diff options
author | Fumitoshi UKAI <ukai@debian.or.jp> | 2003-01-15 17:13:21 +0000 |
---|---|---|
committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2003-01-15 17:13:21 +0000 |
commit | 549ee1cc09be5bbdc613649eb9be3ebc122c0331 (patch) | |
tree | c8f2ea7433d0eddc429d36dc12267d482374ac87 /scripts | |
parent | * file.c (loadGopherDir): convertLine RAW_MODE (diff) | |
download | w3m-549ee1cc09be5bbdc613649eb9be3ebc122c0331.tar.gz w3m-549ee1cc09be5bbdc613649eb9be3ebc122c0331.zip |
[w3m-dev 03644] Re: Other user can see local cookie.
* cookie.c (save_cookies): return if no_rc_dir
* etc.c (tmpf_base): add cookie
(tmpfname): use tmp_dir instead of rc_dir
* file.c (loadGeneralFile): cookie is not passed via URL
* fm.h (TMPF_COOKIE): incl
(MAX_TMPF_TYPE): incl
(no_rc_dir): added
(tmp_dir): added
(config_file): added
* local.c (Local_cookie_file): added
(writeLocalCookie): added
(setLocalCookie): dont set environment LOCAL_COOKIE
(localcgi_post): writeLocalCookie
(localcgi_get): writeLocalCookie
* main.c (config_filename): deleted
(cmd_loadURL): arg FormList
(main): rewrite config_file, rc
(ldhelp): no cookie in URL
(cmd_loadURL): arg FormList
(goURL0): cmd_loadURL change
(cmd_loadBuffer): cmd_loadURL change
(adBmark): cookie is posted
(follow_map): cmd_loadURL change
(linkMn): cmd_loadURL change
(reinit): init_rc change
* proto.h (create_option_search_table): deleted
(init_rc): no args
* rc.c (create_option_search_table): static
(init_rc): no args
rewrite
(optionpanel_src1): rewrite
(load_option_panel): html_quote
(panel_set_option): no_rc_dir
* w3mbookmark.c: rewrite
* w3mhelperpanel.c: rewrite
* scripts/dirlist.cgi.in: rewrite
* scripts/w3mhelp.cgi.in: rewrite
* scripts/w3mmail.cgi.in: rewrite
* scripts/multipart/multipart.cgi.in: rewrite
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Diffstat (limited to '')
-rwxr-xr-x | scripts/dirlist.cgi.in | 61 | ||||
-rw-r--r-- | scripts/multipart/multipart.cgi.in | 25 | ||||
-rw-r--r-- | scripts/w3mhelp.cgi.in | 18 | ||||
-rwxr-xr-x | scripts/w3mmail.cgi.in | 33 |
4 files changed, 55 insertions, 82 deletions
diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in index 9bed644..2949ebe 100755 --- a/scripts/dirlist.cgi.in +++ b/scripts/dirlist.cgi.in @@ -33,15 +33,16 @@ $query = $ENV{'QUERY_STRING'}; $dir = ''; $cmd = ''; $cookie = ''; -# $cgi = 0; -# if ($query eq '') { -# $_ = `pwd`; # insecure? -# chop; -# s/\r$//; -# $dir = $_; -# $cgi = 0; -# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) { - foreach(split(/\&/, $query)) { +$local_cookie = ''; +foreach(split(/\&/, $query)) { + if (s/^dir=//) { + $dir = &form_decode($_); + } +} +$body = undef; +if ($ENV{'REQUEST_METHOD'} eq 'POST') { + sysread(STDIN, $body, $ENV{'CONTENT_LENGTH'}); + foreach(split(/\&/, $body)) { if (s/^dir=//) { $dir = &form_decode($_); } elsif (s/^opt(\d+)=//) { @@ -52,27 +53,22 @@ $cookie = ''; $cookie = &form_decode($_); } } - if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { - print <<EOF; +} +$cookie_file = $ENV{'LOCAL_COOKIE_FILE'}; +if (-f $cookie_file) { + open(F, "< $cookie_file"); + $local_cookie = <F>; + close(F); +} +if ($local_cookie eq '' || (defined($body) && $cookie ne $local_cookie)) { + print <<EOF; Content-Type: text/plain Local cookie doesn't match: It may be an illegal execution EOF - exit(1); - } - $cookie = &html_quote($cookie); - $cgi = 1; -# } else { -# $dir = $query; -# if (($dir !~ m@^/@) && -# ($WIN32 && $dir !~ /^[a-z]:/i)) { -# $_ = `pwd`; # insecure? -# chop; -# s/\r$//; -# $dir = "$_/$dir"; -# } -# $cgi = -1; -# } + exit(1); +} +$local_cookie = &html_quote($local_cookie); if ($dir !~ m@/$@) { $dir .