u = (struct urlcontent *) malloc(sizeof(struct urlcontent));
u->next = WC->urlstrings;
WC->urlstrings = u;
- strcpy(u->url_key, buf);
+ safestrncpy(u->url_key, buf, sizeof u->url_key);
/* now chop that part off */
for (a = 0; a <= b; ++a)
strcpy(ptr, "");
u->url_data = malloc(strlen(up) + 2);
- strcpy(u->url_data, up);
+ safestrncpy(u->url_data, up, strlen(up) + 1);
u->url_data[b] = 0;
unescape_input(u->url_data);
up = ptr;
do_template("trailing");
}
+ /* If we've been saving it all up for one big output burst,
+ * go ahead and do that now.
+ */
+ end_burst();
}
int do_room_banner, /* 0=no, 1=yes, */
/* 2 = I'm going to embed my own, so don't open the */
- /* <div id="text"> either. */
+ /* <div id="content"> either. */
int unset_cookies, /* 1 = session is terminating, so unset the cookies */
int refresh30, /* 1 = automatically refresh page every 30 seconds */
httpdate(httpnow, time(NULL));
if (do_httpheaders) {
- wprintf("Content-type: text/html\n"
- "Server: %s / %s\n", SERVER, serv_info.serv_software
+ wprintf("Content-type: text/html; charset=utf-8\r\n"
+ "Server: %s / %s\n"
+ "Connection: close\r\n",
+ SERVER, serv_info.serv_software
+ );
+ }
+
+ if (cache) {
+ wprintf("Pragma: public\r\n"
+ "Cache-Control: max-age=3600, must-revalidate\r\n"
+ "Last-modified: %s\r\n",
+ httpnow
+ );
+ }
+ else {
+ wprintf("Pragma: no-cache\r\n"
+ "Cache-Control: no-store\r\n"
);
- if (!cache)
- wprintf("Connection: close\n"
- "Pragma: no-cache\n"
- "Cache-Control: no-store\n"
- );
}
stuff_to_cookie(cookie, WC->wc_session, WC->wc_username,
WC->wc_password, WC->wc_roomname);
if (unset_cookies) {
- wprintf("Set-cookie: webcit=%s; path=/\n", unset);
+ wprintf("Set-cookie: webcit=%s; path=/\r\n", unset);
} else {
- wprintf("Set-cookie: webcit=%s; path=/\n", cookie);
+ wprintf("Set-cookie: webcit=%s; path=/\r\n", cookie);
if (server_cookie != NULL) {
wprintf("%s\n", server_cookie);
}
}
if (do_htmlhead) {
- wprintf("\n");
+ /* wprintf("\n"); */
+ begin_burst();
if (refresh30) {
svprintf("REFRESHTAG", WCS_STRING, "%s",
}
}
- if (do_room_banner != 2) {
+ if (do_room_banner == 1) {
wprintf("<div id=\"content\">\n");
-
if (strlen(WC->ImportantMessage) > 0) {
+ wprintf("<div id=\"fix_scrollbar_bug\">\n");
do_template("beginbox_nt");
wprintf("<SPAN CLASS=\"errormsg\">"
"%s</SPAN><br />\n", WC->ImportantMessage);
do_template("endbox");
- strcpy(WC->ImportantMessage, "");
+ wprintf("</div>\n");
+ safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
}
}
*/
void http_redirect(char *whichpage) {
wprintf("HTTP/1.0 302 Moved Temporarily\n");
- wprintf("Location: %s\n", whichpage);
- wprintf("URI: %s\n", whichpage);
- wprintf("Content-type: text/html\n\n");
+ wprintf("Location: %s\r\n", whichpage);
+ wprintf("URI: %s\r\n", whichpage);
+ wprintf("Content-type: text/html; charset=utf-8\r\n\r\n");
wprintf("<html><body>\n");
wprintf("you really want to be <A HREF=\"%s\">here</A> now\n",
whichpage);
char buf[SIZ];
serv_puts("NOOP");
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[3] == '*') WC->HaveInstantMessages = 1;
}
*/
void http_transmit_thing(char *thing, size_t length, char *content_type,
int is_static) {
- if (is_static) {
- output_headers(0, 0, 0, 0, 0, 0, 1);
- }
- else {
- output_headers(0, 0, 0, 0, 0, 0, 0);
- }
- wprintf("Content-type: %s\n"
- "Content-length: %ld\n"
- "Server: %s\n"
- "Connection: close\n"
- "\n",
+
+ output_headers(0, 0, 0, 0, 0, 0, is_static);
+
+ wprintf("Content-type: %s\r\n"
