static Str to_str(struct param_ptr *p) { switch (p->type) { case P_INT: #ifdef USE_COLOR case P_COLOR: #endif #ifdef USE_M17N case P_CODE: return Sprintf("%d", (int)(*(wc_ces *) p->varptr)); #endif case P_NZINT: return Sprintf("%d", *(int *)p->varptr); case P_SHORT: return Sprintf("%d", *(short *)p->varptr); case P_CHARINT: return Sprintf("%d", *(char *)p->varptr); case P_CHAR: return Sprintf("%c", *(char *)p->varptr); case P_STRING: #if defined(USE_SSL) && defined(USE_SSL_VERIFY) case P_SSLPATH: #endif /* SystemCharset -> InnerCharset */ return Strnew_charp(conv_from_system(*(char **)p->varptr)); case P_PIXELS: case P_SCALE: return Sprintf("%g", *(double *)p->varptr); } /* not reached */ return NULL; }
void ssl_accept_this_site(char *hostname) { if (hostname) accept_this_site = Strnew_charp(hostname); else accept_this_site = NULL; }
Str find_cookie(ParsedURL *pu) { Str tmp; struct cookie *p, *p1, *fco = NULL; int version = 0; char *fq_domainname, *domainname; dump(Strnew_charp("GET")); load_cookies_sync(); fq_domainname = FQDN(pu->host); check_expired_cookies(); for (p = First_cookie; p; p = p->next) { domainname = (p->version == 0) ? fq_domainname : pu->host; if (p->flag & COO_USE && match_cookie(pu, p, domainname)) { for (p1 = fco; p1 && Strcasecmp(p1->name, p->name); p1 = p1->next) ; if (p1) continue; p1 = New(struct cookie); bcopy(p, p1, sizeof(struct cookie)); p1->next = fco; fco = p1; if (p1->version > version) version = p1->version; } } if (!fco) return NULL; tmp = Strnew(); if (version > 0) Strcat(tmp, Sprintf("$Version=\"%d\"; ", version)); Strcat(tmp, make_cookie(fco)); for (p1 = fco->next; p1; p1 = p1->next) { Strcat_charp(tmp, "; "); Strcat(tmp, make_cookie(p1)); if (version > 0) { if (p1->flag & COO_PATH) Strcat(tmp, Sprintf("; $Path=\"%s\"", p1->path->ptr)); if (p1->flag & COO_DOMAIN) Strcat(tmp, Sprintf("; $Domain=\"%s\"", p1->domain->ptr)); if (p1->portl) Strcat(tmp, Sprintf("; $Port=\"%s\"", portlist2str(p1->portl))); } } return tmp; }
Str loadLocalDir(char *dname) { Str tmp; DIR *d; Directory *dir; struct stat st; char **flist; char *p, *qdir; Str fbuf = Strnew(); #ifdef HAVE_LSTAT struct stat lst; #ifdef HAVE_READLINK char lbuf[1024]; #endif /* HAVE_READLINK */ #endif /* HAVE_LSTAT */ int i, l, nrow = 0, n = 0, maxlen = 0; int nfile, nfile_max = 100; Str dirname; d = opendir(dname); if (d == NULL) return NULL; dirname = Strnew_charp(dname); if (Strlastchar(dirname) != '/') Strcat_char(dirname, '/'); qdir = html_quote(Str_conv_from_system(dirname)->ptr); /* FIXME: gettextize? */ tmp = Strnew_m_charp("<HTML>\n<HEAD>\n<BASE HREF=\"file://", html_quote(file_quote(dirname->ptr)), "\">\n<TITLE>Directory list of ", qdir, "</TITLE>\n</HEAD>\n<BODY>\n<H1>Directory list of ", qdir, "</H1>\n", NULL); flist = New_N(char *, nfile_max); nfile = 0; while ((dir = readdir(d)) != NULL) { flist[nfile++] = allocStr(dir->d_name, -1); if (nfile == nfile_max) { nfile_max *= 2; flist = New_Reuse(char *, flist, nfile_max); } if (multicolList) { l = strlen(dir->d_name); if (l > maxlen) maxlen = l; n++; } }
struct form_list * newFormList(char *action, char *method, char *charset, char *enctype, char *target, char *name, struct form_list *_next) { struct form_list *l; Str a = Strnew_charp(action); int m = FORM_METHOD_GET; int e = FORM_ENCTYPE_URLENCODED; #ifdef USE_M17N wc_ces c = 0; #endif if (method == NULL || strcasecmp(method, "get") == 0) m = FORM_METHOD_GET; else if (strcasecmp(method, "post") == 0) m = FORM_METHOD_POST; else if (strcasecmp(method, "internal") == 0) m = FORM_METHOD_INTERNAL; /* unknown method is regarded as 'get' */ if (enctype != NULL && strcasecmp(enctype, "multipart/form-data") == 0) { e = FORM_ENCTYPE_MULTIPART; if (m == FORM_METHOD_GET) m = FORM_METHOD_POST; } #ifdef USE_M17N if (charset != NULL) c = wc_guess_charset(charset, 0); #endif l = New(struct form_list); l->item = l->lastitem = NULL; l->action = a; l->method = m; #ifdef USE_M17N l->charset = c; #endif l->enctype = e; l->target = target; l->name = name; l->next = _next; l->nitems = 0; l->body = NULL; l->length = 0; return l; }
static Anchor * _put_anchor_news(Buffer *buf, char *p1, char *p2, int line, int pos) { Str tmp; if (*p1 == '<') { p1++; if (*(p2 - 1) == '>') p2--; } tmp = Strnew_charp("news:"); Strcat_charp_n(tmp, p1, p2 - p1); return registerHref(buf, url_encode(tmp->ptr, baseURL(buf), buf->document_charset), NULL, NO_REFERER, NULL, '\0', line, pos); }
Buffer * follow_map_panel(Buffer *buf, char *name) { Str mappage; MapList *ml; ListItem *al; MapArea *a; ParsedURL pu; char *p, *q; Buffer *newbuf; ml = searchMapList(buf, name); if (ml == NULL) return NULL; mappage = Strnew_charp(map1); for (al = ml->area->first; al != NULL; al = al->next) { a = (MapArea *) al->ptr; if (!a) continue; parseURL2(a->url, &pu, baseURL(buf)); p = parsedURL2Str(&pu)->ptr; q = html_quote(p); if (DecodeURL) p = html_quote(url_unquote_conv(p, buf->document_charset)); else p = q; Strcat_m_charp(mappage, "<tr valign=top><td><a href=\"", q, "\">", html_quote(*a->alt ? a->alt : mybasename(a->url)), "</a><td>", p, NULL); } Strcat_charp(mappage, "</table></body></html>"); newbuf = loadHTMLString(mappage); #ifdef USE_M17N if (newbuf) newbuf->document_charset = buf->document_charset; #endif return newbuf; }
