aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorFumitoshi UKAI <ukai@debian.or.jp>2003-01-15 17:13:21 +0000
committerFumitoshi UKAI <ukai@debian.or.jp>2003-01-15 17:13:21 +0000
commit549ee1cc09be5bbdc613649eb9be3ebc122c0331 (patch)
treec8f2ea7433d0eddc429d36dc12267d482374ac87 /scripts
parent* file.c (loadGopherDir): convertLine RAW_MODE (diff)
downloadw3m-549ee1cc09be5bbdc613649eb9be3ebc122c0331.tar.gz
w3m-549ee1cc09be5bbdc613649eb9be3ebc122c0331.zip
[w3m-dev 03644] Re: Other user can see local cookie.
* cookie.c (save_cookies): return if no_rc_dir * etc.c (tmpf_base): add cookie (tmpfname): use tmp_dir instead of rc_dir * file.c (loadGeneralFile): cookie is not passed via URL * fm.h (TMPF_COOKIE): incl (MAX_TMPF_TYPE): incl (no_rc_dir): added (tmp_dir): added (config_file): added * local.c (Local_cookie_file): added (writeLocalCookie): added (setLocalCookie): dont set environment LOCAL_COOKIE (localcgi_post): writeLocalCookie (localcgi_get): writeLocalCookie * main.c (config_filename): deleted (cmd_loadURL): arg FormList (main): rewrite config_file, rc (ldhelp): no cookie in URL (cmd_loadURL): arg FormList (goURL0): cmd_loadURL change (cmd_loadBuffer): cmd_loadURL change (adBmark): cookie is posted (follow_map): cmd_loadURL change (linkMn): cmd_loadURL change (reinit): init_rc change * proto.h (create_option_search_table): deleted (init_rc): no args * rc.c (create_option_search_table): static (init_rc): no args rewrite (optionpanel_src1): rewrite (load_option_panel): html_quote (panel_set_option): no_rc_dir * w3mbookmark.c: rewrite * w3mhelperpanel.c: rewrite * scripts/dirlist.cgi.in: rewrite * scripts/w3mhelp.cgi.in: rewrite * scripts/w3mmail.cgi.in: rewrite * scripts/multipart/multipart.cgi.in: rewrite From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
Diffstat (limited to '')
-rwxr-xr-xscripts/dirlist.cgi.in61
-rw-r--r--scripts/multipart/multipart.cgi.in25
-rw-r--r--scripts/w3mhelp.cgi.in18
-rwxr-xr-xscripts/w3mmail.cgi.in33
4 files changed, 55 insertions, 82 deletions
diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in
index 9bed644..2949ebe 100755
--- a/scripts/dirlist.cgi.in
+++ b/scripts/dirlist.cgi.in
@@ -33,15 +33,16 @@ $query = $ENV{'QUERY_STRING'};
$dir = '';
$cmd = '';
$cookie = '';
-# $cgi = 0;
-# if ($query eq '') {
-# $_ = `pwd`; # insecure?
-# chop;
-# s/\r$//;
-# $dir = $_;
-# $cgi = 0;
-# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
- foreach(split(/\&/, $query)) {
+$local_cookie = '';
+foreach(split(/\&/, $query)) {
+ if (s/^dir=//) {
+ $dir = &form_decode($_);
+ }
+}
+$body = undef;
+if ($ENV{'REQUEST_METHOD'} eq 'POST') {
+ sysread(STDIN, $body, $ENV{'CONTENT_LENGTH'});
+ foreach(split(/\&/, $body)) {
if (s/^dir=//) {
$dir = &form_decode($_);
} elsif (s/^opt(\d+)=//) {
@@ -52,27 +53,22 @@ $cookie = '';
$cookie = &form_decode($_);
}
}
- if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
- print <<EOF;
+}
+$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
+if (-f $cookie_file) {
+ open(F, "< $cookie_file");
+ $local_cookie = <F>;
+ close(F);
+}
+if ($local_cookie eq '' || (defined($body) && $cookie ne $local_cookie)) {
+ print <<EOF;
Content-Type: text/plain
Local cookie doesn't match: It may be an illegal execution
EOF
- exit(1);
- }
- $cookie = &html_quote($cookie);
- $cgi = 1;
-# } else {
-# $dir = $query;
-# if (($dir !~ m@^/@) &&
-# ($WIN32 && $dir !~ /^[a-z]:/i)) {
-# $_ = `pwd`; # insecure?
