diff options
Diffstat (limited to 'source/web/cgi.c')
-rw-r--r-- | source/web/cgi.c | 59 |
1 files changed, 18 insertions, 41 deletions
diff --git a/source/web/cgi.c b/source/web/cgi.c index 07b9f52ff77..f755bb22e90 100644 --- a/source/web/cgi.c +++ b/source/web/cgi.c @@ -19,7 +19,6 @@ #include "includes.h" -#include "../web/swat_proto.h" #define MAX_VARIABLES 10000 @@ -85,20 +84,6 @@ static char *grab_line(FILE *f, int *cl) return ret; } -/** - URL encoded strings can have a '+', which should be replaced with a space - - (This was in rfc1738_unescape(), but that broke the squid helper) -**/ - -static void plus_to_space_unescape(char *buf) -{ - char *p=buf; - - while ((p=strchr_m(p,'+'))) - *p = ' '; -} - /*************************************************************************** load all the variables passed to the CGI program. May have multiple variables with the same name and the same or different values. Takes a file parameter @@ -128,7 +113,7 @@ void cgi_load_variables(void) if (len > 0 && (request_post || ((s=getenv("REQUEST_METHOD")) && - strequal(s,"POST")))) { + strcasecmp(s,"POST")==0))) { while (len && (line=grab_line(f, &len))) { p = strchr_m(line,'='); if (!p) continue; @@ -144,9 +129,7 @@ void cgi_load_variables(void) !variables[num_variables].value) continue; - plus_to_space_unescape(variables[num_variables].value); rfc1738_unescape(variables[num_variables].value); - plus_to_space_unescape(variables[num_variables].name); rfc1738_unescape(variables[num_variables].name); #ifdef DEBUG_COMMENTS @@ -177,9 +160,7 @@ void cgi_load_variables(void) !variables[num_variables].value) continue; - plus_to_space_unescape(variables[num_variables].value); rfc1738_unescape(variables[num_variables].value); - plus_to_space_unescape(variables[num_variables].name); rfc1738_unescape(variables[num_variables].name); #ifdef DEBUG_COMMENTS @@ -203,13 +184,13 @@ void cgi_load_variables(void) convert_string(CH_DISPLAY, CH_UNIX, variables[i].name, -1, - dest, sizeof(dest), True); + dest, sizeof(dest)); free(variables[i].name); variables[i].name = strdup(dest); convert_string(CH_DISPLAY, CH_UNIX, variables[i].value, -1, - dest, sizeof(dest), True); + dest, sizeof(dest)); free(variables[i].value); variables[i].value = strdup(dest); } @@ -242,9 +223,9 @@ static void cgi_setup_error(const char *err, const char *header, const char *inf /* damn browsers don't like getting cut off before they give a request */ char line[1024]; while (fgets(line, sizeof(line)-1, stdin)) { - if (strnequal(line,"GET ", 4) || - strnequal(line,"POST ", 5) || - strnequal(line,"PUT ", 4)) { + if (strncasecmp(line,"GET ", 4)==0 || + strncasecmp(line,"POST ", 5)==0 || + strncasecmp(line,"PUT ", 4)==0) { break; } } @@ -319,7 +300,7 @@ static BOOL cgi_handle_authorization(char *line) fstring user, user_pass; struct passwd *pass = NULL; - if (!strnequal(line,"Basic ", 6)) { + if (strncasecmp(line,"Basic ", 6)) { goto err; } line += 6; @@ -336,11 +317,11 @@ static BOOL cgi_handle_authorization(char *line) convert_string(CH_DISPLAY, CH_UNIX, line, -1, - user, sizeof(user), True); + user, sizeof(user)); convert_string(CH_DISPLAY, CH_UNIX, p+1, -1, - user_pass, sizeof(user_pass), True); + user_pass, sizeof(user_pass)); /* * Try and get the user from the UNIX password file. @@ -360,9 +341,6 @@ static BOOL cgi_handle_authorization(char *line) * Password was ok. */ - if ( initgroups(pass->pw_name, pass->pw_gid) != 0 ) - goto err; - become_user_permanently(pass->pw_uid, pass->pw_gid); /* Save the users name */ @@ -373,8 +351,7 @@ static BOOL cgi_handle_authorization(char *line) } err: - cgi_setup_error("401 Bad Authorization", - "WWW-Authenticate: Basic realm=\"SWAT\"\r\n", + cgi_setup_error("401 Bad Authorization", "", "username or password incorrect"); passwd_free(&pass); @@ -508,22 +485,22 @@ void cgi_setup(const char *rootdir, int auth_required) and handle authentication etc */ while (fgets(line, sizeof(line)-1, stdin)) { if (line[0] == '\r' || line[0] == '\n') break; - if (strnequal(line,"GET ", 4)) { + if (strncasecmp(line,"GET ", 4)==0) { got_request = True; url = strdup(&line[4]); - } else if (strnequal(line,"POST ", 5)) { + } else if (strncasecmp(line,"POST ", 5)==0) { got_request = True; request_post = 1; url = strdup(&line[5]); - } else if (strnequal(line,"PUT ", 4)) { + } else if (strncasecmp(line,"PUT ", 4)==0) { got_request = True; cgi_setup_error("400 Bad Request", "", "This server does not accept PUT requests"); - } else if (strnequal(line,"Authorization: ", 15)) { + } else if (strncasecmp(line,"Authorization: ", 15)==0) { authenticated = cgi_handle_authorization(&line[15]); - } else if (strnequal(line,"Content-Length: ", 16)) { + } else if (strncasecmp(line,"Content-Length: ", 16)==0) { content_length = atoi(&line[16]); - } else if (strnequal(line,"Accept-Language: ", 17)) { + } else if (strncasecmp(line,"Accept-Language: ", 17)==0) { web_set_lang(&line[17]); } /* ignore all other requests! */ @@ -597,7 +574,7 @@ return the hostname of the client char *cgi_remote_host(void) { if (inetd_server) { - return get_peer_name(1,False); + return get_socket_name(1,False); } return getenv("REMOTE_HOST"); } @@ -608,7 +585,7 @@ return the hostname of the client char *cgi_remote_addr(void) { if (inetd_server) { - return get_peer_addr(1); + return get_socket_addr(1); } return getenv("REMOTE_ADDR"); } |