commit e140b719f5e40d5b3936d69395571c7cfddab304
parent ff98b0f1b6a1b32c8c362d100545ae17b27cb760
Author: ukai <ukai>
Date: Tue, 26 Nov 2002 18:03:18 +0000
use local_cookie for support local-cgi commands
* file.c (loadGeneralFile): pass Local_cookie to DirBufferCommand
* fm.h (Local_cookie): Str
* local.c (setLocalCookie): Str, set_environ()
(set_cgi_environ): remove LOCAL_COOKIE
* main.c (ldhelp): pass Local_cookie
(adBmark): ditto
* rc.c (optionpanel_src1): cookie
(load_option_panel): pass Local_cookie
* w3mbookmark.c (main): check Local_cookie
* w3mhelperpanel (main): ditto
* scripts/dirlist.cgi.in: ditto
* scripts/w3mhelp.cgi.in: ditto
* scripts/multipart/multipart.cgi.in: ditto
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Diffstat:
11 files changed, 114 insertions(+), 56 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,20 @@
+2002-11-27 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
+
+ * use local_cookie for support local-cgi commands
+ * file.c (loadGeneralFile): pass Local_cookie to DirBufferCommand
+ * fm.h (Local_cookie): Str
+ * local.c (setLocalCookie): Str, set_environ()
+ (set_cgi_environ): remove LOCAL_COOKIE
+ * main.c (ldhelp): pass Local_cookie
+ (adBmark): ditto
+ * rc.c (optionpanel_src1): cookie
+ (load_option_panel): pass Local_cookie
+ * w3mbookmark.c (main): check Local_cookie
+ * w3mhelperpanel (main): ditto
+ * scripts/dirlist.cgi.in: ditto
+ * scripts/w3mhelp.cgi.in: ditto
+ * scripts/multipart/multipart.cgi.in: ditto
+
2002-11-27 Fumitoshi UKAI <ukai@debian.or.jp>
* frame.c (createFrameFile): html_quote()
diff --git a/file.c b/file.c
@@ -1544,9 +1544,10 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer,
return NULL;
if (S_ISDIR(st.st_mode)) {
if (UseExternalDirBuffer) {
- Str cmd = Strnew_charp(DirBufferCommand);
- Strcat_m_charp(cmd, "?dir=",
- pu.file, "#current", NULL);
+ Str cmd = Sprintf("%s?cookie=%s&dir=%s#current",
+ DirBufferCommand,
+ (Str_form_quote(Local_cookie))->ptr,
+ pu.file);
b = loadGeneralFile(cmd->ptr, NULL, NO_REFERER, 0,
NULL);
if (b != NULL && b != NO_BUFFER) {
diff --git a/fm.h b/fm.h
@@ -936,7 +936,7 @@ global char *migemo_command init(DEF_MIGEMO_COMMAND);
#endif /* USE_MIGEMO */
global struct auth_cookie *Auth_cookie init(NULL);
-global char *Local_cookie init(NULL);
+global Str Local_cookie init(NULL);
#ifdef USE_COOKIE
global struct cookie *First_cookie init(NULL);
#endif /* USE_COOKIE */
diff --git a/local.c b/local.c
@@ -26,12 +26,11 @@
void
setLocalCookie()
{
- Str buf;
char hostname[256];
gethostname(hostname, 256);
- buf = Sprintf("%d.%ld@%s", getpid(), lrand48(), hostname);
- Local_cookie = buf->ptr;
+ Local_cookie = Sprintf("%d.%ld@%s", getpid(), lrand48(), hostname);
+ set_environ("LOCAL_COOKIE", Local_cookie->ptr);
}
Buffer *
@@ -268,7 +267,6 @@ set_cgi_environ(char *name, char *fn, char *req_uri)
set_environ("SCRIPT_NAME", name);
set_environ("SCRIPT_FILENAME", fn);
set_environ("REQUEST_URI", req_uri);
- set_environ("LOCAL_COOKIE", Local_cookie);
}
static Str
diff --git a/main.c b/main.c
@@ -1961,7 +1961,8 @@ ldhelp(void)
lang = AcceptLang;
n = strcspn(lang, ";, \t");
cmd_loadURL(Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION
- "?version=%s&lang=%s",
+ "?cookie=%s&version=%s&lang=%s",
+ Str_form_quote(Local_cookie)->ptr,
Str_form_quote(Strnew_charp(w3m_version))->ptr,
Str_form_quote(Strnew_charp_n(lang, n))->ptr)->ptr,
NULL, NO_REFERER);
@@ -4004,8 +4005,8 @@ adBmark(void)
Str tmp;
tmp = Sprintf("file://%s/" W3MBOOKMARK_CMDNAME
- "?mode=panel&bmark=%s&url=%s&title=%s",
- w3m_lib_dir(),
+ "?mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
+ w3m_lib_dir(), (Str_form_quote(Local_cookie))->ptr,
(Str_form_quote(Strnew_charp(BookmarkFile)))->ptr,
(Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))->
ptr,
diff --git a/rc.c b/rc.c
@@ -1387,7 +1387,7 @@ init_rc(char *config_filename)
static char optionpanel_src1[] =
"<html><head><title>Option Setting Panel</title></head>\
-<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel\">%s</a>\n" "<form method=internal action=option>";
+<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel&cookie=%s\">%s</a>\n" "<form method=internal action=option>";
static Str
to_str(struct param_ptr *p)
@@ -1424,7 +1424,8 @@ to_str(struct param_ptr *p)
Buffer *
load_option_panel(void)
{
- Str src = Sprintf(optionpanel_src1, w3m_version, CMT_HELPER);
+ Str src = Sprintf(optionpanel_src1, w3m_version,
+ (Str_form_quote(Local_cookie))->ptr, CMT_HELPER);
struct param_ptr *p;
struct sel_c *s;
int x, i;
diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in
@@ -30,15 +30,17 @@ $NOW = time();
@OPT = &init_option($CONFIG);
$query = $ENV{'QUERY_STRING'};
+$dir = '';
$cmd = '';
-$cgi = 0;
-if ($query eq '') {
- $_ = `pwd`; # insecure?
- chop;
- s/\r$//;
- $dir = $_;
- $cgi = 0;
-} elsif ($query =~ /^(opt\d+|dir|cmd)=/) {
+$cookie = '';
+# $cgi = 0;
+# if ($query eq '') {
+# $_ = `pwd`; # insecure?
+# chop;
+# s/\r$//;
+# $dir = $_;
+# $cgi = 0;
+# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
foreach(split(/\&/, $query)) {
if (s/^dir=//) {
$dir = &form_decode($_);
@@ -46,20 +48,31 @@ if ($query eq '') {
$OPT[$1] = $_;
} elsif (s/^cmd=//) {
$cmd = $_;
+ } elsif (s/^cookie=//) {
+ $cookie = &form_decode($_);
}
}
- $cgi = 1;
-} else {
- $dir = $query;
- if (($dir !~ m@^/@) &&
- ($WIN32 && $dir !~ /^[a-z]:/i)) {
- $_ = `pwd`; # insecure?
- chop;
- s/\r$//;
- $dir = "$_/$dir";
+ if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
+ print <<EOF;
+Content-Type: text/plain
+
+Local cookie doesn't match: It may be an illegal execution
+EOF
+ exit(1);
}
- $cgi = -1;
-}
+ $cookie = &html_quote($cookie);
+ $cgi = 1;
+# } else {
+# $dir = $query;
+# if (($dir !~ m@^/@) &&
+# ($WIN32 && $dir !~ /^[a-z]:/i)) {
+# $_ = `pwd`; # insecure?
+# chop;
+# s/\r$//;
+# $dir = "$_/$dir";
+# }
+# $cgi = -1;
+# }
if ($dir !~ m@/$@) {
$dir .= '/';
}
@@ -117,7 +130,7 @@ Content-Type: text/html
<body>
<h1>Directory list of $qdir</h1>
EOF
-&print_form($edir, @OPT);
+&print_form($qdir, @OPT);
print <<EOF;
<hr>
EOF
@@ -420,6 +433,7 @@ EOF
</table>
</center>
<input type=hidden name=dir value="$d">
+<input type=hidden name=cookie value="$cookie">
</form>
EOF
}
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in
@@ -28,11 +28,21 @@ if (defined($query)) {
}
$file = &form_decode($v{'file'});
$boundary = &form_decode($v{'boundary'});
+ $cookie = &form_decode($v{'cookie'});
+ if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
+ print <<EOF;
+Content-Type: text/plain
+
+Local cookie doesn't match: It may be an illegal execution
+EOF
+ exit(1);
+ }
} else {
$file = $ARGV[0];
if (@ARGV >= 2) {
$boundary = $ARGV[1];
}
+ $cookie = $ENV{'LOCAL_COOKIE'};
}
open(F, "< $file");
@@ -121,6 +131,7 @@ if (defined($v{'count'})) {
$qcgi = &html_quote($CGI);
$qfile = &html_quote($file);
$qboundary = &html_quote($boundary);
+$qcookie = &html_quote($cookie);
if ($mbody =~ /\S/) {
$_ = $mbody;
@@ -195,9 +206,10 @@ while(! $end) {
print "<form method=POST action=\"$qcgi?$count\">\n";
print "<input type=hidden name=file value=\"$qfile\">\n";
print "<input type=hidden name=boundary value=\"$qboundary\">\n";
+ print "<input type=hidden name=cookie value=\"$qcookie\">\n";
print "<input type=hidden name=count value=\"$count\">\n";
if ($image) {
- print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&count=$count\" alt=\"",
+ print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"",
