/*
* $Id$
- */
-/**
- * \defgroup MainServer This is the main transaction loop of the web service. It maintains a
+ *
+ * This is the main transaction loop of the web service. It maintains a
* persistent session to the Citadel server, handling HTTP WebCit requests as
* they arrive and presenting a user interface.
- * \ingroup BackendWebServer
*/
-/*@{*/
+
#include "webcit.h"
#include "groupdav.h"
#include "webserver.h"
-#include "mime_parser.h"
-/**
- * Subdirectories from which the client may request static content
- */
-char *static_content_dirs[] = {
- "static", /** static templates */
- "tiny_mce" /** the JS editor */
-};
+#include <stdio.h>
+#include <stdarg.h>
-/**
+/*
* String to unset the cookie.
* Any date "in the past" will work, so I chose my birthday, right down to
* the exact minute. :)
*/
static char *unset = "; expires=28-May-1971 18:10:00 GMT";
-/**
- * \brief remove escaped strings from i.e. the url string (like %20 for blanks)
- * \param buf the buffer to examine
+HashList *HandlerHash = NULL;
+
+
+void WebcitAddUrlHandler(const char * UrlString, long UrlSLen, WebcitHandlerFunc F, int IsAjax)
+{
+ WebcitHandler *NewHandler;
+
+ if (HandlerHash == NULL)
+ HandlerHash = NewHash(1, NULL);
+
+ NewHandler = (WebcitHandler*) malloc(sizeof(WebcitHandler));
+ NewHandler->F = F;
+ NewHandler->IsAjax = IsAjax;
+
+ Put(HandlerHash, UrlString, UrlSLen, NewHandler, NULL);
+}
+
+/*
+ * remove escaped strings from i.e. the url string (like %20 for blanks)
*/
-void unescape_input(char *buf)
+long unescape_input(char *buf)
{
int a, b;
char hex[3];
+ long buflen;
+ long len;
- while ((isspace(buf[strlen(buf) - 1])) && (strlen(buf) > 0))
- buf[strlen(buf) - 1] = 0;
+ buflen = strlen(buf);
- for (a = 0; a < strlen(buf); ++a) {
+ while ((buflen > 0) && (isspace(buf[buflen - 1]))){
+ buf[buflen - 1] = 0;
+ buflen --;
+ }
+
+ a = 0;
+ while (a < buflen) {
if (buf[a] == '+')
buf[a] = ' ';
if (buf[a] == '%') {
- hex[0] = buf[a + 1];
- hex[1] = buf[a + 2];
- hex[2] = 0;
- b = 0;
- sscanf(hex, "%02x", &b);
- buf[a] = (char) b;
- strcpy(&buf[a + 1], &buf[a + 3]);
+ /* don't let % chars through, rather truncate the input. */
+ if (a + 2 > buflen) {
+ buf[a] = '\0';
+ buflen = a;
+ }
+ else {
+ hex[0] = buf[a + 1];
+ hex[1] = buf[a + 2];
+ hex[2] = 0;
+ b = 0;
+ sscanf(hex, "%02x", &b);
+ buf[a] = (char) b;
+ len = buflen - a - 2;
+ if (len > 0)
+ memmove(&buf[a + 1], &buf[a + 3], len);
+
+ buflen -=2;
+ }
}
+ a++;
}
+ return a;
+}
+void free_url(void *U)
+{
+ urlcontent *u = (urlcontent*) U;
+ free(u->url_data);
+ free(u);
}
-/**
- * \brief add urls???
- * \param url what???
+/*
+ * Extract variables from the URL.
*/
void addurls(char *url)
{
- char *up, *ptr;
- char buf[SIZ];
- int a, b;
- struct urlcontent *u;
-
+ char *aptr, *bptr, *eptr;
+ char *up;
+ char buf[SIZ] = "";
+ int len, n, keylen;
+ urlcontent *u;
+ struct wcsession *WCC = WC;
+
+ if (WCC->urlstrings == NULL)
+ WCC->urlstrings = NewHash(1, NULL);
+ eptr = buf + sizeof (buf);
up = url;
- while (strlen(up) > 0) {
-
- /** locate the = sign */
- safestrncpy(buf, up, sizeof buf);
- b = (-1);
- for (a = 255; a >= 0; --a)
- if (buf[a] == '=')
- b = a;
- if (b < 0)
+ /** locate the = sign */
+ n = safestrncpy(buf, up, sizeof buf);
+ if (n < 0) /* hm, we exceeded the buffer... hmmm what to do now? */
+ n = -n;
+ up = buf;
+ while (!IsEmptyStr(up)) {
+ aptr = up;
+ while ((aptr < eptr) && (*aptr != '\0') && (*aptr != '='))
+ aptr++;
+ if (*aptr != '=')
return;
- buf[b] = 0;
-
- u = (struct urlcontent *) malloc(sizeof(struct urlcontent));
- u->next = WC->urlstrings;
- WC->urlstrings = u;
- safestrncpy(u->url_key, buf, sizeof u->url_key);
-
- /** now chop that part off */
- for (a = 0; a <= b; ++a)
- ++up;
-
- /** locate "&" and "?" delimiters */
- ptr = up;
- b = strlen(up);
- for (a = 0; a < strlen(up); ++a) {
- if ( (ptr[0] == '&') || (ptr[0] == '?') ) {
- b = a;
- break;
- }
- ++ptr;
+ *aptr = '\0';
+ aptr++;
+ bptr = aptr;
+ while ((bptr < eptr) && (*bptr != '\0')
+ && (*bptr != '&') && (*bptr != '?') && (*bptr != ' ')) {
+ bptr++;
+ }
+ *bptr = '\0';
+ u = (urlcontent *) malloc(sizeof(urlcontent));
+
+ keylen = safestrncpy(u->url_key, up, sizeof u->url_key);
+ if (keylen < 0){
+ lprintf(1, "URLkey to long! [%s]", up);
+ continue;
}
- ptr = up;
- for (a = 0; a < b; ++a)
- ++ptr;
- strcpy(ptr, "");
-
- u->url_data = malloc(strlen(up) + 2);
- safestrncpy(u->url_data, up, strlen(up) + 1);
- u->url_data[b] = 0;
- unescape_input(u->url_data);
- up = ptr;
+
+ Put(WCC->urlstrings, u->url_key, keylen, u, free_url);
+ len = bptr - aptr;
+ u->url_data = malloc(len + 2);
+ safestrncpy(u->url_data, aptr, len + 2);
+ u->url_data_size = unescape_input(u->url_data);
+ u->url_data[u->url_data_size] = '\0';
+ up = bptr;
++up;
+/* uncomment the following line to see each parameter in the log
+ lprintf(9, "%s = [%ld] %s\n", u->url_key, u->url_data_size, u->url_data);
+*/
}
}
-/**
- * \brief free urlstring memory
+/*
+ * free urlstring memory
*/
void free_urls(void)
{
- struct urlcontent *u;
-
- while (WC->urlstrings != NULL) {
- free(WC->urlstrings->url_data);
- u = WC->urlstrings->next;
- free(WC->urlstrings);
- WC->urlstrings = u;
- }
+ DeleteHash(&WC->urlstrings);
}
-/**
- * \brief Diagnostic function to display the contents of all variables
+/*
+ * Diagnostic function to display the contents of all variables
*/
+
void dump_vars(void)
{
- struct urlcontent *u;
-
- for (u = WC->urlstrings; u != NULL; u = u->next) {
+ struct wcsession *WCC = WC;
+ urlcontent *u;
+ void *U;
+ long HKLen;
+ char *HKey;
+ HashPos *Cursor;
+
+ Cursor = GetNewHashPos ();
+ while (GetNextHashPos(WCC->urlstrings, Cursor, &HKLen, &HKey, &U)) {
+ u = (urlcontent*) U;
wprintf("%38s = %s\n", u->url_key, u->url_data);
}
}
-/**
- * \brief what???
- * \param key what???
