/* ** This function implements a cross-platform "system()" interface. */ int fossil_system(const char *zOrigCmd){ int rc; #if defined(_WIN32) /* On windows, we have to put double-quotes around the entire command. ** Who knows why - this is just the way windows works. */ char *zNewCmd = mprintf("\"%s\"", zOrigCmd); wchar_t *zUnicode = fossil_utf8_to_unicode(zNewCmd); if( g.fSystemTrace ) { fossil_trace("SYSTEM: %s\n", zNewCmd); } rc = _wsystem(zUnicode); fossil_unicode_free(zUnicode); free(zNewCmd); #else /* On unix, evaluate the command directly. */ if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd); /* Unix systems should never shell-out while processing an HTTP request, ** either via CGI, SCGI, or direct HTTP. The following assert verifies ** this. And the following assert proves that Fossil is not vulnerable ** to the ShellShock or BashDoor bug. */ assert( g.cgiOutput==0 ); /* The regular system() call works to get a shell on unix */ rc = system(zOrigCmd); #endif return rc; }
/* ** Strip a possible byte-order-mark (BOM) from the blob. On Windows, if there ** is either no BOM at all or an (le/be) UTF-16 BOM, a conversion to UTF-8 is ** done. If useMbcs is false and there is no BOM, the input string is assumed ** to be UTF-8 already, so no conversion is done. */ void blob_to_utf8_no_bom(Blob *pBlob, int useMbcs){ char *zUtf8; int bomSize = 0; #if defined(_WIN32) || defined(__CYGWIN__) int bomReverse = 0; #endif if( starts_with_utf8_bom(pBlob, &bomSize) ){ struct Blob temp; zUtf8 = blob_str(pBlob) + bomSize; blob_zero(&temp); blob_append(&temp, zUtf8, -1); blob_swap(pBlob, &temp); blob_reset(&temp); #if defined(_WIN32) || defined(__CYGWIN__) }else if( starts_with_utf16_bom(pBlob, &bomSize, &bomReverse) ){ zUtf8 = blob_buffer(pBlob); if( bomReverse ){ /* Found BOM, but with reversed bytes */ unsigned int i = blob_size(pBlob); while( i>0 ){ /* swap bytes of unicode representation */ char zTemp = zUtf8[--i]; zUtf8[i] = zUtf8[i-1]; zUtf8[--i] = zTemp; } } /* Make sure the blob contains two terminating 0-bytes */ blob_append(pBlob, "", 1); zUtf8 = blob_str(pBlob) + bomSize; zUtf8 = fossil_unicode_to_utf8(zUtf8); blob_zero(pBlob); blob_append(pBlob, zUtf8, -1); fossil_unicode_free(zUtf8); #endif /* _WIN32 || __CYGWIN__ */ #if defined(_WIN32) }else if( useMbcs ){ zUtf8 = fossil_mbcs_to_utf8(blob_str(pBlob)); blob_reset(pBlob); blob_append(pBlob, zUtf8, -1); fossil_mbcs_free(zUtf8); #endif /* _WIN32 */ } }
/* ** This function implements a cross-platform "system()" interface. */ int fossil_system(const char *zOrigCmd){ int rc; #if defined(_WIN32) /* On windows, we have to put double-quotes around the entire command. ** Who knows why - this is just the way windows works. */ char *zNewCmd = mprintf("\"%s\"", zOrigCmd); wchar_t *zUnicode = fossil_utf8_to_unicode(zNewCmd); if( g.fSystemTrace ) { fossil_trace("SYSTEM: %s\n", zNewCmd); } rc = _wsystem(zUnicode); fossil_unicode_free(zUnicode); free(zNewCmd); #else /* On unix, evaluate the command directly. */ if( g.fSystemTrace ) fprintf(stderr, "SYSTEM: %s\n", zOrigCmd); rc = system(zOrigCmd); #endif return rc; }