= '/'; } @@ -88,9 +84,7 @@ if ($WIN32) { $ROOT = &cygwin_pathconv("$ROOT"); } } -if ($cgi) { - $dir = &cleanup($dir); -} +$dir = &cleanup($dir); $TYPE = $OPT[$OPT_TYPE]; $FORMAT = $OPT[$OPT_FORMAT]; @@ -117,9 +111,6 @@ EOF exit 1; } -# ($cgi > 0) && print <<EOF; -# w3m-control: DELETE_PREVBUF -# EOF print <<EOF; Content-Type: text/html @@ -404,9 +395,9 @@ sub print_form { local($_, @vs, @os, $v, $o); print <<EOF; -<form action=\"$CGI\"> +<form method=post action=\"$CGI#current\"> <center> -<table> +<table cellpadding=0> <tr valign=top> EOF foreach(0 .. 2) { @@ -433,7 +424,7 @@ EOF </table> </center> <input type=hidden name=dir value="$d"> -<input type=hidden name=cookie value="$cookie"> +<input type=hidden name=cookie value="$local_cookie"> </form> EOF } diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in index d51a521..1dd981a 100644 --- a/scripts/multipart/multipart.cgi.in +++ b/scripts/multipart/multipart.cgi.in @@ -28,24 +28,14 @@ if (defined($query)) { } $file = &form_decode($v{'file'}); $boundary = &form_decode($v{'boundary'}); - $cookie = &form_decode($v{'cookie'}); - if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { - print <<EOF; -Content-Type: text/plain - -Local cookie doesn't match: It may be an illegal execution -EOF - exit(1); - } } else { $file = $ARGV[0]; if (@ARGV >= 2) { $boundary = $ARGV[1]; } - $cookie = $ENV{'LOCAL_COOKIE'}; } - -open(F, "< $file"); +(-f $file) || exit(1); +open(F, "< $file") || exit(1); $end = 0; $mbody = ''; if (defined($boundary)) { @@ -131,7 +121,6 @@ if (defined($v{'count'})) { $qcgi = &html_quote($CGI); $qfile = &html_quote($file); $qboundary = &html_quote($boundary); -$qcookie = &html_quote($cookie); if ($mbody =~ /\S/) { $_ = $mbody; @@ -196,20 +185,16 @@ while(! $end) { s/\>/\>/g; print "<pre>\n"; print $_; - print "\n</pre>\n"; + print "</pre>\n"; if ($type =~ /name=\"?([^\"]+)\"?/ || $dispos =~ /filename=\"?([^\"]+)\"?/) { $name = $1; } else { $name = "Content"; } - print "<form method=POST action=\"$qcgi?$count\">\n"; - print "<input type=hidden name=file value=\"$qfile\">\n"; - print "<input type=hidden name=boundary value=\"$qboundary\">\n"; - print "<input type=hidden name=cookie value=\"$qcookie\">\n"; - print "<input type=hidden name=count value=\"$count\">\n"; + print "<form action=\"$qcgi?file=$qfile&boundary=$qboundary&count=$count\">\n"; if ($image) { - print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"", + print "<input type=image name=submit src=\"$qcgi?file=$qfile&boundary=$qboundary&count=$count\" alt=\"", &html_quote($name), "\">\n"; } else { print "<input type=submit name=submit value=\"", diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in index f7b247c..12c1b63 100644 --- a/scripts/w3mhelp.cgi.in +++ b/scripts/w3mhelp.cgi.in @@ -1,5 +1,5 @@ #!@PERL@ -# $Id: w3mhelp.cgi.in,v 1.22 2002/12/11 02:57:30 ukai Exp $ +# $Id: w3mhelp.cgi.in,v 1.23 2003/01/15 17:13:22 ukai Exp $ if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) { $CYGPATH = 1; @@ -49,18 +49,6 @@ if (defined($ENV{'QUERY_STRING'})) { $lang = $tlang; } } - if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) { - $cookie = $2; - $cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge; - } -} -if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { - print <<EOF; -Content-Type: text/plain - -Local cookie doesn't match: It may be an illegal execution -EOF - exit(1); } %f = %keyfunc; @@ -115,9 +103,7 @@ HEADING $q_version = $version; $q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge; -$q_cookie = $cookie; -$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge; -$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&lang="; +$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&lang="; # doc:en_English doc-jp:ja_Japanese for $otherlang (@docdirs) { diff --git a/scripts/w3mmail.cgi.in b/scripts/w3mmail.cgi.in index a3fcaab..e544362 100755 --- a/scripts/w3mmail.cgi.in +++ b/scripts/w3mmail.cgi.in @@ -1,15 +1,21 @@ #!