diff options
Diffstat (limited to '')
| -rw-r--r-- | ChangeLog | 19 | ||||
| -rw-r--r-- | file.c | 9 | ||||
| -rw-r--r-- | fm.h | 4 | ||||
| -rw-r--r-- | local.c | 8 | ||||
| -rw-r--r-- | main.c | 9 | ||||
| -rw-r--r-- | rc.c | 7 | ||||
| -rwxr-xr-x | scripts/dirlist.cgi.in | 54 | ||||
| -rw-r--r-- | scripts/multipart/multipart.cgi.in | 14 | ||||
| -rw-r--r-- | scripts/w3mhelp.cgi.in | 18 | ||||
| -rw-r--r-- | w3mbookmark.c | 26 | ||||
| -rw-r--r-- | w3mhelperpanel.c | 20 |
11 files changed, 123 insertions, 65 deletions
@@ -1,3 +1,20 @@ +2002-11-27 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> + + * use local_cookie for support local-cgi commands + * file.c (loadGeneralFile): pass Local_cookie to DirBufferCommand + * fm.h (Local_cookie): Str + * local.c (setLocalCookie): Str, set_environ() + (set_cgi_environ): remove LOCAL_COOKIE + * main.c (ldhelp): pass Local_cookie + (adBmark): ditto + * rc.c (optionpanel_src1): cookie + (load_option_panel): pass Local_cookie + * w3mbookmark.c (main): check Local_cookie + * w3mhelperpanel (main): ditto + * scripts/dirlist.cgi.in: ditto + * scripts/w3mhelp.cgi.in: ditto + * scripts/multipart/multipart.cgi.in: ditto + 2002-11-27 Fumitoshi UKAI <ukai@debian.or.jp> * frame.c (createFrameFile): html_quote() @@ -5178,4 +5195,4 @@ a * [w3m-dev 03276] compile error on EWS4800 * release-0-2-1 * import w3m-0.2.1 -$Id: ChangeLog,v 1.562 2002/11/26 17:08:00 ukai Exp $ +$Id: ChangeLog,v 1.563 2002/11/26 18:03:18 ukai Exp $ @@ -1,4 +1,4 @@ -/* $Id: file.c,v 1.131 2002/11/26 17:12:25 ukai Exp $ */ +/* $Id: file.c,v 1.132 2002/11/26 18:03:24 ukai Exp $ */ #include "fm.h" #include <sys/types.h> #include "myctype.h" @@ -1544,9 +1544,10 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, return NULL; if (S_ISDIR(st.st_mode)) { if (UseExternalDirBuffer) { - Str cmd = Strnew_charp(DirBufferCommand); - Strcat_m_charp(cmd, "?dir=", - pu.file, "#current", NULL); + Str cmd = Sprintf("%s?cookie=%s&dir=%s#current", + DirBufferCommand, + (Str_form_quote(Local_cookie))->ptr, + pu.file); b = loadGeneralFile(cmd->ptr, NULL, NO_REFERER, 0, NULL); if (b != NULL && b != NO_BUFFER) { @@ -1,4 +1,4 @@ -/* $Id: fm.h,v 1.88 2002/11/25 16:57:17 ukai Exp $ */ +/* $Id: fm.h,v 1.89 2002/11/26 18:03:26 ukai Exp $ */ /* * w3m: WWW wo Miru utility * @@ -936,7 +936,7 @@ global char *migemo_command init(DEF_MIGEMO_COMMAND); #endif /* USE_MIGEMO */ global struct auth_cookie *Auth_cookie init(NULL); -global char *Local_cookie init(NULL); +global Str Local_cookie init(NULL); #ifdef USE_COOKIE global struct cookie *First_cookie init(NULL); #endif /* USE_COOKIE */ @@ -1,4 +1,4 @@ -/* $Id: local.c,v 1.14 2002/02/04 15:18:42 ukai Exp $ */ +/* $Id: local.c,v 1.15 2002/11/26 18:03:26 ukai Exp $ */ #include "fm.h" #include <string.h> #include <stdio.h> @@ -26,12 +26,11 @@ void setLocalCookie() { - Str buf; char hostname[256]; gethostname(hostname, 256); - buf = Sprintf("%d.%ld@%s", getpid(), lrand48(), hostname); - Local_cookie = buf->ptr; + Local_cookie = Sprintf("%d.