/*
* $Id$
- *
- * This is the main transaction loop of the web service. It maintains a
+ */
+/**
+ * \defgroup MainServer This is the main transaction loop of the web service. It maintains a
* persistent session to the Citadel server, handling HTTP WebCit requests as
* they arrive and presenting a user interface.
- *
+ * \ingroup WebcitHttpServer
*/
-
+/*@{*/
#include "webcit.h"
#include "groupdav.h"
#include "webserver.h"
#include "mime_parser.h"
-/*
- * Subdirectories from which the client may request static content
- */
-char *static_content_dirs[] = {
- "static",
- "tiny_mce"
-};
-
-/*
+/**
* String to unset the cookie.
* Any date "in the past" will work, so I chose my birthday, right down to
* the exact minute. :)
*/
static char *unset = "; expires=28-May-1971 18:10:00 GMT";
+/**
+ * \brief remove escaped strings from i.e. the url string (like %20 for blanks)
+ * \param buf the buffer to examine
+ */
void unescape_input(char *buf)
{
int a, b;
char hex[3];
+ long buflen;
- while ((isspace(buf[strlen(buf) - 1])) && (strlen(buf) > 0))
- buf[strlen(buf) - 1] = 0;
+ buflen = strlen(buf);
- for (a = 0; a < strlen(buf); ++a) {
+ while ((isspace(buf[buflen - 1])) && (buflen > 0)){
+ buf[buflen - 1] = 0;
+ buflen --;
+ }
+
+ for (a = 0; a < buflen; ++a) {
if (buf[a] == '+')
buf[a] = ' ';
if (buf[a] == '%') {
b = 0;
sscanf(hex, "%02x", &b);
buf[a] = (char) b;
- strcpy(&buf[a + 1], &buf[a + 3]);
+ memmove(&buf[a + 1], &buf[a + 3], buflen - a - 2);
+
+ buflen -=2;
}
}
}
-
+/**
+ * \brief Extract variables from the URL.
+ * \param url URL supplied by the HTTP parser
+ */
void addurls(char *url)
{
char *up, *ptr;
up = url;
while (strlen(up) > 0) {
- /* locate the = sign */
+ /** locate the = sign */
safestrncpy(buf, up, sizeof buf);
b = (-1);
for (a = 255; a >= 0; --a)
WC->urlstrings = u;
safestrncpy(u->url_key, buf, sizeof u->url_key);
- /* now chop that part off */
+ /** now chop that part off */
for (a = 0; a <= b; ++a)
++up;
- /* locate "&" and "?" delimiters */
+ /** locate "&" and "?" delimiters */
ptr = up;
b = strlen(up);
for (a = 0; a < strlen(up); ++a) {
unescape_input(u->url_data);
up = ptr;
++up;
+
+ /* lprintf(9, "%s = %s\n", u->url_key, u->url_data); */
}
}
+/**
+ * \brief free urlstring memory
+ */
void free_urls(void)
{
struct urlcontent *u;
}
}
-/*
- * Diagnostic function to display the contents of all variables
+/**
+ * \brief Diagnostic function to display the contents of all variables
*/
void dump_vars(void)
{
}
}
+/**
+ * \brief Return the value of a variable supplied to the current web page (from the url or a form)
+ * \param key The name of the variable we want
+ */
char *bstr(char *key)
{
struct urlcontent *u;
return ("");
}
-
+/**
+ * \brief web-printing funcion. uses our vsnprintf wrapper
+ * \param format printf format string
+ * \param ... the varargs to put into formatstring
+ */
void wprintf(const char *format,...)
{
va_list arg_ptr;
}
-/*
- * wDumpContent() wraps up an HTTP session, closes tags, etc.
- *
- * print_standard_html_footer should be set to 0 to transmit only, 1 to
+/**
+ * \brief wrap up an HTTP session, closes tags, etc.
+ * \todo multiline params?
+ * \param print_standard_html_footer should be set to 0 to transmit only, 1 to
* append the main menu and closing tags, or 2 to
* append the closing tags only.
*/
}
-/*
- * Copy a string, escaping characters which have meaning in HTML. If
- * nbsp is nonzero, spaces are converted to non-breaking spaces.
+/**
+ * \brief Copy a string, escaping characters which have meaning in HTML.
+ * \param target target buffer
+ * \param strbuf source buffer
+ * \param nbsp If nonzero, spaces are converted to non-breaking spaces.
+ * \param nolinebreaks if set, linebreaks are removed from the string.
