aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xscripts/dirlist.cgi.in54
-rw-r--r--scripts/multipart/multipart.cgi.in14
-rw-r--r--scripts/w3mhelp.cgi.in18
3 files changed, 63 insertions, 23 deletions
diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in
index bd16721..9bed644 100755
--- a/scripts/dirlist.cgi.in
+++ b/scripts/dirlist.cgi.in
@@ -30,15 +30,17 @@ $NOW = time();
@OPT = &init_option($CONFIG);
$query = $ENV{'QUERY_STRING'};
+$dir = '';
$cmd = '';
-$cgi = 0;
-if ($query eq '') {
- $_ = `pwd`; # insecure?
- chop;
- s/\r$//;
- $dir = $_;
- $cgi = 0;
-} elsif ($query =~ /^(opt\d+|dir|cmd)=/) {
+$cookie = '';
+# $cgi = 0;
+# if ($query eq '') {
+# $_ = `pwd`; # insecure?
+# chop;
+# s/\r$//;
+# $dir = $_;
+# $cgi = 0;
+# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) {
foreach(split(/\&/, $query)) {
if (s/^dir=//) {
$dir = &form_decode($_);
@@ -46,20 +48,31 @@ if ($query eq '') {
$OPT[$1] = $_;
} elsif (s/^cmd=//) {
$cmd = $_;
+ } elsif (s/^cookie=//) {
+ $cookie = &form_decode($_);
}
}
- $cgi = 1;
-} else {
- $dir = $query;
- if (($dir !~ m@^/@) &&
- ($WIN32 && $dir !~ /^[a-z]:/i)) {
- $_ = `pwd`; # insecure?
- chop;
- s/\r$//;
- $dir = "$_/$dir";
+ if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
+ print <<EOF;
+Content-Type: text/plain
+
+Local cookie doesn't match: It may be an illegal execution
+EOF
+ exit(1);
}
- $cgi = -1;
-}
+ $cookie = &html_quote($cookie);
+ $cgi = 1;
+# } else {
+# $dir = $query;
+# if (($dir !~ m@^/@) &&
+# ($WIN32 && $dir !~ /^[a-z]:/i)) {
+# $_ = `pwd`; # insecure?
+# chop;
+# s/\r$//;
+# $dir = "$_/$dir";
+# }
+# $cgi = -1;
+# }
if ($dir !~ m@/$@) {
$dir .= '/';
}
@@ -117,7 +130,7 @@ Content-Type: text/html
<body>
<h1>Directory list of $qdir</h1>
EOF
-&print_form($edir, @OPT);
+&print_form($qdir, @OPT);
print <<EOF;
<hr>
EOF
@@ -420,6 +433,7 @@ EOF
</table>
</center>
<input type=hidden name=dir value="$d">
+<input type=hidden name=cookie value="$cookie">
</form>
EOF
}
diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in
index 1c92d70..d51a521 100644
--- a/scripts/multipart/multipart.cgi.in
+++ b/scripts/multipart/multipart.cgi.in
@@ -28,11 +28,21 @@ if (defined($query)) {
}
$file = &form_decode($v{'file'});
$boundary = &form_decode($v{'boundary'});
+ $cookie = &form_decode($v{'cookie'});
+ if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
+ print <<EOF;
+Content-Type: text/plain
+
+Local cookie doesn't match: It may be an illegal execution
+EOF
+ exit(1);
+ }
} else {
$file = $ARGV[0];
if (@ARGV >= 2) {
$boundary = $ARGV[1];
}
+ $cookie = $ENV{'LOCAL_COOKIE'};
}
open(F, "< $file");
@@ -121,6 +131,7 @@ if (defined($v{'count'})) {
$qcgi = &html_quote($CGI);
$qfile = &html_quote($file);
$qboundary = &html_quote($boundary);
+$qcookie = &html_quote($cookie);
if ($mbody =~ /\S/) {
$_ = $mbody;
@@ -195,9 +206,10 @@ while(! $end) {
print "<form method=POST action=\"$qcgi?$count\">\n";
print "<input type=hidden name=file value=\"$qfile\">\n";
print "<input type=hidden name=boundary value=\"$qboundary\">\n";
+ print "<input type=hidden name=cookie value=\"$qcookie\">\n";
print "<input type=hidden name=count value=\"$count\">\n";
if ($image) {
- print "<input type=image name=submit src=\"$CGI?file=$qfile&amp;boundary=$qboundary&amp;count=$count\" alt=\"",
+ print "<input type=image name=submit src=\"$CGI?file=$qfile&amp;boundary=$qboundary&amp;cookie=$qcookie&amp;count=$count\" alt=\"",
&html_quote($name), "\">\n";
} else {
print "<input type=submit name=submit value=\"",
diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in
index 2ced3fc..4351813 100644
--- a/scripts/w3mhelp.cgi.in
+++ b/scripts/w3mhelp.cgi.in
@@ -1,5 +1,5 @@
#!@PERL@
-# $Id: w3mhelp.cgi.in,v 1.16 2002/11/21 16:15:59 ukai Exp $
+# $Id: w3mhelp.cgi.in,v 1.17 2002/11/26 18:03:30 ukai Exp $
if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) {
$CYGPATH = 1;
@@ -49,6 +49,18 @@ if (defined($ENV{'QUERY_STRING'})) {
$lang = $tlang;
}
}
+ if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) {
+ $cookie = $2;
+ $cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge;
+ }
+}
+if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) {
+ print <<EOF;
+Content-Type: text/plain
+
+Local cookie doesn't match: It may be an illegal execution
+EOF
+ exit(1);
}
%f = %keyfunc;
@@ -103,7 +115,9 @@ HEADING
$q_version = $version;
$q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
-$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&amp;lang=";
+$q_cookie = $cookie;
+$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge;
+$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&amp;lang=";
# doc:en_English doc-jp:ja_Japanese
for $otherlang (@docdirs) {