[w3m-dev 03644] Re: Other user can see local cookie.
* cookie.c (save_cookies): return if no_rc_dir * etc.c (tmpf_base): add cookie (tmpfname): use tmp_dir instead of rc_dir * file.c (loadGeneralFile): cookie is not passed via URL * fm.h (TMPF_COOKIE): incl (MAX_TMPF_TYPE): incl (no_rc_dir): added (tmp_dir): added (config_file): added * local.c (Local_cookie_file): added (writeLocalCookie): added (setLocalCookie): dont set environment LOCAL_COOKIE (localcgi_post): writeLocalCookie (localcgi_get): writeLocalCookie * main.c (config_filename): deleted (cmd_loadURL): arg FormList (main): rewrite config_file, rc (ldhelp): no cookie in URL (cmd_loadURL): arg FormList (goURL0): cmd_loadURL change (cmd_loadBuffer): cmd_loadURL change (adBmark): cookie is posted (follow_map): cmd_loadURL change (linkMn): cmd_loadURL change (reinit): init_rc change * proto.h (create_option_search_table): deleted (init_rc): no args * rc.c (create_option_search_table): static (init_rc): no args rewrite (optionpanel_src1): rewrite (load_option_panel): html_quote (panel_set_option): no_rc_dir * w3mbookmark.c: rewrite * w3mhelperpanel.c: rewrite * scripts/dirlist.cgi.in: rewrite * scripts/w3mhelp.cgi.in: rewrite * scripts/w3mmail.cgi.in: rewrite * scripts/multipart/multipart.cgi.in: rewrite From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
This commit is contained in:
Fumitoshi UKAI
@@ -33,15 +33,16 @@ $query = $ENV{'QUERY_STRING'};
|
||||
$dir = '';
|
||||
$cmd = '';
|
||||
$cookie = '';
|
||||
# $cgi = 0;
|
||||
# if ($query eq '') {
|
||||
# $_ = `pwd`; # insecure?
|
||||
# chop;
|
||||
# s/\r$//;
|
||||
# $dir = $_;
|
||||
# $cgi = 0;
|
||||
# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
|
||||
foreach(split(/\&/, $query)) {
|
||||
$local_cookie = '';
|
||||
foreach(split(/\&/, $query)) {
|
||||
if (s/^dir=//) {
|
||||
$dir = &form_decode($_);
|
||||
}
|
||||
}
|
||||
$body = undef;
|
||||
if ($ENV{'REQUEST_METHOD'} eq 'POST') {
|
||||
sysread(STDIN, $body, $ENV{'CONTENT_LENGTH'});
|
||||
foreach(split(/\&/, $body)) {
|
||||
if (s/^dir=//) {
|
||||
$dir = &form_decode($_);
|
||||
} elsif (s/^opt(\d+)=//) {
|
||||
@@ -52,27 +53,22 @@ $cookie = '';
|
||||
$cookie = &form_decode($_);
|
||||
}
|
||||
}
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
}
|
||||
$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
|
||||
if (-f $cookie_file) {
|
||||
open(F, "< $cookie_file");
|
||||
$local_cookie = <F>;
|
||||
close(F);
|
||||
}
|
||||
if ($local_cookie eq '' || (defined($body) && $cookie ne $local_cookie)) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
$cookie = &html_quote($cookie);
|
||||
$cgi = 1;