+ "Server: %s\r\n"
+ "Connection: close\r\n",
content_type,
- (long) length,
- SERVER
+ SERVER);
+
+#ifdef HAVE_ZLIB
+ /* If we can send the data out compressed, please do so. */
+ if (WC->gzip_ok) {
+ char *compressed_data = NULL;
+ uLongf compressed_len;
+
+ compressed_len = (uLongf) ((length * 101) / 100) + 100;
+ compressed_data = malloc(compressed_len);
+
+ if (compress_gzip((Bytef *) compressed_data,
+ &compressed_len,
+ (Bytef *) thing,
+ (uLongf) length, Z_BEST_SPEED) == Z_OK) {
+ wprintf("Content-encoding: gzip\r\n"
+ "Content-length: %ld\r\n"
+ "\r\n",
+ (long) compressed_len
+ );
+ client_write(compressed_data, (size_t)compressed_len);
+ free(compressed_data);
+ return;
+ }
+ }
+#endif
+
+ /* No compression ... just send it out as-is */
+ wprintf("Content-length: %ld\r\n"
+ "\r\n",
+ (long) length
);
client_write(thing, (size_t)length);
}
void output_static(char *what)
{
- char buf[4096];
+ char buf[256];
FILE *fp;
struct stat statbuf;
off_t bytes;
char *bigbuffer;
- char content_type[SIZ];
+ char content_type[128];
sprintf(buf, "static/%s", what);
fp = fopen(buf, "rb");
if (fp == NULL) {
wprintf("HTTP/1.0 404 %s\n", strerror(errno));
- wprintf("Content-Type: text/plain\n");
- wprintf("\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
wprintf("Cannot open %s: %s\n", what, strerror(errno));
} else {
if (!strncasecmp(&what[strlen(what) - 4], ".gif", 4))
- strcpy(content_type, "image/gif");
+ safestrncpy(content_type, "image/gif", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".txt", 4))
- strcpy(content_type, "text/plain");
+ safestrncpy(content_type, "text/plain", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".css", 4))
- strcpy(content_type, "text/css");
+ safestrncpy(content_type, "text/css", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".jpg", 4))
- strcpy(content_type, "image/jpeg");
+ safestrncpy(content_type, "image/jpeg", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".png", 4))
- strcpy(content_type, "image/png");
+ safestrncpy(content_type, "image/png", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".ico", 4))
- strcpy(content_type, "image/x-icon");
+ safestrncpy(content_type, "image/x-icon", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 5], ".html", 5))
- strcpy(content_type, "text/html");
+ safestrncpy(content_type, "text/html", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".htm", 4))
- strcpy(content_type, "text/html");
+ safestrncpy(content_type, "text/html", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".wml", 4))
- strcpy(content_type, "text/vnd.wap.wml");
+ safestrncpy(content_type, "text/vnd.wap.wml", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 5], ".wmls", 5))
- strcpy(content_type, "text/vnd.wap.wmlscript");
+ safestrncpy(content_type, "text/vnd.wap.wmlscript", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 5], ".wmlc", 5))
- strcpy(content_type, "application/vnd.wap.wmlc");
+ safestrncpy(content_type, "application/vnd.wap.wmlc", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 6], ".wmlsc", 6))
- strcpy(content_type, "application/vnd.wap.wmlscriptc");
+ safestrncpy(content_type, "application/vnd.wap.wmlscriptc", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 5], ".wbmp", 5))
- strcpy(content_type, "image/vnd.wap.wbmp");
+ safestrncpy(content_type, "image/vnd.wap.wbmp", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 3], ".js", 3))
- strcpy(content_type, "text/javascript");