char * inputLineHistSearch(char *prompt, char *def_str, int flag, Hist *hist, int (*incrfunc) (int ch, Str str, Lineprop *prop)) { int opos, x, y, lpos, rpos, epos; unsigned char c; char *p; #ifdef USE_M17N Str tmp; #endif is_passwd = FALSE; move_word = TRUE; CurrentHist = hist; if (hist != NULL) { use_hist = TRUE; strCurrentBuf = NULL; } else { use_hist = FALSE; } if (flag & IN_URL) { cm_mode = CPL_ALWAYS | CPL_URL; } else if (flag & IN_FILENAME) { cm_mode = CPL_ALWAYS; } else if (flag & IN_PASSWORD) { cm_mode = CPL_NEVER; is_passwd = TRUE; move_word = FALSE; } else if (flag & IN_COMMAND) cm_mode = CPL_ON; else cm_mode = CPL_OFF; opos = get_strwidth(prompt); epos = CLEN - opos; if (epos < 0) epos = 0; lpos = epos / 3; rpos = epos * 2 / 3; offset = 0; if (def_str) { strBuf = Strnew_charp(def_str); CLen = CPos = setStrType(strBuf, strProp); } else { strBuf = Strnew(); CLen = CPos = 0; } #ifdef SUPPORT_WIN9X_CONSOLE_MBCS enable_win9x_console_input(); #endif i_cont = TRUE; i_broken = FALSE; i_quote = FALSE; cm_next = FALSE; cm_disp_next = -1; need_redraw = FALSE; #ifdef USE_M17N wc_char_conv_init(wc_guess_8bit_charset(DisplayCharset), InnerCharset); #endif do { x = calcPosition(strBuf->ptr, strProp, CLen, CPos, 0, CP_FORCE); if (x - rpos > offset) { y = calcPosition(strBuf->ptr, strProp, CLen, CLen, 0, CP_AUTO); if (y - epos > x - rpos) offset = x - rpos; else if (y - epos > 0) offset = y - epos; } else if (x - lpos < offset) { if (x - lpos > 0) offset = x - lpos; else offset = 0; } move(LASTLINE, 0); addstr(prompt); if (is_passwd) addPasswd(strBuf->ptr, strProp, CLen, offset, COLS - opos); else addStr(strBuf->ptr, strProp, CLen, offset, COLS - opos); clrtoeolx(); move(LASTLINE, opos + x - offset); refresh(); next_char: c = getch(); #ifdef __EMX__ if (c == 0) { if (!(c = getcntrl())) goto next_char; } #endif cm_clear = TRUE; cm_disp_clear = TRUE; if (!i_quote && (((cm_mode & CPL_ALWAYS) && (c == CTRL_I || c == ' ')) || ((cm_mode & CPL_ON) && (c == CTRL_I)))) { if (emacs_like_lineedit && cm_next) { _dcompl(); need_redraw = TRUE; } else { _compl(); cm_disp_next = -1; } } else if (!i_quote && CLen == CPos && (cm_mode & CPL_ALWAYS || cm_mode & CPL_ON) && c == CTRL_D) { if (!emacs_like_lineedit) { _dcompl(); need_redraw = TRUE; } } else if (!i_quote && c == DEL_CODE) { _bs(); cm_next = FALSE; cm_disp_next = -1; } else if (!i_quote && c < 0x20) { /* Control code */ if (incrfunc == NULL || (c = incrfunc((int)c, strBuf, strProp)) < 0x20) (*InputKeymap[(int)c]) (c); if (incrfunc && c != (unsigned char)-1 && c != CTRL_J) incrfunc(-1, strBuf, strProp); if (cm_clear) cm_next = FALSE; if (cm_disp_clear) cm_disp_next = -1; } #ifdef USE_M17N else { tmp = wc_char_conv(c); if (tmp == NULL) { i_quote = TRUE; goto next_char; } i_quote = FALSE; cm_next = FALSE; cm_disp_next = -1; if (CLen + tmp->length > STR_LEN || !tmp->length) goto next_char; ins_char(tmp); if (incrfunc) incrfunc(-1, strBuf, strProp); } #else else { i_quote = FALSE; cm_next = FALSE; cm_disp_next = -1; if (CLen >= STR_LEN) goto next_char; insC(); strBuf->ptr[CPos] = c; if (!is_passwd && get_mctype(&c) == PC_CTRL) strProp[CPos] = PC_CTRL; else strProp[CPos] = PC_ASCII; CPos++; if (incrfunc) incrfunc(-1, strBuf, strProp); } #endif if (CLen && (flag & IN_CHAR)) break; } while (i_cont);
Str ssl_get_certificate(SSL * ssl, char *hostname) { BIO *bp; X509 *x; X509_NAME *xn; char *p; int len; Str s; char buf[2048]; Str amsg = NULL; Str emsg; char *ans; if (ssl == NULL) return NULL; x = SSL_get_peer_certificate(ssl); if (x == NULL) { if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) ans = "y"; else { /* FIXME: gettextize? */ emsg = Strnew_charp("No SSL peer certificate: accept? (y/n)"); ans = inputAnswer(emsg->ptr); } if (ans && TOLOWER(*ans) == 'y') /* FIXME: gettextize? */ amsg = Strnew_charp ("Accept SSL session without any peer certificate"); else { /* FIXME: gettextize? */ char *e = "This SSL session was rejected " "to prevent security violation: no peer certificate"; disp_err_message(e, FALSE); free_ssl_ctx(); return NULL; } if (amsg) disp_err_message(amsg->ptr, FALSE); ssl_accept_this_site(hostname); /* FIXME: gettextize? */ s = amsg ? amsg : Strnew_charp("valid certificate"); return s; } #ifdef USE_SSL_VERIFY /* check the cert chain. * The chain length is automatically checked by OpenSSL when we * set the verify depth in the ctx. */ if (ssl_verify_server) { long verr; if ((verr = SSL_get_verify_result(ssl)) != X509_V_OK) { const char *em = X509_verify_cert_error_string(verr); if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) ans = "y"; else { /* FIXME: gettextize? */ emsg = Sprintf("%s: accept? (y/n)", em); ans = inputAnswer(emsg->ptr); } if (ans && TOLOWER(*ans) == 'y') { /* FIXME: gettextize? */ amsg = Sprintf("Accept unsecure SSL session: " "unverified: %s", em); } else { /* FIXME: gettextize? */ char *e = Sprintf("This SSL session was rejected: %s", em)->ptr; disp_err_message(e, FALSE); free_ssl_ctx(); return NULL; } } } #endif emsg = ssl_check_cert_ident(x, hostname); if (emsg != NULL) { if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) ans = "y"; else { Str ep = Strdup(emsg); if (ep->length > COLS - 16) Strshrink(ep, ep->length - (COLS - 16)); Strcat_charp(ep, ": accept? (y/n)"); ans = inputAnswer(ep->ptr); } if (ans && TOLOWER(*ans) == 'y') { /* FIXME: gettextize? */ amsg = Strnew_charp("Accept unsecure SSL session:"); Strcat(amsg, emsg); } else { /* FIXME: gettextize? */ char *e = "This SSL session was rejected " "to prevent security violation"; disp_err_message(e, FALSE); free_ssl_ctx(); return NULL; } } if (amsg) disp_err_message(amsg->ptr, FALSE); ssl_accept_this_site(hostname); /* FIXME: gettextize? */ s = amsg ? amsg : Strnew_charp("valid certificate"); Strcat_charp(s, "\n"); xn = X509_get_subject_name(x); if (X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)) == -1) Strcat_charp(s, " subject=<unknown>"); else Strcat_m_charp(s, " subject=", buf, NULL); xn = X509_get_issuer_name(x); if (X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)) == -1) Strcat_charp(s, ": issuer=<unknown>"); else Strcat_m_charp(s, ": issuer=", buf, NULL); Strcat_charp(s, "\n\n"); bp = BIO_new(BIO_s_mem()); X509_print(bp, x); len = (int)BIO_ctrl(bp, BIO_CTRL_INFO, 0, (char *)&p); Strcat_charp_n(s, p, len); BIO_free_all(bp); X509_free(x); return s; }
static Str ssl_check_cert_ident(X509 * x, char *hostname) { int i; Str ret = NULL; int match_ident = FALSE; /* * All we need to do here is check that the CN matches. * * From RFC2818 3.1 Server Identity: * If a subjectAltName extension of type dNSName is present, that MUST * be used as the identity. Otherwise, the (most specific) Common Name * field in the Subject field of the certificate MUST be used. Although * the use of the Common Name is existing practice, it is deprecated and * Certification Authorities are encouraged to use the dNSName instead. */ i = X509_get_ext_by_NID(x, NID_subject_alt_name, -1); if (i >= 0) { X509_EXTENSION *ex; STACK_OF(GENERAL_NAME) * alt; ex = X509_get_ext(x, i); alt = X509V3_EXT_d2i(ex); if (alt) { int n; GENERAL_NAME *gn; X509V3_EXT_METHOD *method; Str seen_dnsname = NULL; n = sk_GENERAL_NAME_num(alt); for (i = 0; i < n; i++) { gn = sk_GENERAL_NAME_value(alt, i); if (gn->type == GEN_DNS) { char *sn = ASN1_STRING_data(gn->d.ia5); int sl = ASN1_STRING_length(gn->d.ia5); if (!seen_dnsname) seen_dnsname = Strnew(); /* replace \0 to make full string visible to user */ if (sl != strlen(sn)) { int i; for (i = 0; i < sl; ++i) { if (!sn[i]) sn[i] = '!'; } } Strcat_m_charp(seen_dnsname, sn, " ", NULL); if (sl == strlen(sn) /* catch \0 in SAN */ && ssl_match_cert_ident(sn, sl, hostname)) break; } } method = X509V3_EXT_get(ex); sk_GENERAL_NAME_free(alt); if (i < n) /* Found a match */ match_ident = TRUE; else if (seen_dnsname) /* FIXME: gettextize? */ ret = Sprintf("Bad cert ident from %s: dNSName=%s", hostname, seen_dnsname->ptr); } } if (match_ident == FALSE && ret == NULL) { X509_NAME *xn; char buf[2048]; int slen; xn = X509_get_subject_name(x); slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)); if ( slen == -1) /* FIXME: gettextize? */ ret = Strnew_charp("Unable to get common name from peer cert"); else if (slen != strlen(buf) || !ssl_match_cert_ident(buf, strlen(buf), hostname)) { /* replace \0 to make full string visible to user */ if (slen != strlen(buf)) { int i; for (i = 0; i < slen; ++i) { if (!buf[i]) buf[i] = '!'; } } /* FIXME: gettextize? */ ret = Sprintf("Bad cert ident %s from %s", buf, hostname); } else match_ident = TRUE; } return ret; }
int add_cookie(ParsedURL *pu, Str name, Str value, time_t expires, Str domain, Str path, int flag, Str comment, int version, Str port, Str commentURL) { struct cookie *p; char *domainname = (version == 0) ? FQDN(pu->host) : pu->host; Str odomain = domain, opath = path; struct portlist *portlist = NULL; int use_security = !(flag & COO_OVERRIDE); #define COOKIE_ERROR(err) if(!((err) & COO_OVERRIDE_OK) || use_security) return (err) #ifdef DEBUG fprintf(stderr, "host: [%s, %s] %d\n", pu->host, pu->file, flag); fprintf(stderr, "cookie: [%s=%s]\n", name->ptr, value->ptr); fprintf(stderr, "expires: [%s]\n", asctime(gmtime(&expires))); if (domain) fprintf(stderr, "domain: [%s]\n", domain->ptr); if (path) fprintf(stderr, "path: [%s]\n", path->ptr); fprintf(stderr, "version: [%d]\n", version); if (port) fprintf(stderr, "port: [%s]\n", port->ptr); #endif /* DEBUG */ /* [RFC 2109] s. 4.3.2 case 2; but this (no request-host) shouldn't happen */ if (!domainname) return COO_ENODOT; if (domain) { char *dp; /* [DRAFT 12] s. 4.2.2 (does not apply in the case that * host name is the same as domain attribute for version 0 * cookie) * I think that this rule has almost the same effect as the * tail match of [NETSCAPE]. */ if (domain->ptr[0] != '.' && (version > 0 || strcasecmp(domainname, domain->ptr) != 0)) domain = Sprintf(".%s", domain->ptr); if (version == 0) { /* [NETSCAPE] rule */ int n = total_dot_number(domain->ptr, domain->ptr + domain->length, 3); if (n < 2) { if (! check_avoid_wrong_number_of_dots_domain(domain)) { COOKIE_ERROR(COO_ESPECIAL); } } else if (n == 2) { char **sdomain; int ok = 0; for (sdomain = special_domain; !ok && *sdomain; sdomain++) { int offset = domain->length - strlen(*sdomain); if (offset >= 0 && strcasecmp(*sdomain, &domain->ptr[offset]) == 0) ok = 1; } if (!ok && ! check_avoid_wrong_number_of_dots_domain(domain)) { COOKIE_ERROR(COO_ESPECIAL); } } } else { /* [DRAFT 12] s. 4.3.2 case 2 */ if (strcasecmp(domain->ptr, ".local") != 0 && contain_no_dots(&domain->ptr[1], &domain->ptr[domain->length])) COOKIE_ERROR(COO_ENODOT); } /* [RFC 2109] s. 4.3.2 case 3 */ if (!