X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fwebcit.c;h=c6677b285e1d0f8d24ac59ca7238fb56dae1fc22;hb=0596c6d9b3e9dda73beaa239e6349478667d267d;hp=1efd44c92e41b138b398adf96bd2fe5eaf4ab5aa;hpb=e666076db9c74312f05e71c04a06fd07acdf403e;p=citadel.git

diff --git a/webcit/webcit.c b/webcit/webcit.c
index 1efd44c92..c6677b285 100644
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -28,11 +28,16 @@ void unescape_input(char *buf)
 {
 	int a, b;
 	char hex[3];
+	long buflen;
 
-	while ((isspace(buf[strlen(buf) - 1])) && (strlen(buf) > 0))
-		buf[strlen(buf) - 1] = 0;
+	buflen = strlen(buf);
 
-	for (a = 0; a < strlen(buf); ++a) {
+	while ((isspace(buf[buflen - 1])) && (buflen > 0)){
+		buf[buflen - 1] = 0;
+		buflen --;
+	}
+
+	for (a = 0; a < buflen; ++a) {
 		if (buf[a] == '+')
 			buf[a] = ' ';
 		if (buf[a] == '%') {
@@ -42,7 +47,9 @@ void unescape_input(char *buf)
 			b = 0;
 			sscanf(hex, "%02x", &b);
 			buf[a] = (char) b;
-			strcpy(&buf[a + 1], &buf[a + 3]);
+			memmove(&buf[a + 1], &buf[a + 3], buflen - a - 2);
+			
+			buflen -=2;
 		}
 	}
 
@@ -262,7 +269,7 @@ void escputs(char *strbuf)
 void urlesc(char *outbuf, char *strbuf)
 {
 	int a, b, c;
-	char *ec = " #&;`'|*?-~<>^()[]{}$\"\\";
+	char *ec = " #&;`'|*?-~<>^()[]{}/$\"\\";
 
 	strcpy(outbuf, "");
 
@@ -1193,14 +1200,28 @@ void session_loop(struct httprequest *req)
 		else 
 		{
 			lprintf(9, "Suspicious request. Ignoring.");
-			wprintf("HTTP/1.1 404 Not found. Don't try to Trick me DUDE!\r\n");
+			wprintf("HTTP/1.1 404 Security check failed\r\n");
 			wprintf("Content-Type: text/plain\r\n");
 			wprintf("\r\n");
-			wprintf("Not found. Don't play games on me!\r\n");
+			wprintf("Security check failed.\r\n");
 		}
 		goto SKIP_ALL_THIS_CRAP;	/* Don't try to connect */
 	}
 
+	/* If the client sent a nonce that is incorrect, kill the request. */
+	if (!strcasecmp(request_method, "POST")) {
+		lprintf(9, "Comparing supplied nonce %s to session nonce %ld\n", 
+			bstr("nonce"), WC->nonce);
+		if (atoi(bstr("nonce")) != WC->nonce) {
+			lprintf(9, "Ignoring request with mismatched nonce.\n");
+			wprintf("HTTP/1.1 404 Security check failed\r\n");
+			wprintf("Content-Type: text/plain\r\n");
+			wprintf("\r\n");
+			wprintf("Security check failed.\r\n");
+			goto SKIP_ALL_THIS_CRAP;
+		}
+	}
+
 	/**
 	 * If we're not connected to a Citadel server, try to hook up the
 	 * connection now.
@@ -1388,6 +1409,22 @@ void session_loop(struct httprequest *req)
 		begin_ajax_response();
 		who_inner_div();
 		end_ajax_response();
+	} else if (!strcasecmp(action, "wholist_section")) {
+		begin_ajax_response();
+		wholist_section();
+		end_ajax_response();
+	} else if (!strcasecmp(action, "new_messages_html")) {
+		begin_ajax_response();
+		new_messages_section();
+		end_ajax_response();
+	} else if (!strcasecmp(action, "tasks_inner_html")) {
+		begin_ajax_response();
+		tasks_section();
+		end_ajax_response();
+	} else if (!strcasecmp(action, "calendar_inner_html")) {
+		begin_ajax_response();
+		calendar_section();
+		end_ajax_response();
 	} else if (!strcasecmp(action, "iconbar_ajax_menu")) {
 		begin_ajax_response();
 		do_iconbar();