From 549ee1cc09be5bbdc613649eb9be3ebc122c0331 Mon Sep 17 00:00:00 2001
From: Fumitoshi UKAI <ukai@debian.or.jp>
Date: Wed, 15 Jan 2003 17:13:21 +0000
Subject: [w3m-dev 03644] Re: Other user can see local cookie. * cookie.c
 (save_cookies): return if no_rc_dir * etc.c (tmpf_base): add cookie 
 (tmpfname): use tmp_dir instead of rc_dir * file.c (loadGeneralFile): cookie
 is not passed via URL * fm.h (TMPF_COOKIE): incl 	(MAX_TMPF_TYPE): incl 
 (no_rc_dir): added 	(tmp_dir): added 	(config_file): added * local.c
 (Local_cookie_file): added 	(writeLocalCookie): added 
 (setLocalCookie): dont set environment LOCAL_COOKIE 	(localcgi_post):
 writeLocalCookie 	(localcgi_get): writeLocalCookie * main.c
 (config_filename): deleted 	(cmd_loadURL): arg FormList 	(main):
 rewrite config_file, rc 	(ldhelp): no cookie in URL 	(cmd_loadURL):
 arg FormList 	(goURL0): cmd_loadURL change 	(cmd_loadBuffer): cmd_loadURL
 change 	(adBmark): cookie is posted 	(follow_map): cmd_loadURL
 change 	(linkMn): cmd_loadURL change 	(reinit): init_rc change *
 proto.h (create_option_search_table): deleted 	(init_rc): no args * rc.c
 (create_option_search_table): static 	(init_rc): no args 	
 rewrite 	(optionpanel_src1): rewrite 	(load_option_panel):
 html_quote 	(panel_set_option): no_rc_dir * w3mbookmark.c: rewrite *
 w3mhelperpanel.c: rewrite * scripts/dirlist.cgi.in: rewrite *
 scripts/w3mhelp.cgi.in: rewrite * scripts/w3mmail.cgi.in: rewrite *
 scripts/multipart/multipart.cgi.in: rewrite From: Hironori SAKAMOTO
 <hsaka@mth.biglobe.ne.jp>

---
 local.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'local.c')

diff --git a/local.c b/local.c
index 445d1c1..a0d8c26 100644
--- a/local.c
+++ b/local.c
@@ -1,4 +1,4 @@
-/* $Id: local.c,v 1.20 2003/01/15 16:24:25 ukai Exp $ */
+/* $Id: local.c,v 1.21 2003/01/15 17:13:22 ukai Exp $ */
 #include "fm.h"
 #include <string.h>
 #include <stdio.h>
@@ -23,6 +23,25 @@
 
 #define CGIFN_CONTAIN_SLASH 4
 
+static char *Local_cookie_file = NULL;
+
+static void
+writeLocalCookie()
+{
+    FILE *f;
+
+    if (no_rc_dir)
+	return;
+    Local_cookie_file = tmpfname(TMPF_COOKIE, NULL)->ptr;
+    set_environ("LOCAL_COOKIE_FILE", Local_cookie_file);
+    f = fopen(Local_cookie_file, "wb");
+    if (!f)
+	return;
+    fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f);
+    fclose(f);
+    chmod(Local_cookie_file, S_IRUSR | S_IWUSR);
+}
+
 /* setup cookie for local CGI */
 void
 setLocalCookie()
@@ -31,7 +50,6 @@ setLocalCookie()
     gethostname(hostname, 256);
 
     Local_cookie = Sprintf("%d.%ld@%s", CurrentPid, lrand48(), hostname);
-    set_environ("LOCAL_COOKIE", Local_cookie->ptr);
 }
 
 Str
@@ -395,6 +413,7 @@ localcgi_post(char *uri, char *qstr, FormList *request, char *referer)
     file = cgi_filename(uri, &status);
     if (check_local_cgi(file, status) < 0)
 	return NULL;
+    writeLocalCookie();
     tmp1 = tmpfname(TMPF_DFL, NULL);
     if ((pid = localcgi_popen_r(&f)) < 0)
 	return NULL;
@@ -459,6 +478,7 @@ localcgi_get(char *uri, char *request, char *referer)
     file = cgi_filename(uri, &status);
     if (check_local_cgi(file, status) < 0)
 	return NULL;
+    writeLocalCookie();
     if ((pid = localcgi_popen_r(&f)) < 0)
 	return NULL;
     else if (pid)
-- 
cgit v1.2.3