*/
void stresc(char *target, char *strbuf, int nbsp, int nolinebreaks)
{
}
}
+/**
+ * \brief WHAT???
+ * \param strbuf what???
+ * \param nbsp If nonzero, spaces are converted to non-breaking spaces.
+ * \param nolinebreaks if set, linebreaks are removed from the string.
+ */
void escputs1(char *strbuf, int nbsp, int nolinebreaks)
{
char *buf;
free(buf);
}
+/**
+ * \brief static wrapper for ecsputs1
+ * \param strbuf buffer to print escaped to client
+ */
void escputs(char *strbuf)
{
escputs1(strbuf, 0, 0);
}
-/*
- * Escape a string for feeding out as a URL.
- * Returns a pointer to a buffer that must be freed by the caller!
+/**
+ * \brief Escape a string for feeding out as a URL.
+ * \param outbuf the output buffer
+ * \param strbuf the input buffer
*/
void urlesc(char *outbuf, char *strbuf)
{
int a, b, c;
- char *ec = " #&;`'|*?-~<>^()[]{}$\"\\";
+ char *ec = " #&;`'|*?-~<>^()[]{}/$\"\\";
strcpy(outbuf, "");
}
}
+/**
+ * \brief urlescape buffer and print it to the client
+ * \param strbuf buffer to urlescape
+ */
void urlescputs(char *strbuf)
{
char outbuf[SIZ];
}
-/*
- * Copy a string, escaping characters for JavaScript strings.
+/**
+ * \brief Copy a string, escaping characters for JavaScript strings.
+ * \param target output string
+ * \param strbuf input string
*/
void jsesc(char *target, char *strbuf)
{
}
}
+/**
+ * \brief escape and print java script
+ * \param strbuf the js code
+ */
void jsescputs(char *strbuf)
{
char outbuf[SIZ];
wprintf("%s", outbuf);
}
-/*
- * Copy a string, escaping characters for message text hold
+/**
+ * \brief Copy a string, escaping characters for message text hold
+ * \param target target buffer
+ * \param strbuf source buffer
*/
void msgesc(char *target, char *strbuf)
{
}
}
+/**
+ * \brief print a string to the client after cleaning it with msgesc()
+ * \param strbuf string to be printed
+ */
void msgescputs(char *strbuf) {
char *outbuf;
-/*
- * Output all that important stuff that the browser will want to see
+/**
+ * \brief Output all that important stuff that the browser will want to see
*/
-void output_headers( int do_httpheaders, /* 1 = output HTTP headers */
- int do_htmlhead, /* 1 = output HTML <head> section and <body> opener */
+void output_headers( int do_httpheaders, /**< 1 = output HTTP headers */
+ int do_htmlhead, /**< 1 = output HTML <head> section and <body> opener */
- int do_room_banner, /* 0=no, 1=yes, */
- /* 2 = I'm going to embed my own, so don't open the */
- /* <div id="content"> either. */
+ int do_room_banner, /**< 0=no, 1=yes,
+ * 2 = I'm going to embed my own, so don't open the
+ * <div id="content"> either.
+ */
- int unset_cookies, /* 1 = session is terminating, so unset the cookies */
- int suppress_check, /* 1 = suppress check for instant messages */
- int cache /* 1 = allow browser to cache this page */
+ int unset_cookies, /**< 1 = session is terminating, so unset the cookies */
+ int suppress_check, /**< 1 = suppress check for instant messages */
+ int cache /**< 1 = allow browser to cache this page */
) {
- char cookie[SIZ];
- char httpnow[SIZ];
+ char cookie[1024];
+ char httpnow[128];
wprintf("HTTP/1.1 200 OK\n");
- httpdate(httpnow, time(NULL));
+ http_datestring(httpnow, sizeof httpnow, time(NULL));
if (do_httpheaders) {
wprintf("Content-type: text/html; charset=utf-8\r\n"
}
if (do_htmlhead) {
- /* wprintf("\n"); */
begin_burst();
+ if (!access("static.local/webcit.css", R_OK)) {
+ svprintf("CSSLOCAL", WCS_STRING,
+ "<link href=\"static.local/webcit.css\" rel=\"stylesheet\" type=\"text/css\">"
+ );
+ }
do_template("head");
}
- /* ICONBAR */
+ /** ICONBAR */
if (do_htmlhead) {
- if (WC->HaveInstantMessages) {
- wprintf("<div id=\"page_popup\">\n");
- page_popup();
- wprintf("</div>\n");
- }
+
+ /** check for ImportantMessages (these display in a div overlaying the main screen) */
if (strlen(WC->ImportantMessage) > 0) {
wprintf("<div id=\"important_message\">\n");
- wprintf("<SPAN CLASS=\"imsg\">"
- "%s</SPAN><br />\n", WC->ImportantMessage);
+ wprintf("<span class=\"imsg\">"
+ "%s</span><br />\n", WC->ImportantMessage);
wprintf("</div>\n");
wprintf("<script type=\"text/javascript\">\n"
" setTimeout('hide_imsg_popup()', 3000); \n"
"</script>\n");
safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
}
+
if ( (WC->logged_in) && (!unset_cookies) ) {
wprintf("<div id=\"iconbar\">");
- do_iconbar();
- wprintf("</div>\n");
+ do_selected_iconbar();
+ /** check for instant messages (these display in a new window) */
+ page_popup();
+ wprintf("</div>");
}
+
if (do_room_banner == 1) {
wprintf("<div id=\"banner\">\n");
embed_room_banner(NULL, navbar_default);
}
-/*
- * Generic function to do an HTTP redirect. Easy and fun.