%ld@%s", getpid(), lrand48(), hostname); + set_environ("LOCAL_COOKIE", Local_cookie->ptr); } Buffer * @@ -268,7 +267,6 @@ set_cgi_environ(char *name, char *fn, char *req_uri) set_environ("SCRIPT_NAME", name); set_environ("SCRIPT_FILENAME", fn); set_environ("REQUEST_URI", req_uri); - set_environ("LOCAL_COOKIE", Local_cookie); } static Str @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.155 2002/11/26 03:42:28 ukai Exp $ */ +/* $Id: main.c,v 1.156 2002/11/26 18:03:27 ukai Exp $ */ #define MAINPROGRAM #include "fm.h" #include <signal.h> @@ -1961,7 +1961,8 @@ ldhelp(void) lang = AcceptLang; n = strcspn(lang, ";, \t"); cmd_loadURL(Sprintf("file:///$LIB/" HELP_CGI CGI_EXTENSION - "?version=%s&lang=%s", + "?cookie=%s&version=%s&lang=%s", + Str_form_quote(Local_cookie)->ptr, Str_form_quote(Strnew_charp(w3m_version))->ptr, Str_form_quote(Strnew_charp_n(lang, n))->ptr)->ptr, NULL, NO_REFERER); @@ -4004,8 +4005,8 @@ adBmark(void) Str tmp; tmp = Sprintf("file://%s/" W3MBOOKMARK_CMDNAME - "?mode=panel&bmark=%s&url=%s&title=%s", - w3m_lib_dir(), + "?mode=panel&cookie=%s&bmark=%s&url=%s&title=%s", + w3m_lib_dir(), (Str_form_quote(Local_cookie))->ptr, (Str_form_quote(Strnew_charp(BookmarkFile)))->ptr, (Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))-> ptr, @@ -1,4 +1,4 @@ -/* $Id: rc.c,v 1.67 2002/11/25 16:57:17 ukai Exp $ */ +/* $Id: rc.c,v 1.68 2002/11/26 18:03:28 ukai Exp $ */ /* * Initialization file etc. */ @@ -1387,7 +1387,7 @@ init_rc(char *config_filename) static char optionpanel_src1[] = "<html><head><title>Option Setting Panel</title></head>\ -<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel\">%s</a>\n" "<form method=internal action=option>"; +<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel&cookie=%s\">%s</a>\n" "<form method=internal action=option>"; static Str to_str(struct param_ptr *p) @@ -1424,7 +1424,8 @@ to_str(struct param_ptr *p) Buffer * load_option_panel(void) { - Str src = Sprintf(optionpanel_src1, w3m_version, CMT_HELPER); + Str src = Sprintf(optionpanel_src1, w3m_version, + (Str_form_quote(Local_cookie))->ptr, CMT_HELPER); struct param_ptr *p; struct sel_c *s; int x, i; diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in index bd16721..9bed644 100755 --- a/scripts/dirlist.cgi.in +++ b/scripts/dirlist.cgi.in @@ -30,15 +30,17 @@ $NOW = time(); @OPT = &init_option($CONFIG); $query = $ENV{'QUERY_STRING'}; +$dir = ''; $cmd = ''; -$cgi = 0; -if ($query eq '') { - $_ = `pwd`; # insecure? - chop; - s/\r$//; - $dir = $_; - $cgi = 0; -} elsif ($query =~ /^(opt\d+|dir|cmd)=/) { +$cookie = ''; +# $cgi = 0; +# if ($query eq '') { +# $_ = `pwd`; # insecure? +# chop; +# s/\r$//; +# $dir = $_; +# $cgi = 0; +# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) { foreach(split(/\&/, $query)) { if (s/^dir=//) { $dir = &form_decode($_); @@ -46,20 +48,31 @@ if ($query eq '') { $OPT[$1] = $_; } elsif (s/^cmd=//) { $cmd = $_; + } elsif (s/^cookie=//) { + $cookie = &form_decode($_); } } - $cgi = 1; -} else { - $dir = $query; - if (($dir !~ m@^/@) && - ($WIN32 && $dir !~ /^[a-z]:/i)) { - $_ = `pwd`; # insecure? - chop; - s/\r$//; - $dir = "$_/$dir"; + if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { + print <<EOF; +Content-Type: text/plain + +Local cookie doesn't match: It may be an illegal execution +EOF + exit(1); } - $cgi = -1; -} + $cookie = &html_quote($cookie); + $cgi = 1; +# } else { +# $dir = $query; +# if (($dir !