From 549ee1cc09be5bbdc613649eb9be3ebc122c0331 Mon Sep 17 00:00:00 2001
From: Fumitoshi UKAI <ukai@debian.or.jp>
Date: Wed, 15 Jan 2003 17:13:21 +0000
Subject: [w3m-dev 03644] Re: Other user can see local cookie. * cookie.c
 (save_cookies): return if no_rc_dir * etc.c (tmpf_base): add cookie 
 (tmpfname): use tmp_dir instead of rc_dir * file.c (loadGeneralFile): cookie
 is not passed via URL * fm.h (TMPF_COOKIE): incl 	(MAX_TMPF_TYPE): incl 
 (no_rc_dir): added 	(tmp_dir): added 	(config_file): added * local.c
 (Local_cookie_file): added 	(writeLocalCookie): added 
 (setLocalCookie): dont set environment LOCAL_COOKIE 	(localcgi_post):
 writeLocalCookie 	(localcgi_get): writeLocalCookie * main.c
 (config_filename): deleted 	(cmd_loadURL): arg FormList 	(main):
 rewrite config_file, rc 	(ldhelp): no cookie in URL 	(cmd_loadURL):
 arg FormList 	(goURL0): cmd_loadURL change 	(cmd_loadBuffer): cmd_loadURL
 change 	(adBmark): cookie is posted 	(follow_map): cmd_loadURL
 change 	(linkMn): cmd_loadURL change 	(reinit): init_rc change *
 proto.h (create_option_search_table): deleted 	(init_rc): no args * rc.c
 (create_option_search_table): static 	(init_rc): no args 	
 rewrite 	(optionpanel_src1): rewrite 	(load_option_panel):
 html_quote 	(panel_set_option): no_rc_dir * w3mbookmark.c: rewrite *
 w3mhelperpanel.c: rewrite * scripts/dirlist.cgi.in: rewrite *
 scripts/w3mhelp.cgi.in: rewrite * scripts/w3mmail.cgi.in: rewrite *
 scripts/multipart/multipart.cgi.in: rewrite From: Hironori SAKAMOTO
 <hsaka@mth.biglobe.ne.jp>

---
 rc.c | 70 ++++++++++++++++++++++++++++++++++++++++++++------------------------
 1 file changed, 45 insertions(+), 25 deletions(-)

(limited to 'rc.c')

diff --git a/rc.c b/rc.c
index 103c02e..3215c31 100644
--- a/rc.c
+++ b/rc.c
@@ -1,4 +1,4 @@
-/* $Id: rc.c,v 1.74 2002/12/27 16:07:44 ukai Exp $ */
+/* $Id: rc.c,v 1.75 2003/01/15 17:13:22 ukai Exp $ */
 /* 
  * Initialization file etc.
  */
@@ -847,7 +847,7 @@ compare_table(struct rc_search_table *a, struct rc_search_table *b)
     return strcmp(a->param->name, b->param->name);
 }
 
-void
+static void
 create_option_search_table()
 {
     int i, j, k;
@@ -1366,24 +1366,25 @@ sync_with_option(void)
 }
 
 void
-init_rc(char *config_filename)
+init_rc(void)
 {
+    int i;
     struct stat st;
     FILE *f;
-    char *tmpdir;
 
-    if (((tmpdir = getenv("TMP")) == NULL || *tmpdir == '\0')
-	&& ((tmpdir = getenv("TEMP")) == NULL || *tmpdir == '\0')
-	&& ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0'))
-	tmpdir = "/tmp";
+    if (config_file != NULL)
+	goto open_rc;
+
+    rc_dir = expandName(RC_DIR);
+    i = strlen(rc_dir);
+    if (i > 1 && rc_dir[i - 1] == '/')
+        rc_dir[i - 1] = '\0';
 
