diff options
author | Fumitoshi UKAI <ukai@debian.or.jp> | 2003-01-15 17:13:21 +0000 |
---|---|---|
committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2003-01-15 17:13:21 +0000 |
commit | 549ee1cc09be5bbdc613649eb9be3ebc122c0331 (patch) | |
tree | c8f2ea7433d0eddc429d36dc12267d482374ac87 /scripts/multipart/multipart.cgi.in | |
parent | * file.c (loadGopherDir): convertLine RAW_MODE (diff) | |
download | w3m-549ee1cc09be5bbdc613649eb9be3ebc122c0331.tar.gz w3m-549ee1cc09be5bbdc613649eb9be3ebc122c0331.zip |
[w3m-dev 03644] Re: Other user can see local cookie.
* cookie.c (save_cookies): return if no_rc_dir
* etc.c (tmpf_base): add cookie
(tmpfname): use tmp_dir instead of rc_dir
* file.c (loadGeneralFile): cookie is not passed via URL
* fm.h (TMPF_COOKIE): incl
(MAX_TMPF_TYPE): incl
(no_rc_dir): added
(tmp_dir): added
(config_file): added
* local.c (Local_cookie_file): added
(writeLocalCookie): added
(setLocalCookie): dont set environment LOCAL_COOKIE
(localcgi_post): writeLocalCookie
(localcgi_get): writeLocalCookie
* main.c (config_filename): deleted
(cmd_loadURL): arg FormList
(main): rewrite config_file, rc
(ldhelp): no cookie in URL
(cmd_loadURL): arg FormList
(goURL0): cmd_loadURL change
(cmd_loadBuffer): cmd_loadURL change
(adBmark): cookie is posted
(follow_map): cmd_loadURL change
(linkMn): cmd_loadURL change
(reinit): init_rc change
* proto.h (create_option_search_table): deleted
(init_rc): no args
* rc.c (create_option_search_table): static
(init_rc): no args
rewrite
(optionpanel_src1): rewrite
(load_option_panel): html_quote
(panel_set_option): no_rc_dir
* w3mbookmark.c: rewrite
* w3mhelperpanel.c: rewrite
* scripts/dirlist.cgi.in: rewrite
* scripts/w3mhelp.cgi.in: rewrite
* scripts/w3mmail.cgi.in: rewrite
* scripts/multipart/multipart.cgi.in: rewrite
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Diffstat (limited to '')
-rw-r--r-- | scripts/multipart/multipart.cgi.in | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in index d51a521..1dd981a 100644 --- a/scripts/multipart/multipart.cgi.in +++ b/scripts/multipart/multipart.cgi.in @@ -28,24 +28,14 @@ if (defined($query)) { } $file = &form_decode($v{'file'}); $boundary = &form_decode($v{'boundary'}); - $cookie = &form_decode($v{'cookie'}); - if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { - print <<EOF; -Content-Type: text/plain - -Local cookie doesn't match: It may be an illegal execution -EOF - exit(1); - } } else { $file = $ARGV[0]; if (@ARGV >= 2) { $boundary = $ARGV[1]; } - $cookie = $ENV{'LOCAL_COOKIE'}; } - -open(F, "< $file"); +(-f $file) || exit(1); +open(F, "< $file") || exit(1); $end = 0; $mbody = ''; if (defined($boundary)) { @@ -131,7 +121,6 @@ if (defined($v{'count'})) { $qcgi = &html_quote($CGI); $qfile = &html_quote($file); $qboundary = &html_quote($boundary); -$qcookie = &html_quote($cookie); if ($mbody =~ /\S/) { $_ = $mbody; @@ -196,20 +185,16 @@ while(! $end) { s/\>/\>/g; print "<pre>\n"; print $_; - print "\n</pre>\n"; + print "</pre>\n"; if ($type =~ /name=\"?([^\"]+)\"?/ || $dispos =~ /filename=\"?([^\"]+)\"?/) { $name = $1; } else { $name = "Content"; } - print "<form method=POST action=\"$qcgi?$count\">\n"; - print "<input type=hidden name=file value=\"$qfile\">\n"; - print "<input type=hidden name=boundary value=\"$qboundary\">\n"; - print "<input type=hidden name=cookie value=\"$qcookie\">\n"; - print "<input type=hidden name=count value=\"$count\">\n"; + print "<form action=\"$qcgi?file=$qfile&boundary=$qboundary&count=$count\">\n"; if ($image) { - print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"", + print "<input type=image name=submit src=\"$qcgi?file=$qfile&boundary=$qboundary&count=$count\" alt=\"", &html_quote($name), "\">\n"; } else { print "<input type=submit name=submit value=\"", |