static bool okEscapeCmd(MprTestGroup *gp, char *cmd, char *validCmd)
{
char *escaped;
escaped = mprEscapeCmd(cmd, '\\');
if (strcmp(validCmd, escaped) == 0) {
return 1;
}
mprLog(0, "Cmd \"%s\" is escaped to be \n"
"\"%s\" instead of \n"
"\"%s\"\n", cmd, escaped, validCmd);
return 0;
}
static void copyInner(HttpConn *conn, cchar **envv, int index, cchar *key, cchar *value, cchar *prefix)
{
char *cp;
if (prefix) {
cp = sjoin(prefix, key, "=", value, NULL);
} else {
cp = sjoin(key, "=", value, NULL);
}
if (conn->rx->route->flags & HTTP_ROUTE_ENV_ESCAPE) {
/*
This will escape: &;`'\"|*?~<>^()[]{}$\\\n and also on windows \r%
*/
cp = mprEscapeCmd(cp, 0);
}
envv[index] = cp;
for (; *cp != '='; cp++) {
if (*cp == '-') {
*cp = '_';
} else {
*cp = toupper((uchar) *cp);
}
}
}
/*
Build the command arguments. NOTE: argv is untrusted input.
*/
static void buildArgs(HttpConn *conn, MprCmd *cmd, int *argcp, cchar ***argvp)
{
HttpRx *rx;
HttpTx *tx;
char **argv;
char *indexQuery, *cp, *tok;
cchar *actionProgram, *fileName;
size_t len;
int argc, argind, i;
rx = conn->rx;
tx = conn->tx;
fileName = tx->filename;
assert(fileName);
actionProgram = 0;
argind = 0;
argc = *argcp;
if (tx->ext) {
actionProgram = mprGetMimeProgram(rx->route->mimeTypes, tx->ext);
if (actionProgram != 0) {
argc++;
}
/*
This is an Apache compatible hack for PHP 5.3
*/
mprAddKey(rx->headers, "REDIRECT_STATUS", itos(HTTP_CODE_MOVED_TEMPORARILY));
}
/*
Count the args for ISINDEX queries. Only valid if there is not a "=" in the query.
If this is so, then we must not have these args in the query env also?
*/
indexQuery = rx->parsedUri->query;
if (indexQuery && !strchr(indexQuery, '=')) {
argc++;
for (cp = indexQuery; *cp; cp++) {
if (*cp == '+') {
argc++;
}
}
} else {
indexQuery = 0;
}
#if ME_WIN_LIKE || VXWORKS
{
char *bangScript, *cmdBuf, *program, *cmdScript;
/*
On windows we attempt to find an executable matching the fileName.
We look for *.exe, *.bat and also do unix style processing "#!/program"
*/
findExecutable(conn, &program, &cmdScript, &bangScript, fileName);
assert(program);
if (cmdScript) {
/*
Cmd/Batch script (.bat | .cmd)
Convert the command to the form where there are 4 elements in argv
that cmd.exe can interpret.
argv[0] = cmd.exe
argv[1] = /Q
argv[2] = /C
argv[3] = ""script" args ..."
*/
argc = 4;
len = (argc + 1) * sizeof(char*);
argv = (char**) mprAlloc(len);
memset(argv, 0, len);
argv[argind++] = program; /* Duped in findExecutable */
argv[argind++] = "/Q";
argv[argind++] = "/C";
len = strlen(cmdScript) + 2 + 1;
cmdBuf = mprAlloc(len);
fmt(cmdBuf, len, "\"%s\"", cmdScript);
argv[argind++] = cmdBuf;
mprSetCmdDir(cmd, cmdScript);
/* program will get freed when argv[] gets freed */
} else if (bangScript) {
/*
Script used "#!/program". NOTE: this may be overridden by a mime Action directive.
*/
argc++; /* Adding bangScript arg */
len = (argc + 1) * sizeof(char*);
argv = (char**) mprAlloc(len);
memset(argv, 0, len);
argv[argind++] = program; /* Will get freed when argv[] is freed */
argv[argind++] = bangScript; /* Will get freed when argv[] is freed */
mprSetCmdDir(cmd, bangScript);
} else {
/*
Either unknown extension or .exe (.out) program.
*/
len = (argc + 1) * sizeof(char*);
argv = (char**) mprAlloc(len);
memset(argv, 0, len);
if (actionProgram) {
argv[argind++] = sclone(actionProgram);
}
argv[argind++] = program;
}
}
#else
len = (argc + 1) * sizeof(char*);
argv = mprAlloc(len);
memset(argv, 0, len);
if (actionProgram) {
argv[argind++] = sclone(actionProgram);
}
// OPT - why clone all these string?
argv[argind++] = sclone(fileName);
#endif
/*
ISINDEX queries. Only valid if there is not a "=" in the query. If this is so, then we must not
have these args in the query env also?
FUTURE - should query vars be set in the env?
