[w3m-dev 03644] Re: Other user can see local cookie.

* cookie.c (save_cookies): return if no_rc_dir * etc.c (tmpf_base): add cookie (tmpfname): use tmp_dir instead of rc_dir * file.c (loadGeneralFile): cookie is not passed via URL * fm.h (TMPF_COOKIE): incl (MAX_TMPF_TYPE): incl (no_rc_dir): added (tmp_dir): added (config_file): added * local.c (Local_cookie_file): added (writeLocalCookie): added (setLocalCookie): dont set environment LOCAL_COOKIE (localcgi_post): writeLocalCookie (localcgi_get): writeLocalCookie * main.c (config_filename): deleted (cmd_loadURL): arg FormList (main): rewrite config_file, rc (ldhelp): no cookie in URL (cmd_loadURL): arg FormList (goURL0): cmd_loadURL change (cmd_loadBuffer): cmd_loadURL change (adBmark): cookie is posted (follow_map): cmd_loadURL change (linkMn): cmd_loadURL change (reinit): init_rc change * proto.h (create_option_search_table): deleted (init_rc): no args * rc.c (create_option_search_table): static (init_rc): no args rewrite (optionpanel_src1): rewrite (load_option_panel): html_quote (panel_set_option): no_rc_dir * w3mbookmark.c: rewrite * w3mhelperpanel.c: rewrite * scripts/dirlist.cgi.in: rewrite * scripts/w3mhelp.cgi.in: rewrite * scripts/w3mmail.cgi.in: rewrite * scripts/multipart/multipart.cgi.in: rewrite From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
2003-01-15 17:13:21 +00:00
parent 0aeedf43a0
commit 549ee1cc09
15 changed files with 326 additions and 236 deletions
--- a/local.c
+++ b/local.c
@@ -1,4 +1,4 @@
-/* $Id: local.c,v 1.20 2003/01/15 16:24:25 ukai Exp $ */
+/* $Id: local.c,v 1.21 2003/01/15 17:13:22 ukai Exp $ */
 #include "fm.h"
 #include <string.h>
 #include <stdio.h>
@@ -23,6 +23,25 @@

 #define CGIFN_CONTAIN_SLASH 4

+static char *Local_cookie_file = NULL;
+
+static void
+writeLocalCookie()
+{
+    FILE *f;
+
+    if (no_rc_dir)
+	return;
+    Local_cookie_file = tmpfname(TMPF_COOKIE, NULL)->ptr;
+    set_environ("LOCAL_COOKIE_FILE", Local_cookie_file);
+    f = fopen(Local_cookie_file, "wb");
+    if (!f)
+	return;
+    fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f);
+    fclose(f);
+    chmod(Local_cookie_file, S_IRUSR | S_IWUSR);
+}
+
 /* setup cookie for local CGI */
 void
 setLocalCookie()
@@ -31,7 +50,6 @@ setLocalCookie()
    gethostname(hostname, 256);

    Local_cookie = Sprintf("%d.%ld@%s", CurrentPid, lrand48(), hostname);
-    set_environ("LOCAL_COOKIE", Local_cookie->ptr);
 }

 Str
@@ -395,6 +413,7 @@ localcgi_post(char *uri, char *qstr, FormList *request, char *referer)
    file = cgi_filename(uri, &status);
    if (check_local_cgi(file, status) < 0)
 	return NULL;
+    writeLocalCookie();
    tmp1 = tmpfname(TMPF_DFL, NULL);
    if ((pid = localcgi_popen_r(&f)) < 0)
 	return NULL;
@@ -459,6 +478,7 @@ localcgi_get(char *uri, char *request, char *referer)
    file = cgi_filename(uri, &status);
    if (check_local_cgi(file, status) < 0)
 	return NULL;
+    writeLocalCookie();
    if ((pid = localcgi_popen_r(&f)) < 0)
 	return NULL;
    else if (pid)