[] =
+ "<html>\n"
+ "<head>\n"
+ " <title>Privoxy shutdown request received</title>\n"
+ " <link rel=\"shortcut icon\" href=\"" CGI_PREFIX "error-favicon.ico\" type=\"image/x-icon\">\n"
+ " <link rel=\"stylesheet\" type=\"text/css\" href=\"" CGI_PREFIX "send-stylesheet\">\n"
+ "</head>\n"
+ "<body>\n"
+ "<h1>Privoxy shutdown request received</h1>\n"
+ "<p>Privoxy is going to shut down after the next request.</p>\n"
+ "</body>\n"
+ "</html>\n";
+
assert(csp);
assert(rsp);
assert(parameters);
/* quit */
g_terminate = 1;
- /*
- * I don't really care what gets sent back to the browser.
- * Take the easy option - "out of memory" page.
- */
+ csp->flags &= ~CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE;
- return JB_ERR_MEMORY;
+ rsp->content_length = 0;
+ rsp->head_length = 0;
+ rsp->is_static = 0;
+
+ rsp->body = strdup_or_die(body);
+ rsp->status = strdup_or_die(status);
+
+ return JB_ERR_OK;
}
#endif /* def FEATURE_GRACEFUL_TERMINATION */
*
* Description : Show the client's request and what sed() would have
* made of it.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_show_request(struct client_state *csp,
{
return JB_ERR_MEMORY;
}
-
+
/*
* Repair the damage done to the IOB by get_header()
*/
- for (p = csp->iob->buf; p < csp->iob->eod; p++)
+ for (p = csp->client_iob->buf; p < csp->client_iob->cur; p++)
{
if (*p == '\0') *p = '\n';
}
* be sending to the server if this wasn't a CGI call
*/
- if (map(exports, "client-request", 1, html_encode(csp->iob->buf), 0))
+ if (map(exports, "client-request", 1, html_encode(csp->client_iob->buf), 0))
{
free_map(exports);
return JB_ERR_MEMORY;
}
- if (map(exports, "processed-request", 1, html_encode_and_free_original(
- sed(client_patterns, add_client_headers, csp)), 0))
+ if (map(exports, "processed-request", 1,
+ html_encode_and_free_original(list_to_text(csp->headers)), 0))
{
free_map(exports);
return JB_ERR_MEMORY;
}
+#ifdef FEATURE_CLIENT_TAGS
+/*********************************************************************
+ *
+ * Function : cgi_create_client_tag_form
+ *
+ * Description : Creates a HTML form to enable or disable a given
+ * client tag.
+ * XXX: Could use a template.
+ *
+ * Parameters :
+ * 1 : form = Buffer to fill with the generated form
+ * 2 : size = Size of the form buffer
+ * 3 : tag = Name of the tag this form should affect
+ * 4 : toggle_state = Desired state after the button pressed 0
+ * 5 : expires = Whether or not the tag should be enabled.
+ * Only checked if toggle_state is 1.
+ *
+ * Returns : void
+ *
+ *********************************************************************/
+static void cgi_create_client_tag_form(char *form, size_t size,
+ const char *tag, int toggle_state, int expires)
+{
+ char *button_name;
+
+ if (toggle_state == 1)
+ {
+ button_name = (expires == 1) ? "Enable" : "Enable temporarily";
+ }
+ else
+ {
+ assert(toggle_state == 0);
+ button_name = "Disable";
+ }
+
+ snprintf(form, size,
+ "<form method=\"GET\" action=\"client-tags\" style=\"display: inline\">\n"
+ " <input type=\"hidden\" name=\"tag\" value=\"%s\">\n"
+ " <input type=\"hidden\" name=\"toggle-state\" value=\"%u\">\n"
+ " <input type=\"hidden\" name=\"expires\" value=\"%u\">\n"
+ " <input type=\"submit\" value=\"%s\">\n"
+ "</form>", tag, toggle_state, !expires, button_name);
+}
+
+/*********************************************************************
+ *
+ * Function : cgi_show_client_tags
+ *
+ * Description : Shows the tags that can be set based on the client
+ * address (opt-in).
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : rsp = http_response data structure for output
+ * 3 : parameters = map of cgi parameters
+ *
+ * CGI Parameters : none
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory error.
+ *
+ *********************************************************************/
+jb_err cgi_show_client_tags(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
+{
+ struct map *exports;
+ struct client_tag_spec *this_tag;
+ jb_err err = JB_ERR_OK;
+ const char *toggled_tag;
+ const char *toggle_state;
+ const char *tag_expires;
+ time_t time_to_live;
+ char *client_tag_status;
+ char buf[1000];
+
+ assert(csp);
+ assert(rsp);
+ assert(parameters);
+
+ if (NULL == (exports = default_exports(csp, "client-tags")))
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ toggled_tag = lookup(parameters, "tag");
+ if (*toggled_tag != '\0')
+ {
+ tag_expires = lookup(parameters, "expires");
+ if (*tag_expires == '0')
+ {
+ time_to_live = 0;
+ }
+ else
+ {
+ time_to_live = csp->config->client_tag_lifetime;
+ }
+ toggle_state = lookup(parameters, "toggle-state");
+ if (*toggle_state == '1')
+ {
+ enable_client_specific_tag(csp, toggled_tag, time_to_live);
+ }
+ else
+ {
+ disable_client_specific_tag(csp, toggled_tag);
+ }
+ }
+ this_tag = csp->config->client_tags;
+ if (this_tag->name == NULL)
+ {
+ client_tag_status = strdup_or_die("<p>No tags available.</p>\n");
+ }
+ else
+ {
+ client_tag_status = strdup_or_die("<table border=\"1\">\n"
+ "<tr><th>Tag name</th>\n"
+ "<th>Current state</th><th>Change state</th><th>Description</th></tr>\n");
+ while ((this_tag != NULL) && (this_tag->name != NULL))
+ {
+ int tag_state;
+
+ privoxy_mutex_lock(&client_tags_mutex);
+ tag_state = client_has_requested_tag(csp->ip_addr_str, this_tag->name);
+ privoxy_mutex_unlock(&client_tags_mutex);
+ if (!err) err = string_append(&client_tag_status, "<tr><td>");
+ if (!err) err = string_append(&client_tag_status, this_tag->name);
+ if (!err) err = string_append(&client_tag_status, "</td><td>");
+ if (!err) err = string_append(&client_tag_status, tag_state == 1 ? "Enabled" : "Disabled");
+ if (!err) err = string_append(&client_tag_status, "</td><td>");
+ cgi_create_client_tag_form(buf, sizeof(buf), this_tag->name, !tag_state, 1);
+ if (!err) err = string_append(&client_tag_status, buf);
+ if (tag_state == 0)
+ {
+ cgi_create_client_tag_form(buf, sizeof(buf), this_tag->name, !tag_state, 0);
+ if (!err) err = string_append(&client_tag_status, buf);
+ }
+ if (!err) err = string_append(&client_tag_status, "</td><td>");
+ if (!err) err = string_append(&client_tag_status, this_tag->description);
+ if (!err) err = string_append(&client_tag_status, "</td></tr>\n");
+ if (err)
+ {
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+ this_tag = this_tag->next;
+ }
+ if (!err) err = string_append(&client_tag_status, "</table>\n");
+ }
+
+ if (map(exports, "client-tags", 1, client_tag_status, 0))
+ {
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+
+ if (map(exports, "client-ip-addr", 1, csp->ip_addr_str, 1))
+ {
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+
+ return template_fill_for_cgi(csp, "client-tags", exports, rsp);
+}
+#endif /* def FEATURE_CLIENT_TAGS */
+
+
/*********************************************************************
*
* Function : cgi_send_banner
*
- * Description : CGI function that returns a banner.