|
||||
# } else {
|
||||
# $dir = $query;
|
||||
# if (($dir !~ m@^/@) &&
|
||||
# ($WIN32 && $dir !~ /^[a-z]:/i)) {
|
||||
# $_ = `pwd`; # insecure?
|
||||
# chop;
|
||||
# s/\r$//;
|
||||
# $dir = "$_/$dir";
|
||||
# }
|
||||
# $cgi = -1;
|
||||
# }
|
||||
exit(1);
|
||||
}
|
||||
$local_cookie = &html_quote($local_cookie);
|
||||
if ($dir !~ m@/$@) {
|
||||
$dir .= '/';
|
||||
}
|
||||
@@ -88,9 +84,7 @@ if ($WIN32) {
|
||||
$ROOT = &cygwin_pathconv("$ROOT");
|
||||
}
|
||||
}
|
||||
if ($cgi) {
|
||||
$dir = &cleanup($dir);
|
||||
}
|
||||
$dir = &cleanup($dir);
|
||||
|
||||
$TYPE = $OPT[$OPT_TYPE];
|
||||
$FORMAT = $OPT[$OPT_FORMAT];
|
||||
@@ -117,9 +111,6 @@ EOF
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# ($cgi > 0) && print <<EOF;
|
||||
# w3m-control: DELETE_PREVBUF
|
||||
# EOF
|
||||
print <<EOF;
|
||||
Content-Type: text/html
|
||||
|
||||
@@ -404,9 +395,9 @@ sub print_form {
|
||||
local($_, @vs, @os, $v, $o);
|
||||
|
||||
print <<EOF;
|
||||
<form action=\"$CGI\">
|
||||
<form method=post action=\"$CGI#current\">
|
||||
<center>
|
||||
<table>
|
||||
<table cellpadding=0>
|
||||
<tr valign=top>
|
||||
EOF
|
||||
foreach(0 .. 2) {
|
||||
@@ -433,7 +424,7 @@ EOF
|
||||
</table>
|
||||
</center>
|
||||
<input type=hidden name=dir value="$d">
|
||||
<input type=hidden name=cookie value="$cookie">
|
||||
<input type=hidden name=cookie value="$local_cookie">
|
||||
</form>
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -28,24 +28,14 @@ if (defined($query)) {
|
||||
}
|
||||
$file = &form_decode($v{'file'});
|
||||
$boundary = &form_decode($v{'boundary'});
|
||||
$cookie = &form_decode($v{'cookie'});
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
} else {
|
||||
$file = $ARGV[0];
|
||||
if (@ARGV >= 2) {
|
||||
$boundary = $ARGV[1];
|
||||
}
|
||||
$cookie = $ENV{'LOCAL_COOKIE'};
|
||||
}
|
||||
|
||||
open(F, "< $file");
|
||||
(-f $file) || exit(1);
|
||||
open(F, "< $file") || exit(1);
|
||||
$end = 0;
|
||||
$mbody = '';
|
||||
if (defined($boundary)) {
|
||||
@@ -131,7 +121,6 @@ if (defined($v{'count'})) {
|
||||
$qcgi = &html_quote($CGI);
|
||||
$qfile = &html_quote($file);
|
||||
$qboundary = &html_quote($boundary);
|
||||
$qcookie = &html_quote($cookie);
|
||||
|
||||
if ($mbody =~ /\S/) {
|
||||
$_ = $mbody;
|
||||
@@ -196,20 +185,16 @@ while(! $end) {
|
||||
s/\>/\>/g;
|
||||
print "<pre>\n";
|
||||
print $_;
|
||||
print "\n</pre>\n";
|
||||
print "</pre>\n";
|
||||
if ($type =~ /name=\"?([^\"]+)\"?/ ||
|
||||
$dispos =~ /filename=\"?([^\"]+)\"?/) {
|
||||
$name = $1;
|
||||
} else {
|
||||
$name = "Content";
|
||||
}
|
||||
print "<form method=POST action=\"$qcgi?$count\">\n";
|
||||
print "<input type=hidden name=file value=\"$qfile\">\n";
|
||||
print "<input type=hidden name=boundary value=\"$qboundary\">\n";
|
||||
print "<input type=hidden name=cookie value=\"$qcookie\">\n";
|
||||
print "<input type=hidden name=count value=\"$count\">\n";
|
||||
print "<form action=\"$qcgi?file=$qfile&boundary=$qboundary&count=$count\">\n";
|
||||
if ($image) {
|
||||
print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"",
|
||||
print "<input type=image name=submit src=\"$qcgi?file=$qfile&boundary=$qboundary&count=$count\" alt=\"",
|
||||
&html_quote($name), "\">\n";
|
||||
} else {
|
||||
print "<input type=submit name=submit value=\"",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#!@PERL@
|
||||
# $Id: w3mhelp.cgi.in,v 1.22 2002/12/11 02:57:30 ukai Exp $
|
||||
# $Id: w3mhelp.cgi.in,v 1.23 2003/01/15 17:13:22 ukai Exp $
|
||||
|
||||
if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) {
|
||||
$CYGPATH = 1;
|
||||
@@ -49,18 +49,6 @@ if (defined($ENV{'QUERY_STRING'})) {
|
||||
$lang = $tlang;
|
||||
}
|
||||
}
|
||||
if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
|
||||
$cookie = $2;
|
||||
$cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
|
||||
}
|
||||
}
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
|
||||
%f = %keyfunc;
|
||||
@@ -115,9 +103,7 @@ HEADING
|
||||
|
||||
$q_version = $version;
|
||||
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
|
||||
$q_cookie = $cookie;
|
||||
$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
|
||||
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&lang=";
|
||||
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&lang=";
|