*/
if (indexQuery) {
indexQuery = sclone(indexQuery);
cp = stok(indexQuery, "+", &tok);
while (cp) {
argv[argind++] = mprEscapeCmd(mprUriDecode(cp), 0);
cp = stok(NULL, "+", &tok);
}
}
assert(argind <= argc);
argv[argind] = 0;
*argcp = argc;
*argvp = (cchar**) argv;
mprDebug("http cgi", 5, "CGI: command:");
for (i = 0; i < argind; i++) {
mprDebug("http cgi", 5, " argv[%d] = %s", i, argv[i]);
}
}
/*
Build the command arguments. NOTE: argv is untrusted input.
*/
static void buildArgs(MaConn *conn, MprCmd *cmd, int *argcp, char ***argvp)
{
MaRequest *req;
MaResponse *resp;
char *fileName, **argv, status[8], *indexQuery, *cp, *tok;
cchar *actionProgram;
int argc, argind, len;
req = conn->request;
resp = conn->response;
fileName = resp->filename;
mprAssert(fileName);
actionProgram = 0;
argind = 0;
argc = *argcp;
if (resp->extension) {
actionProgram = maGetMimeActionProgram(req->host, resp->extension);
if (actionProgram != 0) {
argc++;
}
}
/*
This is an Apache compatible hack for PHP 5.3
*/
mprItoa(status, sizeof(status), MPR_HTTP_CODE_MOVED_TEMPORARILY, 10);
mprAddHash(req->headers, "REDIRECT_STATUS", mprStrdup(req, status));
/*
Count the args for ISINDEX queries. Only valid if there is not a "=" in the query.
If this is so, then we must not have these args in the query env also?
*/
indexQuery = req->parsedUri->query;
if (indexQuery && !strchr(indexQuery, '=')) {
argc++;
for (cp = indexQuery; *cp; cp++) {
if (*cp == '+') {
argc++;
}
}
} else {
indexQuery = 0;
}
#if BLD_WIN_LIKE || VXWORKS
{
char *bangScript, *cmdBuf, *program, *cmdScript;
/*
On windows we attempt to find an executable matching the fileName.
We look for *.exe, *.bat and also do unix style processing "#!/program"
*/
findExecutable(conn, &program, &cmdScript, &bangScript, fileName);
mprAssert(program);
if (cmdScript) {
/*
Cmd/Batch script (.bat | .cmd)
Convert the command to the form where there are 4 elements in argv
that cmd.exe can interpret.
argv[0] = cmd.exe
argv[1] = /Q
argv[2] = /C
argv[3] = ""script" args ..."
*/
argc = 4;
len = (argc + 1) * sizeof(char*);
argv = (char**) mprAlloc(cmd, len);
memset(argv, 0, len);
argv[argind++] = program; /* Duped in findExecutable */
argv[argind++] = mprStrdup(cmd, "/Q");
argv[argind++] = mprStrdup(cmd, "/C");
len = (int) strlen(cmdScript) + 2 + 1;
cmdBuf = (char*) mprAlloc(cmd, len);
mprSprintf(cmdBuf, len, "\"%s\"", cmdScript);
argv[argind++] = cmdBuf;
mprSetCmdDir(cmd, cmdScript);
mprFree(cmdScript);
/* program will get freed when argv[] gets freed */
} else if (bangScript) {
/*
Script used "#!/program". NOTE: this may be overridden by a mime
Action directive.
*/
argc++; /* Adding bangScript arg */
len = (argc + 1) * sizeof(char*);
argv = (char**) mprAlloc(cmd, len);
memset(argv, 0, len);
argv[argind++] = program; /* Will get freed when argv[] is freed */
argv[argind++] = bangScript; /* Will get freed when argv[] is freed */
mprSetCmdDir(cmd, bangScript);
} else {
/*
Either unknown extension or .exe (.out) program.
*/
len = (argc + 1) * sizeof(char*);
argv = (char**) mprAlloc(cmd, len);
memset(argv, 0, len);
if (actionProgram) {
argv[argind++] = mprStrdup(cmd, actionProgram);
}
argv[argind++] = program;
}
}
#else
len = (argc + 1) * (int) sizeof(char*);
argv = (char**) mprAlloc(cmd, len);
memset(argv, 0, len);
if (actionProgram) {
argv[argind++] = mprStrdup(cmd, actionProgram);
}
argv[argind++] = mprStrdup(cmd, fileName);
#endif
/*
ISINDEX queries. Only valid if there is not a "=" in the query. If this is so, then we must not
have these args in the query env also?
*/
if (indexQuery) {
indexQuery = mprStrdup(cmd, indexQuery);
cp = mprStrTok(indexQuery, "+", &tok);
while (cp) {
argv[argind++] = mprEscapeCmd(resp, mprUrlDecode(resp, cp), 0);
cp = mprStrTok(NULL, "+", &tok);
}
}
mprAssert(argind <= argc);
argv[argind] = 0;
*argcp = argc;
*argvp = argv;
}
