storm/w3m
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[w3m-dev 03644] Re: Other user can see local cookie.

Browse Source 
* cookie.c (save_cookies): return if no_rc_dir
* etc.c (tmpf_base): add cookie
	(tmpfname): use tmp_dir instead of rc_dir
* file.c (loadGeneralFile): cookie is not passed via URL
* fm.h (TMPF_COOKIE): incl
	(MAX_TMPF_TYPE): incl
	(no_rc_dir): added
	(tmp_dir): added
	(config_file): added
* local.c (Local_cookie_file): added
	(writeLocalCookie): added
	(setLocalCookie): dont set environment LOCAL_COOKIE
	(localcgi_post): writeLocalCookie
	(localcgi_get): writeLocalCookie
* main.c (config_filename): deleted
	(cmd_loadURL): arg FormList
	(main): rewrite config_file, rc
	(ldhelp): no cookie in URL
	(cmd_loadURL): arg FormList
	(goURL0): cmd_loadURL change
	(cmd_loadBuffer): cmd_loadURL change
	(adBmark): cookie is posted
	(follow_map): cmd_loadURL change
	(linkMn): cmd_loadURL change
	(reinit): init_rc change
* proto.h (create_option_search_table): deleted
	(init_rc): no args
* rc.c (create_option_search_table): static
	(init_rc): no args
		rewrite
	(optionpanel_src1): rewrite
	(load_option_panel): html_quote
	(panel_set_option): no_rc_dir
* w3mbookmark.c: rewrite
* w3mhelperpanel.c: rewrite
* scripts/dirlist.cgi.in: rewrite
* scripts/w3mhelp.cgi.in: rewrite
* scripts/w3mmail.cgi.in: rewrite
* scripts/multipart/multipart.cgi.in: rewrite
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
This commit is contained in:
Fumitoshi UKAI
2003-01-15 17:13:21 +00:00
parent 0aeedf43a0
commit 549ee1cc09
15 changed files with 326 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog
+44 -1
View File
@@ -1,3 +1,46 @@
2003-01-16 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
* [w3m-dev 03644] Re: Other user can see local cookie.
* cookie.c (save_cookies): return if no_rc_dir
* etc.c (tmpf_base): add cookie
(tmpfname): use tmp_dir instead of rc_dir
* file.c (loadGeneralFile): cookie is not passed via URL
* fm.h (TMPF_COOKIE): incl
(MAX_TMPF_TYPE): incl
(no_rc_dir): added
(tmp_dir): added
(config_file): added
* local.c (Local_cookie_file): added
(writeLocalCookie): added
(setLocalCookie): dont set environment LOCAL_COOKIE
(localcgi_post): writeLocalCookie
(localcgi_get): writeLocalCookie
* main.c (config_filename): deleted
(cmd_loadURL): arg FormList
(main): rewrite config_file, rc
(ldhelp): no cookie in URL
(cmd_loadURL): arg FormList
(goURL0): cmd_loadURL change
(cmd_loadBuffer): cmd_loadURL change
(adBmark): cookie is posted
(follow_map): cmd_loadURL change
(linkMn): cmd_loadURL change
(reinit): init_rc change
* proto.h (create_option_search_table): deleted
(init_rc): no args
* rc.c (create_option_search_table): static
(init_rc): no args
rewrite
(optionpanel_src1): rewrite
(load_option_panel): html_quote
(panel_set_option): no_rc_dir
* w3mbookmark.c: rewrite
* w3mhelperpanel.c: rewrite
* scripts/dirlist.cgi.in: rewrite
* scripts/w3mhelp.cgi.in: rewrite
* scripts/w3mmail.cgi.in: rewrite
* scripts/multipart/multipart.cgi.in: rewrite
2003-01-16 Fumitoshi UKAI <ukai@debian.or.jp>
* file.c (loadGopherDir): convertLine RAW_MODE
@@ -6476,4 +6519,4 @@ a * [w3m-dev 03276] compile error on EWS4800
* release-0-2-1
* import w3m-0.2.1
$Id: ChangeLog,v 1.684 2003/01/15 16:24:25 ukai Exp $
$Id: ChangeLog,v 1.685 2003/01/15 17:13:21 ukai Exp $
cookie.c
+2 -2
View File
@@ -1,4 +1,4 @@
/* $Id: cookie.c,v 1.7 2002/01/10 15:39:21 ukai Exp $ */
/* $Id: cookie.c,v 1.8 2003/01/15 17:13:21 ukai Exp $ */
/*
* References for version 0 cookie:
@@ -417,7 +417,7 @@ save_cookies(void)
check_expired_cookies();
if (!First_cookie || is_saved || rc_dir_is_tmp)
if (!First_cookie || is_saved || no_rc_dir)
return;
cookie_file = rcFile(COOKIE_FILE);
etc.c
+3 -3
View File
@@ -1,4 +1,4 @@
/* $Id: etc.c,v 1.48 2003/01/15 16:11:43 ukai Exp $ */
/* $Id: etc.c,v 1.49 2003/01/15 17:13:21 ukai Exp $ */
#include "fm.h"
#include <pwd.h>
#include "myctype.h"
@@ -1503,7 +1503,7 @@ file_to_url(char *file)
}
static char *tmpf_base[MAX_TMPF_TYPE] = {
"tmp", "src", "frame", "cache"
"tmp", "src", "frame", "cache", "cookie",
};
static unsigned int tmpf_seq[MAX_TMPF_TYPE];
@@ -1512,7 +1512,7 @@ tmpfname(int type, char *ext)
{
Str tmpf;
tmpf = Sprintf("%s/w3m%s%d-%d%s",
rc_dir,
tmp_dir,