(dp = domain_match(domainname, domain->ptr))) COOKIE_ERROR(COO_EDOM); /* [RFC 2409] s. 4.3.2 case 4 */ /* Invariant: dp contains matched domain */ if (version > 0 && !contain_no_dots(domainname, dp)) COOKIE_ERROR(COO_EBADHOST); } if (path) { /* [RFC 2109] s. 4.3.2 case 1 */ if (version > 0 && strncmp(path->ptr, pu->file, path->length) != 0) COOKIE_ERROR(COO_EPATH); } if (port) { /* [DRAFT 12] s. 4.3.2 case 5 */ portlist = make_portlist(port); if (portlist && !port_match(portlist, pu->port)) COOKIE_ERROR(COO_EPORT); } if (!domain) domain = Strnew_charp(domainname); if (!path) { path = Strnew_charp(pu->file); while (path->length > 0 && Strlastchar(path) != '/') Strshrink(path, 1); if (Strlastchar(path) == '/') Strshrink(path, 1); } p = get_cookie_info(domain, path, name); if (!p) { p = New(struct cookie); p->flag = 0; if (default_use_cookie) p->flag |= COO_USE; p->next = First_cookie; First_cookie = p; }
static int ftp_login(FTP ftp) { int sock, status; sock = openSocket(ftp->host, "ftp", 21); if (sock < 0) goto open_err; if (ftppass_hostnamegen && !strcmp(ftp->user, "anonymous")) { size_t n = strlen(ftp->pass); if (n > 0 && ftp->pass[n - 1] == '@') { #ifdef INET6 struct sockaddr_storage sockname; #else struct sockaddr_in sockname; #endif socklen_t socknamelen = sizeof(sockname); if (!getsockname(sock, (struct sockaddr *)&sockname, &socknamelen)) { struct hostent *sockent; Str tmp = Strnew_charp(ftp->pass); #ifdef INET6 char hostbuf[NI_MAXHOST]; if (getnameinfo((struct sockaddr *)&sockname, socknamelen, hostbuf, sizeof hostbuf, NULL, 0, NI_NAMEREQD) == 0) Strcat_charp(tmp, hostbuf); else if (getnameinfo((struct sockaddr *)&sockname, socknamelen, hostbuf, sizeof hostbuf, NULL, 0, NI_NUMERICHOST) == 0) Strcat_m_charp(tmp, "[", hostbuf, "]", NULL); else Strcat_charp(tmp, "unknown"); #else if ((sockent = gethostbyaddr((char *)&sockname.sin_addr, sizeof(sockname.sin_addr), sockname.sin_family))) Strcat_charp(tmp, sockent->h_name); else Strcat_m_charp(tmp, "[", inet_ntoa(sockname.sin_addr), "]", NULL); #endif ftp->pass = tmp->ptr; } } } ftp->rf = newInputStream(sock); ftp->wf = fdopen(dup(sock), "wb"); if (!ftp->rf || !ftp->wf) goto open_err; IStype(ftp->rf) |= IST_UNCLOSE; ftp_command(ftp, NULL, NULL, &status); if (status != 220) goto open_err; if (fmInitialized) { message(Sprintf("Sending FTP username (%s) to remote server.", ftp->user)->ptr, 0, 0); refresh(); } ftp_command(ftp, "USER", ftp->user, &status); /* * Some ftp daemons(e.g. publicfile) return code 230 for user command. */ if (status == 230) goto succeed; if (status != 331) goto open_err; if (fmInitialized) { message("Sending FTP password to remote server.", 0, 0); refresh(); } ftp_command(ftp, "PASS", ftp->pass, &status); if (status != 230) goto open_err; succeed: return TRUE; open_err: ftp_close(ftp); return FALSE; }
Str loadNewsgroup0(ParsedURL *pu) #endif { volatile Str page; Str tmp; URLFile f; Buffer *buf; char *qgroup, *p, *q, *s, *t, *n; char *volatile scheme, *volatile group, *volatile list; int status, i, first, last; volatile int flag = 0, start = 0, end = 0; MySignalHandler(*volatile prevtrap) (SIGNAL_ARG) = NULL; #ifdef USE_M17N wc_ces doc_charset = DocumentCharset, mime_charset; *charset = WC_CES_US_ASCII; #endif if (current_news.host == NULL || !pu->file || *pu->file == '\0') return NULL; group = allocStr(pu->file, -1); if (pu->scheme == SCM_NNTP_GROUP) scheme = "/"; else scheme = "news:"; if ((list = strchr(group, '/'))) { /* <newsgroup>/<start-number>-<end-number> */ *list++ = '\0'; } if (fmInitialized) { message(Sprintf("Reading newsgroup %s...", group)->ptr, 0, 0); refresh(); } qgroup = html_quote(group); group = file_unquote(group); page = Strnew_m_charp("<html>\n<head>\n<base href=\"", parsedURL2Str(pu)->ptr, "\">\n<title>Newsgroup: ", qgroup, "</title>\n</head>\n<body>\n<h1>Newsgroup: ", qgroup, "</h1>\n<hr>\n", NULL); if (SETJMP(AbortLoading) != 0) { news_close(¤t_news); Strcat_charp(page, "</table>\n<p>Transfer Interrupted!\n"); goto news_end; } TRAP_ON; tmp = news_command(¤t_news, "GROUP", group, &status); if (status != 211) goto news_list; if (sscanf(tmp->ptr, "%d %d %d %d", &status, &i, &first, &last) != 4) goto news_list; if (list && *list) { if ((p = strchr(list, '-'))) { *p++ = '\0'; end = atoi(p); } start = atoi(list); if (start > 0) { if (start < first) start = first; if (end <= 0) end = start + MaxNewsMessage - 1; } } if (start <= 0) { start = first; end = last; if (end - start > MaxNewsMessage - 1) start = end - MaxNewsMessage + 1; } page = Sprintf("<html>\n<head>\n<base href=\"%s\">\n\ <title>Newsgroup: %s %d-%d</title>\n\ </head>\n<body>\n<h1>Newsgroup: %s %d-%d</h1>\n<hr>\n", parsedURL2Str(pu)->ptr, qgroup, start, end, qgroup, start, end); if (start > first) { i = start - MaxNewsMessage; if (i < first) i = first; Strcat(page, Sprintf("<a href=\"%s%s/%d-%d\">[%d-%d]</a>\n", scheme, qgroup, i, start - 1, i, start - 1)); } Strcat_charp(page, "<table>\n"); news_command(¤t_news, "XOVER", Sprintf("%d-%d", start, end)->ptr, &status); if (status == 224) { f.scheme = SCM_NEWS; while (true) { tmp = StrISgets(current_news.rf); if (NEWS_ENDLINE(tmp->ptr)) break; if (sscanf(tmp->ptr, "%d", &i) != 1) continue; if (!