+ safestrncpy(content_type, "text/javascript", sizeof content_type);
else
- strcpy(content_type, "application/octet-stream");
+ safestrncpy(content_type, "application/octet-stream", sizeof content_type);
fstat(fileno(fp), &statbuf);
bytes = statbuf.st_size;
- /* lprintf(3, "Static: %s, (%s; %ld bytes)\n",
- what, content_type, bytes); */
bigbuffer = malloc(bytes + 2);
fread(bigbuffer, bytes, 1, fp);
fclose(fp);
off_t bytes;
serv_printf("OIMG %s|%s", bstr("name"), bstr("parm"));
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
bytes = extract_long(&buf[4], 0);
xferbuf = malloc(bytes + 2);
/* Read it from the server */
read_server_binary(xferbuf, bytes);
serv_puts("CLOS");
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
/* Write it to the browser */
http_transmit_thing(xferbuf, (size_t)bytes, "image/gif", 0);
/*
wprintf("HTTP/1.0 404 %s\n", &buf[4]);
output_headers(0, 0, 0, 0, 0, 0, 0);
- wprintf("Content-Type: text/plain\n"
- "\n"
+ wprintf("Content-Type: text/plain\r\n"
+ "\r\n"
"Error retrieving image: %s\n",
&buf[4]
);
char *content = NULL;
serv_printf("OPNA %s|%s", bstr("msgnum"), bstr("partnum"));
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
bytes = extract_long(&buf[4], 0);
content = malloc(bytes + 2);
- extract(content_type, &buf[4], 3);
+ extract_token(content_type, &buf[4], 3, '|', sizeof content_type);
output_headers(0, 0, 0, 0, 0, 0, 0);
read_server_binary(content, bytes);
serv_puts("CLOS");
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
http_transmit_thing(content, bytes, content_type, 0);
free(content);
} else {
wprintf("HTTP/1.0 404 %s\n", &buf[4]);
output_headers(0, 0, 0, 0, 0, 0, 0);
- wprintf("Content-Type: text/plain\n");
- wprintf("\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
wprintf("Error retrieving part: %s\n", &buf[4]);
}
char *content;
serv_printf("OPNA %ld|%s", msgnum, partnum);
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
bytes = extract_long(&buf[4], 0);
- extract(content_type, &buf[4], 3);
+ extract_token(content_type, &buf[4], 3, '|', sizeof content_type);
content = malloc(bytes + 2);
read_server_binary(content, bytes);
serv_puts("CLOS");
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
content[bytes] = 0; /* null terminate for good measure */
return(content);
}
void change_start_page(void) {
if (bstr("startpage") == NULL) {
- strcpy(WC->ImportantMessage,
- "startpage set to null");
+ safestrncpy(WC->ImportantMessage,
+ "startpage set to null",
+ sizeof WC->ImportantMessage);
display_main_menu();
return;
}
- set_preference("startpage", bstr("startpage"));
+ set_preference("startpage", bstr("startpage"), 1);
output_headers(1, 1, 0, 0, 0, 0, 0);
do_template("newstartpage");
void upload_handler(char *name, char *filename, char *partnum, char *disp,
- void *content, char *cbtype, size_t length,
- char *encoding, void *userdata)
+ void *content, char *cbtype, char *cbcharset,
+ size_t length, char *encoding, void *userdata)
{
struct urlcontent *u;
+ lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n",
+ name, cbtype, length);
+
/* Form fields */
if ( (length > 0) && (strlen(cbtype) == 0) ) {
u = (struct urlcontent *) malloc(sizeof(struct urlcontent));
struct httprequest *hptr;
char browser_host[SIZ];
char user_agent[SIZ];
- int body_start;
+ int body_start = 0;
/* We stuff these with the values coming from the client cookies,
* so we can use them to reconnect a timed out session if we have to.