~ m@^/@) && +# ($WIN32 && $dir !~ /^[a-z]:/i)) { +# $_ = `pwd`; # insecure? +# chop; +# s/\r$//; +# $dir = "$_/$dir"; +# } +# $cgi = -1; +# } if ($dir !~ m@/$@) { $dir .= '/'; } @@ -117,7 +130,7 @@ Content-Type: text/html <body> <h1>Directory list of $qdir</h1> EOF -&print_form($edir, @OPT); +&print_form($qdir, @OPT); print <<EOF; <hr> EOF @@ -420,6 +433,7 @@ EOF </table> </center> <input type=hidden name=dir value="$d"> +<input type=hidden name=cookie value="$cookie"> </form> EOF } diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in index 1c92d70..d51a521 100644 --- a/scripts/multipart/multipart.cgi.in +++ b/scripts/multipart/multipart.cgi.in @@ -28,11 +28,21 @@ if (defined($query)) { } $file = &form_decode($v{'file'}); $boundary = &form_decode($v{'boundary'}); + $cookie = &form_decode($v{'cookie'}); + if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { + print <<EOF; +Content-Type: text/plain + +Local cookie doesn't match: It may be an illegal execution +EOF + exit(1); + } } else { $file = $ARGV[0]; if (@ARGV >= 2) { $boundary = $ARGV[1]; } + $cookie = $ENV{'LOCAL_COOKIE'}; } open(F, "< $file"); @@ -121,6 +131,7 @@ if (defined($v{'count'})) { $qcgi = &html_quote($CGI); $qfile = &html_quote($file); $qboundary = &html_quote($boundary); +$qcookie = &html_quote($cookie); if ($mbody =~ /\S/) { $_ = $mbody; @@ -195,9 +206,10 @@ while(! $end) { print "<form method=POST action=\"$qcgi?$count\">\n"; print "<input type=hidden name=file value=\"$qfile\">\n"; print "<input type=hidden name=boundary value=\"$qboundary\">\n"; + print "<input type=hidden name=cookie value=\"$qcookie\">\n"; print "<input type=hidden name=count value=\"$count\">\n"; if ($image) { - print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&count=$count\" alt=\"", + print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"", &html_quote($name), "\">\n"; } else { print "<input type=submit name=submit value=\"", diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in index 2ced3fc..4351813 100644 --- a/scripts/w3mhelp.cgi.in +++ b/scripts/w3mhelp.cgi.in @@ -1,5 +1,5 @@ #!@PERL@ -# $Id: w3mhelp.cgi.in,v 1.16 2002/11/21 16:15:59 ukai Exp $ +# $Id: w3mhelp.cgi.in,v 1.17 2002/11/26 18:03:30 ukai Exp $ if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) { $CYGPATH = 1; @@ -49,6 +49,18 @@ if (defined($ENV{'QUERY_STRING'})) { $lang = $tlang; } } + if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) { + $cookie = $2; + $cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge; + } +} +if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { + print <<EOF; +Content-Type: text/plain + +Local cookie doesn't match: It may be an illegal execution +EOF + exit(1); } %f = %keyfunc; @@ -103,7 +115,9 @@ HEADING $q_version = $version; $q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge; -$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&lang="; +$q_cookie = $cookie; +$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge; +$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&lang="; # doc:en_English doc-jp:ja_Japanese for $otherlang (@docdirs) { diff --git a/w3mbookmark.c b/w3mbookmark.c index 09dde2f..57d9bcf 100644 --- a/w3mbookmark.c +++ b/w3mbookmark.c @@ -1,4 +1,4 @@ -/* $Id: w3mbookmark.c,v 1.6 2002/11/12 12:41:58 ukai Exp $ */ +/* $Id: w3mbookmark.c,v 1.7 2002/11/26 18:03:29 ukai Exp $ */ #ifdef __EMX__ #include <stdlib.h> #endif @@ -190,6 +190,17 @@ main(int argc, char *argv[], char **envp) } cgiarg = cgistr2tagarg(qs); + + Local_cookie = getenv("LOCAL_COOKIE"); + sent_cookie = tag_get_value(cgiarg, "cookie"); + if (sent_cookie == NULL || Local_cookie == NULL || + strcmp(sent_cookie, Local_cookie) != 0) { + /* local cookie doesn't match: It may be an illegal invocation */ + printf("Content-Type: text/plain\n"); + printf("\nLocal cookie doesn't match: It may be an illegal invocation\n"); + exit(1); + } + mode = tag_get_value(cgiarg, "mode"); bmark = expandPath(tag_get_value(cgiarg, "bmark")); url = tag_get_value(cgiarg, "url"); @@ -200,12 +211,6 @@ main(int argc, char *argv[], char **envp) printf("Incomplete Request: QUERY_STRING=%s\n", qs); exit(1); } - Local_cookie = getenv("LOCAL_COOKIE"); - sent_cookie = tag_get_value(cgiarg, "cookie"); - if (Local_cookie == NULL) { - /* Local cookie not provided: maybe illegal invocation */ - Local_cookie = ""; - } if (mode && !strcmp(mode, "panel")) { if (title == NULL) title = ""; @@ -213,12 +218,7 @@ main(int argc, char *argv[], char **envp) } else if (mode && !strcmp(mode, "register")) { printf("Content-Type: text/plain\n"); - if (sent_cookie == NULL || Local_cookie[0] == '\0' || - strcmp(sent_cookie, Local_cookie) != 0) { - /* local cookie doesn't match: It may be an illegal invocation */ - printf("\nBookmark not added: local cookie doesn't match\n"); - } - else if (insert_bookmark(bmark, cgiarg)) { + if (insert_bookmark(bmark, cgiarg)) { printf("w3m-control: BACK\n"); printf("w3m-control: BACK\n\n"); } diff --git a/w3mhelperpanel.c b/w3mhelperpanel.c index dd7b7f7..b66c47c 100644 --- a/w3mhelperpanel.c +++ b/w3mhelperpanel.c @@ -1,4 +1,4 @@ -/* $Id: w3mhelperpanel.c,v 1.9 2002/11/12 12:41:58 ukai Exp $ */ +/* $Id: w3mhelperpanel.c,v 1.10 2002/11/26 18:03:29 ukai Exp $ */ #include <errno.h> #include <stdlib.h> #include <stdio.h> @@ -168,11 +168,18 @@ main(int argc, char *argv[], char **envp) exit(1); cgiarg = cgistr2tagarg(qs); - mode = tag_get_value(cgiarg, "mode"); + local_cookie = getenv("LOCAL_COOKIE"); + sent_cookie = tag_get_value(cgiarg, "cookie"); + if (local_cookie == NULL || sent_cookie == NULL || + strcmp(local_cookie, sent_cookie) != 0) { + /* Local cookie doesn't match */ + bye("Local cookie doesn't match: It may be an illegal execution", ""); + } + + mode = tag_get_value(cgiarg, "mode"); mailcapfile = Strnew_charp(expandPath(RC_DIR)); Strcat_charp(mailcapfile, "/mailcap"); - if (mode && !strcmp(mode, "edit")) { char *referer; /* check if I can edit my mailcap */ @@ -183,13 +190,6 @@ main(int argc, char *argv[], char **envp) bye("It may be an illegal execution\n referer=", referer); } } - sent_cookie = tag_get_value(cgiarg, "cookie"); - if (local_cookie == NULL || sent_cookie == NULL || - strcmp(local_cookie, sent_cookie) != 0) { - /* Local cookie doesn't match */ - bye("Local cookie doesn't match: It may be an illegal execution", - ""); - } /* edit mailcap */ editMailcap(mailcapfile->ptr, cgiarg); } |