+/**
+ * \brief Generic function to do an HTTP redirect. Easy and fun.
+ * \param whichpage target url to 302 to
*/
void http_redirect(char *whichpage) {
wprintf("HTTP/1.1 302 Moved Temporarily\n");
wprintf("URI: %s\r\n", whichpage);
wprintf("Content-type: text/html; charset=utf-8\r\n\r\n");
wprintf("<html><body>");
- wprintf("Go <A HREF=\"%s\">here</A>.", whichpage);
+ wprintf("Go <a href=\"%s\">here</A>.", whichpage);
wprintf("</body></html>\n");
}
-void check_for_instant_messages()
-{
- char buf[SIZ];
-
- serv_puts("NOOP");
- serv_getln(buf, sizeof buf);
- if (buf[3] == '*') WC->HaveInstantMessages = 1;
-}
-
-
-
-
-/*
- * Output a piece of content to the web browser
+/**
+ * \brief Output a piece of content to the web browser
*/
void http_transmit_thing(char *thing, size_t length, char *content_type,
int is_static) {
SERVER);
#ifdef HAVE_ZLIB
- /* If we can send the data out compressed, please do so. */
+ /** If we can send the data out compressed, please do so. */
if (WC->gzip_ok) {
char *compressed_data = NULL;
uLongf compressed_len;
}
#endif
- /* No compression ... just send it out as-is */
+ /** No compression ... just send it out as-is */
wprintf("Content-length: %ld\r\n"
"\r\n",
(long) length
-
+/**
+ * \brief dump out static pages from disk
+ * \param what the file urs to print
+ */
void output_static(char *what)
{
FILE *fp;
}
-/*
- * When the browser requests an image file from the Citadel server,
+/**
+ * \brief When the browser requests an image file from the Citadel server,
* this function is called to transmit it.
*/
void output_image()
bytes = extract_long(&buf[4], 0);
xferbuf = malloc(bytes + 2);
- /* Read it from the server */
+ /** Read it from the server */
read_server_binary(xferbuf, bytes);
serv_puts("CLOS");
serv_getln(buf, sizeof buf);
- /* Write it to the browser */
+ /** Write it to the browser */
http_transmit_thing(xferbuf, (size_t)bytes, "image/gif", 0);
free(xferbuf);
} else {
- /* Instead of an ugly 404, send a 1x1 transparent GIF
+ /**
+ * Instead of an ugly 404, send a 1x1 transparent GIF
* when there's no such image on the server.
*/
output_static("static/blank.gif");
}
-/*
- * Generic function to output an arbitrary MIME part from an arbitrary
- * message number on the server.
+/**
+ * \brief Generic function to output an arbitrary MIME part from an arbitrary
+ * message number on the server.
+ *
+ * \param msgnum Number of the item on the citadel server
+ * \param partnum The MIME part to be output
+ * \param force_download Nonzero to force set the Content-Type: header
+ * to "application/octet-stream"
*/
-void mimepart(char *msgnum, char *partnum)
+void mimepart(char *msgnum, char *partnum, int force_download)
{
- char buf[SIZ];
+ char buf[256];
off_t bytes;
- char content_type[SIZ];
+ char content_type[256];
char *content = NULL;
serv_printf("OPNA %s|%s", msgnum, partnum);
if (buf[0] == '2') {
bytes = extract_long(&buf[4], 0);
content = malloc(bytes + 2);
- extract_token(content_type, &buf[4], 3, '|', sizeof content_type);
+ if (force_download) {
+ strcpy(content_type, "application/octet-stream");
+ }
+ else {
+ extract_token(content_type, &buf[4], 3, '|', sizeof content_type);
+ }
output_headers(0, 0, 0, 0, 0, 0);
read_server_binary(content, bytes);
serv_puts("CLOS");
}
-/*
- * Read any MIME part of a message, from the server, into memory.
