storm/w3m
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[w3m-dev 03644] Re: Other user can see local cookie.

Browse Source 
* cookie.c (save_cookies): return if no_rc_dir
* etc.c (tmpf_base): add cookie
	(tmpfname): use tmp_dir instead of rc_dir
* file.c (loadGeneralFile): cookie is not passed via URL
* fm.h (TMPF_COOKIE): incl
	(MAX_TMPF_TYPE): incl
	(no_rc_dir): added
	(tmp_dir): added
	(config_file): added
* local.c (Local_cookie_file): added
	(writeLocalCookie): added
	(setLocalCookie): dont set environment LOCAL_COOKIE
	(localcgi_post): writeLocalCookie
	(localcgi_get): writeLocalCookie
* main.c (config_filename): deleted
	(cmd_loadURL): arg FormList
	(main): rewrite config_file, rc
	(ldhelp): no cookie in URL
	(cmd_loadURL): arg FormList
	(goURL0): cmd_loadURL change
	(cmd_loadBuffer): cmd_loadURL change
	(adBmark): cookie is posted
	(follow_map): cmd_loadURL change
	(linkMn): cmd_loadURL change
	(reinit): init_rc change
* proto.h (create_option_search_table): deleted
	(init_rc): no args
* rc.c (create_option_search_table): static
	(init_rc): no args
		rewrite
	(optionpanel_src1): rewrite
	(load_option_panel): html_quote
	(panel_set_option): no_rc_dir
* w3mbookmark.c: rewrite
* w3mhelperpanel.c: rewrite
* scripts/dirlist.cgi.in: rewrite
* scripts/w3mhelp.cgi.in: rewrite
* scripts/w3mmail.cgi.in: rewrite
* scripts/multipart/multipart.cgi.in: rewrite
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
This commit is contained in:
Fumitoshi UKAI
2003-01-15 17:13:21 +00:00
parent 0aeedf43a0
commit 549ee1cc09
15 changed files with 326 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
scripts/w3mhelp.cgi.in
View File

@@ -1,5 +1,5 @@
#!@PERL@
# $Id: w3mhelp.cgi.in,v 1.22 2002/12/11 02:57:30 ukai Exp $
# $Id: w3mhelp.cgi.in,v 1.23 2003/01/15 17:13:22 ukai Exp $
if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) {
$CYGPATH = 1;
@@ -49,18 +49,6 @@ if (defined($ENV{'QUERY_STRING'})) {
$lang = $tlang;
}
}
if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
$cookie = $2;
$cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
}
}
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
print <<EOF;
Content-Type: text/plain
Local cookie doesn't match: It may be an illegal execution
EOF
exit(1);
}
%f = %keyfunc;
@@ -115,9 +103,7 @@ HEADING
$q_version = $version;
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
$q_cookie = $cookie;
$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&amp;lang=";
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&amp;lang=";
# doc:en_English doc-jp:ja_Japanese
for $otherlang (@docdirs) {