if (session_to_kill != NULL) {
pthread_mutex_lock(&session_to_kill->SessionMutex);
close(session_to_kill->serv_sock);
+ close(session_to_kill->chat_sock);
if (session_to_kill->preferences != NULL) {
free(session_to_kill->preferences);
}
a = client_gets(sock, buf);
if (a<1) return(-1);
} else {
- strcpy(buf, hold);
+ safestrncpy(buf, hold, SIZ);
}
strcpy(hold, "");
int desired_session = 0;
int got_cookie = 0;
struct wcsession *TheSession, *sptr;
- int outside_frameset_allowed = 0;
/*
* Find out what it is that the web browser is asking for
hptr->next = NULL;
last = hptr;
- strcpy(hptr->line, buf);
+ safestrncpy(hptr->line, buf, sizeof hptr->line);
} while (strlen(buf) > 0);
- strcpy(buf, req->line);
+ safestrncpy(buf, req->line, sizeof buf);
lprintf(5, "HTTP: %s\n", buf);
/* Check for bogus requests */
/*
* While we're at it, gracefully handle requests for the
- * robots.txt file...
+ * robots.txt and favicon.ico files.
*/
if (!strncasecmp(buf, "/robots.txt", 11)) {
strcpy(req->line, "GET /static/robots.txt"
"?force_close_session=yes HTTP/1.0");
}
+ else if (!strncasecmp(buf, "/favicon.ico", 12)) {
+ strcpy(req->line, "GET /static/favicon.ico");
+ }
/* These are the URL's which may be executed without a
* session cookie already set. If it's not one of these,
else if ( (strcmp(buf, "/"))
&& (strncasecmp(buf, "/listsub", 8))
&& (strncasecmp(buf, "/freebusy", 9))
+ && (strncasecmp(buf, "/do_logout", 10))
&& (got_cookie == 0)) {
strcpy(req->line, "GET /static/nocookies.html"
"?force_close_session=yes HTTP/1.0");
}
- /* These are the URL's which may be executed outside of the
- * main frameset. If it's not one of these, the page will
- * need JavaScript added to force the frameset to reload.
- */
- if ( (!strcasecmp(buf, "/"))
- || (!strcasecmp(buf, "/static/mainframeset.html"))
- || (!strcasecmp(buf, "/static/robots.txt"))
- || (!strncasecmp(buf, "/do_welcome", 11))
- || (!strncasecmp(buf, "/page_popup", 11))
- || (!strncasecmp(buf, "/listsub", 8))
- || (!strncasecmp(buf, "/freebusy", 9))
- || (!strncasecmp(buf, "/termquit", 9)) ) {
- outside_frameset_allowed = 1;
- }
- else {
- outside_frameset_allowed = 0;
- }
-
/*
* See if there's an existing session open with the desired ID
*/
TheSession = (struct wcsession *)
malloc(sizeof(struct wcsession));
memset(TheSession, 0, sizeof(struct wcsession));
+ TheSession->serv_sock = (-1);
+ TheSession->chat_sock = (-1);
TheSession->wc_session = GenerateSessionID();
pthread_mutex_init(&TheSession->SessionMutex, NULL);
pthread_setspecific(MyConKey, (void *)TheSession);
TheSession->http_sock = sock;
TheSession->lastreq = time(NULL); /* log */
- TheSession->outside_frameset_allowed = outside_frameset_allowed;
- session_loop(req); /* do transaction */
+ session_loop(req); /* do transaction */
pthread_mutex_unlock(&TheSession->SessionMutex); /* unbind */
/* Free the request buffer */
free(req);
req = hptr;
}
+
+ /* Free up any session-local substitution variables which
+ * were set during this transaction
+ */
+ clear_local_substs();
}