+/*
+ * Return the value of a variable supplied to the current web page (from the url or a form)
*/
-char *bstr(char *key)
+
+const char *XBstr(char *key, size_t keylen, size_t *len)
{
- struct urlcontent *u;
+ void *U;
- for (u = WC->urlstrings; u != NULL; u = u->next) {
- if (!strcasecmp(u->url_key, key))
- return (u->url_data);
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, keylen, &U)) {
+ *len = ((urlcontent *)U)->url_data_size;
+ return ((urlcontent *)U)->url_data;
+ }
+ else {
+ *len = 0;
+ return ("");
}
- return ("");
}
-/**
- * \brief web-printing funcion. uses our vsnprintf wrapper
- * \param format printf format string
- * \param ... the varargs to put into formatstring
+const char *XBSTR(char *key, size_t *len)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, strlen (key), &U)){
+ *len = ((urlcontent *)U)->url_data_size;
+ return ((urlcontent *)U)->url_data;
+ }
+ else {
+ *len = 0;
+ return ("");
+ }
+}
+
+
+const char *BSTR(char *key)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, strlen (key), &U))
+ return ((urlcontent *)U)->url_data;
+ else
+ return ("");
+}
+
+const char *Bstr(char *key, size_t keylen)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, keylen, &U))
+ return ((urlcontent *)U)->url_data;
+ else
+ return ("");
+}
+
+long LBstr(char *key, size_t keylen)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, keylen, &U))
+ return atol(((urlcontent *)U)->url_data);
+ else
+ return (0);
+}
+
+long LBSTR(char *key)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, strlen(key), &U))
+ return atol(((urlcontent *)U)->url_data);
+ else
+ return (0);
+}
+
+int IBstr(char *key, size_t keylen)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, keylen, &U))
+ return atoi(((urlcontent *)U)->url_data);
+ else
+ return (0);
+}
+
+int IBSTR(char *key)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, strlen(key), &U))
+ return atoi(((urlcontent *)U)->url_data);
+ else
+ return (0);
+}
+
+int HaveBstr(char *key, size_t keylen)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, keylen, &U))
+ return ((urlcontent *)U)->url_data_size != 0;
+ else
+ return (0);
+}
+
+int HAVEBSTR(char *key)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, strlen(key), &U))
+ return ((urlcontent *)U)->url_data_size != 0;
+ else
+ return (0);
+}
+
+
+int YesBstr(char *key, size_t keylen)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, keylen, &U))
+ return strcmp( ((urlcontent *)U)->url_data, "yes") == 0;
+ else
+ return (0);
+}
+
+int YESBSTR(char *key)
+{
+ void *U;
+
+ if ((WC->urlstrings != NULL) &&
+ GetHash(WC->urlstrings, key, strlen(key), &U))
+ return strcmp( ((urlcontent *)U)->url_data, "yes") == 0;
+ else
+ return (0);
+}
+
+/*
+ * web-printing funcion. uses our vsnprintf wrapper
*/
void wprintf(const char *format,...)
{
}
-/**
- * \brief wrap up an HTTP session, closes tags, etc.
- * \todo multiline params?
- * \param print_standard_html_footer should be set to 0 to transmit only, 1 to
- * append the main menu and closing tags, or 2 to
- * append the closing tags only.
+/*
+ * wrap up an HTTP session, closes tags, etc.
+ *
+ * print_standard_html_footer should be set to:
+ * 0 to transmit only,
+ * 1 to append the main menu and closing tags,
+ * 2 to append the closing tags only.
*/
void wDumpContent(int print_standard_html_footer)
{
}
-/**
- * \brief Copy a string, escaping characters which have meaning in HTML.
- * \param target target buffer to copy to
- * \param strbuf source buffer ???
- * \param nbsp If nonzero, spaces are converted to non-breaking spaces.
- * \param nolinebreaks if set, linebreaks are removed from the string.
+/*
+ * Copy a string, escaping characters which have meaning in HTML.
+ *
+ * target target buffer
+ * strbuf source buffer
+ * nbsp If nonzero, spaces are converted to non-breaking spaces.
+ * nolinebreaks if set, linebreaks are removed from the string.
*/
-void stresc(char *target, char *strbuf, int nbsp, int nolinebreaks)
+long stresc(char *target, long tSize, char *strbuf, int nbsp, int nolinebreaks)
{
- int a;
- strcpy(target, "");
-
- for (a = 0; a < strlen(strbuf); ++a) {
- if (strbuf[a] == '<')
- strcat(target, "<");
- else if (strbuf[a] == '>')
- strcat(target, ">");
- else if (strbuf[a] == '&')
- strcat(target, "&");
- else if (strbuf[a] == '\"')
- strcat(target, """);
- else if (strbuf[a] == '\'')
- strcat(target, "'");
- else if (strbuf[a] == LB)
- strcat(target, "<");
- else if (strbuf[a] == RB)
- strcat(target, ">");
- else if (strbuf[a] == QU)
- strcat(target, "\"");
- else if ((strbuf[a] == 32) && (nbsp == 1))
- strcat(target, " ");
- else if ((strbuf[a] == '\n') && (nolinebreaks))
- strcat(target, ""); /* nothing */
- else if ((strbuf[a] == '\r') && (nolinebreaks))
- strcat(target, ""); /* nothing */
- else
- strncat(target, &strbuf[a], 1);
+ char *aptr, *bptr, *eptr;
+
+ *target = '\0';
+ aptr = strbuf;
+ bptr = target;
+ eptr = target + tSize - 6; // our biggest unit to put in...
+
+ while ((bptr < eptr) && !IsEmptyStr(aptr) ){
+ if (*aptr == '<') {
+ memcpy(bptr, "<", 4);
+ bptr += 4;
+ }
+ else if (*aptr == '>') {
+ memcpy(bptr, ">", 4);
+ bptr += 4;
+ }
+ else if (*aptr == '&') {
+ memcpy(bptr, "&", 5);
+ bptr += 5;
+ }
+ else if (*aptr == '\"') {
+ memcpy(bptr, """, 6);
+ bptr += 6;
+ }
+ else if (*aptr == '\'') {
+ memcpy(bptr, "'", 5);
+ bptr += 5;
+ }
+ else if (*aptr == LB) {
+ *bptr = '<';
+ bptr ++;
+ }
+ else if (*aptr == RB) {
+ *bptr = '>';
+ bptr ++;
+ }
+ else if (*aptr == QU) {
+ *bptr ='"';
+ bptr ++;
+ }
+ else if ((*aptr == 32) && (nbsp == 1)) {
+ memcpy(bptr, " ", 6);
+ bptr += 6;
+ }
+ else if ((*aptr == '\n') && (nolinebreaks)) {
+ *bptr='\0'; /* nothing */
+ }
+ else if ((*aptr == '\r') && (nolinebreaks)) {
+ *bptr='\0'; /* nothing */
+ }
+ else{
+ *bptr = *aptr;
+ bptr++;
+ }
+ aptr ++;
}
+ *bptr = '\0';
+ if ((bptr = eptr - 1 ) && !IsEmptyStr(aptr) )
+ return -1;
+ return (bptr - target);
}
-/**
- * \brief WHAT???
- * \param strbuf what???
- * \param nbsp If nonzero, spaces are converted to non-breaking spaces.
- * \param nolinebreaks if set, linebreaks are removed from the string.
- */
void escputs1(char *strbuf, int nbsp, int nolinebreaks)
{
char *buf;
+ long Siz;
if (strbuf == NULL) return;
- buf = malloc( (3 * strlen(strbuf)) + SIZ );
- stresc(buf, strbuf, nbsp, nolinebreaks);
+ Siz = (3 * strlen(strbuf)) + SIZ ;
+ buf = malloc(Siz);
+ stresc(buf, Siz, strbuf, nbsp, nolinebreaks);
wprintf("%s", buf);
free(buf);
}
-/**
- * \brief static wrapper for ecsputs1
- * \param strbuf buffer to print escaped to client
+/*
+ * static wrapper for ecsputs1
*/
void escputs(char *strbuf)
{
escputs1(strbuf, 0, 0);
}
-/**
- * \brief Escape a string for feeding out as a URL.