tmpf_base[type],
CurrentPid, tmpf_seq[type]++, (ext) ? ext : "");
pushText(fileToDelete, tmpf->ptr);
file.c
+3 -5
View File
@@ -1,4 +1,4 @@
/* $Id: file.c,v 1.186 2003/01/15 16:24:25 ukai Exp $ */
/* $Id: file.c,v 1.187 2003/01/15 17:13:21 ukai Exp $ */
#include "fm.h"
#include <sys/types.h>
#include "myctype.h"
@@ -1550,10 +1550,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
return NULL;
if (S_ISDIR(st.st_mode)) {
if (UseExternalDirBuffer) {
Str cmd = Sprintf("%s?cookie=%s&dir=%s#current",
DirBufferCommand,
(Str_form_quote(Local_cookie))->ptr,
pu.file);
Str cmd = Sprintf("%s?dir=%s#current",
DirBufferCommand, pu.file);
b = loadGeneralFile(cmd->ptr, NULL, NO_REFERER, 0,
NULL);
if (b != NULL && b != NO_BUFFER) {
fm.h
+6 -3
View File
@@ -1,4 +1,4 @@
/* $Id: fm.h,v 1.102 2003/01/10 16:42:40 ukai Exp $ */
/* $Id: fm.h,v 1.103 2003/01/15 17:13:22 ukai Exp $ */
/*
* w3m: WWW wo Miru utility
*
@@ -742,7 +742,8 @@ typedef struct http_request {
#define TMPF_SRC 1
#define TMPF_FRAME 2
#define TMPF_CACHE 3
#define MAX_TMPF_TYPE 4
#define TMPF_COOKIE 4
#define MAX_TMPF_TYPE 5
#define set_no_proxy(domains) (NO_proxy_domains=make_domain_list(domains))
@@ -1017,8 +1018,10 @@ global char UseGraphicChar init(TRUE);
extern char alt_rule[];
#endif /* not KANJI_SYMBOLS */
extern char UseAltEntity;
global int no_rc_dir init(FALSE);
global char *rc_dir;
global int rc_dir_is_tmp init(FALSE);
global char *tmp_dir;
global char *config_file init(NULL);
#ifdef USE_MOUSE
global int use_mouse init(TRUE);
local.c
+22 -2
View File
@@ -1,4 +1,4 @@
/* $Id: local.c,v 1.20 2003/01/15 16:24:25 ukai Exp $ */
/* $Id: local.c,v 1.21 2003/01/15 17:13:22 ukai Exp $ */
#include "fm.h"
#include <string.h>
#include <stdio.h>
@@ -23,6 +23,25 @@
#define CGIFN_CONTAIN_SLASH 4
static char *Local_cookie_file = NULL;
static void
writeLocalCookie()
{
FILE *f;
if (no_rc_dir)
return;
Local_cookie_file = tmpfname(TMPF_COOKIE, NULL)->ptr;
set_environ("LOCAL_COOKIE_FILE", Local_cookie_file);
f = fopen(Local_cookie_file, "wb");
if (!f)
return;
fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f);
fclose(f);
chmod(Local_cookie_file, S_IRUSR | S_IWUSR);
}
/* setup cookie for local CGI */
void
setLocalCookie()
@@ -31,7 +50,6 @@ setLocalCookie()
gethostname(hostname, 256);
Local_cookie = Sprintf("%d.%ld@%s", CurrentPid, lrand48(), hostname);
set_environ("LOCAL_COOKIE", Local_cookie->ptr);
}
Str
@@ -395,6 +413,7 @@ localcgi_post(char *uri, char *qstr, FormList *request, char *referer)
file = cgi_filename(uri, &status);
if (check_local_cgi(file, status) < 0)
return NULL;
writeLocalCookie();
tmp1 = tmpfname(TMPF_DFL, NULL);
if ((pid = localcgi_popen_r(&f)) < 0)
return NULL;
@@ -459,6 +478,7 @@ localcgi_get(char *uri, char *request, char *referer)
file = cgi_filename(uri, &status);
if (check_local_cgi(file, status) < 0)
return NULL;
writeLocalCookie();
if ((pid = localcgi_popen_r(&f)) < 0)
return NULL;
else if (pid)
main.c
+29 -32
View File
@@ -1,4 +1,4 @@
/* $Id: main.c,v 1.193 2003/01/15 16:24:25 ukai Exp $ */
/* $Id: main.c,v 1.194 2003/01/15 17:13:22 ukai Exp $ */
#define MAINPROGRAM
#include "fm.h"
#include <signal.h>
@@ -26,8 +26,6 @@ extern int do_getch();
#define DSTR_LEN 256
static char *config_filename = NULL;
Hist *LoadHist;
Hist *SaveHist;
Hist *URLHist;
@@ -71,7 +69,8 @@ JMP_BUF IntReturn;
static void delBuffer(Buffer *buf);
static void cmd_loadfile(char *path);
static void cmd_loadURL(char *url, ParsedURL *current, char *referer);
static void cmd_loadURL(char *url, ParsedURL *current, char *referer,
FormList *request);
static void cmd_loadBuffer(Buffer *buf, int prop, int linkid);
static void keyPressEventProc(int c);
int show_params_p = 0;
@@ -383,12 +382,7 @@ main(int argc, char **argv, char **envp)
CurrentDir = currentdir();
CurrentPid = (int)getpid();
BookmarkFile = NULL;
rc_dir = expandName(RC_DIR);
i = strlen(rc_dir);
if (i > 1 && rc_dir[i - 1] == '/')
rc_dir[i - 1] = '\0';
config_filename = rcFile(CONFIG_FILE);
create_option_search_table();
config_file = NULL;
/* argument search 1 */
for (i = 1; i < argc; i++) {
@@ -397,7 +391,7 @@ main(int argc, char **argv, char **envp)
argv[i] = "-dummy";
if (++i >= argc)
usage();
config_filename = argv[i];
config_file = argv[i];
argv[i] = "-dummy";
}