char c_httpauth_pass[SIZ];
char cookie[SIZ];
- strcpy(c_username, "");
- strcpy(c_password, "");
- strcpy(c_roomname, "");
- strcpy(c_httpauth_string, "");
- strcpy(c_httpauth_user, DEFAULT_HTTPAUTH_USER);
- strcpy(c_httpauth_pass, DEFAULT_HTTPAUTH_PASS);
+ safestrncpy(c_username, "", sizeof c_username);
+ safestrncpy(c_password, "", sizeof c_password);
+ safestrncpy(c_roomname, "", sizeof c_roomname);
+ safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
+ safestrncpy(c_httpauth_user, DEFAULT_HTTPAUTH_USER, sizeof c_httpauth_user);
+ safestrncpy(c_httpauth_pass, DEFAULT_HTTPAUTH_PASS, sizeof c_httpauth_pass);
WC->upload_length = 0;
WC->upload = NULL;
hptr = req;
if (hptr == NULL) return;
- strcpy(cmd, hptr->line);
+ safestrncpy(cmd, hptr->line, sizeof cmd);
hptr = hptr->next;
- extract_token(method, cmd, 0, ' ');
+ extract_token(method, cmd, 0, ' ', sizeof method);
extract_action(action, cmd);
while (hptr != NULL) {
- strcpy(buf, hptr->line);
+ safestrncpy(buf, hptr->line, sizeof buf);
hptr = hptr->next;
if (!strncasecmp(buf, "Cookie: webcit=", 15)) {
safestrncpy(cookie, &buf[15], sizeof cookie);
cookie_to_stuff(cookie, NULL,
- c_username, c_password, c_roomname);
+ c_username, sizeof c_username,
+ c_password, sizeof c_password,
+ c_roomname, sizeof c_roomname);
}
else if (!strncasecmp(buf, "Authorization: Basic ", 21)) {
CtdlDecodeBase64(c_httpauth_string, &buf[21], strlen(&buf[21]));
- extract_token(c_httpauth_user, c_httpauth_string, 0, ':');
- extract_token(c_httpauth_pass, c_httpauth_string, 1, ':');
+ extract_token(c_httpauth_user, c_httpauth_string, 0, ':', sizeof c_httpauth_user);
+ extract_token(c_httpauth_pass, c_httpauth_string, 1, ':', sizeof c_httpauth_pass);
}
else if (!strncasecmp(buf, "Content-length: ", 16)) {
ContentLength = atoi(&buf[16]);
ContentType, ContentLength);
body_start = strlen(content);
- /* Be daring and read it all at once. */
+ /* Read the entire input data at once. */
client_read(WC->http_sock, &content[BytesRead+body_start],
ContentLength);
/* Static content can be sent without connecting to Citadel. */
if (!strcasecmp(action, "static")) {
- strcpy(buf, &cmd[12]);
+ safestrncpy(buf, &cmd[12], sizeof buf);
for (a = 0; a < strlen(buf); ++a)
if (isspace(buf[a]))
buf[a] = 0;
}
else {
WC->connected = 1;
- serv_gets(buf); /* get the server welcome message */
+ serv_getln(buf, sizeof buf); /* get the server welcome message */
locate_host(browser_host, WC->http_sock);
get_serv_info(browser_host, user_agent);
if (serv_info.serv_rev_level < MINIMUM_CIT_VERSION) {
&& (strlen(c_httpauth_user) > 0)
&& (strlen(c_httpauth_pass) > 0)) {
serv_printf("USER %s", c_httpauth_user);
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[0] == '3') {
serv_printf("PASS %s", c_httpauth_pass);
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
become_logged_in(c_httpauth_user,
c_httpauth_pass, buf);
- strcpy(WC->httpauth_user, c_httpauth_user);
- strcpy(WC->httpauth_pass, c_httpauth_pass);
+ safestrncpy(WC->httpauth_user, c_httpauth_user, sizeof WC->httpauth_user);
+ safestrncpy(WC->httpauth_pass, c_httpauth_pass, sizeof WC->httpauth_pass);
}
}
}
/*
- * If this isn't a GroupDAV session, it's an ordinary browser
- * connecting to the user interface. Only allow GET and POST
- * methods.
+ * Automatically send requests with any method other than GET or
+ * POST to the GroupDAV code as well.
*/
if ((strcasecmp(method, "GET")) && (strcasecmp(method, "POST"))) {
- wprintf("HTTP/1.1 405 Method Not Allowed\r\n");
- groupdav_common_headers();
- wprintf("Content-Length: 0\r\n\r\n");
+ groupdav_main(req, ContentType, /* do GroupDAV methods */
+ ContentLength, content+body_start);
+ if (!WC->logged_in) {
+ WC->killthis = 1; /* If not logged in, don't */
+ } /* keep the session active */
goto SKIP_ALL_THIS_CRAP;
}
- check_for_instant_messages();
-
/*
* If we're not logged in, but we have username and password cookies
* supplied by the browser, try using them to log in.