(s = strchr(tmp->ptr, '\t'))) continue; s++; if (!(n = strchr(s, '\t'))) continue; *n++ = '\0'; if (!(t = strchr(n, '\t'))) continue; *t++ = '\0'; if (!(p = strchr(t, '\t'))) continue; *p++ = '\0'; if (*p == '<') p++; if (!(q = strchr(p, '>')) && !(q = strchr(p, '\t'))) continue; *q = '\0'; tmp = decodeMIME(Strnew_charp(s), &mime_charset); s = convertLine(&f, tmp, HEADER_MODE, mime_charset ? &mime_charset : charset, mime_charset ? mime_charset : doc_charset)->ptr; tmp = decodeMIME(Strnew_charp(n), &mime_charset); n = convertLine(&f, tmp, HEADER_MODE, mime_charset ? &mime_charset : charset, mime_charset ? mime_charset : doc_charset)->ptr; add_news_message(page, i, t, n, s, p, scheme, pu->scheme == SCM_NNTP_GROUP ? qgroup : NULL); } } else { init_stream(&f, SCM_NEWS, current_news.rf); buf = newBuffer(INIT_BUFFER_WIDTH); for (i = start; i <= end && i <= last; i++) { news_command(¤t_news, "HEAD", Sprintf("%d", i)->ptr, &status); if (status != 221) continue; readHeader(&f, buf, FALSE, NULL); if (!(p = checkHeader(buf, "Message-ID:"))) continue; if (*p == '<') p++; if (!(q = strchr(p, '>')) && !(q = strchr(p, '\t'))) *q = '\0'; if (!(s = checkHeader(buf, "Subject:"))) continue; if (!(n = checkHeader(buf, "From:"))) continue; if (!(t = checkHeader(buf, "Date:"))) continue; add_news_message(page, i, t, n, s, p, scheme, pu->scheme == SCM_NNTP_GROUP ? qgroup : NULL); } } Strcat_charp(page, "</table>\n"); if (end < last) { i = end + MaxNewsMessage; if (i > last) i = last; Strcat(page, Sprintf("<a href=\"%s%s/%d-%d\">[%d-%d]</a>\n", scheme, qgroup, end + 1, i, end + 1, i)); } flag = 1; news_list: tmp = Sprintf("ACTIVE %s", group); if (!strchr(group, '*')) Strcat_charp(tmp, ".*"); news_command(¤t_news, "LIST", tmp->ptr, &status); if (status != 215) goto news_end; while (true) { tmp = StrISgets(current_news.rf); if (NEWS_ENDLINE(tmp->ptr)) break; if (flag < 2) { if (flag == 1) Strcat_charp(page, "<hr>\n"); Strcat_charp(page, "<table>\n"); flag = 2; } p = tmp->ptr; for (q = p; *q && !IS_SPACE(*q); q++) ; *(q++) = '\0'; if (sscanf(q, "%d %d", &last, &first) == 2 && last >= first) i = last - first + 1; else i = 0; Strcat(page, Sprintf ("<tr><td align=right>%d<td><a href=\"%s%s\">%s</a>\n", i, scheme, html_quote(file_quote(p)), html_quote(p))); } if (flag == 2) Strcat_charp(page, "</table>\n"); news_end: Strcat_charp(page, "</body>\n</html>\n"); TRAP_OFF; return page; }
static int createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level, int force_reload) { int r, c, t_stack; URLFile f2; #ifdef USE_M17N wc_ces charset, doc_charset; #endif char *d_target, *p_target, *s_target, *t_target; ParsedURL *currentURL, base; MySignalHandler(*volatile prevtrap) (SIGNAL_ARG) = NULL; int flag; if (f == NULL) return -1; if (level == 0) { if (SETJMP(AbortLoading) != 0) { TRAP_OFF; return -1; } TRAP_ON; f->name = "_top"; } if (level > 7) { fputs("Too many frameset tasked.\n", f1); return -1; } if (level == 0) { fprintf(f1, "<html><head><title>%s</title></head><body>\n", html_quote(current->buffername)); fputs("<table hborder width=\"100%\">\n", f1); } else fputs("<table hborder>\n", f1); currentURL = f->currentURL ? f->currentURL : ¤t->currentURL; for (r = 0; r < f->row; r++) { fputs("<tr valign=top>\n", f1); for (c = 0; c < f->col; c++) { union frameset_element frame; struct frameset *f_frameset; int i = c + r * f->col; char *p = ""; int status = R_ST_NORMAL; Str tok = Strnew(); int pre_mode = 0; int end_tag = 0; frame = f->frame[i]; if (frame.element == NULL) { fputs("<td>\n</td>\n", f1); continue; } fputs("<td", f1); if (frame.element->name) fprintf(f1, " id=\"_%s\"", html_quote(frame.element->name)); if (!r) fprintf(f1, " width=\"%s\"", f->width[c]); fputs(">\n", f1); flag = 0; if (force_reload) { flag |= RG_NOCACHE; if (frame.element->attr == F_BODY) unloadFrame(frame.body); } switch (frame.element->attr) { default: /* FIXME: gettextize? */ fprintf(f1, "Frameset \"%s\" frame %d: type unrecognized", html_quote(f->name), i + 1); break; case F_UNLOADED: if (!frame.body->name && f->name) { frame.body->name = Sprintf("%s_%d", f->name, i)->ptr; } fflush(f1); f_frameset = frame_download_source(frame.body, currentURL, current->baseURL, flag); if (f_frameset) { deleteFrame(frame.body); f->frame[i].set = frame.set = f_frameset; goto render_frameset; } /* fall through */ case F_BODY: init_stream(&f2, SCM_LOCAL, NULL); if (frame.body->source) { fflush(f1); examineFile(frame.body->source, &f2); } if (f2.stream == NULL) { frame.body->attr = F_UNLOADED; if (frame.body->flags & FB_NO_BUFFER) /* FIXME: gettextize? */ fprintf(f1, "Open %s with other method", html_quote(frame.body->url)); else if (frame.body->url) /* FIXME: gettextize? */ fprintf(f1, "Can't open %s", html_quote(frame.body->url)); else /* FIXME: gettextize? */ fprintf(f1, "This frame (%s) contains no src attribute", frame.body->name ? html_quote(frame.body->name) : "(no name)"); break; } parseURL2(frame.body->url, &base, currentURL); p_target = f->name; s_target = frame.body->name; t_target = "_blank"; d_target = TargetSelf ? s_target : t_target; #ifdef USE_M17N charset = WC_CES_US_ASCII; if (current->document_charset != WC_CES_US_ASCII) doc_charset = current->document_charset; else doc_charset = DocumentCharset; #endif t_stack = 0; if (frame.body->type && !strcasecmp(frame.body->type, "text/plain")) { Str tmp; fprintf(f1, "<pre>\n"); while ((tmp = StrmyUFgets(&f2))->length) { tmp = convertLine(NULL, tmp, HTML_MODE, &charset, doc_charset); fprintf(f1, "%s", html_quote(tmp->ptr)); } fprintf(f1, "</pre>\n"); UFclose(&f2); break; } do { int is_tag = FALSE; char *q; struct parsed_tag *tag; do { if (*p == '\0') { Str tmp = StrmyUFgets(&f2); if (tmp->length == 0) break; tmp = convertLine(NULL, tmp, HTML_MODE, &charset, doc_charset); p = tmp->ptr; } read_token(tok, &p, &status, 1, status != R_ST_NORMAL); } while (status != R_ST_NORMAL); if (tok->length == 0) continue; if (tok->ptr[0] == '<') { if (tok->ptr[1] && REALLY_THE_BEGINNING_OF_A_TAG(tok->ptr)) is_tag = TRUE; else if (!(pre_mode & (RB_PLAIN | RB_INTXTA | RB_SCRIPT | RB_STYLE))) { p = Strnew_m_charp(tok->ptr + 1, p, NULL)->ptr; tok = Strnew_charp("<"); } } if (is_tag) { if (pre_mode & (RB_PLAIN | RB_INTXTA | RB_SCRIPT | RB_STYLE)) { q = tok->ptr; if ((tag = parse_tag(&q, FALSE)) && tag->tagid == end_tag) { if (pre_mode & RB_PLAIN) { fputs("</PRE_PLAIN>", f1); pre_mode = 0; end_tag = 0; goto token_end; } pre_mode = 0; end_tag = 0; goto proc_normal; } if (strncmp(tok->ptr, "<!--", 4) && (q = strchr(tok->ptr + 1, '<'))) { tok = Strnew_charp_n(tok->ptr, q - tok->ptr); p = Strnew_m_charp(q, p, NULL)->ptr; status = R_ST_NORMAL; } is_tag = FALSE; } else if (pre_mode & RB_INSELECT) { q = tok->ptr; if ((tag = parse_tag(&q, FALSE))) { if ((tag->tagid == end_tag) || (tag->tagid == HTML_N_FORM)) { if (tag->tagid == HTML_N_FORM) fputs("</SELECT>", f1); pre_mode = 0; end_tag = 0; goto proc_normal; } if (t_stack) { switch (tag->tagid) { case HTML_TABLE: case HTML_N_TABLE: CASE_TABLE_TAG: fputs("</SELECT>", f1); pre_mode = 0; end_tag = 0; goto proc_normal; } } } } } proc_normal: if (is_tag) { char *q = tok->ptr; int j, a_target = 0; ParsedURL url; if (!(tag = parse_tag(&q, FALSE))) goto token_end; switch (tag->tagid) { case HTML_TITLE: fputs("<!-- title:", f1); goto token_end; case HTML_N_TITLE: fputs("-->", f1); goto token_end; case HTML_BASE: /* "BASE" is prohibit tag */ if (parsedtag_get_value(tag, ATTR_HREF, &q)) { q = url_encode(remove_space(q), NULL, charset); parseURL(q, &base, NULL); } if (parsedtag_get_value(tag, ATTR_TARGET, &q)) { if (!strcasecmp(q, "_self")) d_target = s_target; else if (!strcasecmp(q, "_parent")) d_target = p_target; else d_target = url_quote_conv(q, charset); } Strshrinkfirst(tok, 1); Strshrink(tok, 1); fprintf(f1, "<!-- %s -->", html_quote(tok->ptr)); goto token_end; case HTML_META: if (parsedtag_get_value(tag, ATTR_HTTP_EQUIV, &q) && !strcasecmp(q, "refresh")) { if (parsedtag_get_value(tag, ATTR_CONTENT, &q) ) { Str s_tmp = NULL; int refresh_interval = getMetaRefreshParam(q, &s_tmp); if (s_tmp) { q = html_quote(s_tmp->ptr); fprintf(f1, "Refresh (%d sec) <a href=\"%s\">%s</a>\n", refresh_interval, q, q); } } } #ifdef USE_M17N if (UseContentCharset && parsedtag_get_value(tag, ATTR_HTTP_EQUIV, &q) && !strcasecmp(q, "Content-Type") && parsedtag_get_value(tag, ATTR_CONTENT, &q) && (q = strcasestr(q, "charset")) != NULL) { q += 7; SKIP_BLANKS(q); if (*q == '=') { wc_ces c; q++; SKIP_BLANKS(q); if ((c = wc_guess_charset(q, 0)) != 0) { doc_charset = c; charset = WC_CES_US_ASCII; } } } #endif /* fall thru, "META" is prohibit tag */ case HTML_HEAD: case HTML_N_HEAD: case HTML_BODY: case HTML_N_BODY: case HTML_DOCTYPE: /* prohibit_tags */ Strshrinkfirst(tok, 1); Strshrink(tok, 1); fprintf(f1, "<!-- %s -->", html_quote(tok->ptr)); goto token_end; case HTML_TABLE: t_stack++; break; case HTML_N_TABLE: t_stack--; if (t_stack < 0) { t_stack = 0; Strshrinkfirst(tok, 1); Strshrink(tok, 1); fprintf(f1, "<!-- table stack underflow: %s -->", html_quote(tok->ptr)); goto token_end; } break; CASE_TABLE_TAG: /* table_tags MUST be in table stack */ if (!t_stack) { Strshrinkfirst(tok, 1); Strshrink(tok, 1); fprintf(f1, "<!-- %s -->", html_quote(tok->ptr)); goto token_end; } break; case HTML_SELECT: pre_mode = RB_INSELECT; end_tag = HTML_N_SELECT; break; case HTML_TEXTAREA: pre_mode = RB_INTXTA; end_tag = HTML_N_TEXTAREA; break; case HTML_SCRIPT: pre_mode = RB_SCRIPT; end_tag = HTML_N_SCRIPT; break; case HTML_STYLE: pre_mode = RB_STYLE; end_tag = HTML_N_STYLE; break; case HTML_LISTING: pre_mode = RB_PLAIN; end_tag = HTML_N_LISTING; fputs("<PRE_PLAIN>", f1); goto token_end; case HTML_XMP: pre_mode = RB_PLAIN; end_tag = HTML_N_XMP; fputs("<PRE_PLAIN>", f1); goto token_end; case HTML_PLAINTEXT: pre_mode = RB_PLAIN; end_tag = MAX_HTMLTAG; fputs("<PRE_PLAIN>", f1); goto token_end; default: break; } for (j = 0; j < TagMAP[tag->tagid].max_attribute; j++) { switch (tag->attrid[j]) { case ATTR_SRC: case ATTR_HREF: case ATTR_ACTION: if (!tag->value[j]) break; tag->value[j] = url_encode(remove_space(tag->value[j]), &base, charset); tag->need_reconstruct = TRUE; parseURL2(tag->value[j], &url, &base); if (url.scheme == SCM_UNKNOWN || #ifndef USE_W3MMAILER url.scheme == SCM_MAILTO || #endif