else if (!strcmp("-h", argv[i]) || !strcmp("-help", argv[i]))
@@ -410,7 +404,7 @@ main(int argc, char **argv, char **envp)
}
/* initializations */
init_rc(config_filename);
init_rc();
LoadHist = newHist();
SaveHist = newHist();
@@ -2007,17 +2001,16 @@ ldhelp(void)
#ifdef USE_HELP_CGI
char *lang;
int n;
Str tmp;
lang = AcceptLang;
n = strcspn(lang, ";, \t");
cmd_loadURL(Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION
"?cookie=%s&version=%s&lang=%s",
Str_form_quote(Local_cookie)->ptr,
Str_form_quote(Strnew_charp(w3m_version))->ptr,
Str_form_quote(Strnew_charp_n(lang, n))->ptr)->ptr,
NULL, NO_REFERER);
tmp = Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION "?version=%s&lang=%s",
Str_form_quote(Strnew_charp(w3m_version))->ptr,
Str_form_quote(Strnew_charp_n(lang, n))->ptr);
cmd_loadURL(tmp->ptr, NULL, NO_REFERER, NULL);
#else
cmd_loadURL(helpFile(HELP_FILE), NULL, NO_REFERER);
cmd_loadURL(helpFile(HELP_FILE), NULL, NO_REFERER, NULL);
#endif
}
@@ -3813,7 +3806,7 @@ deletePrevBuf()
}
static void
cmd_loadURL(char *url, ParsedURL *current, char *referer)
cmd_loadURL(char *url, ParsedURL *current, char *referer, FormList *request)
{
Buffer *buf;
@@ -3850,7 +3843,7 @@ cmd_loadURL(char *url, ParsedURL *current, char *referer)
#endif /* USE_NNTP */
refresh();
buf = loadGeneralFile(url, current, referer, 0, NULL);
buf = loadGeneralFile(url, current, referer, 0, request);
if (buf == NULL) {
char *emsg = Sprintf("Can't load %s", conv_from_system(url))->ptr;
disp_err_message(emsg, FALSE);
@@ -3925,7 +3918,7 @@ goURL0(char *prompt, int relative)
}
parseURL2(url, &p_url, current);
pushHashHist(URLHist, parsedURL2Str(&p_url)->ptr);
cmd_loadURL(url, current, referer);
cmd_loadURL(url, current, referer, NULL);
if (Currentbuf != cur_buf) /* success */
pushHashHist(URLHist, parsedURL2Str(&Currentbuf->currentURL)->ptr);
}
@@ -3965,7 +3958,7 @@ cmd_loadBuffer(Buffer *buf, int prop, int linkid)
void
ldBmark(void)
{
cmd_loadURL(BookmarkFile, NULL, NO_REFERER);
cmd_loadURL(BookmarkFile, NULL, NO_REFERER, NULL);
}
@@ -3974,15 +3967,19 @@ void
adBmark(void)
{
Str tmp;
FormList *request;
tmp = Sprintf("file://%s/" W3MBOOKMARK_CMDNAME
"?mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
w3m_lib_dir(), (Str_form_quote(Local_cookie))->ptr,
tmp = Sprintf("mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
(Str_form_quote(Local_cookie))->ptr,
(Str_form_quote(Strnew_charp(BookmarkFile)))->ptr,
(Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))->
ptr,
(Str_form_quote(Strnew_charp(Currentbuf->buffername)))->ptr);
cmd_loadURL(tmp->ptr, NULL, NO_REFERER);
request = newFormList(NULL, "post", NULL, NULL, NULL, NULL, NULL);
request->body = tmp->ptr;
request->length = tmp->length;
cmd_loadURL("file:///$LIB/" W3MBOOKMARK_CMDNAME, NULL, NO_REFERER,
request);
}
/* option setting */
@@ -4086,7 +4083,7 @@ follow_map(struct parsed_tagarg *arg)
_newT();
buf = Currentbuf;
cmd_loadURL(a->url, baseURL(Currentbuf),
parsedURL2Str(&Currentbuf->currentURL)->ptr);
parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL);
if (buf != Currentbuf)
delBuffer(buf);
else
@@ -4095,7 +4092,7 @@ follow_map(struct parsed_tagarg *arg)
return;
}
cmd_loadURL(a->url, baseURL(Currentbuf),
parsedURL2Str(&Currentbuf->currentURL)->ptr);
parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL);
#endif
}
@@ -4116,7 +4113,7 @@ linkMn(void)
parseURL2(l->url, &p_url, baseURL(Currentbuf));
pushHashHist(URLHist, parsedURL2Str(&p_url)->ptr);
cmd_loadURL(l->url, baseURL(Currentbuf),
parsedURL2Str(&Currentbuf->currentURL)->ptr);
parsedURL2Str(&Currentbuf->currentURL)->ptr, NULL);
}
static void
@@ -5621,7 +5618,7 @@ reinit()
char *resource = searchKeyData();
if (resource == NULL) {
init_rc(config_filename);
init_rc();
sync_with_option();
#ifdef USE_COOKIE
initCookie();
@@ -5631,7 +5628,7 @@ reinit()
}
if (!strcasecmp(resource, "CONFIG") || !strcasecmp(resource, "RC")) {
init_rc(config_filename);
init_rc();
sync_with_option();
displayBuffer(Currentbuf, B_REDRAW_IMAGE);
return;
proto.h
+2 -3
View File
@@ -1,4 +1,4 @@
/* $Id: proto.h,v 1.78 2003/01/15 16:11:43 ukai Exp $ */
/* $Id: proto.h,v 1.79 2003/01/15 17:13:22 ukai Exp $ */
/*
* This file was automatically generated by version 1.7 of cextract.
* Manual editing not recommended.