&& (strlen(c_username) > 0)
&& (strlen(c_password) > 0)) {
serv_printf("USER %s", c_username);
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[0] == '3') {
serv_printf("PASS %s", c_password);
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
become_logged_in(c_username, c_password, buf);
}
*/
if ((strlen(WC->wc_roomname) == 0) && (strlen(c_roomname) > 0)) {
serv_printf("GOTO %s", c_roomname);
- serv_gets(buf);
+ serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
- strcpy(WC->wc_roomname, c_roomname);
+ safestrncpy(WC->wc_roomname, c_roomname, sizeof WC->wc_roomname);
}
}
+ /*
+ * If there are instant messages waiting, retrieve them for display.
+ */
+ check_for_instant_messages();
+
if (!strcasecmp(action, "image")) {
output_image();
blank_page();
} else if (!strcasecmp(action, "do_template")) {
url_do_template();
+ } else if (!strcasecmp(action, "display_aide_menu")) {
+ display_aide_menu();
} else if (!strcasecmp(action, "display_main_menu")) {
display_main_menu();
} else if (!strcasecmp(action, "whobbs")) {
} else if (!strcasecmp(action, "ungoto")) {
ungoto();
} else if (!strcasecmp(action, "dotgoto")) {
- slrp_highest();
+ if (WC->wc_view != VIEW_MAILBOX) { /* dotgoto acts like dotskip when we're in a mailbox view */
+ slrp_highest();
+ }
smart_goto(bstr("room"));
} else if (!strcasecmp(action, "dotskip")) {
smart_goto(bstr("room"));
display_enter();
} else if (!strcasecmp(action, "post")) {
post_message();
- } else if (!strcasecmp(action, "do_stuff_to_one_msg")) {
- do_stuff_to_one_msg();
} else if (!strcasecmp(action, "move_msg")) {
move_msg();
+ } else if (!strcasecmp(action, "delete_msg")) {
+ delete_msg();
} else if (!strcasecmp(action, "userlist")) {
userlist();
} else if (!strcasecmp(action, "showuser")) {
display_entroom();
} else if (!strcasecmp(action, "entroom")) {
entroom();
+ } else if (!strcasecmp(action, "display_whok")) {
+ display_whok();
+ } else if (!strcasecmp(action, "do_invt_kick")) {
+ do_invt_kick();
} else if (!strcasecmp(action, "display_editroom")) {
display_editroom();
} else if (!strcasecmp(action, "netedit")) {
netedit();
} else if (!strcasecmp(action, "editroom")) {
editroom();
- } else if (!strcasecmp(action, "display_whok")) {
- display_whok();
} else if (!strcasecmp(action, "display_editinfo")) {
display_edit("Room info", "EINF 0", "RINF", "/editinfo", 1);
} else if (!strcasecmp(action, "editinfo")) {
display_edit("Your bio", "NOOP", buf, "editbio", 3);
} else if (!strcasecmp(action, "editbio")) {
save_edit("Your bio", "EBIO", 0);
- } else if (!strcasecmp(action, "confirm_delete_room")) {
- confirm_delete_room();
+ } else if (!strcasecmp(action, "confirm_move_msg")) {
+ confirm_move_msg();
} else if (!strcasecmp(action, "delete_room")) {
delete_room();
} else if (!strcasecmp(action, "validate")) {
} else if (!strcasecmp(action, "editpic")) {
do_graphics_upload("UIMG 1|_userpic_");
} else if (!strcasecmp(action, "display_editroompic")) {
- display_graphics_upload("the graphic for this room",
+ display_graphics_upload("the icon for this room",
"UIMG 0|_roompic_",
"/editroompic");
} else if (!strcasecmp(action, "editroompic")) {
} else if (!strcasecmp(action, "display_editfloorpic")) {
sprintf(buf, "UIMG 0|_floorpic_|%s",
bstr("which_floor"));
- display_graphics_upload("the graphic for this floor",
+ display_graphics_upload("the icon for this floor",
buf,
"/editfloorpic");
} else if (!strcasecmp(action, "editfloorpic")) {
display_inetconf();
} else if (!strcasecmp(action, "save_inetconf")) {
save_inetconf();
+ } else if (!strcasecmp(action, "setup_wizard")) {
+ do_setup_wizard();
+ } else if (!strcasecmp(action, "display_preferences")) {
+ display_preferences();
+ } else if (!strcasecmp(action, "set_preferences")) {
+ set_preferences();
} else if (!strcasecmp(action, "diagnostics")) {
output_headers(1, 1, 1, 0, 0, 0, 0);
projects / citadel.git / blobdiff