- * Returns a pointer to a buffer that must be freed by the caller!
- * \param outbuf the outputbuffer
- * \param strbuf the input buffer???
- */
-void urlesc(char *outbuf, char *strbuf)
-{
- int a, b, c;
- char *ec = " #&;`'|*?-~<>^()[]{}$\"\\";
-
- strcpy(outbuf, "");
-
- for (a = 0; a < strlen(strbuf); ++a) {
- c = 0;
- for (b = 0; b < strlen(ec); ++b) {
- if (strbuf[a] == ec[b])
- c = 1;
- }
- b = strlen(outbuf);
- if (c == 1)
- sprintf(&outbuf[b], "%%%02x", strbuf[a]);
- else
- sprintf(&outbuf[b], "%c", strbuf[a]);
- }
-}
-/**
- * \brief urlescape buffer and print it to the client
- * \param strbuf buffer to urlescape
+/*
+ * urlescape buffer and print it to the client
*/
void urlescputs(char *strbuf)
{
char outbuf[SIZ];
- urlesc(outbuf, strbuf);
+ urlesc(outbuf, SIZ, strbuf);
wprintf("%s", outbuf);
}
-/**
- * \brief Copy a string, escaping characters for JavaScript strings.
- * \param target output string
- * \param strbuf input string
+/*
+ * Copy a string, escaping characters for JavaScript strings.
*/
-void jsesc(char *target, char *strbuf)
+void jsesc(char *target, size_t tlen, char *strbuf)
{
- int a;
- strcpy(target, "");
-
- for (a = 0; a < strlen(strbuf); ++a) {
- if (strbuf[a] == '<')
- strcat(target, "[");
- else if (strbuf[a] == '>')
- strcat(target, "]");
- else if (strbuf[a] == '\"')
- strcat(target, """);
- else if (strbuf[a] == '&')
- strcat(target, "&;");
- else if (strbuf[a] == '\'')
- strcat(target, "\\'");
- else {
- strncat(target, &strbuf[a], 1);
+ int len;
+ char *tend;
+ char *send;
+ char *tptr;
+ char *sptr;
+
+ target[0]='\0';
+ len = strlen (strbuf);
+ send = strbuf + len;
+ tend = target + tlen;
+ sptr = strbuf;
+ tptr = target;
+
+ while (!IsEmptyStr(sptr) &&
+ (sptr < send) &&
+ (tptr < tend)) {
+
+ if (*sptr == '<')
+ *tptr = '[';
+ else if (*sptr == '>')
+ *tptr = ']';
+ else if (*sptr == '\'') {
+ if (tend - tptr < 3)
+ return;
+ *(tptr++) = '\\';
+ *tptr = '\'';
}
+ else if (*sptr == '"') {
+ if (tend - tptr < 8)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = 'q';
+ *(tptr++) = 'u';
+ *(tptr++) = 'o';
+ *(tptr++) = 't';
+ *tptr = ';';
+ }
+ else if (*sptr == '&') {
+ if (tend - tptr < 7)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = 'a';
+ *(tptr++) = 'm';
+ *(tptr++) = 'p';
+ *tptr = ';';
+ } else {
+ *tptr = *sptr;
+ }
+ tptr++; sptr++;
}
+ *tptr = '\0';
}
-/**
- * \brief escape and print java script
- * \param strbuf the js code
+/*
+ * escape and print javascript
*/
void jsescputs(char *strbuf)
{
char outbuf[SIZ];
- jsesc(outbuf, strbuf);
+ jsesc(outbuf, SIZ, strbuf);
wprintf("%s", outbuf);
}
-/**
- * \brief Copy a string, escaping characters for message text hold
- * \param target target buffer
- * \param strbuf source buffer
+/*
+ * Copy a string, escaping characters for message text hold
*/
-void msgesc(char *target, char *strbuf)
+void msgesc(char *target, size_t tlen, char *strbuf)
{
- int a;
- strcpy(target, "");
-
- for (a = 0; a < strlen(strbuf); ++a) {
- if (strbuf[a] == '\n')
- strcat(target, " ");
- else if (strbuf[a] == '\r')
- strcat(target, " ");
- else if (strbuf[a] == '\'')
- strcat(target, "'");
- else {
- strncat(target, &strbuf[a], 1);
+ int len;
+ char *tend;
+ char *send;
+ char *tptr;
+ char *sptr;
+
+ target[0]='\0';
+ len = strlen (strbuf);
+ send = strbuf + len;
+ tend = target + tlen;
+ sptr = strbuf;
+ tptr = target;
+
+ while (!IsEmptyStr(sptr) &&
+ (sptr < send) &&
+ (tptr < tend)) {
+
+ if (*sptr == '\n')
+ *tptr = ' ';
+ else if (*sptr == '\r')
+ *tptr = ' ';
+ else if (*sptr == '\'') {
+ if (tend - tptr < 8)
+ return;
+ *(tptr++) = '&';
+ *(tptr++) = '#';
+ *(tptr++) = '3';
+ *(tptr++) = '9';
+ *tptr = ';';
+ } else {
+ *tptr = *sptr;
}
+ tptr++; sptr++;
}
+ *tptr = '\0';
+}
+
+/**
+ * \brief print a string to the client after cleaning it with msgesc() and stresc()
+ * \param strbuf string to be printed
+ */
+void msgescputs1( char *strbuf)
+{
+ char *outbuf;
+ char *outbuf2;
+ int buflen;
+
+ if (strbuf == NULL) return;
+ buflen = 3 * strlen(strbuf) + SIZ;
+ outbuf = malloc( buflen);
+ outbuf2 = malloc( buflen);
+ msgesc(outbuf, buflen, strbuf);
+ stresc(outbuf2, buflen, outbuf, 0, 0);
+ wprintf("%s", outbuf2);
+ free(outbuf);
+ free(outbuf2);
}
/**
*/
void msgescputs(char *strbuf) {
char *outbuf;
+ size_t len;
if (strbuf == NULL) return;
- outbuf = malloc( (3 * strlen(strbuf)) + SIZ);
- msgesc(outbuf, strbuf);
+ len = (3 * strlen(strbuf)) + SIZ;
+ outbuf = malloc(len);
+ msgesc(outbuf, len, strbuf);
wprintf("%s", outbuf);
free(outbuf);
}
-/**
- * \brief Output all that important stuff that the browser will want to see
+/*
+ * Output HTTP headers and leading HTML for a page
*/
-void output_headers( int do_httpheaders, /**< 1 = output HTTP headers */
- int do_htmlhead, /**< 1 = output HTML <head> section and <body> opener */
+void output_headers( int do_httpheaders, /* 1 = output HTTP headers */
+ int do_htmlhead, /* 1 = output HTML <head> section and <body> opener */
- int do_room_banner, /**< 0=no, 1=yes,
- * 2 = I'm going to embed my own, so don't open the
- * <div id="content"> either.
- */
+ int do_room_banner, /* 0=no, 1=yes,
+ * 2 = I'm going to embed my own, so don't open the
+ * <div id="content"> either.
