aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/multipart/multipart.cgi.in
diff options
context:
space:
mode:
authorFumitoshi UKAI <ukai@debian.or.jp>2003-01-15 17:13:21 +0000
committerFumitoshi UKAI <ukai@debian.or.jp>2003-01-15 17:13:21 +0000
commit549ee1cc09be5bbdc613649eb9be3ebc122c0331 (patch)
treec8f2ea7433d0eddc429d36dc12267d482374ac87 /scripts/multipart/multipart.cgi.in
parent* file.c (loadGopherDir): convertLine RAW_MODE (diff)
downloadw3m-549ee1cc09be5bbdc613649eb9be3ebc122c0331.tar.gz
w3m-549ee1cc09be5bbdc613649eb9be3ebc122c0331.zip
[w3m-dev 03644] Re: Other user can see local cookie.
* cookie.c (save_cookies): return if no_rc_dir * etc.c (tmpf_base): add cookie (tmpfname): use tmp_dir instead of rc_dir * file.c (loadGeneralFile): cookie is not passed via URL * fm.h (TMPF_COOKIE): incl (MAX_TMPF_TYPE): incl (no_rc_dir): added (tmp_dir): added (config_file): added * local.c (Local_cookie_file): added (writeLocalCookie): added (setLocalCookie): dont set environment LOCAL_COOKIE (localcgi_post): writeLocalCookie (localcgi_get): writeLocalCookie * main.c (config_filename): deleted (cmd_loadURL): arg FormList (main): rewrite config_file, rc (ldhelp): no cookie in URL (cmd_loadURL): arg FormList (goURL0): cmd_loadURL change (cmd_loadBuffer): cmd_loadURL change (adBmark): cookie is posted (follow_map): cmd_loadURL change (linkMn): cmd_loadURL change (reinit): init_rc change * proto.h (create_option_search_table): deleted (init_rc): no args * rc.c (create_option_search_table): static (init_rc): no args rewrite (optionpanel_src1): rewrite (load_option_panel): html_quote (panel_set_option): no_rc_dir * w3mbookmark.c: rewrite * w3mhelperpanel.c: rewrite * scripts/dirlist.cgi.in: rewrite * scripts/w3mhelp.cgi.in: rewrite * scripts/w3mmail.cgi.in: rewrite * scripts/multipart/multipart.cgi.in: rewrite From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Diffstat (limited to 'scripts/multipart/multipart.cgi.in')
-rw-r--r--scripts/multipart/multipart.cgi.in25
1 files changed, 5 insertions, 20 deletions
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in
index d51a521..1dd981a 100644
--- a/scripts/multipart/multipart.cgi.in
+++ b/scripts/multipart/multipart.cgi.in
@@ -28,24 +28,14 @@ if (defined($query)) {
}
$file = &form_decode($v{'file'});
$boundary = &form_decode($v{'boundary'});
- $cookie = &form_decode($v{'cookie'});
- if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
- print <<EOF;
-Content-Type: text/plain
-
-Local cookie doesn't match: It may be an illegal execution
-EOF
- exit(1);
- }
} else {
$file = $ARGV[0];
if (@ARGV >= 2) {
$boundary = $ARGV[1];
}
- $cookie = $ENV{'LOCAL_COOKIE'};
}
-
-open(F, "< $file");
+(-f $file) || exit(1);
+open(F, "< $file") || exit(1);
$end = 0;
$mbody = '';
if (defined($boundary)) {
@@ -131,7 +121,6 @@ if (defined($v{'count'})) {
$qcgi = &html_quote($CGI);
$qfile = &html_quote($file);
$qboundary = &html_quote($boundary);
-$qcookie = &html_quote($cookie);
if ($mbody =~ /\S/) {
$_ = $mbody;
@@ -196,20 +185,16 @@ while(! $end) {
s/\>/\&gt;/g;
print "<pre>\n";
print $_;
- print "\n</pre>\n";
+ print "</pre>\n";
if ($type =~ /name=\"?([^\"]+)\"?/ ||
$dispos =~ /filename=\"?([^\"]+)\"?/) {
$name = $1;
} else {
$name = "Content";
}
- print "<form method=POST action=\"$qcgi?$count\">\n";
- print "<input type=hidden name=file value=\"$qfile\">\n";
- print "<input type=hidden name=boundary value=\"$qboundary\">\n";
- print "<input type=hidden name=cookie value=\"$qcookie\">\n";
- print "<input type=hidden name=count value=\"$count\">\n";
+ print "<form action=\"$qcgi?file=$qfile&amp;boundary=$qboundary&amp;count=$count\">\n";
if ($image) {
- print "<input type=image name=submit src=\"$CGI?file=$qfile&amp;boundary=$qboundary&amp;cookie=$qcookie&amp;count=$count\" alt=\"",
+ print "<input type=image name=submit src=\"$qcgi?file=$qfile&amp;boundary=$qboundary&amp;count=$count\" alt=\"",
&html_quote($name), "\">\n";
} else {
print "<input type=submit name=submit value=\"",