+ * Description : CGI function that returns a banner.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* equivalent).
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_send_banner(struct client_state *csp,
* If type is auto, then determine the right thing
* to do from the set-image-blocker action
*/
- if (imagetype == 'a')
+ if (imagetype == 'a')
{
/*
* Default to pattern
}
#endif /* def FEATURE_IMAGE_BLOCKING */
}
-
+
/*
* Now imagetype is either the non-auto type we were called with,
* or it was auto and has since been determined. In any case, we
* can proceed to actually answering the request by sending a redirect
* or an image as appropriate:
*/
- if (imagetype == 'r')
+ if (imagetype == 'r')
{
- rsp->status = strdup("302 Local Redirect from Privoxy");
- if (rsp->status == NULL)
- {
- return JB_ERR_MEMORY;
- }
+ rsp->status = strdup_or_die("302 Local Redirect from Privoxy");
if (enlist_unique_header(rsp->headers, "Location",
csp->action->string[ACTION_STRING_IMAGE_BLOCKER]))
{
}
else
{
- if ((imagetype == 'b') || (imagetype == 't'))
+ if ((imagetype == 'b') || (imagetype == 't'))
{
rsp->body = bindup(image_blank_data, image_blank_length);
rsp->content_length = image_blank_length;
* CGI Parameters : None
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_transparent_image(struct client_state *csp,
struct http_response *rsp,
const struct map *parameters)
{
+ (void)csp;
+ (void)parameters;
+
rsp->body = bindup(image_blank_data, image_blank_length);
rsp->content_length = image_blank_length;
}
+/*********************************************************************
+ *
+ * Function : cgi_send_default_favicon
+ *
+ * Description : CGI function that sends the standard favicon.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : rsp = http_response data structure for output
+ * 3 : parameters = map of cgi parameters
+ *
+ * CGI Parameters : None
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory error.
+ *
+ *********************************************************************/
+jb_err cgi_send_default_favicon(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
+{
+ static const char default_favicon_data[] =
+ "\000\000\001\000\001\000\020\020\002\000\000\000\000\000\260"
+ "\000\000\000\026\000\000\000\050\000\000\000\020\000\000\000"
+ "\040\000\000\000\001\000\001\000\000\000\000\000\100\000\000"
+ "\000\000\000\000\000\000\000\000\000\002\000\000\000\000\000"
+ "\000\000\377\377\377\000\377\000\052\000\017\360\000\000\077"
+ "\374\000\000\161\376\000\000\161\376\000\000\361\377\000\000"
+ "\361\377\000\000\360\017\000\000\360\007\000\000\361\307\000"
+ "\000\361\307\000\000\361\307\000\000\360\007\000\000\160\036"
+ "\000\000\177\376\000\000\077\374\000\000\017\360\000\000\360"
+ "\017\000\000\300\003\000\000\200\001\000\000\200\001\000\000"
+ "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
+ "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
+ "\000\000\200\001\000\000\200\001\000\000\300\003\000\000\360"
+ "\017\000\000";
+ static const size_t favicon_length = sizeof(default_favicon_data) - 1;
+
+ (void)csp;
+ (void)parameters;
+
+ rsp->body = bindup(default_favicon_data, favicon_length);
+ rsp->content_length = favicon_length;
+
+ if (rsp->body == NULL)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ if (enlist(rsp->headers, "Content-Type: image/x-icon"))
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ rsp->is_static = 1;
+
+ return JB_ERR_OK;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : cgi_send_error_favicon
+ *
+ * Description : CGI function that sends the favicon for error pages.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : rsp = http_response data structure for output
+ * 3 : parameters = map of cgi parameters
+ *
+ * CGI Parameters : None
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory error.
+ *
+ *********************************************************************/
+jb_err cgi_send_error_favicon(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
+{
+ static const char error_favicon_data[] =
+ "\000\000\001\000\001\000\020\020\002\000\000\000\000\000\260"
+ "\000\000\000\026\000\000\000\050\000\000\000\020\000\000\000"
+ "\040\000\000\000\001\000\001\000\000\000\000\000\100\000\000"
+ "\000\000\000\000\000\000\000\000\000\002\000\000\000\000\000"
+ "\000\000\377\377\377\000\000\000\377\000\017\360\000\000\077"
+ "\374\000\000\161\376\000\000\161\376\000\000\361\377\000\000"
+ "\361\377\000\000\360\017\000\000\360\007\000\000\361\307\000"
+ "\000\361\307\000\000\361\307\000\000\360\007\000\000\160\036"
+ "\000\000\177\376\000\000\077\374\000\000\017\360\000\000\360"
+ "\017\000\000\300\003\000\000\200\001\000\000\200\001\000\000"
+ "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
+ "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
+ "\000\000\200\001\000\000\200\001\000\000\300\003\000\000\360"
+ "\017\000\000";
+ static const size_t favicon_length = sizeof(error_favicon_data) - 1;
+
+ (void)csp;
+ (void)parameters;
+
+ rsp->body = bindup(error_favicon_data, favicon_length);
+ rsp->content_length = favicon_length;
+
+ if (rsp->body == NULL)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ if (enlist(rsp->headers, "Content-Type: image/x-icon"))
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ rsp->is_static = 1;
+
+ return JB_ERR_OK;
+
+}
+
+
/*********************************************************************
*
* Function : cgi_send_stylesheet
* CGI Parameters : None
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_send_stylesheet(struct client_state *csp,
const struct map *parameters)
{
jb_err err;
-
+
assert(csp);
assert(rsp);
+ (void)parameters;
+
err = template_load(csp, &rsp->body, "cgi-style.css", 0);
if (err == JB_ERR_FILE)
return JB_ERR_OK;
}
+
+
/*********************************************************************
*
- * Function : cgi_send_user_manual
+ * Function : cgi_send_url_info_osd
*
- * Description : CGI function that sends a file in the user
- * manual directory.
