use local_cookie for support local-cgi commands
* file.c (loadGeneralFile): pass Local_cookie to DirBufferCommand * fm.h (Local_cookie): Str * local.c (setLocalCookie): Str, set_environ() (set_cgi_environ): remove LOCAL_COOKIE * main.c (ldhelp): pass Local_cookie (adBmark): ditto * rc.c (optionpanel_src1): cookie (load_option_panel): pass Local_cookie * w3mbookmark.c (main): check Local_cookie * w3mhelperpanel (main): ditto * scripts/dirlist.cgi.in: ditto * scripts/w3mhelp.cgi.in: ditto * scripts/multipart/multipart.cgi.in: ditto From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
This commit is contained in:
@@ -1,3 +1,20 @@
|
||||
2002-11-27 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
|
||||
|
||||
* use local_cookie for support local-cgi commands
|
||||
* file.c (loadGeneralFile): pass Local_cookie to DirBufferCommand
|
||||
* fm.h (Local_cookie): Str
|
||||
* local.c (setLocalCookie): Str, set_environ()
|
||||
(set_cgi_environ): remove LOCAL_COOKIE
|
||||
* main.c (ldhelp): pass Local_cookie
|
||||
(adBmark): ditto
|
||||
* rc.c (optionpanel_src1): cookie
|
||||
(load_option_panel): pass Local_cookie
|
||||
* w3mbookmark.c (main): check Local_cookie
|
||||
* w3mhelperpanel (main): ditto
|
||||
* scripts/dirlist.cgi.in: ditto
|
||||
* scripts/w3mhelp.cgi.in: ditto
|
||||
* scripts/multipart/multipart.cgi.in: ditto
|
||||
|
||||
2002-11-27 Fumitoshi UKAI <ukai@debian.or.jp>
|
||||
|
||||
* frame.c (createFrameFile): html_quote()
|
||||
@@ -5178,4 +5195,4 @@ a * [w3m-dev 03276] compile error on EWS4800
|
||||
* release-0-2-1
|
||||
* import w3m-0.2.1
|
||||
|
||||
$Id: ChangeLog,v 1.562 2002/11/26 17:08:00 ukai Exp $
|
||||
$Id: ChangeLog,v 1.563 2002/11/26 18:03:18 ukai Exp $
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
/* $Id: file.c,v 1.131 2002/11/26 17:12:25 ukai Exp $ */
|
||||
/* $Id: file.c,v 1.132 2002/11/26 18:03:24 ukai Exp $ */
|
||||
#include "fm.h"
|
||||
#include <sys/types.h>
|
||||
#include "myctype.h"
|
||||
@@ -1544,9 +1544,10 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
|
||||
return NULL;
|
||||
if (S_ISDIR(st.st_mode)) {
|
||||
if (UseExternalDirBuffer) {
|
||||
Str cmd = Strnew_charp(DirBufferCommand);
|
||||
Strcat_m_charp(cmd, "?dir=",
|
||||
pu.file, "#current", NULL);
|
||||
Str cmd = Sprintf("%s?cookie=%s&dir=%s#current",
|
||||
DirBufferCommand,
|
||||
(Str_form_quote(Local_cookie))->ptr,
|
||||
pu.file);
|
||||
b = loadGeneralFile(cmd->ptr, NULL, NO_REFERER, 0,
|
||||
NULL);
|
||||
if (b != NULL && b != NO_BUFFER) {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
/* $Id: fm.h,v 1.88 2002/11/25 16:57:17 ukai Exp $ */
|
||||
/* $Id: fm.h,v 1.89 2002/11/26 18:03:26 ukai Exp $ */
|
||||
/*
|
||||
