use local_cookie for support local-cgi commands
* file.c (loadGeneralFile): pass Local_cookie to DirBufferCommand * fm.h (Local_cookie): Str * local.c (setLocalCookie): Str, set_environ() (set_cgi_environ): remove LOCAL_COOKIE * main.c (ldhelp): pass Local_cookie (adBmark): ditto * rc.c (optionpanel_src1): cookie (load_option_panel): pass Local_cookie * w3mbookmark.c (main): check Local_cookie * w3mhelperpanel (main): ditto * scripts/dirlist.cgi.in: ditto * scripts/w3mhelp.cgi.in: ditto * scripts/multipart/multipart.cgi.in: ditto From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
This commit is contained in:
Fumitoshi UKAI
@@ -30,15 +30,17 @@ $NOW = time();
|
||||
@OPT = &init_option($CONFIG);
|
||||
|
||||
$query = $ENV{'QUERY_STRING'};
|
||||
$dir = '';
|
||||
$cmd = '';
|
||||
$cgi = 0;
|
||||
if ($query eq '') {
|
||||
$_ = `pwd`; # insecure?
|
||||
chop;
|
||||
s/\r$//;
|
||||
$dir = $_;
|
||||
$cgi = 0;
|
||||
} elsif ($query =~ /^(opt\d+|dir|cmd)=/) {
|
||||
$cookie = '';
|
||||
# $cgi = 0;
|
||||
# if ($query eq '') {
|
||||
# $_ = `pwd`; # insecure?
|
||||
# chop;
|
||||
# s/\r$//;
|
||||
# $dir = $_;
|
||||
# $cgi = 0;
|
||||
# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
|
||||
foreach(split(/\&/, $query)) {
|
||||
if (s/^dir=//) {
|
||||
$dir = &form_decode($_);
|
||||
@@ -46,20 +48,31 @@ if ($query eq '') {
|
||||
$OPT[$1] = $_;
|
||||
} elsif (s/^cmd=//) {
|
||||
$cmd = $_;
|
||||
} elsif (s/^cookie=//) {
|
||||
$cookie = &form_decode($_);
|
||||
}
|
||||
}
|
||||
$cgi = 1;
|
||||
} else {
|
||||
$dir = $query;
|
||||
if (($dir !~ m@^/@) &&
|
||||
($WIN32 && $dir !~ /^[a-z]:/i)) {
|
||||
$_ = `pwd`; # insecure?
|
||||
chop;
|
||||
s/\r$//;
|
||||
$dir = "$_/$dir";
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
$cgi = -1;
|
||||
}
|
||||
$cookie = &html_quote($cookie);
|
||||
$cgi = 1;
|
||||
# } else {
|
||||
# $dir = $query;
|
||||
# if (($dir !~ m@^/@) &&
|
||||
# ($WIN32 && $dir !~ /^[a-z]:/i)) {
|
||||
# $_ = `pwd`; # insecure?
|
||||
# chop;
|
||||
# s/\r$//;
|
||||
# $dir = "$_/$dir";
|
||||
# }
|
||||
# $cgi = -1;
|
||||
# }
|
||||
if ($dir !~ m@/$@) {
|
||||
$dir .= '/';
|
||||
}
|
||||
@@ -117,7 +130,7 @@ Content-Type: text/html
|
||||
<body>
|
||||
<h1>Directory list of $qdir</h1>
|
||||
EOF
|
||||
&print_form($edir, @OPT);
|
||||
&print_form($qdir, @OPT);
|
||||
print <<EOF;
|
||||
<hr>
|
||||
EOF
|
||||
@@ -420,6 +433,7 @@ EOF
|
||||
</table>
|
||||
</center>
|
||||
<input type=hidden name=dir value="$d">
|
||||
<input type=hidden name=cookie value="$cookie">
|
||||
</form>
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -28,11 +28,21 @@ if (defined($query)) {
|
||||
}
|
||||
$file = &form_decode($v{'file'});
|
||||
$boundary = &form_decode($v{'boundary'});
|
||||
$cookie = &form_decode($v{'cookie'});
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
} else {
|
||||
$file = $ARGV[0];
|
||||
if (@ARGV >= 2) {
|
||||
$boundary = $ARGV[1];
|
||||
}
|
||||
$cookie = $ENV{'LOCAL_COOKIE'};
|
||||
}
|
||||
|
||||
open(F, "< $file");
|
||||
@@ -121,6 +131,7 @@ if (defined($v{'count'})) {
|
||||
$qcgi = &html_quote($CGI);
|
||||
$qfile = &html_quote($file);
|
||||
$qboundary = &html_quote($boundary);
|
||||
$qcookie = &html_quote($cookie);
|
||||
|
||||
if ($mbody =~ /\S/) {
|
||||
$_ = $mbody;
|
||||
@@ -195,9 +206,10 @@ while(! $end) {
|
||||
print "<form method=POST action=\"$qcgi?$count\">\n";
|
||||
print "<input type=hidden name=file value=\"$qfile\">\n";
|
||||
print "<input type=hidden name=boundary value=\"$qboundary\">\n";
|
||||
print "<input type=hidden name=cookie value=\"$qcookie\">\n";
|
||||
print "<input type=hidden name=count value=\"$count\">\n";
|
||||
if ($image) {
|
||||
print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&count=$count\" alt=\"",
|
||||
print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"",
|
||||
&html_quote($name), "\">\n";
|
||||
} else {
|
||||
print "<input type=submit name=submit value=\"",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#!@PERL@
|
||||
# $Id: w3mhelp.cgi.in,v 1.16 2002/11/21 16:15:59 ukai Exp $
|
||||
# $Id: w3mhelp.cgi.in,v 1.17 2002/11/26 18:03:30 ukai Exp $
|
||||
|
||||
if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) {
|
||||
$CYGPATH = 1;
|
||||
@@ -49,6 +49,18 @@ if (defined($ENV{'QUERY_STRING'})) {
|
||||
$lang = $tlang;
|
||||
}
|
||||
}
|
||||
if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
|
||||
$cookie = $2;
|
||||
$cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
|
||||
}
|
||||
}
|
||||
if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
|
||||
print <<EOF;
|
||||
Content-Type: text/plain
|
||||
|
||||
Local cookie doesn't match: It may be an illegal execution
|
||||
EOF
|
||||
exit(1);
|
||||
}
|
||||
|
||||
%f = %keyfunc;
|
||||
@@ -103,7 +115,9 @@ HEADING
|
||||
|
||||
$q_version = $version;
|
||||
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
|
||||
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&lang=";
|
||||
$q_cookie = $cookie;
|
||||
$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
|
||||
$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&lang=";
|
||||
|
||||
# doc:en_English doc-jp:ja_Japanese
|
||||
for $otherlang (@docdirs) {
|
||||
|
||||
Reference in New Issue
Block a user