&html_quote($name), "\">\n";
} else {
print "<input type=submit name=submit value=\"",
diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in
@@ -49,6 +49,18 @@ if (defined($ENV{'QUERY_STRING'})) {
$lang = $tlang;
}
}
+ if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
+ $cookie = $2;
+ $cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
+ }
+}
+if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
+ print <<EOF;
+Content-Type: text/plain
+
+Local cookie doesn't match: It may be an illegal execution
+EOF
+ exit(1);
}
%f = %keyfunc;
@@ -103,7 +115,9 @@ HEADING
$q_version = $version;
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
-$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&lang=";
+$q_cookie = $cookie;
+$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
+$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&lang=";
# doc:en_English doc-jp:ja_Japanese
for $otherlang (@docdirs) {
diff --git a/w3mbookmark.c b/w3mbookmark.c
@@ -190,6 +190,17 @@ main(int argc, char *argv[], char **envp)
}
cgiarg = cgistr2tagarg(qs);
+
+ Local_cookie = getenv("LOCAL_COOKIE");
+ sent_cookie = tag_get_value(cgiarg, "cookie");
+ if (sent_cookie == NULL || Local_cookie == NULL ||
+ strcmp(sent_cookie, Local_cookie) != 0) {
+ /* local cookie doesn't match: It may be an illegal invocation */
+ printf("Content-Type: text/plain\n");
+ printf("\nLocal cookie doesn't match: It may be an illegal invocation\n");
+ exit(1);
+ }
+
mode = tag_get_value(cgiarg, "mode");
bmark = expandPath(tag_get_value(cgiarg, "bmark"));
url = tag_get_value(cgiarg, "url");
@@ -200,12 +211,6 @@ main(int argc, char *argv[], char **envp)
printf("Incomplete Request: QUERY_STRING=%s\n", qs);
exit(1);
}
- Local_cookie = getenv("LOCAL_COOKIE");
- sent_cookie = tag_get_value(cgiarg, "cookie");
- if (Local_cookie == NULL) {
- /* Local cookie not provided: maybe illegal invocation */
- Local_cookie = "";
- }
if (mode && !strcmp(mode, "panel")) {
if (title == NULL)
title = "";
@@ -213,12 +218,7 @@ main(int argc, char *argv[], char **envp)
}
else if (mode && !strcmp(mode, "register")) {
printf("Content-Type: text/plain\n");
- if (sent_cookie == NULL || Local_cookie[0] == '\0' ||
- strcmp(sent_cookie, Local_cookie) != 0) {
- /* local cookie doesn't match: It may be an illegal invocation */
- printf("\nBookmark not added: local cookie doesn't match\n");
- }
- else if (insert_bookmark(bmark, cgiarg)) {
+ if (insert_bookmark(bmark, cgiarg)) {
printf("w3m-control: BACK\n");
printf("w3m-control: BACK\n\n");
}
diff --git a/w3mhelperpanel.c b/w3mhelperpanel.c
@@ -168,11 +168,18 @@ main(int argc, char *argv[], char **envp)
exit(1);
cgiarg = cgistr2tagarg(qs);
- mode = tag_get_value(cgiarg, "mode");
+
local_cookie = getenv("LOCAL_COOKIE");
+ sent_cookie = tag_get_value(cgiarg, "cookie");
+ if (local_cookie == NULL || sent_cookie == NULL ||
+ strcmp(local_cookie, sent_cookie) != 0) {
+ /* Local cookie doesn't match */
+ bye("Local cookie doesn't match: It may be an illegal execution", "");
+ }
+
+ mode = tag_get_value(cgiarg, "mode");
mailcapfile = Strnew_charp(expandPath(RC_DIR));
Strcat_charp(mailcapfile, "/mailcap");
-
if (mode && !strcmp(mode, "edit")) {
char *referer;
/* check if I can edit my mailcap */
@@ -183,13 +190,6 @@ main(int argc, char *argv[], char **envp)
bye("It may be an illegal execution\n referer=", referer);
}
}
- sent_cookie = tag_get_value(cgiarg, "cookie");
- if (local_cookie == NULL || sent_cookie == NULL ||
- strcmp(local_cookie, sent_cookie) != 0) {
- /* Local cookie doesn't match */
- bye("Local cookie doesn't match: It may be an illegal execution",
- "");
- }
/* edit mailcap */
editMailcap(mailcapfile->ptr, cgiarg);
}