* w3m: WWW wo Miru utility
|
||||
*
|
||||
@@ -936,7 +936,7 @@ global char *migemo_command init(DEF_MIGEMO_COMMAND);
|
||||
#endif /* USE_MIGEMO */
|
||||
|
||||
global struct auth_cookie *Auth_cookie init(NULL);
|
||||
global char *Local_cookie init(NULL);
|
||||
global Str Local_cookie init(NULL);
|
||||
#ifdef USE_COOKIE
|
||||
global struct cookie *First_cookie init(NULL);
|
||||
#endif /* USE_COOKIE */
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
/* $Id: local.c,v 1.14 2002/02/04 15:18:42 ukai Exp $ */
|
||||
/* $Id: local.c,v 1.15 2002/11/26 18:03:26 ukai Exp $ */
|
||||
#include "fm.h"
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
@@ -26,12 +26,11 @@
|
||||
void
|
||||
setLocalCookie()
|
||||
{
|
||||
Str buf;
|
||||
char hostname[256];
|
||||
gethostname(hostname, 256);
|
||||
|
||||
buf = Sprintf("%d.%ld@%s", getpid(), lrand48(), hostname);
|
||||
Local_cookie = buf->ptr;
|
||||
Local_cookie = Sprintf("%d.%ld@%s", getpid(), lrand48(), hostname);
|
||||
set_environ("LOCAL_COOKIE", Local_cookie->ptr);
|
||||
}
|
||||
|
||||
Buffer *
|
||||
@@ -268,7 +267,6 @@ set_cgi_environ(char *name, char *fn, char *req_uri)
|
||||
set_environ("SCRIPT_NAME", name);
|
||||
set_environ("SCRIPT_FILENAME", fn);
|
||||
set_environ("REQUEST_URI", req_uri);
|
||||
set_environ("LOCAL_COOKIE", Local_cookie);
|
||||
}
|
||||
|
||||
static Str
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
/* $Id: main.c,v 1.155 2002/11/26 03:42:28 ukai Exp $ */
|
||||
/* $Id: main.c,v 1.156 2002/11/26 18:03:27 ukai Exp $ */
|
||||
#define MAINPROGRAM
|
||||
#include "fm.h"
|
||||
#include <signal.h>
|
||||
@@ -1961,7 +1961,8 @@ ldhelp(void)
|
||||
lang = AcceptLang;
|
||||
n = strcspn(lang, ";, \t");
|
||||
cmd_loadURL(Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION
|
||||
"?version=%s&lang=%s",
|
||||
"?cookie=%s&version=%s&lang=%s",
|
||||
Str_form_quote(Local_cookie)->ptr,
|
||||
Str_form_quote(Strnew_charp(w3m_version))->ptr,
|
||||
Str_form_quote(Strnew_charp_n(lang, n))->ptr)->ptr,
|
||||
NULL, NO_REFERER);
|
||||
@@ -4004,8 +4005,8 @@ adBmark(void)
|
||||
Str tmp;
|
||||
|
||||
tmp = Sprintf("file://%s/" W3MBOOKMARK_CMDNAME
|
||||
"?mode=panel&bmark=%s&url=%s&title=%s",
|
||||
w3m_lib_dir(),
|
||||
"?mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
|
||||
w3m_lib_dir(), (Str_form_quote(Local_cookie))->ptr,
|
||||
(Str_form_quote(Strnew_charp(BookmarkFile)))->ptr,
|
||||
(Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))->
|
||||
ptr,
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
/* $Id: rc.c,v 1.67 2002/11/25 16:57:17 ukai Exp $ */
|
||||
/* $Id: rc.c,v 1.68 2002/11/26 18:03:28 ukai Exp $ */
|
||||
/*
|
||||
* Initialization file etc.