@PERL@ -$rcsid = q$Id: w3mmail.cgi.in,v 1.11 2002/11/11 15:50:28 ukai Exp $; +$rcsid = q$Id: w3mmail.cgi.in,v 1.12 2003/01/15 17:13:22 ukai Exp $; ($id = $rcsid) =~ s/^.*,v ([\d\.]*).*/$1/; ($prog=$0) =~ s/.*\///; $query = $ENV{'QUERY_STRING'}; -$local_cookie = $ENV{'LOCAL_COOKIE'}; +$cookie_file = $ENV{'LOCAL_COOKIE_FILE'}; +$local_cookie = ''; $SENDMAIL = '/usr/lib/sendmail'; $SENDMAIL = '/usr/sbin/sendmail' if -x '/usr/sbin/sendmail'; $SENDMAIL_OPT = '-oi -t'; +if (-f $cookie_file) { + open(F, "< $cookie_file"); + $local_cookie = <F>; + close(F); +} if ($query =~ s/^\w+://) { $url = $query; $qurl = &html_quote($url); @@ -43,8 +49,9 @@ if ($query =~ s/^\w+://) { print "\r\n"; print "<html><head><title>W3M Mailer: $qurl</title></head>\n"; print "<body><h1>W3M Mailer: $qurl</h1>\n"; - print "<form action='file://$0' method='POST'>\n"; - print "<input type='hidden' name='cookie' value='$local_cookie'>\n"; + print "<form action=\"file://$0\" method='POST'>\n"; + $local_cookie = &html_quote($local_cookie); + print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n"; print "<table>\n"; foreach $h ('from', 'to', 'cc', 'bcc', 'subject') { $v = &lang_html_quote($opt{$h}); @@ -52,6 +59,7 @@ if ($query =~ s/^\w+://) { delete $opt{$h}; } if ($boundary) { + $boundary = &html_quote($boundary); print "<tr><td>Content-Type:<td>multipart/form-data; boundary=\"$boundary\"\n"; print "<input type='hidden' name='boundary' value=\"$boundary\">\n"; } @@ -98,8 +106,9 @@ if ($query =~ s/^\w+://) { print "<html><head><title>W3M Mailer</title></head>\n"; print "<body>\n"; print "<h1>W3M Mailer: preview</h1>\n"; - print "<form action='$0' method='POST'>\n"; - print "<input type='hidden' name='cookie' value='$local_cookie'>\n"; + print "<form action=\"file://$0\" method='POST'>\n"; + $local_cookie = &html_quote($local_cookie); + print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n"; print "<hr>\n"; print "<pre>\n"; foreach $h (keys %opt) { @@ -112,13 +121,15 @@ if ($query =~ s/^\w+://) { ($cs,$cte,$body) = &lang_body(&lang_html_quote($body), 0); print "Mime-Version: 1.0\n"; if ($boundary) { + $boundary = &html_quote($boundary); print "Content-Type: multipart/form-data;\n"; print " boundary=\"$boundary\"\n"; } else { print "Content-Type: text/plain; charset=$cs\n"; } # print "Content-Transfer-Encoding: $cte\n"; - print "User-Agent: $ENV{'SERVER_SOFTWARE'} $prog/$id\n"; + print "User-Agent: ", &html_quote("$ENV{'SERVER_SOFTWARE'} $prog/$id"), + "\n"; print "\n"; print $body; print "\n" if ($body !~ /\n$/); @@ -137,10 +148,10 @@ if ($query =~ s/^\w+://) { foreach $h (keys %opt) { $qh = &html_quote($h); print "<tr><td>\u$qh:<td>$v{$h}\n"; - print "<input type='hidden' name=\"$qh\" value=\"$v\">\n"; + print "<input type='hidden' name=\"$qh\" value=\"$v{$h}\">\n"; } print "<tr><td colspan=2>\n"; - print "<textarea cols=40 rows=10 name='body'>\n"; + print "<textarea cols=40 rows=10 name=body>\n"; if ($body) { print $body; } @@ -158,7 +169,7 @@ if ($query =~ s/^\w+://) { print "\r\n"; print "<html><head><title>W3M Mailer</title></head>\n"; print "<body><h1>W3M Mailer: open sendmail failed</h1>\n"; - print "<p>$@</p>\n"; + print "<p>", &html_quote($@), "</p>\n"; print "</body></html>\n"; exit(0); } @@ -189,7 +200,7 @@ if ($query =~ s/^\w+://) { print "\r\n"; print "<html><head><title>W3M Mailer</title></head>\n"; print "<body><h1>W3M Mailer: close sendmail failed</h1>\n"; - print "<p>$@</p>\n"; + print "<p>", &html_quote($@), "</p>\n"; print "</body></html>\n"; } } |