+/**
+ * \brief Read any MIME part of a message, from the server, into memory.
+ * \param msgnum number of the message on the citadel server
+ * \param partnum the MIME part to be loaded
*/
char *load_mimepart(long msgnum, char *partnum)
{
char content_type[SIZ];
char *content;
- serv_printf("OPNA %ld|%s", msgnum, partnum);
+ serv_printf("DLAT %ld|%s", msgnum, partnum);
serv_getln(buf, sizeof buf);
- if (buf[0] == '2') {
+ if (buf[0] == '6') {
bytes = extract_long(&buf[4], 0);
extract_token(content_type, &buf[4], 3, '|', sizeof content_type);
content = malloc(bytes + 2);
- read_server_binary(content, bytes);
+ serv_read(content, bytes);
- serv_puts("CLOS");
- serv_getln(buf, sizeof buf);
content[bytes] = 0; /* null terminate for good measure */
return(content);
}
}
-/*
- * Convenience functions to display a page containing only a string
+/**
+ * \brief Convenience functions to display a page containing only a string
+ * \param titlebarcolor color of the titlebar of the frame
+ * \param titlebarmsg text to display in the title bar
+ * \param messagetext body of the box
*/
void convenience_page(char *titlebarcolor, char *titlebarmsg, char *messagetext)
{
wprintf("HTTP/1.1 200 OK\n");
output_headers(1, 1, 2, 0, 0, 0);
wprintf("<div id=\"banner\">\n");
- wprintf("<TABLE WIDTH=100%% BORDER=0 BGCOLOR=\"#%s\"><TR><TD>", titlebarcolor);
- wprintf("<SPAN CLASS=\"titlebar\">%s</SPAN>\n", titlebarmsg);
- wprintf("</TD></TR></TABLE>\n");
+ wprintf("<table width=100%% border=0 bgcolor=\"#%s\"><tr><td>", titlebarcolor);
+ wprintf("<span class=\"titlebar\">%s</span>\n", titlebarmsg);
+ wprintf("</td></tr></table>\n");
wprintf("</div>\n<div id=\"content\">\n");
escputs(messagetext);
}
-/*
- * Display a blank page.
+/**
+ * \brief Display a blank page.
*/
void blank_page(void) {
output_headers(1, 1, 0, 0, 0, 0);
}
-/*
- * A template has been requested
+/**
+ * \brief A template has been requested
*/
void url_do_template(void) {
do_template(bstr("template"));
-/*
- * Offer to make any page the user's "start page."
+/**
+ * \brief Offer to make any page the user's "start page."
*/
void offer_start_page(void) {
- wprintf("<A HREF=\"/change_start_page?startpage=");
+ wprintf("<a href=\"change_start_page?startpage=");
urlescputs(WC->this_page);
- wprintf("\"><FONT SIZE=-2 COLOR=\"#AAAAAA\">");
+ wprintf("\">");
wprintf(_("Make this my start page"));
- wprintf("</FONT></A>");
+ wprintf("</a>");
/*
- wprintf("<br/><a href=\"/rss?room=");
+ wprintf("<br/><a href=\"rss?room=");
urlescputs(WC->wc_roomname);
wprintf("\" title=\"RSS 2.0 feed for ");
escputs(WC->wc_roomname);
- wprintf("\"><img alt=\"RSS\" border=\"0\" src=\"/static/xml_button.gif\"/></a>\n");
+ wprintf("\"><img alt=\"RSS\" border=\"0\" src=\"static/xml_button.gif\"/></a>\n");
*/
}
-/*
- * Change the user's start page
+/**
+ * \brief Change the user's start page
*/
void change_start_page(void) {
-
+/**
+ * \brief convenience function to indicate success
+ * \param successmessage the mesage itself
+ */
void display_success(char *successmessage)
{
convenience_page("007700", "OK", successmessage);
}
-/* Authorization required page */
-/* This is probably temporary and should be revisited */
+/**
+ * \brief Authorization required page
+ * This is probably temporary and should be revisited
+ * \param message message to put in header
+*/
void authorization_required(const char *message)
{
wprintf("HTTP/1.1 401 Authorization Required\r\n");
wDumpContent(0);
}
-
+/**
+ * \brief This function is called by the MIME parser to handle data uploaded by
+ * the browser. Form data, uploaded files, and the data from HTTP PUT
+ * operations (such as those found in GroupDAV) all arrive this way.