|
||||
*/
|
||||
@@ -1387,7 +1387,7 @@ init_rc(char *config_filename)
|
||||
|
||||
static char optionpanel_src1[] =
|
||||
"<html><head><title>Option Setting Panel</title></head>\
|
||||
<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel\">%s</a>\n" "<form method=internal action=option>";
|
||||
<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel&cookie=%s\">%s</a>\n" "<form method=internal action=option>";
|
||||
|
||||
static Str
|
||||
to_str(struct param_ptr *p)
|
||||
@@ -1424,7 +1424,8 @@ to_str(struct param_ptr *p)
|
||||
Buffer *
|
||||
load_option_panel(void)
|
||||
{
|
||||
Str src = Sprintf(optionpanel_src1, w3m_version, CMT_HELPER);
|
||||
Str src = Sprintf(optionpanel_src1, w3m_version,
|
||||
(Str_form_quote(Local_cookie))->ptr, CMT_HELPER);
|
||||
struct param_ptr *p;
|
||||
struct sel_c *s;
|
||||
int x, i;
|
||||
|
||||
+34
-20
@@ -30,15 +30,17 @@ $NOW = time();
|
||||
@OPT = &init_option($CONFIG);
|
||||
|
||||
$query = $ENV{'QUERY_STRING'};
|
||||
$dir = '';
|
||||
$cmd = '';
|
||||
$cgi = 0;
|
||||
if ($query eq '') {
|
||||
$_ = `pwd`; # insecure?
|
||||
chop;
|
||||
s/\r$//;
|
||||
$dir = $_;
|
||||
$cgi = 0;
|
||||
} elsif ($query =~ /^(opt\d+|dir|cmd)=/) {
|
||||
$cookie = '';
|
||||
# $cgi = 0;
|
||||
# if ($query eq '') {
|
||||
# $_ = `pwd`; # insecure?
|
||||
# chop;
|
||||
# s/\r$//;
|
||||
# $dir = $_;
|
||||
# $cgi = 0;
|
||||
# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
|
||||
foreach(split(/\&/, $query)) {
|
||||
if (s/^dir=//) {
|
||||
$dir = &form_decode($_);
|
||||
@@ -46,20 +48,31 @@ if ($query eq '') {
|
||||
$OPT[$1] = $_;
|
||||
} elsif (s/^cmd=//) {
|
||||
$cmd = $_;
|
||||
} elsif (s/^cookie=//) {
|
||||
$cookie = &form_decode($_);
|
||||
}
|
||||
}
|
||||
$cgi = 1;
|
||||
} else {
|
||||
$dir = $query;
|
||||
if (($dir !~ m@^/@) &&
|
||||
($WIN32 && $dir !~ /^[a-z]:/i)) {
|
||||
$_ = `pwd`; # insecure?
|
||||
chop;
|
||||
s/\r$//;
|
||||
$dir = "$_/$dir";
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
$cgi = -1;
|
||||
}
|
||||
$cookie = &html_quote($cookie);
|
||||
$cgi = 1;