+ * Description : CGI function that sends the OpenSearch Description
+ * template for the show-url-info page. It allows to
+ * access the page through "search engine plugins".
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
* 3 : parameters = map of cgi parameters
*
- * CGI Parameters : file=name.html, the name of the HTML file
- * (relative to user-manual from config)
+ * CGI Parameters : None
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err cgi_send_user_manual(struct client_state *csp,
- struct http_response *rsp,
- const struct map *parameters)
+jb_err cgi_send_url_info_osd(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
{
- const char * filename;
- char *full_path;
- FILE *fp;
- jb_err err = JB_ERR_OK;
- size_t length;
+ jb_err err = JB_ERR_MEMORY;
+ struct map *exports = default_exports(csp, NULL);
- assert(csp);
- assert(rsp);
- assert(parameters);
+ (void)csp;
+ (void)parameters;
- if (!parameters->first)
+ if (NULL != exports)
{
- /* requested http://p.p/user-manual (without trailing slash) */
- return cgi_redirect(rsp, CGI_PREFIX "user-manual/");
+ err = template_fill_for_cgi(csp, "url-info-osd.xml", exports, rsp);
+ if (JB_ERR_OK == err)
+ {
+ err = enlist(rsp->headers,
+ "Content-Type: application/opensearchdescription+xml");
+ }
}
- get_string_param(parameters, "file", &filename);
- /* Check paramter for hack attempts */
- if (filename && strchr(filename, '/'))
+ return err;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : get_content_type
+ *
+ * Description : Use the file extension to guess the content type
+ * header we should use to serve the file.
+ *
+ * Parameters :
+ * 1 : filename = Name of the file whose content type
+ * we care about
+ *
+ * Returns : The guessed content type.
+ *
+ *********************************************************************/
+static const char *get_content_type(const char *filename)
+{
+ int i;
+ struct content_type
{
- return JB_ERR_CGI_PARAMS;
- }
- if (filename && strstr(filename, ".."))
+ const char extension[6];
+ const char content_type[11];
+ };
+ static const struct content_type content_types[] =
{
- return JB_ERR_CGI_PARAMS;
- }
+ {".css", "text/css"},
+ {".jpg", "image/jpeg"},
+ {".jpeg", "image/jpeg"},
+ {".png", "image/png"},
+ };
- full_path = make_path(csp->config->usermanual, filename ? filename : "index.html");
- if (full_path == NULL)
+ for (i = 0; i < SZ(content_types); i++)
{
- return JB_ERR_MEMORY;
+ if (strstr(filename, content_types[i].extension))
+ {
+ return content_types[i].content_type;
+ }
}
- /* Open user-manual file */
-#ifdef WIN32
- /*
- * XXX: Do we support other operating systems that
- * require special treatment to fopen in binary mode?
- */
- if (NULL == (fp = fopen(full_path, "rb")))
-#else
- if (NULL == (fp = fopen(full_path, "r")))
-#endif /* def WIN32 */
- {
- log_error(LOG_LEVEL_ERROR, "Cannot open user-manual file %s: %E", full_path);
- err = cgi_error_no_template(csp, rsp, full_path);
- free(full_path);
- return err;
- }
+ /* No match by extension, default to html */
+ return "text/html";
+}
- /* Get file length */
- fseek(fp, 0, SEEK_END);
- length = ftell(fp);
- fseek(fp, 0, SEEK_SET);
+/*********************************************************************
+ *
+ * Function : cgi_send_user_manual
+ *
+ * Description : CGI function that sends a file in the user
+ * manual directory.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : rsp = http_response data structure for output
+ * 3 : parameters = map of cgi parameters
+ *
+ * CGI Parameters : file=name.html, the name of the HTML file
+ * (relative to user-manual from config)
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory error.
+ *
+ *********************************************************************/
+jb_err cgi_send_user_manual(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
+{
+ const char *filename;
+ char *full_path;
+ jb_err err = JB_ERR_OK;
+ const char *content_type;
- /* Allocate memory and load the file directly into the body */
- rsp->body = (char *)malloc(length+1);
- if (!rsp->body)
+ assert(csp);
+ assert(rsp);
+ assert(parameters);
+
+ if (0 == strncmpic(csp->config->usermanual, "http://", 7))
{
- fclose(fp);
- free(full_path);
- return JB_ERR_MEMORY;
+ log_error(LOG_LEVEL_CGI, "Request for local user-manual "
+ "received while user-manual delivery is disabled.");
+ return cgi_error_404(csp, rsp, parameters);
}
- if (!fread(rsp->body, length, 1, fp))
+
+ if (!parameters->first)
{
- /*
- * This happens if we didn't fopen in binary mode.
- * If it does, we just log it and serve what we got,
- * most likely padded with garbage.
- */
- log_error(LOG_LEVEL_ERROR, "Couldn't completely read user-manual file %s.", full_path);
+ /* requested http://p.p/user-manual (without trailing slash) */
+ return cgi_redirect(rsp, CGI_PREFIX "user-manual/");
}
- fclose(fp);
- free(full_path);
-
- rsp->content_length = (int)length;
- /* Guess correct Content-Type based on the filename's ending */
- if (filename)
+ get_string_param(parameters, "file", &filename);
+ if (filename == NULL)
{
- length = strlen(filename);
+ /* It's '/' so serve the index.html if there is one. */
+ filename = "index.html";
}
- else
- {
- length = 0;
- }
- if((length>=4) && !strcmp(&filename[length-4], ".css"))
+ else if (NULL != strchr(filename, '/') || NULL != strstr(filename, ".."))
{
- err = enlist(rsp->headers, "Content-Type: text/css");
+ /*
+ * We currently only support a flat file
+ * hierarchy for the documentation.