@@ -561,8 +561,7 @@ extern Str decodeMIME(char *orgstr);
extern Str encodeB(char *a);
extern int set_param_option(char *option);
extern char *get_param_option(char *name);
extern void create_option_search_table();
extern void init_rc(char *config_filename);
extern void init_rc(void);
extern Buffer *load_option_panel(void);
extern void panel_set_option(struct parsed_tagarg *);
extern void sync_with_option(void);
rc.c
+45 -25
View File
@@ -1,4 +1,4 @@
/* $Id: rc.c,v 1.74 2002/12/27 16:07:44 ukai Exp $ */
/* $Id: rc.c,v 1.75 2003/01/15 17:13:22 ukai Exp $ */
/*
* Initialization file etc.
*/
@@ -847,7 +847,7 @@ compare_table(struct rc_search_table *a, struct rc_search_table *b)
return strcmp(a->param->name, b->param->name);
}
void
static void
create_option_search_table()
{
int i, j, k;
@@ -1366,24 +1366,25 @@ sync_with_option(void)
}
void
init_rc(char *config_filename)
init_rc(void)
{
int i;
struct stat st;
FILE *f;
char *tmpdir;
if (((tmpdir = getenv("TMP")) == NULL || *tmpdir == '\0')
&& ((tmpdir = getenv("TEMP")) == NULL || *tmpdir == '\0')
&& ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0'))
tmpdir = "/tmp";
if (config_file != NULL)
goto open_rc;
rc_dir = expandName(RC_DIR);
i = strlen(rc_dir);
if (i > 1 && rc_dir[i - 1] == '/')
rc_dir[i - 1] = '\0';
if (stat(rc_dir, &st) < 0) {
if (errno == ENOENT) { /* no directory */
if (do_mkdir(rc_dir, 0700) < 0) {
fprintf(stderr, "Can't create config directory (%s)!", rc_dir);
rc_dir = tmpdir;
rc_dir_is_tmp = TRUE;
return;
goto rc_dir_err;
}
else {
stat(rc_dir, &st);
@@ -1391,37 +1392,56 @@ init_rc(char *config_filename)
}
else {
fprintf(stderr, "Can't open config directory (%s)!", rc_dir);
rc_dir = tmpdir;
rc_dir_is_tmp = TRUE;
return;
goto rc_dir_err;
}
}
if (!S_ISDIR(st.st_mode)) {
/* not a directory */
fprintf(stderr, "%s is not a directory!", rc_dir);
rc_dir = tmpdir;
rc_dir_is_tmp = TRUE;
return;
goto rc_dir_err;
}
if (!(st.st_mode & S_IWUSR)) {
fprintf(stderr, "%s is not writable!", rc_dir);
goto rc_dir_err;
}
no_rc_dir = FALSE;
tmp_dir = rc_dir;
if (config_file == NULL)
config_file = rcFile(CONFIG_FILE);
create_option_search_table();
open_rc:
/* open config file */
if ((f = fopen(etcFile(W3MCONFIG), "rt")) != NULL) {
interpret_rc(f);
fclose(f);
}
config_file = config_filename;
if (config_file == NULL)
config_file = rcFile(CONFIG_FILE);
if ((f = fopen(config_file, "rt")) != NULL) {
interpret_rc(f);
fclose(f);
}
return;
rc_dir_err:
no_rc_dir = TRUE;
if (((tmp_dir = getenv("TMPDIR")) == NULL || *tmp_dir == '\0') &&
((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') &&
((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0'))
tmp_dir = "/tmp";
}
static char optionpanel_src1[] =
"<html><head><title>Option Setting Panel</title></head>\
<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel&cookie=%s\">%s</a>\n" "<form method=internal action=option>";
"<html><head><title>Option Setting Panel</title></head><body>\
<h1 align=center>Option Setting Panel<br>(w3m version %s)</b></h1>\
<form method=post action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "\">\
<input type=hidden name=mode value=panel>\
<input type=hidden name=cookie value=\"%s\">\
<input type=submit value=\"%s\">\
</form><br>\
<form method=internal action=option>";
static Str
to_str(struct param_ptr *p)
@@ -1458,8 +1478,8 @@ to_str(struct param_ptr *p)
Buffer *
load_option_panel(void)
{
Str src = Sprintf(optionpanel_src1, w3m_version,
(Str_form_quote(Local_cookie))->ptr, CMT_HELPER);
Str src = Sprintf(optionpanel_src1, html_quote(w3m_version),
html_quote(Local_cookie->ptr), CMT_HELPER);
struct param_ptr *p;
struct sel_c *s;
int x, i;
@@ -1530,7 +1550,7 @@ panel_set_option(struct parsed_tagarg *arg)
{
FILE *f = NULL;
if (rc_dir_is_tmp) {
if (no_rc_dir) {
disp_message("There's no ~/.w3m directory... config not saved", FALSE);
}
else {
scripts/dirlist.cgi.in
+26 -35
View File
@@ -33,15 +33,16 @@ $query = $ENV{'QUERY_STRING'};
$dir = '';
$cmd = '';
$cookie = '';
# $cgi = 0;
# if ($query eq '') {
# $_ = `pwd`; # insecure?
# chop;
# s/\r$//;
# $dir = $_;
# $cgi = 0;
# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
foreach(split(/\&/, $query)) {
$local_cookie = '';
foreach(split(/\&/, $query)) {
if (s/^dir=//) {
$dir = &form_decode($_);
}
}
$body = undef;
if ($ENV{'REQUEST_METHOD'} eq 'POST') {
sysread(STDIN, $body, $ENV{'CONTENT_LENGTH'});
foreach(split(/\&/, $body)) {
if (s/^dir=//) {
$dir = &form_decode($_);
} elsif (s/^opt(\d+)=//) {
@@ -52,27 +53,22 @@ $cookie = '';
$cookie = &form_decode($_);
}
}
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
print <<EOF;
}
$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
if (-f $cookie_file) {
open(F, "< $cookie_file");
$local_cookie = <F>;
close(F);
}
if ($local_cookie eq '' || (defined($body) && $cookie ne $local_cookie)) {
print <<EOF;
Content-Type: text/plain
Local cookie doesn't match: It may be an illegal execution
EOF
exit(1);
}
$cookie = &html_quote($cookie);
$cgi = 1;