-# chop;
-# s/\r$//;
-# $dir = "$_/$dir";
-# }
-# $cgi = -1;
-# }
+ exit(1);
+}
+$local_cookie = &html_quote($local_cookie);
if ($dir !~ m@/$@) {
$dir .= '/';
}
@@ -88,9 +84,7 @@ if ($WIN32) {
$ROOT = &cygwin_pathconv("$ROOT");
}
}
-if ($cgi) {
- $dir = &cleanup($dir);
-}
+$dir = &cleanup($dir);
$TYPE = $OPT[$OPT_TYPE];
$FORMAT = $OPT[$OPT_FORMAT];
@@ -117,9 +111,6 @@ EOF
exit 1;
}
-# ($cgi > 0) && print <<EOF;
-# w3m-control: DELETE_PREVBUF
-# EOF
print <<EOF;
Content-Type: text/html
@@ -404,9 +395,9 @@ sub print_form {
local($_, @vs, @os, $v, $o);
print <<EOF;
-<form action=\"$CGI\">
+<form method=post action=\"$CGI#current\">
<center>
-<table>
+<table cellpadding=0>
<tr valign=top>
EOF
foreach(0 .. 2) {
@@ -433,7 +424,7 @@ EOF
</table>
</center>
<input type=hidden name=dir value="$d">
-<input type=hidden name=cookie value="$cookie">
+<input type=hidden name=cookie value="$local_cookie">
</form>
EOF
}
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in
index d51a521..1dd981a 100644
--- a/scripts/multipart/multipart.cgi.in
+++ b/scripts/multipart/multipart.cgi.in
@@ -28,24 +28,14 @@ if (defined($query)) {
}
$file = &form_decode($v{'file'});
$boundary = &form_decode($v{'boundary'});
- $cookie = &form_decode($v{'cookie'});
- if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
- print <<EOF;
-Content-Type: text/plain
-
-Local cookie doesn't match: It may be an illegal execution
-EOF
- exit(1);
- }
} else {
$file = $ARGV[0];
if (@ARGV >= 2) {
$boundary = $ARGV[1];
}
- $cookie = $ENV{'LOCAL_COOKIE'};
}
-
-open(F, "< $file");
+(-f $file) || exit(1);
+open(F, "< $file") || exit(1);
$end = 0;
$mbody = '';
if (defined($boundary)) {
@@ -131,7 +121,6 @@ if (defined($v{'count'})) {
$qcgi = &html_quote($CGI);
$qfile = &html_quote($file);
$qboundary = &html_quote($boundary);
-$qcookie = &html_quote($cookie);
if ($mbody =~ /\S/) {
$_ = $mbody;
@@ -196,20 +185,16 @@ while(! $end) {
s/\>/\&gt;/g;
print "<pre>\n";
print $_;
- print "\n</pre>\n";
+ print "</pre>\n";
if ($type =~ /name=\"?([^\"]+)\"?/ ||
$dispos =~ /filename=\"?([^\"]+)\"?/) {
$name = $1;
} else {
$name = "Content";
}
- print "<form method=POST action=\"$qcgi?$count\">\n";
- print "<input type=hidden name=file value=\"$qfile\">\n";
- print "<input type=hidden name=boundary value=\"$qboundary\">\n";
- print "<input type=hidden name=cookie value=\"$qcookie\">\n";
- print "<input type=hidden name=count value=\"$count\">\n";
+ print "<form action=\"$qcgi?file=$qfile&amp;boundary=$qboundary&amp;count=$count\">\n";
if ($image) {
- print "<input type=image name=submit src=\"$CGI?file=$qfile&amp;boundary=$qboundary&amp;cookie=$qcookie&amp;count=$count\" alt=\"",
+ print "<input type=image name=submit src=\"$qcgi?file=$qfile&amp;boundary=$qboundary&amp;count=$count\" alt=\"",
&html_quote($name), "\">\n";
} else {
print "<input type=submit name=submit value=\"",
diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in
index f7b247c..12c1b63 100644
--- a/scripts/w3mhelp.cgi.in
+++ b/scripts/w3mhelp.cgi.in
@@ -1,5 +1,5 @@
#!@PERL@
-# $Id: w3mhelp.cgi.in,v 1.22 2002/12/11 02:57:30 ukai Exp $
+# $Id: w3mhelp.cgi.in,v 1.23 2003/01/15 17:13:22 ukai Exp $
if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) {
$CYGPATH = 1;
@@ -49,18 +49,6 @@ if (defined($ENV{'QUERY_STRING'})) {
$lang = $tlang;
}
}
- if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
- $cookie = $2;
- $cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
- }
-}
-if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
- print <<EOF;
-Content-Type: text/plain
-
-Local cookie doesn't match: It may be an illegal execution
-EOF
- exit(1);
}
%f = %keyfunc;
@@ -115,9 +103,7 @@ HEADING
$q_version = $version;
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
-$q_cookie = $cookie;
-$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