+ */
+ log_error(LOG_LEVEL_ERROR,
+ "Rejecting the request to serve '%s' as it contains '/' or '..'",
+ filename);
+ return JB_ERR_CGI_PARAMS;
}
- else if((length>=4) && !strcmp(&filename[length-4], ".jpg"))
+
+ full_path = make_path(csp->config->usermanual, filename);
+ if (full_path == NULL)
{
- err = enlist(rsp->headers, "Content-Type: image/jpeg");
+ return JB_ERR_MEMORY;
}
- else
+
+ err = load_file(full_path, &rsp->body, &rsp->content_length);
+ if (JB_ERR_OK != err)
{
- err = enlist(rsp->headers, "Content-Type: text/html");
+ assert((JB_ERR_FILE == err) || (JB_ERR_MEMORY == err));
+ if (JB_ERR_FILE == err)
+ {
+ err = cgi_error_no_template(csp, rsp, full_path);
+ }
+ freez(full_path);
+ return err;
}
+ freez(full_path);
+
+ content_type = get_content_type(filename);
+ log_error(LOG_LEVEL_CGI,
+ "Content-Type guessed for %s: %s", filename, content_type);
+
+ return enlist_unique_header(rsp->headers, "Content-Type", content_type);
- return err;
}
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_show_version(struct client_state *csp,
return template_fill_for_cgi(csp, "show-version", exports, rsp);
}
-
+
/*********************************************************************
*
* Function : cgi_show_status
*
- * Description : CGI function that returns a a web page describing the
+ * Description : CGI function that returns a web page describing the
* current status of Privoxy.
*
* Parameters :
* CGI Parameters :
* file : Which file to show. Only first letter is checked,
* valid values are:
- * - "p"ermissions (actions) file
+ * - "a"ction file
* - "r"egex
* - "t"rust
* Default is to show menu and other information.
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_show_status(struct client_state *csp,
unsigned i;
int j;
- FILE * fp;
char buf[BUFFER_SIZE];
- const char * filename = NULL;
- char * file_description = NULL;
#ifdef FEATURE_STATISTICS
float perc_rej; /* Percentage of http requests rejected */
int local_urls_read;
int local_urls_rejected;
#endif /* ndef FEATURE_STATISTICS */
- struct file_list * fl;
- struct url_actions * b;
jb_err err = JB_ERR_OK;
struct map *exports;
assert(rsp);
assert(parameters);
- if (NULL == (exports = default_exports(csp, "show-status")))
+ if ('\0' != *(lookup(parameters, "file")))
{
- return JB_ERR_MEMORY;
+ return cgi_show_file(csp, rsp, parameters);
}
- switch (*(lookup(parameters, "file")))
- {
- case 'a':
- if (!get_number_param(csp, parameters, "index", &i) && i < MAX_AF_FILES && csp->actions_list[i])
- {
- filename = csp->actions_list[i]->filename;
- file_description = "Actions File";
- }
- break;
-
- case 'f':
- if (!get_number_param(csp, parameters, "index", &i) && i < MAX_AF_FILES && csp->rlist[i])
- {
- filename = csp->rlist[i]->filename;
- file_description = "Filter File";
- }
- break;
-
-#ifdef FEATURE_TRUST
- case 't':
- if (csp->tlist)
- {
- filename = csp->tlist->filename;
- file_description = "Trust File";
- }
- break;
-#endif /* def FEATURE_TRUST */
- }
-
- if (NULL != filename)
+ if (NULL == (exports = default_exports(csp, "show-status")))
{
- if ( map(exports, "file-description", 1, file_description, 1)
- || map(exports, "filepath", 1, html_encode(filename), 0) )
- {
- free_map(exports);
- return JB_ERR_MEMORY;
- }
-
- if ((fp = fopen(filename, "r")) == NULL)
- {
- if (map(exports, "content", 1, "<h1>ERROR OPENING FILE!</h1>", 1))
- {
- free_map(exports);
- return JB_ERR_MEMORY;
- }
- }
- else
- {
- s = strdup("");
- while ((s != NULL) && fgets(buf, sizeof(buf), fp))
- {
- string_join (&s, html_encode(buf));
- }
- fclose(fp);
-
- if (map(exports, "contents", 1, s, 0))
- {
- free_map(exports);
- return JB_ERR_MEMORY;
- }
- }
-
- return template_fill_for_cgi(csp, "show-status-file", exports, rsp);
+ return JB_ERR_MEMORY;
}
s = strdup("");
if (!err) err = map(exports, "options", 1, csp->config->proxy_args, 1);
if (!err) err = show_defines(exports);
- if (err)
+ if (err)
{
free_map(exports);
return JB_ERR_MEMORY;
perc_rej = (float)local_urls_rejected * 100.0F /
(float)local_urls_read;
- sprintf(buf, "%d", local_urls_read);
+ snprintf(buf, sizeof(buf), "%d", local_urls_read);
if (!err) err = map(exports, "requests-received", 1, buf, 1);
- sprintf(buf, "%d", local_urls_rejected);
+ snprintf(buf, sizeof(buf), "%d", local_urls_rejected);
if (!err) err = map(exports, "requests-blocked", 1, buf, 1);
- sprintf(buf, "%6.2f", perc_rej);
+ snprintf(buf, sizeof(buf), "%6.2f", perc_rej);
if (!err) err = map(exports, "percent-blocked", 1, buf, 1);
}
#else /* ndef FEATURE_STATISTICS */
- err = err || map_block_killer(exports, "statistics");
+ if (!err) err = map_block_killer(exports, "statistics");
#endif /* ndef FEATURE_STATISTICS */
-
- /*
+
+ /*
* List all action files in use, together with view and edit links,
* except for standard.action, which should only be viewable. (Not
* enforced in the editor itself)
s = strdup("");
for (i = 0; i < MAX_AF_FILES; i++)
{
- if (((fl = csp->actions_list[i]) != NULL) && ((b = fl->f) != NULL))
+ if (csp->actions_list[i] != NULL)
{
if (!err) err = string_append(&s, "<tr><td>");
if (!err) err = string_join(&s, html_encode(csp->actions_list[i]->filename));
- snprintf(buf, 100, "</td><td class=\"buttons\"><a href=\"/show-status?file=actions&index=%d\">View</a>", i);
+ snprintf(buf, sizeof(buf),
+ "</td><td class=\"buttons\"><a href=\"/show-status?file=actions&index=%u\">View</a>", i);
if (!err) err = string_append(&s, buf);
#ifdef FEATURE_CGI_EDIT_ACTIONS
- if (NULL == strstr(csp->actions_list[i]->filename, "standard.action") && NULL != csp->config->actions_file_short[i])
+ if ((csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS)
+ && (NULL != csp->config->actions_file_short[i]))
{
- snprintf(buf, 100, " <a href=\"/edit-actions-list?f=%s\">Edit</a>", csp->config->actions_file_short[i]);
- if (!err) err = string_append(&s, buf);
+#ifdef HAVE_ACCESS
+ if (access(csp->config->actions_file[i], W_OK) == 0)
+ {
+#endif /* def HAVE_ACCESS */
+ snprintf(buf, sizeof(buf), " <a href=\"/edit-actions-list?f=%u\">Edit</a>", i);
+ if (!err) err = string_append(&s, buf);
+#ifdef HAVE_ACCESS
+ }
+ else
+ {
+ if (!err) err = string_append(&s, " <strong>No write access.</strong>");
+ }
+#endif /* def HAVE_ACCESS */
}
#endif
if (!err) err = string_append(&s, "</td></tr>\n");
}
}
- if (*s != '\0')
+ if (*s != '\0')
{
if (!err) err = map(exports, "actions-filenames", 1, s, 0);
}
if (!err) err = map(exports, "actions-filenames", 1, "<tr><td>None specified</td></tr>", 1);
}
- /*
+ /*
* List all re_filterfiles in use, together with view options.