# } else {
# $dir = $query;
# if (($dir !~ m@^/@) &&
# ($WIN32 && $dir !~ /^[a-z]:/i)) {
# $_ = `pwd`; # insecure?
# chop;
# s/\r$//;
# $dir = "$_/$dir";
# }
# $cgi = -1;
# }
exit(1);
}
$local_cookie = &html_quote($local_cookie);
if ($dir !~ m@/$@) {
$dir .= '/';
}
@@ -88,9 +84,7 @@ if ($WIN32) {
$ROOT = &cygwin_pathconv("$ROOT");
}
}
if ($cgi) {
$dir = &cleanup($dir);
}
$dir = &cleanup($dir);
$TYPE = $OPT[$OPT_TYPE];
$FORMAT = $OPT[$OPT_FORMAT];
@@ -117,9 +111,6 @@ EOF
exit 1;
}
# ($cgi > 0) && print <<EOF;
# w3m-control: DELETE_PREVBUF
# EOF
print <<EOF;
Content-Type: text/html
@@ -404,9 +395,9 @@ sub print_form {
local($_, @vs, @os, $v, $o);
print <<EOF;
<form action=\"$CGI\">
<form method=post action=\"$CGI#current\">
<center>
<table>
<table cellpadding=0>
<tr valign=top>
EOF
foreach(0 .. 2) {
@@ -433,7 +424,7 @@ EOF
</table>
</center>
<input type=hidden name=dir value="$d">
<input type=hidden name=cookie value="$cookie">
<input type=hidden name=cookie value="$local_cookie">
</form>
EOF
}
scripts/multipart/multipart.cgi.in
+5 -20
View File
@@ -28,24 +28,14 @@ if (defined($query)) {
}
$file = &form_decode($v{'file'});
$boundary = &form_decode($v{'boundary'});
$cookie = &form_decode($v{'cookie'});
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
print <<EOF;
Content-Type: text/plain
Local cookie doesn't match: It may be an illegal execution
EOF
exit(1);
}
} else {
$file = $ARGV[0];
if (@ARGV >= 2) {
$boundary = $ARGV[1];
}
$cookie = $ENV{'LOCAL_COOKIE'};
}
open(F, "< $file");
(-f $file) || exit(1);
open(F, "< $file") || exit(1);
$end = 0;
$mbody = '';
if (defined($boundary)) {
@@ -131,7 +121,6 @@ if (defined($v{'count'})) {
$qcgi = &html_quote($CGI);
$qfile = &html_quote($file);
$qboundary = &html_quote($boundary);
$qcookie = &html_quote($cookie);
if ($mbody =~ /\S/) {
$_ = $mbody;
@@ -196,20 +185,16 @@ while(! $end) {
s/\>/\&gt;/g;
print "<pre>\n";
print $_;
print "\n</pre>\n";
print "</pre>\n";
if ($type =~ /name=\"?([^\"]+)\"?/ ||
$dispos =~ /filename=\"?([^\"]+)\"?/) {
$name = $1;
} else {
$name = "Content";
}
print "<form method=POST action=\"$qcgi?$count\">\n";
print "<input type=hidden name=file value=\"$qfile\">\n";
print "<input type=hidden name=boundary value=\"$qboundary\">\n";
print "<input type=hidden name=cookie value=\"$qcookie\">\n";
print "<input type=hidden name=count value=\"$count\">\n";
print "<form action=\"$qcgi?file=$qfile&amp;boundary=$qboundary&amp;count=$count\">\n";
if ($image) {
print "<input type=image name=submit src=\"$CGI?file=$qfile&amp;boundary=$qboundary&amp;cookie=$qcookie&amp;count=$count\" alt=\"",
print "<input type=image name=submit src=\"$qcgi?file=$qfile&amp;boundary=$qboundary&amp;count=$count\" alt=\"",
&html_quote($name), "\">\n";
} else {
print "<input type=submit name=submit value=\"",
scripts/w3mhelp.cgi.in
+2 -16
View File
@@ -1,5 +1,5 @@
#!@PERL@
# $Id: w3mhelp.cgi.in,v 1.22 2002/12/11 02:57:30 ukai Exp $
# $Id: w3mhelp.cgi.in,v 1.23 2003/01/15 17:13:22 ukai Exp $
if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) {
$CYGPATH = 1;
@@ -49,18 +49,6 @@ if (defined($ENV{'QUERY_STRING'})) {
$lang = $tlang;
}
}
if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
$cookie = $2;
$cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
}
}
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
print <<EOF;
Content-Type: text/plain
Local cookie doesn't match: It may be an illegal execution
EOF
exit(1);
}
%f = %keyfunc;
@@ -115,9 +103,7 @@ HEADING
$q_version = $version;
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
$q_cookie = $cookie;
$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&amp;lang=";
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&amp;lang=";
# doc:en_English doc-jp:ja_Japanese
for $otherlang (@docdirs) {
scripts/w3mmail.cgi.in
+22 -11
View File
@@ -1,15 +1,21 @@
#!@PERL@
$rcsid = q$Id: w3mmail.cgi.in,v 1.11 2002/11/11 15:50:28 ukai Exp $;
$rcsid = q$Id: w3mmail.cgi.in,v 1.12 2003/01/15 17:13:22 ukai Exp $;
($id = $rcsid) =~ s/^.*,v ([\d\.]*).*/$1/;
($prog=$0) =~ s/.*\///;
$query = $ENV{'QUERY_STRING'};
$local_cookie = $ENV{'LOCAL_COOKIE'};
$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
$local_cookie = '';
$SENDMAIL = '/usr/lib/sendmail';
$SENDMAIL = '/usr/sbin/sendmail' if -x '/usr/sbin/sendmail';
$SENDMAIL_OPT = '-oi -t';
if (-f $cookie_file) {
open(F, "< $cookie_file");
$local_cookie = <F>;