url.scheme == SCM_MISSING) break; a_target |= 1; tag->value[j] = parsedURL2Str(&url)->ptr; parsedtag_set_value(tag, ATTR_REFERER, parsedURL2Str(&base)->ptr); #ifdef USE_M17N if (tag->attrid[j] == ATTR_ACTION && charset != WC_CES_US_ASCII) parsedtag_set_value(tag, ATTR_CHARSET, wc_ces_to_charset (charset)); #endif break; case ATTR_TARGET: if (!tag->value[j]) break; a_target |= 2; if (!strcasecmp(tag->value[j], "_self")) { parsedtag_set_value(tag, ATTR_TARGET, s_target); } else if (!strcasecmp(tag->value[j], "_parent")) { parsedtag_set_value(tag, ATTR_TARGET, p_target); } break; case ATTR_NAME: case ATTR_ID: if (!tag->value[j]) break; parsedtag_set_value(tag, ATTR_FRAMENAME, s_target); break; } } if (a_target == 1) { /* there is HREF attribute and no TARGET * attribute */ parsedtag_set_value(tag, ATTR_TARGET, d_target); } if (parsedtag_need_reconstruct(tag)) tok = parsedtag2str(tag); Strfputs(tok, f1); } else { if (pre_mode & RB_PLAIN) fprintf(f1, "%s", html_quote(tok->ptr)); else if (pre_mode & RB_INTXTA) fprintf(f1, "%s", html_quote(html_unquote(tok->ptr))); else Strfputs(tok, f1); } token_end: Strclear(tok); } while (*p != '\0' || !iseos(f2.stream)); if (pre_mode & RB_PLAIN) fputs("</PRE_PLAIN>\n", f1); else if (pre_mode & RB_INTXTA) fputs("</TEXTAREA></FORM>\n", f1); else if (pre_mode & RB_INSELECT) fputs("</SELECT></FORM>\n", f1); else if (pre_mode & (RB_SCRIPT | RB_STYLE)) { if (status != R_ST_NORMAL) fputs(correct_irrtag(status)->ptr, f1); if (pre_mode & RB_SCRIPT) fputs("</SCRIPT>\n", f1); else if (pre_mode & RB_STYLE) fputs("</STYLE>\n", f1); } while (t_stack--) fputs("</TABLE>\n", f1); UFclose(&f2); break; case F_FRAMESET: render_frameset: if (!frame.set->name && f->name) { frame.set->name = Sprintf("%s_%d", f->name, i)->ptr; } createFrameFile(frame.set, f1, current, level + 1, force_reload); break; } fputs("</td>\n", f1); } fputs("</tr>\n", f1); } fputs("</table>\n", f1); if (level == 0) { fputs("</body></html>\n", f1); TRAP_OFF; } return 0; }
Str loadFTPDir0(ParsedURL *pu) #endif { Str FTPDIRtmp; Str tmp; int status; volatile int sv_type; char *realpathname, *fn, *q; char **flist; int i, nfile, nfile_max; MySignalHandler(*volatile prevtrap) (SIGNAL_ARG) = NULL; #ifdef USE_M17N wc_ces doc_charset = DocumentCharset; *charset = WC_CES_US_ASCII; #endif if (current_ftp.data == NULL) return NULL; tmp = ftp_command(¤t_ftp, "SYST", NULL, &status); if (strstr(tmp->ptr, "UNIX") != NULL || !strncmp(tmp->ptr + 4, "Windows_NT", 10)) /* :-) */ sv_type = UNIXLIKE_SERVER; else sv_type = SERVER_NONE; if (pu->file == NULL || *pu->file == '\0') { if (sv_type == UNIXLIKE_SERVER) ftp_command(¤t_ftp, "LIST", NULL, &status); else ftp_command(¤t_ftp, "NLST", NULL, &status); pu->file = "/"; } else { realpathname = file_unquote(pu->file); if (*realpathname == '/' && *(realpathname + 1) == '~') realpathname++; if (sv_type == UNIXLIKE_SERVER) { ftp_command(¤t_ftp, "CWD", realpathname, &status); if (status == 250) ftp_command(¤t_ftp, "LIST", NULL, &status); } else ftp_command(¤t_ftp, "NLST", realpathname, &status); } if (status != 125 && status != 150) { fclose(current_ftp.data); current_ftp.data = NULL; return NULL; } tmp = parsedURL2Str(pu); if (Strlastchar(tmp) != '/') Strcat_char(tmp, '/'); fn = html_quote(tmp->ptr); tmp = convertLine(NULL, Strnew_charp(file_unquote(tmp->ptr)), RAW_MODE, charset, doc_charset); q = html_quote(tmp->ptr); FTPDIRtmp = Strnew_m_charp("<html>\n<head>\n<base href=\"", fn, "\">\n<title>", q, "</title>\n</head>\n<body>\n<h1>Index of ", q, "</h1>\n", NULL); if (SETJMP(AbortLoading) != 0) { if (sv_type == UNIXLIKE_SERVER) Strcat_charp(FTPDIRtmp, "</a></pre>\n"); else Strcat_charp(FTPDIRtmp, "</a></ul>\n"); Strcat_charp(FTPDIRtmp, "<p>Transfer Interrupted!\n"); goto ftp_end; } TRAP_ON; if (sv_type == UNIXLIKE_SERVER) Strcat_charp(FTPDIRtmp, "<pre>\n"); else Strcat_charp(FTPDIRtmp, "<ul>\n<li>"); Strcat_charp(FTPDIRtmp, "<a href=\"..\">[Upper Directory]</a>\n"); nfile_max = 100; flist = New_N(char *, nfile_max); nfile = 0; if (sv_type == UNIXLIKE_SERVER) { char *name, *link, *date, *size, *type_str; int ftype, max_len, len, j; max_len = 20; while (tmp = Strfgets(current_ftp.data), tmp->length > 0) { Strchop(tmp); if ((ftype = ex_ftpdir_name_size_date(tmp->ptr, &name, &link, &date, &size)) == FTPDIR_NONE) continue; if (!strcmp(".", name) || !strcmp("..", name)) continue; len = strlen(name); if (!len) continue; if (ftype == FTPDIR_DIR) { len++; type_str = "/"; } else if (ftype == FTPDIR_LINK) { len++; type_str = "@"; } else { type_str = " "; } if (max_len < len) max_len = len; flist[nfile++] = Sprintf("%s%s\n%s %5s%s", name, type_str, date, size, link)->ptr; if (nfile == nfile_max) { nfile_max *= 2; flist = New_Reuse(char *, flist, nfile_max); } }