     if (stat(rc_dir, &st) < 0) {
 	if (errno == ENOENT) {	/* no directory */
 	    if (do_mkdir(rc_dir, 0700) < 0) {
 		fprintf(stderr, "Can't create config directory (%s)!", rc_dir);
-		rc_dir = tmpdir;
-		rc_dir_is_tmp = TRUE;
-		return;
+		goto rc_dir_err;
 	    }
 	    else {
 		stat(rc_dir, &st);
@@ -1391,37 +1392,56 @@ init_rc(char *config_filename)
 	}
 	else {
 	    fprintf(stderr, "Can't open config directory (%s)!", rc_dir);
-	    rc_dir = tmpdir;
-	    rc_dir_is_tmp = TRUE;
-	    return;
+	    goto rc_dir_err;
 	}
     }
     if (!S_ISDIR(st.st_mode)) {
 	/* not a directory */
 	fprintf(stderr, "%s is not a directory!", rc_dir);
-	rc_dir = tmpdir;
-	rc_dir_is_tmp = TRUE;
-	return;
+	goto rc_dir_err;
     }
+    if (!(st.st_mode & S_IWUSR)) {
+	fprintf(stderr, "%s is not writable!", rc_dir);
+	goto rc_dir_err;
+    }
+    no_rc_dir = FALSE;
+    tmp_dir = rc_dir;
+
+    if (config_file == NULL)
+	config_file = rcFile(CONFIG_FILE);
+
+    create_option_search_table();
 
+  open_rc:
     /* open config file */
     if ((f = fopen(etcFile(W3MCONFIG), "rt")) != NULL) {
 	interpret_rc(f);
 	fclose(f);
     }
-    config_file = config_filename;
-    if (config_file == NULL)
-	config_file = rcFile(CONFIG_FILE);
     if ((f = fopen(config_file, "rt")) != NULL) {
 	interpret_rc(f);
 	fclose(f);
     }
+    return;
+
+  rc_dir_err:
+    no_rc_dir = TRUE;
+    if (((tmp_dir = getenv("TMPDIR")) == NULL || *tmp_dir == '\0') &&
+	((tmp_dir = getenv("TMP")) == NULL || *tmp_dir == '\0') &&
+	((tmp_dir = getenv("TEMP")) == NULL || *tmp_dir == '\0'))
+	tmp_dir = "/tmp";
 }
 
 
 static char optionpanel_src1[] =
-    "<html><head><title>Option Setting Panel</title></head>\
-<body><center><b>Option Setting Panel</b><br><b>(w3m version %s)</b></center><p>\n" "<a href=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "?mode=panel&cookie=%s\">%s</a>\n" "<form method=internal action=option>";
+    "<html><head><title>Option Setting Panel</title></head><body>\
+<h1 align=center>Option Setting Panel<br>(w3m version %s)</b></h1>\
+<form method=post action=\"file:///$LIB/" W3MHELPERPANEL_CMDNAME "\">\
+<input type=hidden name=mode value=panel>\
+<input type=hidden name=cookie value=\"%s\">\
+<input type=submit value=\"%s\">\
+</form><br>\
+<form method=internal action=option>";
 
 static Str
 to_str(struct param_ptr *p)
@@ -1458,8 +1478,8 @@ to_str(struct param_ptr *p)
 Buffer *
 load_option_panel(void)
 {
-    Str src = Sprintf(optionpanel_src1, w3m_version,
-		      (Str_form_quote(Local_cookie))->ptr, CMT_HELPER);
+    Str src = Sprintf(optionpanel_src1, html_quote(w3m_version),
+		      html_quote(Local_cookie->ptr), CMT_HELPER);
     struct param_ptr *p;
     struct sel_c *s;
     int x, i;
@@ -1530,7 +1550,7 @@ panel_set_option(struct parsed_tagarg *arg)
 {
     FILE *f = NULL;
 
-    if (rc_dir_is_tmp) {
+    if (no_rc_dir) {
 	disp_message("There's no ~/.w3m directory... config not saved", FALSE);
     }
     else {
-- 
cgit v1.2.3