close(F);
}
if ($query =~ s/^\w+://) {
$url = $query;
$qurl = &html_quote($url);
@@ -43,8 +49,9 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer: $qurl</title></head>\n";
print "<body><h1>W3M Mailer: $qurl</h1>\n";
print "<form action='file://$0' method='POST'>\n";
print "<input type='hidden' name='cookie' value='$local_cookie'>\n";
print "<form action=\"file://$0\" method='POST'>\n";
$local_cookie = &html_quote($local_cookie);
print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n";
print "<table>\n";
foreach $h ('from', 'to', 'cc', 'bcc', 'subject') {
$v = &lang_html_quote($opt{$h});
@@ -52,6 +59,7 @@ if ($query =~ s/^\w+://) {
delete $opt{$h};
}
if ($boundary) {
$boundary = &html_quote($boundary);
print "<tr><td>Content-Type:<td>multipart/form-data; boundary=\"$boundary\"\n";
print "<input type='hidden' name='boundary' value=\"$boundary\">\n";
}
@@ -98,8 +106,9 @@ if ($query =~ s/^\w+://) {
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body>\n";
print "<h1>W3M Mailer: preview</h1>\n";
print "<form action='$0' method='POST'>\n";
print "<input type='hidden' name='cookie' value='$local_cookie'>\n";
print "<form action=\"file://$0\" method='POST'>\n";
$local_cookie = &html_quote($local_cookie);
print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n";
print "<hr>\n";
print "<pre>\n";
foreach $h (keys %opt) {
@@ -112,13 +121,15 @@ if ($query =~ s/^\w+://) {
($cs,$cte,$body) = &lang_body(&lang_html_quote($body), 0);
print "Mime-Version: 1.0\n";
if ($boundary) {
$boundary = &html_quote($boundary);
print "Content-Type: multipart/form-data;\n";
print " boundary=\"$boundary\"\n";
} else {
print "Content-Type: text/plain; charset=$cs\n";
}
# print "Content-Transfer-Encoding: $cte\n";
print "User-Agent: $ENV{'SERVER_SOFTWARE'} $prog/$id\n";
print "User-Agent: ", &html_quote("$ENV{'SERVER_SOFTWARE'} $prog/$id"),
"\n";
print "\n";
print $body;
print "\n" if ($body !~ /\n$/);
@@ -137,10 +148,10 @@ if ($query =~ s/^\w+://) {
foreach $h (keys %opt) {
$qh = &html_quote($h);
print "<tr><td>\u$qh:<td>$v{$h}\n";
print "<input type='hidden' name=\"$qh\" value=\"$v\">\n";
print "<input type='hidden' name=\"$qh\" value=\"$v{$h}\">\n";
}
print "<tr><td colspan=2>\n";
print "<textarea cols=40 rows=10 name='body'>\n";
print "<textarea cols=40 rows=10 name=body>\n";
if ($body) {
print $body;
}
@@ -158,7 +169,7 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body><h1>W3M Mailer: open sendmail failed</h1>\n";
print "<p>$@</p>\n";
print "<p>", &html_quote($@), "</p>\n";
print "</body></html>\n";
exit(0);
}
@@ -189,7 +200,7 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body><h1>W3M Mailer: close sendmail failed</h1>\n";
print "<p>$@</p>\n";
print "<p>", &html_quote($@), "</p>\n";
print "</body></html>\n";
}
}
w3mbookmark.c
+69 -54
View File
@@ -1,7 +1,5 @@
/* $Id: w3mbookmark.c,v 1.7 2002/11/26 18:03:29 ukai Exp $ */
#ifdef __EMX__
/* $Id: w3mbookmark.c,v 1.8 2003/01/15 17:13:22 ukai Exp $ */
#include <stdlib.h>
#endif
#include <stdio.h>
#include "config.h"
#include "Str.h"
@@ -10,46 +8,47 @@
#include "parsetag.h"
#if LANG == JA
static char *bkmark_src1 = "<html><head><title>Bookmark Registration</title>\n\
<body><h1></h1>\n\n" "<form method=get action=\"file://%s/" W3MBOOKMARK_CMDNAME "\">\n\n" "<input type=hidden name=mode value=register>\n\
#define BKMARK_TITLE "ブックマークの登録"
#define BKMARK_ADD "登録"
#define DEFAULT_SECTION "未分類"
#else
#define BKMARK_TITLE "Register to my bookmark"
#define BKMARK_ADD "ADD"
#define DEFAULT_SECTION "Miscellaneous"
#endif
static char *bkmark_src1 =
"<html>\n\
<head>\n\
<title>" BKMARK_TITLE "</title>\n\
</head>\n\
<body>\n\
<h1>" BKMARK_TITLE "</h1>\n\
<form method=post action=\"file:///$LIB/" W3MBOOKMARK_CMDNAME "\">\n\
<input type=hidden name=mode value=register>\n\
<input type=hidden name=bmark value=\"%s\">\n\
<input type=hidden name=cookie value=\"%s\">\n\
<table cellpadding=0>\n";
static char *bkmark_src2 =
"<tr><td>New Section:</td><td><input type=text name=newsection width=60></td></tr>\n\
<tr><td>URL:</td><td><input type=text name=url value=\"%s\" width=60></td></tr>\n\
<tr><td>Title:</td><td><input type=text name=title value=\"%s\" width=60></td></tr>\n\
<tr><td><input type=submit name=submit value=\"登録\"></td>\n\
"<tr><td>New&nbsp;Section:<td><input type=text name=newsection size=60>\n\
<tr><td>URL:<td><input type=text name=url value=\"%s\" size=60>\n\