-$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&amp;lang=";
+$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&amp;lang=";
# doc:en_English doc-jp:ja_Japanese
for $otherlang (@docdirs) {
diff --git a/scripts/w3mmail.cgi.in b/scripts/w3mmail.cgi.in
index a3fcaab..e544362 100755
--- a/scripts/w3mmail.cgi.in
+++ b/scripts/w3mmail.cgi.in
@@ -1,15 +1,21 @@
#!@PERL@
-$rcsid = q$Id: w3mmail.cgi.in,v 1.11 2002/11/11 15:50:28 ukai Exp $;
+$rcsid = q$Id: w3mmail.cgi.in,v 1.12 2003/01/15 17:13:22 ukai Exp $;
($id = $rcsid) =~ s/^.*,v ([\d\.]*).*/$1/;
($prog=$0) =~ s/.*\///;
$query = $ENV{'QUERY_STRING'};
-$local_cookie = $ENV{'LOCAL_COOKIE'};
+$cookie_file = $ENV{'LOCAL_COOKIE_FILE'};
+$local_cookie = '';
$SENDMAIL = '/usr/lib/sendmail';
$SENDMAIL = '/usr/sbin/sendmail' if -x '/usr/sbin/sendmail';
$SENDMAIL_OPT = '-oi -t';
+if (-f $cookie_file) {
+ open(F, "< $cookie_file");
+ $local_cookie = <F>;
+ close(F);
+}
if ($query =~ s/^\w+://) {
$url = $query;
$qurl = &html_quote($url);
@@ -43,8 +49,9 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer: $qurl</title></head>\n";
print "<body><h1>W3M Mailer: $qurl</h1>\n";
- print "<form action='file://$0' method='POST'>\n";
- print "<input type='hidden' name='cookie' value='$local_cookie'>\n";
+ print "<form action=\"file://$0\" method='POST'>\n";
+ $local_cookie = &html_quote($local_cookie);
+ print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n";
print "<table>\n";
foreach $h ('from', 'to', 'cc', 'bcc', 'subject') {
$v = &lang_html_quote($opt{$h});
@@ -52,6 +59,7 @@ if ($query =~ s/^\w+://) {
delete $opt{$h};
}
if ($boundary) {
+ $boundary = &html_quote($boundary);
print "<tr><td>Content-Type:<td>multipart/form-data; boundary=\"$boundary\"\n";
print "<input type='hidden' name='boundary' value=\"$boundary\">\n";
}
@@ -98,8 +106,9 @@ if ($query =~ s/^\w+://) {
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body>\n";
print "<h1>W3M Mailer: preview</h1>\n";
- print "<form action='$0' method='POST'>\n";
- print "<input type='hidden' name='cookie' value='$local_cookie'>\n";
+ print "<form action=\"file://$0\" method='POST'>\n";
+ $local_cookie = &html_quote($local_cookie);
+ print "<input type='hidden' name='cookie' value=\"$local_cookie\">\n";
print "<hr>\n";
print "<pre>\n";
foreach $h (keys %opt) {
@@ -112,13 +121,15 @@ if ($query =~ s/^\w+://) {
($cs,$cte,$body) = &lang_body(&lang_html_quote($body), 0);
print "Mime-Version: 1.0\n";
if ($boundary) {
+ $boundary = &html_quote($boundary);
print "Content-Type: multipart/form-data;\n";
print " boundary=\"$boundary\"\n";
} else {
print "Content-Type: text/plain; charset=$cs\n";
}
# print "Content-Transfer-Encoding: $cte\n";
- print "User-Agent: $ENV{'SERVER_SOFTWARE'} $prog/$id\n";
+ print "User-Agent: ", &html_quote("$ENV{'SERVER_SOFTWARE'} $prog/$id"),
+ "\n";
print "\n";
print $body;
print "\n" if ($body !~ /\n$/);
@@ -137,10 +148,10 @@ if ($query =~ s/^\w+://) {
foreach $h (keys %opt) {
$qh = &html_quote($h);
print "<tr><td>\u$qh:<td>$v{$h}\n";
- print "<input type='hidden' name=\"$qh\" value=\"$v\">\n";
+ print "<input type='hidden' name=\"$qh\" value=\"$v{$h}\">\n";
}
print "<tr><td colspan=2>\n";
- print "<textarea cols=40 rows=10 name='body'>\n";
+ print "<textarea cols=40 rows=10 name=body>\n";
if ($body) {
print $body;
}
@@ -158,7 +169,7 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body><h1>W3M Mailer: open sendmail failed</h1>\n";
- print "<p>$@</p>\n";
+ print "<p>", &html_quote($@), "</p>\n";
print "</body></html>\n";
exit(0);
}
@@ -189,7 +200,7 @@ if ($query =~ s/^\w+://) {
print "\r\n";
print "<html><head><title>W3M Mailer</title></head>\n";
print "<body><h1>W3M Mailer: close sendmail failed</h1>\n";
- print "<p>$@</p>\n";
+ print "<p>", &html_quote($@), "</p>\n";
print "</body></html>\n";
}
}