diff options
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/dirlist.cgi.in | 54 | ||||
| -rw-r--r-- | scripts/multipart/multipart.cgi.in | 14 | ||||
| -rw-r--r-- | scripts/w3mhelp.cgi.in | 18 |
3 files changed, 63 insertions, 23 deletions
diff --git a/scripts/dirlist.cgi.in b/scripts/dirlist.cgi.in index bd16721..9bed644 100755 --- a/scripts/dirlist.cgi.in +++ b/scripts/dirlist.cgi.in @@ -30,15 +30,17 @@ $NOW = time(); @OPT = &init_option($CONFIG); $query = $ENV{'QUERY_STRING'}; +$dir = ''; $cmd = ''; -$cgi = 0; -if ($query eq '') { - $_ = `pwd`; # insecure? - chop; - s/\r$//; - $dir = $_; - $cgi = 0; -} elsif ($query =~ /^(opt\d+|dir|cmd)=/) { +$cookie = ''; +# $cgi = 0; +# if ($query eq '') { +# $_ = `pwd`; # insecure? +# chop; +# s/\r$//; +# $dir = $_; +# $cgi = 0; +# } elsif ($query =~ /^(opt\d+|dir|cmd|cookie)=/) { foreach(split(/\&/, $query)) { if (s/^dir=//) { $dir = &form_decode($_); @@ -46,20 +48,31 @@ if ($query eq '') { $OPT[$1] = $_; } elsif (s/^cmd=//) { $cmd = $_; + } elsif (s/^cookie=//) { + $cookie = &form_decode($_); } } - $cgi = 1; -} else { - $dir = $query; - if (($dir !~ m@^/@) && - ($WIN32 && $dir !~ /^[a-z]:/i)) { - $_ = `pwd`; # insecure? - chop; - s/\r$//; - $dir = "$_/$dir"; + if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { + print <<EOF; +Content-Type: text/plain + +Local cookie doesn't match: It may be an illegal execution +EOF + exit(1); } - $cgi = -1; -} + $cookie = &html_quote($cookie); + $cgi = 1; +# } else { +# $dir = $query; +# if (($dir !~ m@^/@) && +# ($WIN32 && $dir !~ /^[a-z]:/i)) { +# $_ = `pwd`; # insecure? +# chop; +# s/\r$//; +# $dir = "$_/$dir"; +# } +# $cgi = -1; +# } if ($dir !~ m@/$@) { $dir .= '/'; } @@ -117,7 +130,7 @@ Content-Type: text/html <body> <h1>Directory list of $qdir</h1> EOF -&print_form($edir, @OPT); +&print_form($qdir, @OPT); print <<EOF; <hr> EOF @@ -420,6 +433,7 @@ EOF </table> </center> <input type=hidden name=dir value="$d"> +<input type=hidden name=cookie value="$cookie"> </form> EOF } diff --git a/scripts/multipart/multipart.cgi.in b/scripts/multipart/multipart.cgi.in index 1c92d70..d51a521 100644 --- a/scripts/multipart/multipart.cgi.in +++ b/scripts/multipart/multipart.cgi.in @@ -28,11 +28,21 @@ if (defined($query)) { } $file = &form_decode($v{'file'}); $boundary = &form_decode($v{'boundary'}); + $cookie = &form_decode($v{'cookie'}); + if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { + print <<EOF; +Content-Type: text/plain + +Local cookie doesn't match: It may be an illegal execution +EOF + exit(1); + } } else { $file = $ARGV[0]; if (@ARGV >= 2) { $boundary = $ARGV[1]; } + $cookie = $ENV{'LOCAL_COOKIE'}; } open(F, "< $file"); @@ -121,6 +131,7 @@ if (defined($v{'count'})) { $qcgi = &html_quote($CGI); $qfile = &html_quote($file); $qboundary = &html_quote($boundary); +$qcookie = &html_quote($cookie); if ($mbody =~ /\S/) { $_ = $mbody; @@ -195,9 +206,10 @@ while(! $end) { print "<form method=POST action=\"$qcgi?$count\">\n"; print "<input type=hidden name=file value=\"$qfile\">\n"; print "<input type=hidden name=boundary value=\"$qboundary\">\n"; + print "<input type=hidden name=cookie value=\"$qcookie\">\n"; print "<input type=hidden name=count value=\"$count\">\n"; if ($image) { - print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&count=$count\" alt=\"", + print "<input type=image name=submit src=\"$CGI?file=$qfile&boundary=$qboundary&cookie=$qcookie&count=$count\" alt=\"", &html_quote($name), "\">\n"; } else { print "<input type=submit name=submit value=\"", diff --git a/scripts/w3mhelp.cgi.in b/scripts/w3mhelp.cgi.in index 2ced3fc..4351813 100644 --- a/scripts/w3mhelp.cgi.in +++ b/scripts/w3mhelp.cgi.in @@ -1,5 +1,5 @@ #!@PERL@ -# $Id: w3mhelp.cgi.in,v 1.16 2002/11/21 16:15:59 ukai Exp $ +# $Id: w3mhelp.cgi.in,v 1.17 2002/11/26 18:03:30 ukai Exp $ if ( $^O =~ /^(ms)?(dos|win(32|nt)?)/i ) { $CYGPATH = 1; @@ -49,6 +49,18 @@ if (defined($ENV{'QUERY_STRING'})) { $lang = $tlang; } } + if ($ENV{'QUERY_STRING'} =~ /(^|&)cookie=([^&]*)/) { + $cookie = $2; + $cookie =~ s/\+|%([0-9A-Fa-f][0-9A-Fa-f])/$& eq '+' ? ' ' : pack('C', hex($1))/ge; + } +} +if (($cookie eq "") || ($cookie ne $ENV{"LOCAL_COOKIE"})) { + print <<EOF; +Content-Type: text/plain + +Local cookie doesn't match: It may be an illegal execution +EOF + exit(1); } %f = %keyfunc; @@ -103,7 +115,9 @@ HEADING $q_version = $version; $q_version =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge; -$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?version=$q_version&lang="; +$q_cookie = $cookie; +$q_cookie =~ s/[^A-Za-z0-9_\$\.\-]/sprintf('%%%02X', ord($&))/ge; +$script = "<A HREF=\"$ENV{'SCRIPT_NAME'}?cookie=$q_cookie&version=$q_version&lang="; # doc:en_English doc-jp:ja_Japanese for $otherlang (@docdirs) { |