<tr><td>Title:<td><input type=text name=title value=\"%s\" size=60>\n\
<tr><td><input type=submit value=\"" BKMARK_ADD "\">\n\
</table>\n\
<input type=hidden name=cookie value=\"%s\">\
</form>\
</body></html>\n";
static char *default_section = "未分類";
#else /* LANG != JA */
static char *bkmark_src1 = "<html><head><title>Bookmark Registration</title>\n\
<body><h1>Register to my bookmark</h1>\n\n" "<form method=get action=\"file://%s/" W3MBOOKMARK_CMDNAME "\">\n\n" "<input type=hidden name=mode value=register>\n\
<input type=hidden name=bmark value=\"%s\">\n\
<table cellpadding=0>\n";
static char *bkmark_src2 =
"<tr><td>New Section:</td><td><input type=text name=newsection width=60></td></tr>\n\
<tr><td>URL:</td><td><input type=text name=url value=\"%s\" width=60></td></tr>\n\
<tr><td>Title:</td><td><input type=text name=title value=\"%s\" width=60></td></tr>\n\
<tr><td><input type=submit name=submit value=\"ADD\"></td>\n\
</table>\n\
<input type=hidden name=cookie value=\"%s\">\
</form>\
</body></html>\n";
static char *default_section = "Miscellaneous";
#endif /* LANG != JA */
</form>\n\
</body>\n\
</html>\n";
#undef FALSE
#define FALSE 0
#define T 1
#undef TRUE
#define TRUE 1
static char end_section[] =
"<!--End of section (do not delete this comment)-->\n";
char *Local_cookie;
static char *Local_cookie = NULL;
void
print_bookmark_panel(char *bmark, char *url, char *title)
@@ -59,7 +58,7 @@ print_bookmark_panel(char *bmark, char *url, char *title)
char *p;
printf("Content-Type: text/html\n\n");
printf(bkmark_src1, w3m_lib_dir(), bmark);
printf(bkmark_src1, html_quote(bmark), html_quote(Local_cookie));
if ((f = fopen(bmark, "r")) != NULL) {
printf("<tr><td>Section:<td><select name=\"section\">\n");
while (tmp = Strfgets(f), tmp->length > 0) {
@@ -69,13 +68,13 @@ print_bookmark_panel(char *bmark, char *url, char *title)
tmp2 = Strnew();
while (*p && *p != '<')
Strcat_char(tmp2, *p++);
printf("<option value=\"%s\">%s</option>", tmp2->ptr,
printf("<option value=\"%s\">%s\n", tmp2->ptr,
tmp2->ptr);
}
}
printf("</select>\n");
}
printf(bkmark_src2, html_quote(url), html_quote(title), Local_cookie);
printf(bkmark_src2, html_quote(url), html_quote(title));
}
/* create new bookmark */
@@ -117,7 +116,7 @@ insert_bookmark(char *bmark, struct parsed_tagarg *data)
if (section == NULL || *section == '\0')
section = tag_get_value(data, "section");
if (section == NULL || *section == '\0')
section = default_section;
section = DEFAULT_SECTION;
if (url == NULL || *url == '\0' || title == NULL || *title == '\0') {
/* Bookmark not added */
@@ -175,7 +174,9 @@ int
main(int argc, char *argv[], char **envp)
{
extern char *getenv();
char *qs;
char *p;
int length;
Str qs = NULL;
struct parsed_tagarg *cgiarg;
char *mode;
char *bmark;
@@ -183,21 +184,33 @@ main(int argc, char *argv[], char **envp)
char *title;
char *sent_cookie;
if ((qs = getenv("QUERY_STRING")) == NULL) {
printf("Content-Type: text/plain\n\n");
printf("Incomplete Request: no QUERY_STRING\n");
exit(1);
p = getenv("REQUEST_METHOD");
if (p == NULL || strcasecmp(p, "post"))
goto request_err;
p = getenv("CONTENT_LENGTH");
if (p == NULL || (length = atoi(p)) <= 0)
goto request_err;
qs = Strfgets(stdin);
Strchop(qs);
if (qs->length != length)
goto request_err;
cgiarg = cgistr2tagarg(qs->ptr);
p = getenv("LOCAL_COOKIE_FILE");
if (p) {
FILE *f = fopen(p, "r");
if (f) {
Local_cookie = Strfgets(f)->ptr;
fclose(f);
}
}
cgiarg = cgistr2tagarg(qs);
Local_cookie = getenv("LOCAL_COOKIE");
sent_cookie = tag_get_value(cgiarg, "cookie");
if (sent_cookie == NULL || Local_cookie == NULL ||
strcmp(sent_cookie, Local_cookie) != 0) {
/* local cookie doesn't match: It may be an illegal invocation */
printf("Content-Type: text/plain\n");
printf("\nLocal cookie doesn't match: It may be an illegal invocation\n");
printf("Content-Type: text/plain\n\n");
printf("Local cookie doesn't match: It may be an illegal invocation\n");
exit(1);
}
@@ -205,12 +218,8 @@ main(int argc, char *argv[], char **envp)
bmark = expandPath(tag_get_value(cgiarg, "bmark"));
url = tag_get_value(cgiarg, "url");
title = tag_get_value(cgiarg, "title");
if (bmark == NULL || url == NULL) {
/* incomplete request */
printf("Content-Type: text/plain\n\n");
printf("Incomplete Request: QUERY_STRING=%s\n", qs);
exit(1);
}
if (bmark == NULL || url == NULL)
goto request_err;
if (mode && !strcmp(mode, "panel")) {