+ */
- int unset_cookies, /**< 1 = session is terminating, so unset the cookies */
- int suppress_check, /**< 1 = suppress check for instant messages */
- int cache /**< 1 = allow browser to cache this page */
+ int unset_cookies, /* 1 = session is terminating, so unset the cookies */
+ int suppress_check, /* 1 = suppress check for instant messages */
+ int cache /* 1 = allow browser to cache this page */
) {
- char cookie[SIZ];
- char httpnow[SIZ];
+ char cookie[1024];
+ char httpnow[128];
wprintf("HTTP/1.1 200 OK\n");
- httpdate(httpnow, time(NULL));
+ http_datestring(httpnow, sizeof httpnow, time(NULL));
if (do_httpheaders) {
wprintf("Content-type: text/html; charset=utf-8\r\n"
"Server: %s / %s\n"
"Connection: close\r\n",
- SERVER, serv_info.serv_software
+ PACKAGE_STRING, serv_info.serv_software
);
}
else {
wprintf("Pragma: no-cache\r\n"
"Cache-Control: no-store\r\n"
+ "Expires: -1\r\n"
);
}
- stuff_to_cookie(cookie, WC->wc_session, WC->wc_username,
+ stuff_to_cookie(cookie, 1024, WC->wc_session, WC->wc_username,
WC->wc_password, WC->wc_roomname);
if (unset_cookies) {
if (do_htmlhead) {
begin_burst();
+ if (!access("static.local/webcit.css", R_OK)) {
+ svprintf(HKEY("CSSLOCAL"), WCS_STRING,
+ "<link href=\"static.local/webcit.css\" rel=\"stylesheet\" type=\"text/css\">"
+ );
+ }
do_template("head");
}
- /** ICONBAR */
+ /* ICONBAR */
if (do_htmlhead) {
- /** check for ImportantMessages (these display in a div overlaying the main screen) */
- if (strlen(WC->ImportantMessage) > 0) {
- wprintf("<div id=\"important_message\">\n");
- wprintf("<SPAN CLASS=\"imsg\">"
- "%s</SPAN><br />\n", WC->ImportantMessage);
- wprintf("</div>\n");
- wprintf("<script type=\"text/javascript\">\n"
- " setTimeout('hide_imsg_popup()', 3000); \n"
+ /* check for ImportantMessages (these display in a div overlaying the main screen) */
+ if (!IsEmptyStr(WC->ImportantMessage)) {
+ wprintf("<div id=\"important_message\">\n"
+ "<span class=\"imsg\">");
+ escputs(WC->ImportantMessage);
+ wprintf("</span><br />\n"
+ "</div>\n"
+ "<script type=\"text/javascript\">\n"
+ " setTimeout('hide_imsg_popup()', 5000); \n"
"</script>\n");
- safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
+ WC->ImportantMessage[0] = 0;
}
if ( (WC->logged_in) && (!unset_cookies) ) {
wprintf("<div id=\"iconbar\">");
do_selected_iconbar();
- /** check for instant messages (these display in a new window)
- page_popup(); */
+ /** check for instant messages (these display in a new window) */
+ page_popup();
wprintf("</div>");
}
}
-/**
- * \brief Generic function to do an HTTP redirect. Easy and fun.
- * \param whichpage target url to 302 to
+/*
+ * Generic function to do an HTTP redirect. Easy and fun.
*/
void http_redirect(char *whichpage) {
wprintf("HTTP/1.1 302 Moved Temporarily\n");
-/**
- * \brief Output a piece of content to the web browser
+/*
+ * Output a piece of content to the web browser using conformant HTTP and MIME semantics
*/
-void http_transmit_thing(char *thing, size_t length, char *content_type,
+void http_transmit_thing(char *thing, size_t length, const char *content_type,
int is_static) {
output_headers(0, 0, 0, 0, 0, is_static);
"Server: %s\r\n"
"Connection: close\r\n",
content_type,
- SERVER);
+ PACKAGE_STRING);
#ifdef HAVE_ZLIB
- /** If we can send the data out compressed, please do so. */
+ /* If we can send the data out compressed, please do so. */
if (WC->gzip_ok) {
char *compressed_data = NULL;
- uLongf compressed_len;
+ size_t compressed_len;
- compressed_len = (uLongf) ((length * 101) / 100) + 100;
+ compressed_len = ((length * 101) / 100) + 100;
compressed_data = malloc(compressed_len);
if (compress_gzip((Bytef *) compressed_data,
}
#endif
- /** No compression ... just send it out as-is */
+ /* No compression ... just send it out as-is */
wprintf("Content-length: %ld\r\n"
"\r\n",
(long) length
client_write(thing, (size_t)length);
}
+/**
+ * \brief print menu box like used in the floor view or admin interface.
+ * This function takes pair of strings as va_args,
+ * \param Title Title string of the box
+ * \param Class CSS Class for the box
+ * \param nLines How many string pairs should we print? (URL, UrlText)
+ * \param ... Pairs of URL Strings and their Names
+ */
+void print_menu_box(char* Title, char *Class, int nLines, ...)
+{
+ va_list arg_list;
+ long i;
+
+ svput("BOXTITLE", WCS_STRING, Title);
+ do_template("beginbox");
+
+ wprintf("<ul class=\"%s\">", Class);
+
+ va_start(arg_list, nLines);
+ for (i = 0; i < nLines; ++i)
+ {
+ wprintf("<li><a href=\"%s\">", va_arg(arg_list, char *));
+ wprintf((char *) va_arg(arg_list, char *));
+ wprintf("</a></li>\n");
+ }
+ va_end (arg_list);
+
+ wprintf("</a></li>\n");
+
+ wprintf("</ul>");
+
+ do_template("endbox");
+}
/**
FILE *fp;
struct stat statbuf;
off_t bytes;
+ off_t count = 0;
+ size_t res;
char *bigbuffer;
- char content_type[128];
+ const char *content_type;
+ int len;
fp = fopen(what, "rb");
if (fp == NULL) {
lprintf(9, "output_static('%s') -- NOT FOUND --\n", what);
- wprintf("HTTP/1.1 404 %s\n", strerror(errno));
+ wprintf("HTTP/1.1 404 %s\r\n", strerror(errno));
wprintf("Content-Type: text/plain\r\n");
wprintf("\r\n");
- wprintf("Cannot open %s: %s\n", what, strerror(errno));
+ wprintf("Cannot open %s: %s\r\n", what, strerror(errno));
} else {
- if (!strncasecmp(&what[strlen(what) - 4], ".gif", 4))
- safestrncpy(content_type, "image/gif", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".txt", 4))
- safestrncpy(content_type, "text/plain", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".css", 4))
- safestrncpy(content_type, "text/css", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".jpg", 4))
- safestrncpy(content_type, "image/jpeg", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".png", 4))
- safestrncpy(content_type, "image/png", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".ico", 4))
- safestrncpy(content_type, "image/x-icon", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 5], ".html", 5))
- safestrncpy(content_type, "text/html", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".htm", 4))
- safestrncpy(content_type, "text/html", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".wml", 4))
- safestrncpy(content_type, "text/vnd.wap.wml", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 5], ".wmls", 5))
- safestrncpy(content_type, "text/vnd.wap.wmlscript", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 5], ".wmlc", 5))
- safestrncpy(content_type, "application/vnd.wap.wmlc", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 6], ".wmlsc", 6))
- safestrncpy(content_type, "application/vnd.wap.wmlscriptc", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 5], ".wbmp", 5))
- safestrncpy(content_type, "image/vnd.wap.wbmp", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 3], ".js", 3))
- safestrncpy(content_type, "text/javascript", sizeof content_type);
- else
- safestrncpy(content_type, "application/octet-stream", sizeof content_type);
-
- fstat(fileno(fp), &statbuf);
+ len = strlen (what);
+ content_type = GuessMimeByFilename(what, len);
+
+ if (fstat(fileno(fp), &statbuf) == -1) {
+ lprintf(9, "output_static('%s') -- FSTAT FAILED --\n", what);
+ wprintf("HTTP/1.1 404 %s\r\n", strerror(errno));
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Cannot fstat %s: %s\n", what, strerror(errno));
+ return;
+ }
+
+ count = 0;
bytes = statbuf.st_size;
- bigbuffer = malloc(bytes + 2);
- fread(bigbuffer, bytes, 1, fp);
+ if ((bigbuffer = malloc(bytes + 2)) == NULL) {
+ lprintf(9, "output_static('%s') -- MALLOC FAILED (%s) --\n", what, strerror(errno));
+ wprintf("HTTP/1.1 500 internal server error\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ return;
+ }
+ while (count < bytes) {
+ if ((res = fread(bigbuffer + count, 1, bytes - count, fp)) == 0) {
+ lprintf(9, "output_static('%s') -- FREAD FAILED (%s) %zu bytes of %zu --\n", what, strerror(errno), bytes - count, bytes);
+ wprintf("HTTP/1.1 500 internal server error \r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ return;
+ }
+ count += res;
+ }
+
fclose(fp);
lprintf(9, "output_static('%s') %s\n", what, content_type);
http_transmit_thing(bigbuffer, (size_t)bytes, content_type, 1);
free(bigbuffer);
}
- if (!strcasecmp(bstr("force_close_session"), "yes")) {
+ if (yesbstr("force_close_session")) {
end_webcit_session();
}
}
-
/**
* \brief When the browser requests an image file from the Citadel server,
* this function is called to transmit it.