+ *
+ * \param name Name of the item being uploaded
+ * \param filename Filename of the item being uploaded
+ * \param partnum MIME part identifier (not needed)
+ * \param disp MIME content disposition (not needed)
+ * \param content The actual data
+ * \param cbtype MIME content-type
+ * \param cbcharset Character set
+ * \param length Content length
+ * \param encoding MIME encoding type (not needed)
+ * \param userdata Not used here
+ */
void upload_handler(char *name, char *filename, char *partnum, char *disp,
void *content, char *cbtype, char *cbcharset,
size_t length, char *encoding, void *userdata)
{
struct urlcontent *u;
- /* lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n",
- name, cbtype, length); */
+ lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n", name, cbtype, length);
/* Form fields */
if ( (length > 0) && (strlen(cbtype) == 0) ) {
u->url_data = malloc(length + 1);
memcpy(u->url_data, content, length);
u->url_data[length] = 0;
+ /* lprintf(9, "Key: <%s> Data: <%s>\n", u->url_key, u->url_data); */
}
- /* Uploaded files */
+ /** Uploaded files */
if ( (length > 0) && (strlen(cbtype) > 0) ) {
WC->upload = malloc(length);
if (WC->upload != NULL) {
}
-/*
- * Convenience functions to wrap around asynchronous ajax responses
+/**
+ * \brief Convenience functions to wrap around asynchronous ajax responses
*/
void begin_ajax_response(void) {
output_headers(0, 0, 0, 0, 0, 0);
begin_burst();
}
+/**
+ * \brief print ajax response footer
+ */
void end_ajax_response(void) {
wprintf("\r\n");
wDumpContent(0);
}
+/**
+ * \brief Wraps a Citadel server command in an AJAX transaction.
+ */
void ajax_servcmd(void)
{
char buf[1024];
serv_printf("%s", bstr("g_cmd"));
serv_getln(buf, sizeof buf);
+ wprintf("%s\n", buf);
if (buf[0] == '8') {
serv_printf("\n\n000");
}
if ((buf[0] == '1') || (buf[0] == '8')) {
while (serv_getln(gcontent, sizeof gcontent), strcmp(gcontent, "000")) {
- /* maybe do something with it? */
+ wprintf("%s\n", gcontent);
}
wprintf("000");
}
if (buf[0] == '4') {
- text_to_server(bstr("g_input"), 0);
+ text_to_server(bstr("g_input"));
serv_puts("000");
}
if (buf[0] == '6') {
}
end_ajax_response();
+
+ /**
+ * This is kind of an ugly hack, but this is the only place it can go.
+ * If the command was GEXP, then the instant messenger window must be
+ * running, so reset the "last_pager_check" watchdog timer so
+ * that page_popup() doesn't try to open it a second time.
+ */
+ if (!strncasecmp(bstr("g_cmd"), "GEXP", 4)) {
+ WC->last_pager_check = time(NULL);
+ }
}
+/**
+ * \brief Helper function for the asynchronous check to see if we need
+ * to open the instant messenger window.
+ */
+void seconds_since_last_gexp(void)
+{
+ char buf[256];
+
+ begin_ajax_response();
+ if ( (time(NULL) - WC->last_pager_check) < 30) {
+ wprintf("NO\n");
+ }
+ else {
+ serv_puts("NOOP");
+ serv_getln(buf, sizeof buf);
+ if (buf[3] == '*') {
+ wprintf("YES");
+ }
+ else {
+ wprintf("NO");
+ }
+ }
+ end_ajax_response();
+}
-/*
- * Entry point for WebCit transaction
+/**
+ * \brief Entry point for WebCit transaction
*/
void session_loop(struct httprequest *req)
{
char cmd[1024];
char action[1024];
- char arg1[128];
- char arg2[128];
- char arg3[128];
- char arg4[128];
- char arg5[128];
- char arg6[128];
- char arg7[128];
+ char arg[8][128];
+ size_t sizes[10];
+ char *index[10];
char buf[SIZ];
char request_method[128];
char pathname[1024];
- int a, b;
+ int a, b, nBackDots, nEmpty;
int ContentLength = 0;
int BytesRead = 0;
char ContentType[512];
char *content = NULL;
char *content_end = NULL;
struct httprequest *hptr;
- char browser_host[SIZ];
- char user_agent[SIZ];
+ char browser_host[256];
+ char user_agent[256];
int body_start = 0;
int is_static = 0;
-
- /* We stuff these with the values coming from the client cookies,
+ int n_static = 0;
+ /**
+ * We stuff these with the values coming from the client cookies,
* so we can use them to reconnect a timed out session if we have to.