* FIXME: Shouldn't include hardwired HTML here, use line template instead!
*/
s = strdup("");
for (i = 0; i < MAX_AF_FILES; i++)
{
- if (((fl = csp->rlist[i]) != NULL) && ((b = fl->f) != NULL))
+ if (csp->rlist[i] != NULL)
{
if (!err) err = string_append(&s, "<tr><td>");
if (!err) err = string_join(&s, html_encode(csp->rlist[i]->filename));
- snprintf(buf, 100, "</td><td class=\"buttons\"><a href=\"/show-status?file=filter&index=%d\">View</a>", i);
+ snprintf(buf, sizeof(buf),
+ "</td><td class=\"buttons\"><a href=\"/show-status?file=filter&index=%u\">View</a>", i);
if (!err) err = string_append(&s, buf);
if (!err) err = string_append(&s, "</td></tr>\n");
}
}
- if (*s != '\0')
+ if (*s != '\0')
{
- if (!err) err = map(exports, "re-filter-filename", 1, s, 0);
+ if (!err) err = map(exports, "re-filter-filenames", 1, s, 0);
}
else
{
- if (!err) err = map(exports, "re-filter-filename", 1, "<tr><td>None specified</td></tr>", 1);
+ if (!err) err = map(exports, "re-filter-filenames", 1, "<tr><td>None specified</td></tr>", 1);
if (!err) err = map_block_killer(exports, "have-filterfile");
}
if (!err) err = map_block_killer(exports, "trust-support");
#endif /* ndef FEATURE_TRUST */
+#ifdef FEATURE_CGI_EDIT_ACTIONS
+ if (!err && (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
+ {
+ err = map_block_killer(exports, "cgi-editor-is-disabled");
+ }
+#endif /* ndef CGI_EDIT_ACTIONS */
+
+ if (!err) err = map(exports, "force-prefix", 1, FORCE_PREFIX, 1);
+
if (err)
{
free_map(exports);
return template_fill_for_cgi(csp, "show-status", exports, rsp);
}
-
+
/*********************************************************************
*
* Function : cgi_show_url_info
* the template.
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_show_url_info(struct client_state *csp,
/*
* Get the url= parameter (if present) and remove any leading/trailing spaces.
*/
- url_param = strdup(lookup(parameters, "url"));
- if (url_param == NULL)
- {
- free_map(exports);
- return JB_ERR_MEMORY;
- }
+ url_param = strdup_or_die(lookup(parameters, "url"));
chomp(url_param);
/*
* 1) "http://" or "https://" prefix present and followed by URL - OK
* 2) Only the "http://" or "https://" part is present, no URL - change
* to empty string so it will be detected later as "no URL".
- * 3) Parameter specified but doesn't contain "http(s?)://" - add a
+ * 3) Parameter specified but doesn't start with "http(s?)://" - add a
* "http://" prefix.
* 4) Parameter not specified or is empty string - let this fall through
* for now, next block of code will handle it.
{
/*
* Empty URL (just prefix).
- * Make it totally empty so it's caught by the next if()
+ * Make it totally empty so it's caught by the next if ()
*/
url_param[0] = '\0';
}
{
/*
* Empty URL (just prefix).
- * Make it totally empty so it's caught by the next if()
+ * Make it totally empty so it's caught by the next if ()
*/
url_param[0] = '\0';
}
}
- else if (url_param[0] != '\0')
+ else if ((url_param[0] != '\0')
+ && ((NULL == strstr(url_param, "://")
+ || (strstr(url_param, "://") > strstr(url_param, "/")))))
{
/*
- * Unknown prefix - assume http://
+ * No prefix or at least no prefix before
+ * the first slash - assume http://
*/
- char * url_param_prefixed = malloc(7 + 1 + strlen(url_param));
- if (NULL == url_param_prefixed)
+ char *url_param_prefixed = strdup_or_die("http://");
+
+ if (JB_ERR_OK != string_join(&url_param_prefixed, url_param))
{
- free(url_param);
free_map(exports);
return JB_ERR_MEMORY;
}
- strcpy(url_param_prefixed, "http://");
- strcpy(url_param_prefixed + 7, url_param);
- free(url_param);
url_param = url_param_prefixed;
}
+ /*
+ * Hide "toggle off" warning if Privoxy is toggled on.
+ */
+ if (
+#ifdef FEATURE_TOGGLE
+ (global_toggle_state == 1) &&
+#endif /* def FEATURE_TOGGLE */
+ map_block_killer(exports, "privoxy-is-toggled-off")
+ )
+ {
+ freez(url_param);
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
if (url_param[0] == '\0')
{
struct http_request url_to_query[1];
struct current_action_spec action[1];
int i;
-
+
if (map(exports, "url", 1, html_encode(url_param), 0))
{
free(url_param);
return JB_ERR_MEMORY;
}
- err = parse_http_url(url_param, url_to_query, csp);
+ memset(url_to_query, '\0', sizeof(url_to_query));
+ err = parse_http_url(url_param, url_to_query, REQUIRE_PROTOCOL);
+ assert((err != JB_ERR_OK) || (url_to_query->ssl == !strncmpic(url_param, "https://", 8)));
free(url_param);
err = map(exports, "matches", 1, "<b>[Invalid URL specified!]</b>" , 1);
if (!err) err = map(exports, "final", 1, lookup(exports, "default"), 1);
+ if (!err) err = map_block_killer(exports, "valid-url");
free_current_action(action);
free_http_request(url_to_query);
}
/*
- * We have a warning about SSL paths. Hide it for insecure sites.
+ * We have a warning about SSL paths. Hide it for unencrypted sites.