char buf[SIZ];
char *xferbuf = NULL;
off_t bytes;
+ const char *MimeType;
serv_printf("OIMG %s|%s", bstr("name"), bstr("parm"));
serv_getln(buf, sizeof buf);
serv_puts("CLOS");
serv_getln(buf, sizeof buf);
+ MimeType = GuessMimeType (xferbuf, bytes);
/** Write it to the browser */
- http_transmit_thing(xferbuf, (size_t)bytes, "image/gif", 0);
+ if (!IsEmptyStr(MimeType))
+ {
+ http_transmit_thing(xferbuf,
+ (size_t)bytes,
+ MimeType,
+ 0);
+ free(xferbuf);
+ return;
+ }
+ /* hm... unknown mimetype? fallback to blank gif */
free(xferbuf);
+ }
- } else {
- /**
- * Instead of an ugly 404, send a 1x1 transparent GIF
- * when there's no such image on the server.
- */
- output_static("static/blank.gif");
- }
-
-
+
+ /**
+ * Instead of an ugly 404, send a 1x1 transparent GIF
+ * when there's no such image on the server.
+ */
+ char blank_gif[SIZ];
+ snprintf (blank_gif, SIZ, "%s%s", static_dirs[0], "/blank.gif");
+ output_static(blank_gif);
+}
+/**
+ * \brief Extract an embedded photo from a vCard for display on the client
+ *
+ * \param msgnum
+ */
+void display_vcard_photo_img(char *msgnum_as_string)
+{
+ long msgnum = 0L;
+ char *vcard;
+ struct vCard *v;
+ char *xferbuf;
+ char *photosrc;
+ int decoded;
+ const char *contentType;
+
+ msgnum = atol(msgnum_as_string);
+
+ vcard = load_mimepart(msgnum,"1");
+ v = vcard_load(vcard);
+
+ photosrc = vcard_get_prop(v, "PHOTO", 1,0,0);
+ xferbuf = malloc(strlen(photosrc));
+ if (xferbuf == NULL) {
+ lprintf(5, "xferbuf malloc failed\n");
+ return;
+ }
+ memset(xferbuf, 1, SIZ);
+ decoded = CtdlDecodeBase64(
+ xferbuf,
+ photosrc,
+ strlen(photosrc));
+ contentType = GuessMimeType(xferbuf, decoded);
+ http_transmit_thing(xferbuf, decoded, contentType, 0);
+ free(v);
+ free(photosrc);
+ free(xferbuf);
}
/**
* \brief Generic function to output an arbitrary MIME part from an arbitrary
- * message number on the server.
- * \param msgnum number of the item on the citadel server
- * \param partnum the MIME part to be output
+ * message number on the server.
+ *
+ * \param msgnum Number of the item on the citadel server
+ * \param partnum The MIME part to be output
+ * \param force_download Nonzero to force set the Content-Type: header
+ * to "application/octet-stream"
*/
-void mimepart(char *msgnum, char *partnum)
+void mimepart(char *msgnum, char *partnum, int force_download)
{
- char buf[SIZ];
+ char buf[256];
off_t bytes;
- char content_type[SIZ];
+ char content_type[256];
char *content = NULL;
serv_printf("OPNA %s|%s", msgnum, partnum);
if (buf[0] == '2') {
bytes = extract_long(&buf[4], 0);
content = malloc(bytes + 2);
- extract_token(content_type, &buf[4], 3, '|', sizeof content_type);
+ if (force_download) {
+ strcpy(content_type, "application/octet-stream");
+ }
+ else {
+ extract_token(content_type, &buf[4], 3, '|', sizeof content_type);
+ }
output_headers(0, 0, 0, 0, 0, 0);
read_server_binary(content, bytes);
serv_puts("CLOS");
char content_type[SIZ];
char *content;
- serv_printf("OPNA %ld|%s", msgnum, partnum);
+ serv_printf("DLAT %ld|%s", msgnum, partnum);
serv_getln(buf, sizeof buf);
- if (buf[0] == '2') {
+ if (buf[0] == '6') {
bytes = extract_long(&buf[4], 0);
extract_token(content_type, &buf[4], 3, '|', sizeof content_type);
content = malloc(bytes + 2);
- read_server_binary(content, bytes);
+ serv_read(content, bytes);
- serv_puts("CLOS");
- serv_getln(buf, sizeof buf);
content[bytes] = 0; /* null terminate for good measure */
return(content);
}
wprintf("HTTP/1.1 200 OK\n");
output_headers(1, 1, 2, 0, 0, 0);
wprintf("<div id=\"banner\">\n");
- wprintf("<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#%s\"><TR><TD>", titlebarcolor);
- wprintf("<SPAN CLASS=\"titlebar\">%s</SPAN>\n", titlebarmsg);
- wprintf("</TD></TR></TABLE>\n");
+ wprintf("<table width=100%% border=0 bgcolor=\"#%s\"><tr><td>", titlebarcolor);
+ wprintf("<span class=\"titlebar\">%s</span>\n", titlebarmsg);
+ wprintf("</td></tr></table>\n");
wprintf("</div>\n<div id=\"content\">\n");
escputs(messagetext);
void offer_start_page(void) {
wprintf("<a href=\"change_start_page?startpage=");
urlescputs(WC->this_page);
- wprintf("\"><FONT SIZE=-2 COLOR=\"#AAAAAA\">");
+ wprintf("\">");
wprintf(_("Make this my start page"));
- wprintf("</FONT></A>");
-/*
+ wprintf("</a>");
+#ifdef TECH_PREVIEW
wprintf("<br/><a href=\"rss?room=");
urlescputs(WC->wc_roomname);
wprintf("\" title=\"RSS 2.0 feed for ");
escputs(WC->wc_roomname);
wprintf("\"><img alt=\"RSS\" border=\"0\" src=\"static/xml_button.gif\"/></a>\n");
-*/
+#endif
}
}
/**
- * \brief handle file uploads
- * \param name the url the upload is done to
- * \param filename the name of the file being uploaded
- * \param partnum item number on the citadel server ???
- * \param disp what???
- * \param content the file contents???
- * \param cbtype what???
- * \param cbcharset the character set of cb??
- * \param length the size of the file ???
- * \param encoding charset encoding of the file??
- * \param userdata what???
+ * \brief This function is called by the MIME parser to handle data uploaded by
+ * the browser. Form data, uploaded files, and the data from HTTP PUT
+ * operations (such as those found in GroupDAV) all arrive this way.