|
||||
# } else {
|
||||
# $dir = $query;
|
||||
# if (($dir !~ m@^/@) &&
|
||||
# ($WIN32 && $dir !~ /^[a-z]:/i)) {
|
||||
# $_ = `pwd`; # insecure?
|
||||
# chop;
|
||||
# s/\r$//;
|
||||
# $dir = "$_/$dir";
|
||||
# }
|
||||
# $cgi = -1;
|
||||
# }
|
||||
if ($dir !~ m@/$@) {
|
||||
$dir .= '/';
|
||||
}
|
||||
@@ -117,7 +130,7 @@ Content-Type: text/html
|
||||
<body>
|
||||
<h1>Directory list of $qdir</h1>
|
||||
EOF
|
||||
&print_form($edir, @OPT);
|
||||
&print_form($qdir, @OPT);
|
||||
print <<EOF;
|
||||
<hr>
|
||||
EOF
|
||||
@@ -420,6 +433,7 @@ EOF
|
||||
</table>
|
||||
</center>
|
||||
<input type=hidden name=dir value="$d">
|
||||
<input type=hidden name=cookie value="$cookie">
|
||||
</form>
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -28,11 +28,21 @@ if (defined($query)) {
|
||||
}
|
||||
$file = &form_decode($v{'file'});
|
||||
$boundary = &form_decode($v{'boundary'});
|
||||
$cookie = &form_decode($v{'cookie'});
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
} else {
|
||||
$file = $ARGV[0];
|
||||
if (@ARGV >= 2) {
|
||||
$boundary = $ARGV[1];
|
||||
}
|
||||
$cookie = $ENV{'LOCAL_COOKIE'};
|
||||
}
|
||||
|
||||
open(F, "< $file");
|
||||
@@ -121,6 +131,7 @@ if (defined($v{'count'})) {
|
||||
$qcgi = &html_quote($CGI);
|
||||
$qfile = &html_quote($file);
|
||||
$qboundary = &html_quote($boundary);
|
||||
$qcookie = &html_quote($cookie);
|
||||
|
||||
if ($mbody =~ /\S/) {
|
||||
$_ = $mbody;
|
||||
@@ -195,9 +206,10 @@ while(! $end) {
|
||||
print "<form method=POST action=\"$qcgi?$count\">\n";
|
||||
print "<input type=hidden name=file value=\"$qfile\">\n";
|
||||
print "<input type=hidden name=boundary value=\"$qboundary\">\n";
|
||||
print "<input type=hidden name=cookie value=\"$qcookie\">\n";
|
||||
print "<input type=hidden name=count value=\"$count\">\n";
|
||||
if ($image) {
|
||||
print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&count=$count\" alt=\"",
|
||||
print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"",
|
||||
&html_quote($name), "\">\n";
|
||||
} else {
|
||||
print "<input type=submit name=submit value=\"",
|
||||
|
||||
+16
-2
@@ -1,5 +1,5 @@
|
||||
#!@PERL@
|
||||
# $Id: w3mhelp.cgi.in,v 1.16 2002/11/21 16:15:59 ukai Exp $
|
||||
# $Id: w3mhelp.cgi.in,v 1.17 2002/11/26 18:03:30 ukai Exp $
|
||||
|
||||
if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) {
|
||||
$CYGPATH = 1;
|
||||
@@ -49,6 +49,18 @@ if (defined($ENV{'QUERY_STRING'})) {
|
||||
$lang = $tlang;
|
||||
}
|
||||
}
|
||||
if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
|
||||
$cookie = $2;
|
||||
$cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
|
||||
}
|
||||
}
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
|
||||
%f = %keyfunc;
|
||||
@@ -103,7 +115,9 @@ HEADING
|
||||
|
||||
$q_version = $version;
|
||||
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
|
||||
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&lang=";
|
||||
$q_cookie = $cookie;
|
||||
$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
|
||||
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&lang=";
|
||||
|
||||
# doc:en_English doc-jp:ja_Japanese
|
||||
for $otherlang (@docdirs) {
|
||||
|
||||
+13
-13
@@ -1,4 +1,4 @@
|
||||
/* $Id: w3mbookmark.c,v 1.6 2002/11/12 12:41:58 ukai Exp $ */
|
||||
/* $Id: w3mbookmark.c,v 1.7 2002/11/26 18:03:29 ukai Exp $ */
|
||||
#ifdef __EMX__
|
||||
#include <stdlib.h>
|
||||