if (title == NULL)
title = "";
@@ -220,8 +229,14 @@ main(int argc, char *argv[], char **envp)
printf("Content-Type: text/plain\n");
if (insert_bookmark(bmark, cgiarg)) {
printf("w3m-control: BACK\n");
printf("w3m-control: BACK\n\n");
printf("w3m-control: BACK\n");
}
printf("\n");
}
return 0;
request_err:
printf("Content-Type: text/plain\n\n");
printf("Incomplete Request: %s\n", qs ? qs->ptr : "(null)");
exit(1);
}
w3mhelperpanel.c
+46 -24
View File
@@ -1,7 +1,8 @@
/* $Id: w3mhelperpanel.c,v 1.10 2002/11/26 18:03:29 ukai Exp $ */
/* $Id: w3mhelperpanel.c,v 1.11 2003/01/15 17:13:22 ukai Exp $ */
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "config.h"
#include "Str.h"
#include "indep.h"
@@ -18,7 +19,7 @@
#define MSG_DELETE "ºï½ü"
#define MSG_DOIT "¼Â¹Ô"
#else /* LANG != JA */
#define MSG_TITLE "External Viewers"
#define MSG_TITLE "External Viewers Setup"
#define MSG_NEW_ENTRY "New Entry"
#define MSG_TYPE "Type"
#define MSG_COMMAND "Command"
@@ -81,32 +82,33 @@ printMailcapPanel(char *mailcap)
}
}
printf("Content-Type: text/html\n\n");
printf
("<html><head><title>External Viewer Setup</title></head><body><h1>%s</h1>\n",
MSG_TITLE);
printf("<form method=get action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME
printf("<html>\n<head>\n<title>%s</title>\n</head>\n<body>\n<h1>%s</h1>\n",
MSG_TITLE, MSG_TITLE);
printf("<form method=post action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME
"\">\n");
printf("<input type=hidden name=mode value=edit>\n");
printf("<input type=hidden name=cookie value=\"%s\">\n", local_cookie);
printf
("%s: %s=<input type=text name=newtype><br>%s=<input type=text name=newcmd><br><input type=submit name=submit value=\"%s\">\n",
MSG_NEW_ENTRY, MSG_TYPE, MSG_COMMAND, MSG_REGISTER);
printf
("<p><hr width=50%%><p><table border='0' cellpadding='0'><tr><th>&nbsp;&nbsp;<th><b>%s</b><th><b>%s</b>\n",
MSG_TYPE, MSG_COMMAND);
printf("<input type=hidden name=cookie value=\"%s\">\n",
html_quote(local_cookie));
printf("<table>\n<tr><td>%s:<td>%s=<input type=text name=newtype size=40>\n\
<tr><td><td>%s=<input type=text name=newcmd size=40>\n\
<tr><td><input type=submit name=submit value=\"%s\">\n</table>\n",
MSG_NEW_ENTRY, MSG_TYPE, MSG_COMMAND, MSG_REGISTER);
printf("<p><hr width=50%%><p>\n<table border='0' cellpadding='0'>\n\
<tr><th align=left><b>%s</b><th><b>%s</b>\n",
MSG_TYPE, MSG_COMMAND);
while (tmp = Strfgets(f), tmp->length > 0) {
if (tmp->ptr[0] == '#')
continue;
Strchop(tmp);
extractMailcapEntry(tmp->ptr, &type, &viewer);
printf("<tr valign=top><td><td>%s<td>%s<td>", html_quote(type),
printf("<tr valign=top><td>%s<td>%s<td nowrap>", html_quote(type),
html_quote(viewer));
printf("<input type=checkbox name=delete value=\"%s\">%s\n",
html_quote(type), MSG_DELETE);
}
printf
("</table><input type=submit name=submit value=\"%s\"></form></body></html>\n",
MSG_DOIT);
printf("</table>\n<input type=submit name=submit value=\"%s\">\n</form>\n\
</body>\n</html>\n",
MSG_DOIT);
}
void
@@ -159,17 +161,34 @@ main(int argc, char *argv[], char **envp)
{
Str mailcapfile;
extern char *getenv();
char *qs;
char *p;
int length;
Str qs = NULL;
struct parsed_tagarg *cgiarg;
char *mode;
char *sent_cookie;
if ((qs = getenv("QUERY_STRING")) == NULL)
exit(1);
p = getenv("REQUEST_METHOD");
if (p == NULL || strcasecmp(p, "post"))
goto request_err;
p = getenv("CONTENT_LENGTH");
if (p == NULL || (length = atoi(p)) <= 0)
goto request_err;
cgiarg = cgistr2tagarg(qs);
qs = Strfgets(stdin);
Strchop(qs);
if (qs->length != length)
goto request_err;
cgiarg = cgistr2tagarg(qs->ptr);
local_cookie = getenv("LOCAL_COOKIE");
p = getenv("LOCAL_COOKIE_FILE");
if (p) {
FILE *f = fopen(p, "r");
if (f) {
local_cookie = Strfgets(f)->ptr;
fclose(f);
}
}
sent_cookie = tag_get_value(cgiarg, "cookie");
if (local_cookie == NULL || sent_cookie == NULL ||
strcmp(local_cookie, sent_cookie) != 0) {
@@ -178,8 +197,7 @@ main(int argc, char *argv[], char **envp)
}
mode = tag_get_value(cgiarg, "mode");
mailcapfile = Strnew_charp(expandPath(RC_DIR));
Strcat_charp(mailcapfile, "/mailcap");
mailcapfile = Strnew_charp(expandPath(USER_MAILCAP));
if (mode && !strcmp(mode, "edit")) {
char *referer;
/* check if I can edit my mailcap */
@@ -198,4 +216,8 @@ main(int argc, char *argv[], char **envp)
printMailcapPanel(mailcapfile->ptr);
}
return 0;
request_err:
bye("Incomplete Request:", qs ? qs->ptr : "(null)");
exit(1);
}