+ *
+ * \param name Name of the item being uploaded
+ * \param filename Filename of the item being uploaded
+ * \param partnum MIME part identifier (not needed)
+ * \param disp MIME content disposition (not needed)
+ * \param content The actual data
+ * \param cbtype MIME content-type
+ * \param cbcharset Character set
+ * \param length Content length
+ * \param encoding MIME encoding type (not needed)
+ * \param userdata Not used here
*/
void upload_handler(char *name, char *filename, char *partnum, char *disp,
void *content, char *cbtype, char *cbcharset,
size_t length, char *encoding, void *userdata)
{
- struct urlcontent *u;
-
- /* lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n",
- name, cbtype, length); */
+ urlcontent *u;
+/*
+ lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n", name, cbtype, length);
+*/
+ if (WC->urlstrings == NULL)
+ WC->urlstrings = NewHash(1, NULL);
/* Form fields */
- if ( (length > 0) && (strlen(cbtype) == 0) ) {
- u = (struct urlcontent *) malloc(sizeof(struct urlcontent));
- u->next = WC->urlstrings;
- WC->urlstrings = u;
+ if ( (length > 0) && (IsEmptyStr(cbtype)) ) {
+ u = (urlcontent *) malloc(sizeof(urlcontent));
+
safestrncpy(u->url_key, name, sizeof(u->url_key));
u->url_data = malloc(length + 1);
+ u->url_data_size = length;
memcpy(u->url_data, content, length);
u->url_data[length] = 0;
+ Put(WC->urlstrings, u->url_key, strlen(u->url_key), u, free_url);
+
+/* lprintf(9, "Key: <%s> len: [%ld] Data: <%s>\n", u->url_key, u->url_data_size, u->url_data);*/
}
/** Uploaded files */
- if ( (length > 0) && (strlen(cbtype) > 0) ) {
+ if ( (length > 0) && (!IsEmptyStr(cbtype)) ) {
WC->upload = malloc(length);
if (WC->upload != NULL) {
WC->upload_length = length;
"Server: %s\r\n"
"Connection: close\r\n"
"Pragma: no-cache\r\n"
- "Cache-Control: no-cache\r\n",
- SERVER);
+ "Cache-Control: no-cache\r\n"
+ "Expires: -1\r\n"
+ ,
+ PACKAGE_STRING);
begin_burst();
}
}
/**
- * \brief parse server command to execute on the citadel
+ * \brief Wraps a Citadel server command in an AJAX transaction.
*/
void ajax_servcmd(void)
{
wprintf("000");
}
if (buf[0] == '4') {
- text_to_server(bstr("g_input"), 0);
+ text_to_server(bstr("g_input"));
serv_puts("000");
}
if (buf[0] == '6') {
{
char cmd[1024];
char action[1024];
- char arg1[128];
- char arg2[128];
- char arg3[128];
- char arg4[128];
- char arg5[128];
- char arg6[128];
- char arg7[128];
+ char arg[8][128];
+ size_t sizes[10];
+ char *index[10];
char buf[SIZ];
char request_method[128];
char pathname[1024];
- int a, b;
+ int a, b, nBackDots, nEmpty;
int ContentLength = 0;
int BytesRead = 0;
char ContentType[512];
char user_agent[256];
int body_start = 0;
int is_static = 0;
-
+ int n_static = 0;
+ int len = 0;
/**
* We stuff these with the values coming from the client cookies,
* so we can use them to reconnect a timed out session if we have to.
WC->upload_length = 0;
WC->upload = NULL;
- WC->vars = NULL;
WC->is_wap = 0;
hptr = req;
extract_token(pathname, cmd, 1, ' ', sizeof pathname);
/** Figure out the action */
- extract_token(action, pathname, 1, '/', sizeof action);
- if (strstr(action, "?")) *strstr(action, "?") = 0;
- if (strstr(action, "&")) *strstr(action, "&") = 0;
- if (strstr(action, " ")) *strstr(action, " ") = 0;
-
- extract_token(arg1, pathname, 2, '/', sizeof arg1);
- if (strstr(arg1, "?")) *strstr(arg1, "?") = 0;
- if (strstr(arg1, "&")) *strstr(arg1, "&") = 0;
- if (strstr(arg1, " ")) *strstr(arg1, " ") = 0;
-
- extract_token(arg2, pathname, 3, '/', sizeof arg2);
- if (strstr(arg2, "?")) *strstr(arg2, "?") = 0;
- if (strstr(arg2, "&")) *strstr(arg2, "&") = 0;
- if (strstr(arg2, " ")) *strstr(arg2, " ") = 0;
-
- extract_token(arg3, pathname, 4, '/', sizeof arg3);
- if (strstr(arg3, "?")) *strstr(arg3, "?") = 0;
- if (strstr(arg3, "&")) *strstr(arg3, "&") = 0;
- if (strstr(arg3, " ")) *strstr(arg3, " ") = 0;
-
- extract_token(arg4, pathname, 5, '/', sizeof arg4);
- if (strstr(arg4, "?")) *strstr(arg4, "?") = 0;
- if (strstr(arg4, "&")) *strstr(arg4, "&") = 0;
- if (strstr(arg4, " ")) *strstr(arg4, " ") = 0;
-
- extract_token(arg5, pathname, 6, '/', sizeof arg5);
- if (strstr(arg5, "?")) *strstr(arg5, "?") = 0;
- if (strstr(arg5, "&")) *strstr(arg5, "&") = 0;
- if (strstr(arg5, " ")) *strstr(arg5, " ") = 0;
-
- extract_token(arg6, pathname, 7, '/', sizeof arg6);
- if (strstr(arg6, "?")) *strstr(arg6, "?") = 0;
- if (strstr(arg6, "&")) *strstr(arg6, "&") = 0;
- if (strstr(arg6, " ")) *strstr(arg6, " ") = 0;
-
- extract_token(arg7, pathname, 8, '/', sizeof arg7);
- if (strstr(arg7, "?")) *strstr(arg7, "?") = 0;
- if (strstr(arg7, "&")) *strstr(arg7, "&") = 0;
- if (strstr(arg7, " ")) *strstr(arg7, " ") = 0;
+ index[0] = action;
+ sizes[0] = sizeof action;
+ for (a=1; a<9; a++)
+ {
+ index[a] = arg[a-1];
+ sizes[a] = sizeof arg[a-1];
+ }
+//// index[9] = &foo; todo
+ nBackDots = 0;
+ nEmpty = 0;
+ for ( a = 0; a < 9; ++a)
+ {
+ extract_token(index[a], pathname, a + 1, '/', sizes[a]);
+ if (strstr(index[a], "?")) *strstr(index[a], "?") = 0;
+ if (strstr(index[a], "&")) *strstr(index[a], "&") = 0;
+ if (strstr(index[a], " ")) *strstr(index[a], " ") = 0;
+ if ((index[a][0] == '.') && (index[a][1] == '.'))