#endif
|
||||
@@ -190,6 +190,17 @@ main(int argc, char *argv[], char **envp)
|
||||
}
|
||||
|
||||
cgiarg = cgistr2tagarg(qs);
|
||||
|
||||
Local_cookie = getenv("LOCAL_COOKIE");
|
||||
sent_cookie = tag_get_value(cgiarg, "cookie");
|
||||
if (sent_cookie == NULL || Local_cookie == NULL ||
|
||||
strcmp(sent_cookie, Local_cookie) != 0) {
|
||||
/* local cookie doesn't match: It may be an illegal invocation */
|
||||
printf("Content-Type: text/plain\n");
|
||||
printf("\nLocal cookie doesn't match: It may be an illegal invocation\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
mode = tag_get_value(cgiarg, "mode");
|
||||
bmark = expandPath(tag_get_value(cgiarg, "bmark"));
|
||||
url = tag_get_value(cgiarg, "url");
|
||||
@@ -200,12 +211,6 @@ main(int argc, char *argv[], char **envp)
|
||||
printf("Incomplete Request: QUERY_STRING=%s\n", qs);
|
||||
exit(1);
|
||||
}
|
||||
Local_cookie = getenv("LOCAL_COOKIE");
|
||||
sent_cookie = tag_get_value(cgiarg, "cookie");
|
||||
if (Local_cookie == NULL) {
|
||||
/* Local cookie not provided: maybe illegal invocation */
|
||||
Local_cookie = "";
|
||||
}
|
||||
if (mode && !strcmp(mode, "panel")) {
|
||||
if (title == NULL)
|
||||
title = "";
|
||||
@@ -213,12 +218,7 @@ main(int argc, char *argv[], char **envp)
|
||||
}
|
||||
else if (mode && !strcmp(mode, "register")) {
|
||||
printf("Content-Type: text/plain\n");
|
||||
if (sent_cookie == NULL || Local_cookie[0] == '\0' ||
|
||||
strcmp(sent_cookie, Local_cookie) != 0) {
|
||||
/* local cookie doesn't match: It may be an illegal invocation */
|
||||
printf("\nBookmark not added: local cookie doesn't match\n");
|
||||
}
|
||||
else if (insert_bookmark(bmark, cgiarg)) {
|
||||
if (insert_bookmark(bmark, cgiarg)) {
|
||||
printf("w3m-control: BACK\n");
|
||||
printf("w3m-control: BACK\n\n");
|
||||
}
|
||||
|
||||
+10
-10
@@ -1,4 +1,4 @@
|
||||
/* $Id: w3mhelperpanel.c,v 1.9 2002/11/12 12:41:58 ukai Exp $ */
|
||||
/* $Id: w3mhelperpanel.c,v 1.10 2002/11/26 18:03:29 ukai Exp $ */
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
@@ -168,11 +168,18 @@ main(int argc, char *argv[], char **envp)
|
||||
exit(1);
|
||||
|
||||
cgiarg = cgistr2tagarg(qs);
|
||||
mode = tag_get_value(cgiarg, "mode");
|
||||
|
||||
local_cookie = getenv("LOCAL_COOKIE");
|
||||
sent_cookie = tag_get_value(cgiarg, "cookie");
|
||||
if (local_cookie == NULL || sent_cookie == NULL ||
|
||||
strcmp(local_cookie, sent_cookie) != 0) {
|
||||
/* Local cookie doesn't match */
|
||||
bye("Local cookie doesn't match: It may be an illegal execution", "");
|
||||
}
|
||||
|
||||
mode = tag_get_value(cgiarg, "mode");
|
||||
mailcapfile = Strnew_charp(expandPath(RC_DIR));
|
||||
Strcat_charp(mailcapfile, "/mailcap");
|
||||
|
||||
if (mode && !strcmp(mode, "edit")) {
|
||||
char *referer;
|
||||
/* check if I can edit my mailcap */
|
||||
@@ -183,13 +190,6 @@ main(int argc, char *argv[], char **envp)
|
||||
bye("It may be an illegal execution\n referer=", referer);
|
||||
}
|
||||
}
|
||||
sent_cookie = tag_get_value(cgiarg, "cookie");
|
||||
if (local_cookie == NULL || sent_cookie == NULL ||
|
||||
strcmp(local_cookie, sent_cookie) != 0) {
|
||||
/* Local cookie doesn't match */
|
||||
bye("Local cookie doesn't match: It may be an illegal execution",
|
||||
"");
|
||||
}
|
||||
/* edit mailcap */
|
||||
editMailcap(mailcapfile->ptr, cgiarg);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user