*/
char c_username[SIZ];
safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
safestrncpy(c_httpauth_user, DEFAULT_HTTPAUTH_USER, sizeof c_httpauth_user);
safestrncpy(c_httpauth_pass, DEFAULT_HTTPAUTH_PASS, sizeof c_httpauth_pass);
+ strcpy(browser_host, "");
WC->upload_length = 0;
WC->upload = NULL;
WC->vars = NULL;
-
WC->is_wap = 0;
hptr = req;
extract_token(request_method, cmd, 0, ' ', sizeof request_method);
extract_token(pathname, cmd, 1, ' ', sizeof pathname);
- /* Figure out the action */
- extract_token(action, pathname, 1, '/', sizeof action);
- if (strstr(action, "?")) *strstr(action, "?") = 0;
- if (strstr(action, "&")) *strstr(action, "&") = 0;
- if (strstr(action, " ")) *strstr(action, " ") = 0;
-
- extract_token(arg1, pathname, 2, '/', sizeof arg1);
- if (strstr(arg1, "?")) *strstr(arg1, "?") = 0;
- if (strstr(arg1, "&")) *strstr(arg1, "&") = 0;
- if (strstr(arg1, " ")) *strstr(arg1, " ") = 0;
-
- extract_token(arg2, pathname, 3, '/', sizeof arg2);
- if (strstr(arg2, "?")) *strstr(arg2, "?") = 0;
- if (strstr(arg2, "&")) *strstr(arg2, "&") = 0;
- if (strstr(arg2, " ")) *strstr(arg2, " ") = 0;
-
- extract_token(arg3, pathname, 4, '/', sizeof arg3);
- if (strstr(arg3, "?")) *strstr(arg3, "?") = 0;
- if (strstr(arg3, "&")) *strstr(arg3, "&") = 0;
- if (strstr(arg3, " ")) *strstr(arg3, " ") = 0;
-
- extract_token(arg4, pathname, 5, '/', sizeof arg4);
- if (strstr(arg4, "?")) *strstr(arg4, "?") = 0;
- if (strstr(arg4, "&")) *strstr(arg4, "&") = 0;
- if (strstr(arg4, " ")) *strstr(arg4, " ") = 0;
-
- extract_token(arg5, pathname, 6, '/', sizeof arg5);
- if (strstr(arg5, "?")) *strstr(arg5, "?") = 0;
- if (strstr(arg5, "&")) *strstr(arg5, "&") = 0;
- if (strstr(arg5, " ")) *strstr(arg5, " ") = 0;
-
- extract_token(arg6, pathname, 7, '/', sizeof arg6);
- if (strstr(arg6, "?")) *strstr(arg6, "?") = 0;
- if (strstr(arg6, "&")) *strstr(arg6, "&") = 0;
- if (strstr(arg6, " ")) *strstr(arg6, " ") = 0;
-
- extract_token(arg7, pathname, 8, '/', sizeof arg7);
- if (strstr(arg7, "?")) *strstr(arg7, "?") = 0;
- if (strstr(arg7, "&")) *strstr(arg7, "&") = 0;
- if (strstr(arg7, " ")) *strstr(arg7, " ") = 0;
+ /** Figure out the action */
+ index[0] = action;
+ sizes[0] = sizeof action;
+ for (a=1; a<9; a++)
+ {
+ index[a] = arg[a-1];
+ sizes[a] = sizeof arg[a-1];
+ }
+//// index[9] = &foo; todo
+ nBackDots = 0;
+ nEmpty = 0;
+ for ( a = 0; a < 9; ++a)
+ {
+ extract_token(index[a], pathname, a + 1, '/', sizes[a]);
+ if (strstr(index[a], "?")) *strstr(index[a], "?") = 0;
+ if (strstr(index[a], "&")) *strstr(index[a], "&") = 0;
+ if (strstr(index[a], " ")) *strstr(index[a], " ") = 0;
+ if ((index[a][0] == '.') && (index[a][1] == '.'))