+ nBackDots++;
+ if (index[a][0] == '\0')
+ nEmpty++;
+ }
while (hptr != NULL) {
safestrncpy(buf, hptr->line, sizeof buf);
+ /* lprintf(9, "HTTP HEADER: %s\n", buf); */
hptr = hptr->next;
if (!strncasecmp(buf, "Cookie: webcit=", 15)) {
else if (!strncasecmp(buf, "User-agent: ", 12)) {
safestrncpy(user_agent, &buf[12], sizeof user_agent);
}
+ else if (!strncasecmp(buf, "X-Forwarded-Host: ", 18)) {
+ if (follow_xff) {
+ safestrncpy(WC->http_host, &buf[18], sizeof WC->http_host);
+ }
+ }
else if (!strncasecmp(buf, "Host: ", 6)) {
- safestrncpy(WC->http_host, &buf[6], sizeof WC->http_host);
+ if (IsEmptyStr(WC->http_host)) {
+ safestrncpy(WC->http_host, &buf[6], sizeof WC->http_host);
+ }
}
else if (!strncasecmp(buf, "X-Forwarded-For: ", 17)) {
safestrncpy(browser_host, &buf[17], sizeof browser_host);
if (ContentLength > 0) {
content = malloc(ContentLength + SIZ);
memset(content, 0, ContentLength + SIZ);
- sprintf(content, "Content-type: %s\n"
+ snprintf(content, ContentLength + SIZ, "Content-type: %s\n"
"Content-length: %d\n\n",
ContentType, ContentLength);
body_start = strlen(content);
/** Read the entire input data at once. */
- client_read(WC->http_sock, &content[BytesRead+body_start],
- ContentLength);
+ client_read(WC->http_sock, &content[BytesRead+body_start], ContentLength);
- if (!strncasecmp(ContentType,
- "application/x-www-form-urlencoded", 33)) {
+ if (!strncasecmp(ContentType, "application/x-www-form-urlencoded", 33)) {
addurls(&content[body_start]);
} else if (!strncasecmp(ContentType, "multipart", 9)) {
content_end = content + ContentLength + body_start;
- mime_parser(content, content_end, *upload_handler,
- NULL, NULL, NULL, 0);
+ mime_parser(content, content_end, *upload_handler, NULL, NULL, NULL, 0);
}
} else {
content = NULL;
remove_token(WC->this_page, 0, ' ');
/** If there are variables in the URL, we must grab them now */
- for (a = 0; a < strlen(cmd); ++a) {
+ len = strlen(cmd);
+ for (a = 0; a < len; ++a) {
if ((cmd[a] == '?') || (cmd[a] == '&')) {
- for (b = a; b < strlen(cmd); ++b)
- if (isspace(cmd[b]))
+ for (b = a; b < len; ++b) {
+ if (isspace(cmd[b])){
cmd[b] = 0;
+ len = b - 1;
+ }
+ }
addurls(&cmd[a + 1]);
cmd[a] = 0;
+ len = a - 1;
}
}
+ /** If it's a "force 404" situation then display the error and bail. */
+ if (!strcmp(action, "404")) {
+ wprintf("HTTP/1.1 404 Not found\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Not found\r\n");
+ goto SKIP_ALL_THIS_CRAP;
+ }
/** Static content can be sent without connecting to Citadel. */
is_static = 0;
- for (a=0; a<(sizeof(static_content_dirs) / sizeof(char *)); ++a) {
- if (!strcasecmp(action, static_content_dirs[a])) {
+ for (a=0; a<ndirs; ++a) {
+ if (!strcasecmp(action, (char*)static_content_dirs[a])) { /* map web to disk location */
is_static = 1;
+ n_static = a;
}
}
if (is_static) {
- snprintf(buf, sizeof buf, "%s/%s/%s/%s/%s/%s/%s/%s",
- action, arg1, arg2, arg3, arg4, arg5, arg6, arg7);
- for (a=0; a<8; ++a) {
- if (buf[strlen(buf)-1] == '/') {
- buf[strlen(buf)-1] = 0;
+ if (nBackDots < 2)
+ {
+ snprintf(buf, sizeof buf, "%s/%s/%s/%s/%s/%s/%s/%s",
+ static_dirs[n_static],
+ index[1], index[2], index[3], index[4], index[5], index[6], index[7]);
+ for (a=0; a<8; ++a) {
+ if (buf[strlen(buf)-1] == '/') {
+ buf[strlen(buf)-1] = 0;
+ }
}
- }
- for (a = 0; a < strlen(buf); ++a) {
- if (isspace(buf[a])) {
- buf[a] = 0;
+ for (a = 0; a < strlen(buf); ++a) {
+ if (isspace(buf[a])) {
+ buf[a] = 0;
+ }
}
+ output_static(buf);
+ }
+ else
+ {
+ lprintf(9, "Suspicious request. Ignoring.");
+ wprintf("HTTP/1.1 404 Security check failed\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("You have sent a malformed or invalid request.\r\n");
}
- output_static(buf);
goto SKIP_ALL_THIS_CRAP; /* Don't try to connect */
}
+ /* If the client sent a nonce that is incorrect, kill the request. */
+ if (strlen(bstr("nonce")) > 0) {
+ lprintf(9, "Comparing supplied nonce %s to session nonce %ld\n",
+ bstr("nonce"), WC->nonce);
+ if (ibstr("nonce") != WC->nonce) {
+ lprintf(9, "Ignoring request with mismatched nonce.\n");
+ wprintf("HTTP/1.1 404 Security check failed\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Security check failed.\r\n");
+ goto SKIP_ALL_THIS_CRAP;
+ }
+ }
+
/**
* If we're not connected to a Citadel server, try to hook up the
* connection now.
if (!WC->connected) {
if (!strcasecmp(ctdlhost, "uds")) {
/* unix domain socket */
- sprintf(buf, "%s/citadel.socket", ctdlport);
+ snprintf(buf, SIZ, "%s/citadel.socket", ctdlport);
WC->serv_sock = uds_connectsock(buf);
}
else {
do_listsub();
goto SKIP_ALL_THIS_CRAP;
}
-#ifdef WEBCIT_WITH_CALENDAR_SERVICE
if (!strcasecmp(action, "freebusy")) {
do_freebusy(cmd);
goto SKIP_ALL_THIS_CRAP;
}
-#endif
/**
* If we're not logged in, but we have HTTP Authentication data,
}
/** This needs to run early */
+#ifdef TECH_PREVIEW
if (!strcasecmp(action, "rss")) {
display_rss(bstr("room"), request_method);
goto SKIP_ALL_THIS_CRAP;
}
+#endif
/**
* The GroupDAV stuff relies on HTTP authentication instead of
* supplied by the browser, try using them to log in.
*/
if ((!WC->logged_in)
- && (strlen(c_username) > 0)
- && (strlen(c_password) > 0)) {
+ && (!IsEmptyStr(c_username))
+ && (!IsEmptyStr(c_password))) {
serv_printf("USER %s", c_username);
serv_getln(buf, sizeof buf);
if (buf[0] == '3') {
* If we don't have a current room, but a cookie specifying the
* current room is supplied, make an effort to go there.
*/
- if ((strlen(WC->wc_roomname) == 0) && (strlen(c_roomname) > 0)) {
+ if ((IsEmptyStr(WC->wc_roomname)) && (!IsEmptyStr(c_roomname))) {
serv_printf("GOTO %s", c_roomname);
serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
if (!strcasecmp(action, "image")) {
output_image();
+ } else if (!strcasecmp(action, "display_mime_icon")) {
+ display_mime_icon();
/**
* All functions handled below this point ... make sure we log in
* Various commands...