*/
if (!url_to_query->ssl)
{
}
}
- matches = strdup("<table class=\"transparent\">");
+ matches = strdup_or_die("<table summary=\"\" class=\"transparent\">");
for (i = 0; i < MAX_AF_FILES; i++)
{
if (NULL == csp->config->actions_file_short[i]
- || !strcmp(csp->config->actions_file_short[i], "standard")) continue;
+ || !strcmp(csp->config->actions_file_short[i], "standard.action")) continue;
b = NULL;
hits = 1;
/* FIXME: Hardcoded HTML! */
string_append(&matches, "<tr><th>In file: ");
string_join (&matches, html_encode(csp->config->actions_file_short[i]));
- snprintf(buf, 150, ".action <a class=\"cmd\" href=\"/show-status?file=actions&index=%d\">", i);
+ snprintf(buf, sizeof(buf), " <a class=\"cmd\" href=\"/show-status?file=actions&index=%d\">", i);
string_append(&matches, buf);
string_append(&matches, "View</a>");
#ifdef FEATURE_CGI_EDIT_ACTIONS
- string_append(&matches, " <a class=\"cmd\" href=\"/edit-actions-list?f=");
- string_join (&matches, html_encode(csp->config->actions_file_short[i]));
- string_append(&matches, "\">Edit</a>");
-#endif
+ if (csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS)
+ {
+#ifdef HAVE_ACCESS
+ if (access(csp->config->actions_file[i], W_OK) == 0)
+ {
+#endif /* def HAVE_ACCESS */
+ snprintf(buf, sizeof(buf),
+ " <a class=\"cmd\" href=\"/edit-actions-list?f=%d\">", i);
+ string_append(&matches, buf);
+ string_append(&matches, "Edit</a>");
+#ifdef HAVE_ACCESS
+ }
+ else
+ {
+ string_append(&matches, " <strong>No write access.</strong>");
+ }
+#endif /* def HAVE_ACCESS */
+ }
+#endif /* FEATURE_CGI_EDIT_ACTIONS */
+
string_append(&matches, "</th></tr>\n");
hits = 0;
{
string_append(&matches, "<tr><td>{");
string_join (&matches, actions_to_html(csp, b->action));
- string_append(&matches, " }</b><br>\n<code>");
+ string_append(&matches, " }<br>\n<code>");
string_join (&matches, html_encode(b->url->spec));
string_append(&matches, "</code></td></tr>\n");
}
string_append(&matches, "</table>\n");
+ /*
+ * XXX: Kludge to make sure the "Forward settings" section
+ * shows what forward-override{} would do with the requested URL.
+ * No one really cares how the CGI request would be forwarded
+ * if it wasn't intercepted as CGI request in the first place.
+ *
+ * From here on the action bitmask will no longer reflect
+ * the real url (http://config.privoxy.org/show-url-info?url=.*),
+ * but luckily it's no longer required later on anyway.
+ */
+ free_current_action(csp->action);
+ get_url_actions(csp, url_to_query);
+
+ /*
+ * Fill in forwarding settings.
+ *
+ * The possibilities are:
+ * - no forwarding
+ * - http forwarding only
+ * - socks4(a) forwarding only
+ * - socks4(a) and http forwarding.
+ *
+ * XXX: Parts of this code could be reused for the
+ * "forwarding-failed" template which currently doesn't
+ * display the proxy port and an eventual second forwarder.
+ */
+ {
+ const struct forward_spec *fwd = forward_url(csp, url_to_query);
+
+ if ((fwd->gateway_host == NULL) && (fwd->forward_host == NULL))
+ {
+ if (!err) err = map_block_killer(exports, "socks-forwarder");
+ if (!err) err = map_block_killer(exports, "http-forwarder");
+ }
+ else
+ {
+ char port[10]; /* We save proxy ports as int but need a string here */
+
+ if (!err) err = map_block_killer(exports, "no-forwarder");
+
+ if (fwd->gateway_host != NULL)
+ {
+ char *socks_type = NULL;
+
+ switch (fwd->type)
+ {
+ case SOCKS_4:
+ socks_type = "socks4";
+ break;
+ case SOCKS_4A:
+ socks_type = "socks4a";
+ break;
+ case SOCKS_5:
+ socks_type = "socks5";
+ break;
+ case SOCKS_5T:
+ socks_type = "socks5t";
+ break;
+ default:
+ log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type);
+ }
+
+ if (!err) err = map(exports, "socks-type", 1, socks_type, 1);
+ if (!err) err = map(exports, "gateway-host", 1, fwd->gateway_host, 1);
+ snprintf(port, sizeof(port), "%d", fwd->gateway_port);
+ if (!err) err = map(exports, "gateway-port", 1, port, 1);
+ }
+ else
+ {
+ if (!err) err = map_block_killer(exports, "socks-forwarder");
+ }
+
+ if (fwd->forward_host != NULL)
+ {
+ if (!err) err = map(exports, "forward-host", 1, fwd->forward_host, 1);
+ snprintf(port, sizeof(port), "%d", fwd->forward_port);
+ if (!err) err = map(exports, "forward-port", 1, port, 1);
+ }
+ else
+ {
+ if (!err) err = map_block_killer(exports, "http-forwarder");
+ }
+ }
+ }
+
free_http_request(url_to_query);
- if (matches == NULL)
+ if (err || matches == NULL)
{
free_current_action(action);
free_map(exports);
return JB_ERR_MEMORY;
}
- if (map(exports, "matches", 1, matches , 0))
+#ifdef FEATURE_CGI_EDIT_ACTIONS
+ if ((csp->config->feature_flags & RUNTIME_FEATURE_CGI_EDIT_ACTIONS))
+ {
+ err = map_block_killer(exports, "cgi-editor-is-disabled");
+ }
+#endif /* FEATURE_CGI_EDIT_ACTIONS */
+
+ /*
+ * If zlib support is available, if no content filters
+ * are enabled or if the prevent-compression action is enabled,
+ * suppress the "compression could prevent filtering" warning.