+ nBackDots++;
+ if (index[a][0] == '\0')
+ nEmpty++;
+ }
while (hptr != NULL) {
safestrncpy(buf, hptr->line, sizeof buf);
+ /* lprintf(9, "HTTP HEADER: %s\n", buf); */
hptr = hptr->next;
if (!strncasecmp(buf, "Cookie: webcit=", 15)) {
else if (!strncasecmp(buf, "User-agent: ", 12)) {
safestrncpy(user_agent, &buf[12], sizeof user_agent);
}
+ else if (!strncasecmp(buf, "X-Forwarded-Host: ", 18)) {
+ if (follow_xff) {
+ safestrncpy(WC->http_host, &buf[18], sizeof WC->http_host);
+ }
+ }
else if (!strncasecmp(buf, "Host: ", 6)) {
- safestrncpy(WC->http_host, &buf[6], sizeof WC->http_host);
+ if (strlen(WC->http_host) == 0) {
+ safestrncpy(WC->http_host, &buf[6], sizeof WC->http_host);
+ }
+ }
+ else if (!strncasecmp(buf, "X-Forwarded-For: ", 17)) {
+ safestrncpy(browser_host, &buf[17], sizeof browser_host);
+ while (num_tokens(browser_host, ',') > 1) {
+ remove_token(browser_host, 0, ',');
+ }
+ striplt(browser_host);
}
- /* Only WAP gateways explicitly name this content-type */
+ /** Only WAP gateways explicitly name this content-type */
else if (strstr(buf, "text/vnd.wap.wml")) {
WC->is_wap = 1;
}
ContentType, ContentLength);
body_start = strlen(content);
- /* Read the entire input data at once. */
- client_read(WC->http_sock, &content[BytesRead+body_start],
- ContentLength);
+ /** Read the entire input data at once. */
+ client_read(WC->http_sock, &content[BytesRead+body_start], ContentLength);
- if (!strncasecmp(ContentType,
- "application/x-www-form-urlencoded", 33)) {
+ if (!strncasecmp(ContentType, "application/x-www-form-urlencoded", 33)) {
addurls(&content[body_start]);
} else if (!strncasecmp(ContentType, "multipart", 9)) {
content_end = content + ContentLength + body_start;
- mime_parser(content, content_end, *upload_handler,
- NULL, NULL, NULL, 0);
+ mime_parser(content, content_end, *upload_handler, NULL, NULL, NULL, 0);
}
} else {
content = NULL;
}
- /* make a note of where we are in case the user wants to save it */
+ /** make a note of where we are in case the user wants to save it */
safestrncpy(WC->this_page, cmd, sizeof(WC->this_page));
remove_token(WC->this_page, 2, ' ');
remove_token(WC->this_page, 0, ' ');
- /* If there are variables in the URL, we must grab them now */
+ /** If there are variables in the URL, we must grab them now */
for (a = 0; a < strlen(cmd); ++a) {
if ((cmd[a] == '?') || (cmd[a] == '&')) {
for (b = a; b < strlen(cmd); ++b)
}
}
+ /** If it's a "force 404" situation then display the error and bail. */
+ if (!strcmp(action, "404")) {
+ wprintf("HTTP/1.1 404 Not found\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Not found\r\n");
+ goto SKIP_ALL_THIS_CRAP;
+ }
- /* Static content can be sent without connecting to Citadel. */
+ /** Static content can be sent without connecting to Citadel. */
is_static = 0;
- for (a=0; a<(sizeof(static_content_dirs) / sizeof(char *)); ++a) {
- if (!strcasecmp(action, static_content_dirs[a])) {
+ for (a=0; a<ndirs; ++a) {
+ if (!strcasecmp(action, (char*)static_content_dirs[a])) { /* map web to disk location */
is_static = 1;
+ n_static = a;
}
}
if (is_static) {
- snprintf(buf, sizeof buf, "%s/%s/%s/%s/%s/%s/%s/%s",
- action, arg1, arg2, arg3, arg4, arg5, arg6, arg7);
- for (a=0; a<8; ++a) {
- if (buf[strlen(buf)-1] == '/') {
- buf[strlen(buf)-1] = 0;
+ if (nBackDots < 2)
+ {
+ snprintf(buf, sizeof buf, "%s/%s/%s/%s/%s/%s/%s/%s",
+ static_dirs[n_static],
+ index[1], index[2], index[3], index[4], index[5], index[6], index[7]);
+ for (a=0; a<8; ++a) {
+ if (buf[strlen(buf)-1] == '/') {
+ buf[strlen(buf)-1] = 0;
+ }
}
- }
- for (a = 0; a < strlen(buf); ++a) {
- if (isspace(buf[a])) {
- buf[a] = 0;
+ for (a = 0; a < strlen(buf); ++a) {
+ if (isspace(buf[a])) {
+ buf[a] = 0;
+ }
}
+ output_static(buf);
+ }
+ else
+ {
+ lprintf(9, "Suspicious request. Ignoring.");
+ wprintf("HTTP/1.1 404 Security check failed\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Security check failed.\r\n");
}
- output_static(buf);
goto SKIP_ALL_THIS_CRAP; /* Don't try to connect */
}
- /*
+ /* If the client sent a nonce that is incorrect, kill the request. */
+ if (strlen(bstr("nonce")) > 0) {
+ if (atoi(bstr("nonce")) != WC->nonce) {
+ lprintf(9, "Ignoring request with mismatched nonce.\n");
+ wprintf("HTTP/1.1 404 Security check failed\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Security check failed.\r\n");
+ goto SKIP_ALL_THIS_CRAP;
+ }
+ }
+
+ /**
* If we're not connected to a Citadel server, try to hook up the
* connection now.