||||
|
||||
# doc:en_English doc-jp:ja_Japanese
|
||||
for $otherlang (@docdirs) {
|
||||
|
||||
@@ -1,15 +1,21 @@
|
||||
#!@PERL@
|
||||
|
||||
$rcsid = q$Id: w3mmail.cgi.in,v 1.11 2002/11/11 15:50:28 ukai Exp $;
|
||||
$rcsid = q$Id: w3mmail.cgi.in,v 1.12 2003/01/15 17:13:22 ukai Exp $;
|
||||
($id = $rcsid) =~ s/^.*,v ([\d\.]*).*/$1/;
|
||||
($prog=$0) =~ s/.*\///;
|
||||
|
||||
$query = $ENV{'QUERY_STRING'};
|
||||
$local_cookie = $ENV{'LOCAL_COOKIE'};
|
||||
$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
|
||||
$local_cookie = '';
|
||||
$SENDMAIL = '/usr/lib/sendmail';
|
||||
$SENDMAIL = '/usr/sbin/sendmail' if -x '/usr/sbin/sendmail';
|
||||
$SENDMAIL_OPT = '-oi -t';
|
||||
|
||||
if (-f $cookie_file) {
|
||||
open(F, "< $cookie_file");
|
||||
$local_cookie = <F>;
|
||||
close(F);
|
||||
}
|
||||
if ($query =~ s/^\w+://) {
|
||||
$url = $query;
|
||||
$qurl = &html_quote($url);
|
||||
@@ -43,8 +49,9 @@ if ($query =~ s/^\w+://) {
|
||||
print "\r\n";
|
||||
print "<html><head><title>W3M Mailer: $qurl</title></head>\n";
|
||||
print "<body><h1>W3M Mailer: $qurl</h1>\n";
|
||||
print "<form action='file://$0' method='POST'>\n";
|
||||
print "<input type='hidden' name='cookie' value='$local_cookie'>\n";
|
||||
print "<form action=\"file://$0\" method='POST'>\n";
|
||||
$local_cookie = &html_quote($local_cookie);
|
||||
print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n";
|
||||
print "<table>\n";
|
||||
foreach $h ('from', 'to', 'cc', 'bcc', 'subject') {
|
||||
$v = &lang_html_quote($opt{$h});
|
||||
@@ -52,6 +59,7 @@ if ($query =~ s/^\w+://) {
|
||||
delete $opt{$h};
|
||||
}
|
||||
if ($boundary) {
|
||||
$boundary = &html_quote($boundary);
|
||||
print "<tr><td>Content-Type:<td>multipart/form-data; boundary=\"$boundary\"\n";
|
||||
print "<input type='hidden' name='boundary' value=\"$boundary\">\n";
|
||||
}
|
||||
@@ -98,8 +106,9 @@ if ($query =~ s/^\w+://) {
|
||||
print "<html><head><title>W3M Mailer</title></head>\n";
|
||||
print "<body>\n";
|
||||
print "<h1>W3M Mailer: preview</h1>\n";
|
||||
print "<form action='$0' method='POST'>\n";
|
||||
print "<input type='hidden' name='cookie' value='$local_cookie'>\n";
|
||||
print "<form action=\"file://$0\" method='POST'>\n";
|
||||
$local_cookie = &html_quote($local_cookie);
|
||||
print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n";
|
||||
print "<hr>\n";
|
||||
print "<pre>\n";
|
||||
foreach $h (keys %opt) {
|
||||
@@ -112,13 +121,15 @@ if ($query =~ s/^\w+://) {
|
||||
($cs,$cte,$body) = &lang_body(&lang_html_quote($body), 0);
|
||||
print "Mime-Version: 1.0\n";
|
||||
if ($boundary) {
|
||||
$boundary = &html_quote($boundary);
|
||||
print "Content-Type: multipart/form-data;\n";
|
||||
print " boundary=\"$boundary\"\n";
|
||||
} else {
|
||||
print "Content-Type: text/plain; charset=$cs\n";
|
||||
}
|
||||
# print "Content-Transfer-Encoding: $cte\n";
|
||||
print "User-Agent: $ENV{'SERVER_SOFTWARE'} $prog/$id\n";
|
||||
print "User-Agent: ", &html_quote("$ENV{'SERVER_SOFTWARE'} $prog/$id"),
|
||||
"\n";
|
||||
print "\n";
|
||||
print $body;
|
||||
print "\n" if ($body !~ /\n$/);
|
||||
@@ -137,10 +148,10 @@ if ($query =~ s/^\w+://) {
|
||||
foreach $h (keys %opt) {
|
||||
$qh = &html_quote($h);
|
||||
print "<tr><td>\u$qh:<td>$v{$h}\n";
|
||||
print "<input type='hidden' name=\"$qh\" value=\"$v\">\n";
|
||||
print "<input type='hidden' name=\"$qh\" value=\"$v{$h}\">\n";
|
||||
}
|
||||
print "<tr><td colspan=2>\n";
|
||||
print "<textarea cols=40 rows=10 name='body'>\n";
|
||||
print "<textarea cols=40 rows=10 name=body>\n";
|
||||
if ($body) {
|
||||
print $body;
|
||||
}
|
||||
@@ -158,7 +169,7 @@ if ($query =~ s/^\w+://) {
|
||||
print "\r\n";
|
||||
print "<html><head><title>W3M Mailer</title></head>\n";
|
||||
print "<body><h1>W3M Mailer: open sendmail failed</h1>\n";
|
||||
print "<p>$@</p>\n";
|
||||
print "<p>", &html_quote($@), "</p>\n";
|
||||
print "</body></html>\n";
|
||||
exit(0);
|
||||
}
|
||||
@@ -189,7 +200,7 @@ if ($query =~ s/^\w+://) {
|
||||
print "\r\n";
|
||||
print "<html><head><title>W3M Mailer</title></head>\n";
|
||||
print "<body><h1>W3M Mailer: close sendmail failed</h1>\n";
|
||||
print "<p>$@</p>\n";
|
||||
print "<p>", &html_quote($@), "</p>\n";
|
||||
print "</body></html>\n";
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user