+ */
+#ifndef FEATURE_ZLIB
+ if (!content_filters_enabled(action) ||
+ (action->flags & ACTION_NO_COMPRESSION))
+#endif
+ {
+ if (!err) err = map_block_killer(exports, "filters-might-be-ineffective");
+ }
+
+ if (err || map(exports, "matches", 1, matches , 0))
{
free_current_action(action);
free_map(exports);
* CGI Parameters : None
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_robots_txt(struct client_state *csp,
char buf[100];
jb_err err;
- rsp->body = strdup(
+ (void)csp;
+ (void)parameters;
+
+ rsp->body = strdup_or_die(
"# This is the Privoxy control interface.\n"
"# It isn't very useful to index it, and you're likely to break stuff.\n"
"# So go away!\n"
"User-agent: *\n"
"Disallow: /\n"
"\n");
- if (rsp->body == NULL)
- {
- return JB_ERR_MEMORY;
- }
err = enlist_unique(rsp->headers, "Content-Type: text/plain", 13);
rsp->is_static = 1;
- get_http_time(7 * 24 * 60 * 60, buf); /* 7 days into future */
+ get_http_time(7 * 24 * 60 * 60, buf, sizeof(buf)); /* 7 days into future */
if (!err) err = enlist_unique_header(rsp->headers, "Expires", buf);
return (err ? JB_ERR_MEMORY : JB_ERR_OK);
* 1 : exports = map to extend
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
static jb_err show_defines(struct map *exports)
{
jb_err err = JB_ERR_OK;
+ int i;
+ struct feature {
+ const char name[31];
+ const unsigned char is_available;
+ };
+ static const struct feature features[] = {
+ {
+ "FEATURE_64_BIT_TIME_T",
+#if (SIZEOF_TIME_T == 8)
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_ACCEPT_FILTER",
+#ifdef FEATURE_ACCEPT_FILTER
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_ACL",
#ifdef FEATURE_ACL
- if (!err) err = map_conditional(exports, "FEATURE_ACL", 1);
-#else /* ifndef FEATURE_ACL */
- if (!err) err = map_conditional(exports, "FEATURE_ACL", 0);
-#endif /* ndef FEATURE_ACL */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_CGI_EDIT_ACTIONS",
#ifdef FEATURE_CGI_EDIT_ACTIONS
- if (!err) err = map_conditional(exports, "FEATURE_CGI_EDIT_ACTIONS", 1);
-#else /* ifndef FEATURE_COOKIE_JAR */
- if (!err) err = map_conditional(exports, "FEATURE_CGI_EDIT_ACTIONS", 0);
-#endif /* ndef FEATURE_COOKIE_JAR */
-
-#ifdef FEATURE_COOKIE_JAR
- if (!err) err = map_conditional(exports, "FEATURE_COOKIE_JAR", 1);
-#else /* ifndef FEATURE_COOKIE_JAR */
- if (!err) err = map_conditional(exports, "FEATURE_COOKIE_JAR", 0);
-#endif /* ndef FEATURE_COOKIE_JAR */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_CLIENT_TAGS",
+#ifdef FEATURE_CLIENT_TAGS
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_COMPRESSION",
+#ifdef FEATURE_COMPRESSION
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_CONNECTION_KEEP_ALIVE",
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_CONNECTION_SHARING",
+#ifdef FEATURE_CONNECTION_SHARING
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_FAST_REDIRECTS",
#ifdef FEATURE_FAST_REDIRECTS
- if (!err) err = map_conditional(exports, "FEATURE_FAST_REDIRECTS", 1);
-#else /* ifndef FEATURE_FAST_REDIRECTS */
- if (!err) err = map_conditional(exports, "FEATURE_FAST_REDIRECTS", 0);
-#endif /* ndef FEATURE_FAST_REDIRECTS */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_FORCE_LOAD",
#ifdef FEATURE_FORCE_LOAD
- if (!err) err = map_conditional(exports, "FEATURE_FORCE_LOAD", 1);
- if (!err) err = map(exports, "FORCE_PREFIX", 1, FORCE_PREFIX, 1);
-#else /* ifndef FEATURE_FORCE_LOAD */
- if (!err) err = map_conditional(exports, "FEATURE_FORCE_LOAD", 0);
- if (!err) err = map(exports, "FORCE_PREFIX", 1, "(none - disabled)", 1);
-#endif /* ndef FEATURE_FORCE_LOAD */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_GRACEFUL_TERMINATION",
+#ifdef FEATURE_GRACEFUL_TERMINATION
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_IMAGE_BLOCKING",
#ifdef FEATURE_IMAGE_BLOCKING
- if (!err) err = map_conditional(exports, "FEATURE_IMAGE_BLOCKING", 1);
-#else /* ifndef FEATURE_IMAGE_BLOCKING */
- if (!err) err = map_conditional(exports, "FEATURE_IMAGE_BLOCKING", 0);
-#endif /* ndef FEATURE_IMAGE_BLOCKING */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_IMAGE_DETECT_MSIE",
#ifdef FEATURE_IMAGE_DETECT_MSIE
- if (!err) err = map_conditional(exports, "FEATURE_IMAGE_DETECT_MSIE", 1);
-#else /* ifndef FEATURE_IMAGE_DETECT_MSIE */
- if (!err) err = map_conditional(exports, "FEATURE_IMAGE_DETECT_MSIE", 0);
-#endif /* ndef FEATURE_IMAGE_DETECT_MSIE */
-
-#ifdef FEATURE_KILL_POPUPS
- if (!err) err = map_conditional(exports, "FEATURE_KILL_POPUPS", 1);
-#else /* ifndef FEATURE_KILL_POPUPS */
- if (!err) err = map_conditional(exports, "FEATURE_KILL_POPUPS", 0);
-#endif /* ndef FEATURE_KILL_POPUPS */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_IPV6_SUPPORT",
+#ifdef HAVE_RFC2553
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_NO_GIFS",
#ifdef FEATURE_NO_GIFS
- if (!err) err = map_conditional(exports, "FEATURE_NO_GIFS", 1);
-#else /* ifndef FEATURE_NO_GIFS */
- if (!err) err = map_conditional(exports, "FEATURE_NO_GIFS", 0);
-#endif /* ndef FEATURE_NO_GIFS */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_PTHREAD",
#ifdef FEATURE_PTHREAD
- if (!err) err = map_conditional(exports, "FEATURE_PTHREAD", 1);
-#else /* ifndef FEATURE_PTHREAD */
- if (!err) err = map_conditional(exports, "FEATURE_PTHREAD", 0);
-#endif /* ndef FEATURE_PTHREAD */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_STATISTICS",
#ifdef FEATURE_STATISTICS
- if (!err) err = map_conditional(exports, "FEATURE_STATISTICS", 1);
-#else /* ifndef FEATURE_STATISTICS */
- if (!err) err = map_conditional(exports, "FEATURE_STATISTICS", 0);
-#endif /* ndef FEATURE_STATISTICS */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_STRPTIME_SANITY_CHECKS",
+#ifdef FEATURE_STRPTIME_SANITY_CHECKS
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_TOGGLE",
#ifdef FEATURE_TOGGLE
- if (!err) err = map_conditional(exports, "FEATURE_TOGGLE", 1);
-#else /* ifndef FEATURE_TOGGLE */
- if (!err) err = map_conditional(exports, "FEATURE_TOGGLE", 0);
-#endif /* ndef FEATURE_TOGGLE */
-
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_TRUST",
#ifdef FEATURE_TRUST
