#include "webcit.h"
#include "groupdav.h"
#include "webserver.h"
-#include "mime_parser.h"
#include <stdio.h>
#include <stdarg.h>
void urlesc(char *outbuf, char *strbuf)
{
int a, b, c, len, eclen, olen;
- char *ec = " #&;`'|*?-~<>^()[]{}/$\"\\";
+ char *ec = " +#&;`'|*?-~<>^()[]{}/$\"\\";
strcpy(outbuf, "");
len = strlen(strbuf);
* \param target output string
* \param strbuf input string
*/
-void jsesc(char *target, char *strbuf)
+void jsesc(char *target, size_t tlen, char *strbuf)
{
- int a, len;
+ int len;
+ char *tend;
+ char *send;
+ char *tptr;
+ char *sptr;
target[0]='\0';
len = strlen (strbuf);
- for (a = 0; a < len; ++a) {
- if (strbuf[a] == '<')
- strcat(target, "[");
- else if (strbuf[a] == '>')
- strcat(target, "]");
- else if (strbuf[a] == '\"')
- strcat(target, """);
- else if (strbuf[a] == '&')
- strcat(target, "&;");
- else if (strbuf[a] == '\'')
- strcat(target, "\\'");
- else {
- strncat(target, &strbuf[a], 1);
+ send = strbuf + len;
+ sptr = strbuf;
+ tptr = target;
+
+ while (!IsEmptyStr(sptr) &&
+ (sptr < send) &&
+ (tptr < tend)) {
+
+ if (*sptr == '<')
+ *tptr = '[';
+ else if (*sptr == '>')
+ *tptr = ']';
+ else if (*sptr == '\'') {
+ if (tend - tptr < 3)
+ return;
+ *(tptr++) = '\\';
+ *tptr = '\'';
+ }
+ else if (*sptr == '"') {
+ if (tend - tptr < 8)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = 'q';
+ *(tptr++) = 'u';
+ *(tptr++) = 'o';
+ *(tptr++) = 't';
+ *tptr = ';';
}
+ else if (*sptr == '&') {
+ if (tend - tptr < 7)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = 'a';
+ *(tptr++) = 'm';
+ *(tptr++) = 'p';
+ *tptr = ';';
+ } else {
+ *tptr = *sptr;
+ }
+ tptr++; sptr++;
}
+ *tptr = '\0';
}
/**
{
char outbuf[SIZ];
- jsesc(outbuf, strbuf);
+ jsesc(outbuf, SIZ, strbuf);
wprintf("%s", outbuf);
}
* \param target target buffer
* \param strbuf source buffer
*/
-void msgesc(char *target, char *strbuf)
+void msgesc(char *target, size_t tlen, char *strbuf)
{
- int a, len;
+ int len;
+ char *tend;
+ char *send;
+ char *tptr;
+ char *sptr;
- *target='\0';
- len = strlen(strbuf);
- for (a = 0; a < len; ++a) {
- if (strbuf[a] == '\n')
- strcat(target, " ");
- else if (strbuf[a] == '\r')
- strcat(target, " ");
- else if (strbuf[a] == '\'')
- strcat(target, "'");
- else {
- strncat(target, &strbuf[a], 1);
+ target[0]='\0';
+ len = strlen (strbuf);
+ send = strbuf + len;
+ sptr = strbuf;
+ tptr = target;
+
+ while (!IsEmptyStr(sptr) &&
+ (sptr < send) &&
+ (tptr < tend)) {
+
+ if (*sptr == '\n')
+ *tptr = ' ';
+ else if (*sptr == '\r')
+ *tptr = ' ';
+ else if (*sptr == '\'') {
+ if (tend - tptr < 8)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = '#';
+ *(tptr++) = '3';
+ *(tptr++) = '9';
+ *tptr = ';';
+ } else {
+ *tptr = *sptr;
}
+ tptr++; sptr++;
}
+ *tptr = '\0';
}
/**
buflen = 3 * strlen(strbuf) + SIZ;
outbuf = malloc( buflen);
outbuf2 = malloc( buflen);
- msgesc(outbuf, strbuf);
+ msgesc(outbuf, buflen, strbuf);
stresc(outbuf2, buflen, outbuf, 0, 0);
wprintf("%s", outbuf2);
free(outbuf);
*/
void msgescputs(char *strbuf) {
char *outbuf;
+ size_t len;
if (strbuf == NULL) return;
- outbuf = malloc( (3 * strlen(strbuf)) + SIZ);
- msgesc(outbuf, strbuf);
+ len = (3 * strlen(strbuf)) + SIZ;
+ outbuf = malloc(len);
+ msgesc(outbuf, len, strbuf);
wprintf("%s", outbuf);
free(outbuf);
}
wprintf("Content-type: text/html; charset=utf-8\r\n"
"Server: %s / %s\n"
"Connection: close\r\n",
- SERVER, serv_info.serv_software
+ PACKAGE_STRING, serv_info.serv_software
);
}
);
}
- stuff_to_cookie(cookie, WC->wc_session, WC->wc_username,
+ stuff_to_cookie(cookie, 1024, WC->wc_session, WC->wc_username,
WC->wc_password, WC->wc_roomname);
if (unset_cookies) {
"Server: %s\r\n"
"Connection: close\r\n",
content_type,
- SERVER);
+ PACKAGE_STRING);
#ifdef HAVE_ZLIB
/** If we can send the data out compressed, please do so. */
if (WC->gzip_ok) {
char *compressed_data = NULL;
- uLongf compressed_len;
+ size_t compressed_len;
- compressed_len = (uLongf) ((length * 101) / 100) + 100;
+ compressed_len = ((length * 101) / 100) + 100;
compressed_data = malloc(compressed_len);
if (compress_gzip((Bytef *) compressed_data,
* Instead of an ugly 404, send a 1x1 transparent GIF
* when there's no such image on the server.
*/
- output_static("static/blank.gif");
+ char blank_gif[SIZ];
+ snprintf (blank_gif, SIZ, "%s%s", static_dirs[0], "/blank.gif");
+ output_static(blank_gif);
}
"Cache-Control: no-cache\r\n"
"Expires: -1\r\n"
,
- SERVER);
+ PACKAGE_STRING);
begin_burst();
}
wprintf("HTTP/1.1 404 Security check failed\r\n");
wprintf("Content-Type: text/plain\r\n");
wprintf("\r\n");
- wprintf("Security check failed.\r\n");
+ wprintf("You have sent a malformed or invalid request.\r\n");
}
goto SKIP_ALL_THIS_CRAP; /* Don't try to connect */
}
}
}
+/**
+ * \brief Replacement for sleep() that uses select() in order to avoid SIGALRM
+ * \param seconds how many seconds should we sleep?
+ */
+void sleeeeeeeeeep(int seconds)
+{
+ struct timeval tv;
+
+ tv.tv_sec = seconds;
+ tv.tv_usec = 0;
+ select(0, NULL, NULL, NULL, &tv);
+}
+
/*@}*/
projects / citadel.git / blobdiff