*/
+ else {
+ void *vHandler;
+ WebcitHandler *Handler;
+
+ GetHash(HandlerHash, action, strlen(action) /* TODO*/, &vHandler),
+ Handler = (WebcitHandler*) vHandler;
+ if (Handler != NULL) {
+ if (Handler->IsAjax)
+ begin_ajax_response();
+ Handler->F();
+ if (Handler->IsAjax)
+ end_ajax_response();
+ }
+
+
else if (!strcasecmp(action, "do_welcome")) {
do_welcome();
} else if (!strcasecmp(action, "blank")) {
url_do_template();
} else if (!strcasecmp(action, "display_aide_menu")) {
display_aide_menu();
+ } else if (!strcasecmp(action, "server_shutdown")) {
+ display_shutdown();
} else if (!strcasecmp(action, "display_main_menu")) {
display_main_menu();
} else if (!strcasecmp(action, "who")) {
begin_ajax_response();
who_inner_div();
end_ajax_response();
+ } else if (!strcasecmp(action, "wholist_section")) {
+ begin_ajax_response();
+ wholist_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "new_messages_html")) {
+ begin_ajax_response();
+ new_messages_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "tasks_inner_html")) {
+ begin_ajax_response();
+ tasks_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "calendar_inner_html")) {
+ begin_ajax_response();
+ calendar_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "mini_calendar")) {
+ begin_ajax_response();
+ ajax_mini_calendar();
+ end_ajax_response();
} else if (!strcasecmp(action, "iconbar_ajax_menu")) {
begin_ajax_response();
do_iconbar();
readloop("readfwd");
} else if (!strcasecmp(action, "headers")) {
readloop("headers");
+ } else if (!strcasecmp(action, "do_search")) {
+ readloop("do_search");
} else if (!strcasecmp(action, "msg")) {
- embed_message(arg1);
+ embed_message(index[1]);
} else if (!strcasecmp(action, "printmsg")) {
- print_message(arg1);
+ print_message(index[1]);
} else if (!strcasecmp(action, "msgheaders")) {
- display_headers(arg1);
+ display_headers(index[1]);
+ } else if (!strcasecmp(action, "vcardphoto")) {
+ display_vcard_photo_img(index[1]);
} else if (!strcasecmp(action, "wiki")) {
display_wiki_page();
} else if (!strcasecmp(action, "display_enter")) {
} else if (!strcasecmp(action, "editroom")) {
editroom();
} else if (!strcasecmp(action, "display_editinfo")) {
- display_edit(_("Room info"), "EINF 0", "RINF", "/editinfo", 1);
+ display_edit(_("Room info"), "EINF 0", "RINF", "editinfo", 1);
} else if (!strcasecmp(action, "editinfo")) {
save_edit(_("Room info"), "EINF 1", 1);
} else if (!strcasecmp(action, "display_editbio")) {
- sprintf(buf, "RBIO %s", WC->wc_fullname);
+ snprintf(buf, SIZ, "RBIO %s", WC->wc_fullname);
display_edit(_("Your bio"), "NOOP", buf, "editbio", 3);
} else if (!strcasecmp(action, "editbio")) {
save_edit(_("Your bio"), "EBIO", 0);
delete_room();
} else if (!strcasecmp(action, "validate")) {
validate();
+ /* The users photo display / upload facility */
} else if (!strcasecmp(action, "display_editpic")) {
display_graphics_upload(_("your photo"),
- "UIMG 0|_userpic_",
+ "_userpic_",
"editpic");
} else if (!strcasecmp(action, "editpic")) {
- do_graphics_upload("UIMG 1|_userpic_");
+ do_graphics_upload("_userpic_");
+ /* room picture dispay / upload facility */
} else if (!strcasecmp(action, "display_editroompic")) {
display_graphics_upload(_("the icon for this room"),
- "UIMG 0|_roompic_",
+ "_roompic_",
"editroompic");
} else if (!strcasecmp(action, "editroompic")) {
- do_graphics_upload("UIMG 1|_roompic_");
+ do_graphics_upload("_roompic_");
+ /* the greetingpage hello pic */
+ } else if (!strcasecmp(action, "display_edithello")) {
+ display_graphics_upload(_("the Greetingpicture for the login prompt"),
+ "hello",
+ "edithellopic");
+ } else if (!strcasecmp(action, "edithellopic")) {
+ do_graphics_upload("hello");
+ /* the logoff banner */
+ } else if (!strcasecmp(action, "display_editgoodbyepic")) {
+ display_graphics_upload(_("the Logoff banner picture"),
+ "UIMG 0|%s|goodbuye",
+ "editgoodbuyepic");
+ } else if (!strcasecmp(action, "editgoodbuyepic")) {
+ do_graphics_upload("UIMG 1|%s|goodbuye");
+
} else if (!strcasecmp(action, "delete_floor")) {
delete_floor();
} else if (!strcasecmp(action, "rename_floor")) {
} else if (!strcasecmp(action, "create_floor")) {
create_floor();
} else if (!strcasecmp(action, "display_editfloorpic")) {
- sprintf(buf, "UIMG 0|_floorpic_|%s",
+ snprintf(buf, SIZ, "UIMG 0|_floorpic_|%s",
bstr("which_floor"));
display_graphics_upload(_("the icon for this floor"),
buf,
"editfloorpic");
} else if (!strcasecmp(action, "editfloorpic")) {
- sprintf(buf, "UIMG 1|_floorpic_|%s",
+ snprintf(buf, SIZ, "UIMG 1|_floorpic_|%s",
bstr("which_floor"));
do_graphics_upload(buf);
} else if (!strcasecmp(action, "display_reg")) {
delete_node();
} else if (!strcasecmp(action, "display_add_node")) {
display_add_node();
- } else if (!strcasecmp(action, "add_node")) {
- add_node();
} else if (!strcasecmp(action, "terminate_session")) {
slrp_highest();
terminate_session();
} else if (!strcasecmp(action, "display_menubar")) {
display_menubar(1);
} else if (!strcasecmp(action, "mimepart")) {
- mimepart(arg1, arg2);
+ mimepart(index[1], index[2], 0);
+ } else if (!strcasecmp(action, "mimepart_download")) {
+ mimepart(index[1], index[2], 1);
} else if (!strcasecmp(action, "edit_vcard")) {
edit_vcard();
} else if (!strcasecmp(action, "submit_vcard")) {
display_floorconfig(NULL);
} else if (!strcasecmp(action, "toggle_self_service")) {
toggle_self_service();
-#ifdef WEBCIT_WITH_CALENDAR_SERVICE
} else if (!strcasecmp(action, "display_edit_task")) {
display_edit_task();
} else if (!strcasecmp(action, "save_task")) {
respond_to_request();
} else if (!strcasecmp(action, "handle_rsvp")) {
handle_rsvp();
-#endif
} else if (!strcasecmp(action, "summary")) {
summary();
} else if (!strcasecmp(action, "summary_inner_div")) {
display_inetconf();
} else if (!strcasecmp(action, "save_inetconf")) {
save_inetconf();
+ } else if (!strcasecmp(action, "display_smtpqueue")) {
+ display_smtpqueue();
+ } else if (!strcasecmp(action, "display_smtpqueue_inner_div")) {
+ display_smtpqueue_inner_div();
+ } else if (!strcasecmp(action, "display_sieve")) {
+ display_sieve();
+ } else if (!strcasecmp(action, "save_sieve")) {
+ save_sieve();
+ } else if (!strcasecmp(action, "display_pushemail")) {
+ display_pushemail();
+ } else if (!strcasecmp(action, "save_pushemail")) {
+ save_pushemail();
+ } else if (!strcasecmp(action, "display_add_remove_scripts")) {
+ display_add_remove_scripts(NULL);
+ } else if (!strcasecmp(action, "create_script")) {
+ create_script();
+ } else if (!strcasecmp(action, "delete_script")) {
+ delete_script();
} else if (!strcasecmp(action, "setup_wizard")) {
do_setup_wizard();
} else if (!strcasecmp(action, "display_preferences")) {
recp_autocomplete(bstr("cc"));
} else if (!strcasecmp(action, "bcc_autocomplete")) {
recp_autocomplete(bstr("bcc"));
+ } else if (!strcasecmp(action, "display_address_book_middle_div")) {
+ display_address_book_middle_div();
+ } else if (!strcasecmp(action, "display_address_book_inner_div")) {
+ display_address_book_inner_div();
} else if (!strcasecmp(action, "set_floordiv_expanded")) {
- set_floordiv_expanded(arg1);
+ set_floordiv_expanded(index[1]);
} else if (!strcasecmp(action, "diagnostics")) {
output_headers(1, 1, 1, 0, 0, 0);
wprintf("Session: %d<hr />\n", WC->wc_session);
dump_vars();
wprintf("</PRE><hr />\n");
wDumpContent(1);
- } else if (!strcasecmp(action, "updatenote")) {
- updatenote();
+ } else if (!strcasecmp(action, "add_new_note")) {
+ add_new_note();
+ } else if (!strcasecmp(action, "ajax_update_note")) {
+ ajax_update_note();
+ } else if (!strcasecmp(action, "display_room_directory")) {
+ display_room_directory();
+ } else if (!strcasecmp(action, "display_pictureview")) {
+ display_pictureview();
+ } else if (!strcasecmp(action, "download_file")) {
+ download_file(index[1]);
+ } else if (!strcasecmp(action, "upload_file")) {
+ upload_file();
}
/** When all else fais, display the main menu. */
else {
display_main_menu();
}
-
+}
SKIP_ALL_THIS_CRAP:
fflush(stdout);
if (content != NULL) {
}
}
+/**
+ * \brief Replacement for sleep() that uses select() in order to avoid SIGALRM
+ * \param seconds how many seconds should we sleep?
+ */
+void sleeeeeeeeeep(int seconds)
+{
+ struct timeval tv;
+
+ tv.tv_sec = seconds;
+ tv.tv_usec = 0;
+ select(0, NULL, NULL, NULL, &tv);
+}
+
/*@}*/