[w3m-dev 03644] Re: Other user can see local cookie.

* cookie.c (save_cookies): return if no_rc_dir
* etc.c (tmpf_base): add cookie
	(tmpfname): use tmp_dir instead of rc_dir
* file.c (loadGeneralFile): cookie is not passed via URL
* fm.h (TMPF_COOKIE): incl
	(MAX_TMPF_TYPE): incl
	(no_rc_dir): added
	(tmp_dir): added
	(config_file): added
* local.c (Local_cookie_file): added
	(writeLocalCookie): added
	(setLocalCookie): dont set environment LOCAL_COOKIE
	(localcgi_post): writeLocalCookie
	(localcgi_get): writeLocalCookie
* main.c (config_filename): deleted
	(cmd_loadURL): arg FormList
	(main): rewrite config_file, rc
	(ldhelp): no cookie in URL
	(cmd_loadURL): arg FormList
	(goURL0): cmd_loadURL change
	(cmd_loadBuffer): cmd_loadURL change
	(adBmark): cookie is posted
	(follow_map): cmd_loadURL change
	(linkMn): cmd_loadURL change
	(reinit): init_rc change
* proto.h (create_option_search_table): deleted
	(init_rc): no args
* rc.c (create_option_search_table): static
	(init_rc): no args
		rewrite
	(optionpanel_src1): rewrite
	(load_option_panel): html_quote
	(panel_set_option): no_rc_dir
* w3mbookmark.c: rewrite
* w3mhelperpanel.c: rewrite
* scripts/dirlist.cgi.in: rewrite
* scripts/w3mhelp.cgi.in: rewrite
* scripts/w3mmail.cgi.in: rewrite
* scripts/multipart/multipart.cgi.in: rewrite
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>

scripts/dirlist.cgi.in

@@ -33,15 +33,16 @@ $query = $ENV{'QUERY_STRING'};
 $dir = '';
 $cmd = '';
 $cookie = '';
-# $cgi = 0;
-# if ($query eq '') {
-#   $_ = `pwd`;	# insecure?
-#   chop;
-#   s/\r$//;
-#   $dir = $_;
-#   $cgi = 0;
-# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
-  foreach(split(/\&/, $query)) {
+$local_cookie = '';
+foreach(split(/\&/, $query)) {
+  if (s/^dir=//) {
+    $dir = &form_decode($_);
+  }
+}
+$body = undef;
+if ($ENV{'REQUEST_METHOD'} eq 'POST') {
+  sysread(STDIN, $body, $ENV{'CONTENT_LENGTH'});
+  foreach(split(/\&/, $body)) {
     if (s/^dir=//) {
       $dir = &form_decode($_);
     } elsif (s/^opt(\d+)=//) {
@@ -52,27 +53,22 @@ $cookie = '';
       $cookie = &form_decode($_);
     }
   }
-  if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
-    print <<EOF;
+}
+$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
+if (-f $cookie_file) {
+   open(F, "< $cookie_file");
+   $local_cookie = <F>;
+   close(F);
+}
+if ($local_cookie eq '' || (defined($body) && $cookie ne $local_cookie)) {
+  print <<EOF;
 Content-Type: text/plain
 
 Local cookie doesn't match: It may be an illegal execution
 EOF
-    exit(1);
-  }
- $cookie =  &html_quote($cookie);
-  $cgi = 1;
-# } else {
-#   $dir = $query;
-#   if (($dir !~ m@^/@) &&
-#       ($WIN32 && $dir !~ /^[a-z]:/i)) {
-#     $_ = `pwd`;	# insecure?
-#     chop;
-#     s/\r$//;
-#     $dir = "$_/$dir";
-#   }
-#   $cgi = -1;
-# }
+  exit(1);
+}
+$local_cookie =  &html_quote($local_cookie);
 if ($dir !~ m@/$@) {
   $dir .= '/';
 }
@@ -88,9 +84,7 @@ if ($WIN32) {
       $ROOT = &cygwin_pathconv("$ROOT");
   }
 }
-if ($cgi) {
-  $dir = &cleanup($dir);
-}
+$dir = &cleanup($dir);
 
 $TYPE   = $OPT[$OPT_TYPE];
 $FORMAT = $OPT[$OPT_FORMAT];
@@ -117,9 +111,6 @@ EOF
   exit 1;
 }
 
-# ($cgi > 0) && print <<EOF;
-# w3m-control: DELETE_PREVBUF
-# EOF
 print <<EOF;
 Content-Type: text/html
 
@@ -404,9 +395,9 @@ sub print_form {
   local($_, @vs, @os, $v, $o);
 
   print <<EOF;
-<form action=\"$CGI\">
+<form method=post action=\"$CGI#current\">
 <center>
-<table>
+<table cellpadding=0>
 <tr valign=top>
 EOF
   foreach(0 .. 2) {
@@ -433,7 +424,7 @@ EOF
 </table>
 </center>
 <input type=hidden name=dir value="$d">
-<input type=hidden name=cookie value="$cookie">
+<input type=hidden name=cookie value="$local_cookie">
 </form>
 EOF
 }