InputStream openFTPStream(ParsedURL *pu, URLFile *uf) { Str tmp; int status; char *user = NULL; char *pass = NULL; Str uname = NULL; Str pwd = NULL; int add_auth_cookie_flag = FALSE; char *realpathname = NULL; if (!pu->host) return NULL; if (pu->user == NULL && pu->pass == NULL) { if (find_auth_user_passwd(pu, NULL, &uname, &pwd, 0)) { if (uname) user = uname->ptr; if (pwd) pass = pwd->ptr; } } if (user) /* do nothing */ ; else if (pu->user) user = pu->user; else user = "******"; if (current_ftp.host) { if (!strcmp(current_ftp.host, pu->host) && current_ftp.port == pu->port && !strcmp(current_ftp.user, user)) { ftp_command(¤t_ftp, "NOOP", NULL, &status); if (status != 200) ftp_close(¤t_ftp); else goto ftp_read; } else ftp_quit(¤t_ftp); } if (pass) /* do nothing */ ; else if (pu->pass) pass = pu->pass; else if (pu->user) { pwd = NULL; find_auth_user_passwd(pu, NULL, &uname, &pwd, 0); if (pwd == NULL) { if (fmInitialized) { term_raw(); pwd = Strnew_charp(inputLine("Password: "******"Password: "******"Password: "******"anonymous"); #else tmp = Strnew_charp("anonymous"); #endif /* __MINGW32_VERSION */ Strcat_char(tmp, '@'); pass = tmp->ptr; } if (!current_ftp.host) { current_ftp.host = allocStr(pu->host, -1); current_ftp.port = pu->port; current_ftp.user = allocStr(user, -1); current_ftp.pass = allocStr(pass, -1); if (!ftp_login(¤t_ftp)) return NULL; } if (add_auth_cookie_flag) add_auth_user_passwd(pu, NULL, uname, pwd, 0); ftp_read: ftp_command(¤t_ftp, "TYPE", "I", &status); if (ftp_pasv(¤t_ftp) < 0) { ftp_quit(¤t_ftp); return NULL; } if (pu->file == NULL || *pu->file == '\0' || pu->file[strlen(pu->file) - 1] == '/') goto ftp_dir; realpathname = file_unquote(pu->file); if (*realpathname == '/' && *(realpathname + 1) == '~') realpathname++; /* Get file */ uf->modtime = ftp_modtime(¤t_ftp, realpathname); ftp_command(¤t_ftp, "RETR", realpathname, &status); if (status == 125 || status == 150) return newFileStream(current_ftp.data, (void (*)())closeFTPdata); ftp_dir: pu->scheme = SCM_FTPDIR; return NULL; }
/* * add <input> element to form_list */ struct form_item_list * formList_addInput(struct form_list *fl, struct parsed_tag *tag) { struct form_item_list *item; char *p; int i; /* if not in <form>..</form> environment, just ignore <input> tag */ if (fl == NULL) return NULL; item = New(struct form_item_list); item->type = FORM_UNKNOWN; item->size = -1; item->rows = 0; item->checked = item->init_checked = 0; item->accept = 0; item->name = NULL; item->value = item->init_value = NULL; item->readonly = false; if (parsedtag_get_value(tag, ATTR_TYPE, &p)) { item->type = formtype(p); if (item->size < 0 && (item->type == FORM_INPUT_TEXT || item->type == FORM_INPUT_FILE || item->type == FORM_INPUT_PASSWORD)) item->size = FORM_I_TEXT_DEFAULT_SIZE; } if (parsedtag_get_value(tag, ATTR_NAME, &p)) item->name = Strnew_charp(p); if (parsedtag_get_value(tag, ATTR_VALUE, &p)) item->value = item->init_value = Strnew_charp(p); item->checked = item->init_checked = parsedtag_exists(tag, ATTR_CHECKED); item->accept = parsedtag_exists(tag, ATTR_ACCEPT); parsedtag_get_value(tag, ATTR_SIZE, &item->size); parsedtag_get_value(tag, ATTR_MAXLENGTH, &item->maxlength); item->readonly = parsedtag_exists(tag, ATTR_READONLY); if (parsedtag_get_value(tag, ATTR_TEXTAREANUMBER, &i)) item->value = item->init_value = textarea_str[i]; #ifdef MENU_SELECT if (parsedtag_get_value(tag, ATTR_SELECTNUMBER, &i)) item->select_option = select_option[i].first; #endif /* MENU_SELECT */ if (parsedtag_get_value(tag, ATTR_ROWS, &p)) item->rows = atoi(p); if (item->type == FORM_UNKNOWN) { /* type attribute is missing. Ignore the tag. */ return NULL; } #ifdef MENU_SELECT if (item->type == FORM_SELECT) { chooseSelectOption(item, item->select_option); item->init_selected = item->selected; item->init_value = item->value; item->init_label = item->label; } #endif /* MENU_SELECT */ if (item->type == FORM_INPUT_FILE && item->value && item->value->length) { /* security hole ! */ return NULL; } item->parent = fl; item->next = NULL; if (fl->item == NULL) { fl->item = fl->lastitem = item; } else { fl->lastitem->next = item; fl->lastitem = item; } if (item->type == FORM_INPUT_HIDDEN) return NULL; fl->nitems++; return item; }
int main(int argc, char *argv[], char **envp) { Str mailcapfile; extern char *getenv(); char *p; int length; Str qs = NULL; struct parsed_tagarg *cgiarg; char *mode; char *sent_cookie; GC_INIT(); p = getenv("REQUEST_METHOD"); if (p == NULL || strcasecmp(p, "post")) goto request_err; p = getenv("CONTENT_LENGTH"); if (p == NULL || (length = atoi(p)) <= 0) goto request_err; qs = Strfgets(stdin); Strchop(qs); if (qs->length != length) goto request_err; cgiarg = cgistr2tagarg(qs->ptr); p = getenv("LOCAL_COOKIE_FILE"); if (p) { FILE *f = fopen(p, "r"); if (f) { local_cookie = Strfgets(f)->ptr; fclose(f); } } sent_cookie = tag_get_value(cgiarg, "cookie"); if (local_cookie == NULL || sent_cookie == NULL || strcmp(local_cookie, sent_cookie) != 0) { /* Local cookie doesn't match */ bye("Local cookie doesn't match: It may be an illegal execution", ""); } mode = tag_get_value(cgiarg, "mode"); mailcapfile = Strnew_charp(expandPath(USER_MAILCAP)); if (mode && !strcmp(mode, "edit")) { char *referer; /* check if I can edit my mailcap */ if ((referer = getenv("HTTP_REFERER")) != NULL) { if (strncmp(referer, "file://", 7) != 0 && strncmp(referer, "exec://", 7) != 0) { /* referer is not file: nor exec: */ bye("It may be an illegal execution\n referer=", referer); } } /* edit mailcap */ editMailcap(mailcapfile->ptr, cgiarg); } else { /* initial panel */ printMailcapPanel(mailcapfile->ptr); } return 0; request_err: bye("Incomplete Request:", qs ? qs->ptr : "(null)"); exit(1); }