- if (!err) err = map_conditional(exports, "FEATURE_TRUST", 1);
-#else /* ifndef FEATURE_TRUST */
- if (!err) err = map_conditional(exports, "FEATURE_TRUST", 0);
-#endif /* ndef FEATURE_TRUST */
-
-#ifdef STATIC_PCRE
- if (!err) err = map_conditional(exports, "STATIC_PCRE", 1);
-#else /* ifndef STATIC_PCRE */
- if (!err) err = map_conditional(exports, "STATIC_PCRE", 0);
-#endif /* ndef STATIC_PCRE */
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_ZLIB",
+#ifdef FEATURE_ZLIB
+ 1,
+#else
+ 0,
+#endif
+ },
+ {
+ "FEATURE_DYNAMIC_PCRE",
+#ifdef FEATURE_DYNAMIC_PCRE
+ 1,
+#else
+ 0,
+#endif
+ }
+ };
-#ifdef STATIC_PCRS
- if (!err) err = map_conditional(exports, "STATIC_PCRS", 1);
-#else /* ifndef STATIC_PCRS */
- if (!err) err = map_conditional(exports, "STATIC_PCRS", 0);
-#endif /* ndef STATIC_PCRS */
+ for (i = 0; i < SZ(features); i++)
+ {
+ err = map_conditional(exports, features[i].name, features[i].is_available);
+ if (err)
+ {
+ break;
+ }
+ }
return err;
+
}
*********************************************************************/
static char *show_rcs(void)
{
- char *result = strdup("");
+ char *result = strdup_or_die("");
char buf[BUFFER_SIZE];
/* Instead of including *all* dot h's in the project (thus creating a
#define SHOW_RCS(__x) \
{ \
extern const char __x[]; \
- sprintf(buf, "%s\n", __x); \
+ snprintf(buf, sizeof(buf), " %s\n", __x); \
string_append(&result, buf); \
}
SHOW_RCS(jbsockets_rcs)
SHOW_RCS(jcc_h_rcs)
SHOW_RCS(jcc_rcs)
-#ifdef FEATURE_KILL_POPUPS
- SHOW_RCS(killpopup_h_rcs)
- SHOW_RCS(killpopup_rcs)
-#endif /* def FEATURE_KILL_POPUPS */
SHOW_RCS(list_h_rcs)
SHOW_RCS(list_rcs)
SHOW_RCS(loadcfg_h_rcs)
}
+/*********************************************************************
+ *
+ * Function : cgi_show_file
+ *
+ * Description : CGI function that shows the content of a
+ * configuration file.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : rsp = http_response data structure for output
+ * 3 : parameters = map of cgi parameters
+ *
+ * CGI Parameters :
+ * file : Which file to show. Only first letter is checked,
+ * valid values are:
+ * - "a"ction file
+ * - "r"egex
+ * - "t"rust
+ * Default is to show menu and other information.
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory error.
+ *
+ *********************************************************************/
+static jb_err cgi_show_file(struct client_state *csp,
+ struct http_response *rsp,
+ const struct map *parameters)
+{
+ unsigned i;
+ const char * filename = NULL;
+ char * file_description = NULL;
+
+ assert(csp);
+ assert(rsp);
+ assert(parameters);
+
+ switch (*(lookup(parameters, "file")))
+ {
+ case 'a':
+ if (!get_number_param(csp, parameters, "index", &i) && i < MAX_AF_FILES && csp->actions_list[i])
+ {
+ filename = csp->actions_list[i]->filename;
+ file_description = "Actions File";
+ }
+ break;
+
+ case 'f':
+ if (!get_number_param(csp, parameters, "index", &i) && i < MAX_AF_FILES && csp->rlist[i])
+ {
+ filename = csp->rlist[i]->filename;
+ file_description = "Filter File";
+ }
+ break;
+
+#ifdef FEATURE_TRUST
+ case 't':
+ if (csp->tlist)
+ {
+ filename = csp->tlist->filename;
+ file_description = "Trust File";
+ }
+ break;
+#endif /* def FEATURE_TRUST */
+ }
+
+ if (NULL != filename)
+ {
+ struct map *exports;
+ char *s;
+ jb_err err;
+ size_t length;
+
+ exports = default_exports(csp, "show-status");
+ if (NULL == exports)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ if (map(exports, "file-description", 1, file_description, 1)
+ || map(exports, "filepath", 1, html_encode(filename), 0))
+ {
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+
+ err = load_file(filename, &s, &length);
+ if (JB_ERR_OK != err)
+ {
+ if (map(exports, "contents", 1, "<h1>ERROR OPENING FILE!</h1>", 1))
+ {
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+ }
+ else
+ {
+ s = html_encode_and_free_original(s);
+ if (NULL == s)
+ {
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+
+ if (map(exports, "contents", 1, s, 0))
+ {
+ free_map(exports);
+ return JB_ERR_MEMORY;
+ }
+ }
+
+ return template_fill_for_cgi(csp, "show-status-file", exports, rsp);
+ }
+
+ return JB_ERR_CGI_PARAMS;
+}
+
+
+/*********************************************************************
+ *
+ * Function : load_file
+ *
+ * Description : Loads a file into a buffer.
+ *
+ * Parameters :
+ * 1 : filename = Name of the file to be loaded.
+ * 2 : buffer = Used to return the file's content.
+ * 3 : length = Used to return the size of the file.
+ *
+ * Returns : JB_ERR_OK in case of success,
+ * JB_ERR_FILE in case of ordinary file loading errors
+ * (fseek() and ftell() errors are fatal)
+ * JB_ERR_MEMORY in case of out-of-memory.
+ *
+ *********************************************************************/
+static jb_err load_file(const char *filename, char **buffer, size_t *length)
+{
+ FILE *fp;
+ long ret;
+ jb_err err = JB_ERR_OK;
+
+ fp = fopen(filename, "rb");
+ if (NULL == fp)
+ {
+ log_error(LOG_LEVEL_ERROR, "Failed to open %s: %E", filename);
+ return JB_ERR_FILE;
+ }
+
+ /* Get file length */
+ if (fseek(fp, 0, SEEK_END))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Unexpected error while fseek()ing to the end of %s: %E",
+ filename);
+ }
+ ret = ftell(fp);
+ if (-1 == ret)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Unexpected ftell() error while loading %s: %E",
+ filename);
+ }
+ *length = (size_t)ret;
+
+ /* Go back to the beginning. */
+ if (fseek(fp, 0, SEEK_SET))
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Unexpected error while fseek()ing to the beginning of %s: %E",
+ filename);
+ }
+
+ *buffer = zalloc_or_die(*length + 1);
+
+ if (1 != fread(*buffer, *length, 1, fp))
+ {
+ /*
+ * May theoretically happen if the file size changes between
+ * fseek() and fread() because it's edited in-place. Privoxy
+ * and common text editors don't do that, thus we just fail.
+ */
+ log_error(LOG_LEVEL_ERROR,
+ "Couldn't completely read file %s.", filename);
+ freez(*buffer);
+ err = JB_ERR_FILE;
+ }
+
+ fclose(fp);
+
+ return err;
+
+}
+
+
/*
Local Variables:
tab-width: 3