*/
}
else {
WC->connected = 1;
- serv_getln(buf, sizeof buf); /* get the server welcome message */
- locate_host(browser_host, WC->http_sock);
+ serv_getln(buf, sizeof buf); /** get the server welcome message */
+
+ /**
+ * From what host is our user connecting? Go with
+ * the host at the other end of the HTTP socket,
+ * unless we are following X-Forwarded-For: headers
+ * and such a header has already turned up something.
+ */
+ if ( (!follow_xff) || (strlen(browser_host) == 0) ) {
+ locate_host(browser_host, WC->http_sock);
+ }
+
get_serv_info(browser_host, user_agent);
if (serv_info.serv_rev_level < MINIMUM_CIT_VERSION) {
wprintf(_("You are connected to a Citadel "
}
}
- /*
+ /**
* Functions which can be performed without logging in
*/
if (!strcasecmp(action, "listsub")) {
}
#endif
- /*
+ /**
* If we're not logged in, but we have HTTP Authentication data,
* try logging in to Citadel using that.
*/
safestrncpy(WC->httpauth_user, c_httpauth_user, sizeof WC->httpauth_user);
safestrncpy(WC->httpauth_pass, c_httpauth_pass, sizeof WC->httpauth_pass);
} else {
- /* Should only display when password is wrong */
+ /** Should only display when password is wrong */
authorization_required(&buf[4]);
goto SKIP_ALL_THIS_CRAP;
}
}
}
- /* This needs to run early */
+ /** This needs to run early */
if (!strcasecmp(action, "rss")) {
display_rss(bstr("room"), request_method);
goto SKIP_ALL_THIS_CRAP;
}
- /*
+ /**
* The GroupDAV stuff relies on HTTP authentication instead of
* our session's authentication.
*/
}
- /*
+ /**
* Automatically send requests with any method other than GET or
* POST to the GroupDAV code as well.
*/
if ((strcasecmp(request_method, "GET")) && (strcasecmp(request_method, "POST"))) {
- groupdav_main(req, ContentType, /* do GroupDAV methods */
+ groupdav_main(req, ContentType, /** do GroupDAV methods */
ContentLength, content+body_start);
if (!WC->logged_in) {
- WC->killthis = 1; /* If not logged in, don't */
- } /* keep the session active */
+ WC->killthis = 1; /** If not logged in, don't */
+ } /** keep the session active */
goto SKIP_ALL_THIS_CRAP;
}
- /*
+ /**
* If we're not logged in, but we have username and password cookies
* supplied by the browser, try using them to log in.
*/
}
}
}
- /*
+ /**
* If we don't have a current room, but a cookie specifying the
* current room is supplied, make an effort to go there.
*/
}
}
- /*
- * If there are instant messages waiting, retrieve them for display.
- */
- check_for_instant_messages();
-
if (!strcasecmp(action, "image")) {
output_image();
- /*
- * All functions handled below this point ... make sure we log in
- * before doing anything else!
- */
+ /**
+ * All functions handled below this point ... make sure we log in
+ * before doing anything else!
+ */
} else if ((!WC->logged_in) && (!strcasecmp(action, "login"))) {
do_login();
} else if (!WC->logged_in) {
display_login(NULL);
}
- /*
+ /**
* Various commands...
*/
display_main_menu();
} else if (!strcasecmp(action, "who")) {
who();
+ } else if (!strcasecmp(action, "sslg")) {
+ seconds_since_last_gexp();
} else if (!strcasecmp(action, "who_inner_html")) {
begin_ajax_response();
who_inner_div();
end_ajax_response();
+ } else if (!strcasecmp(action, "wholist_section")) {
+ begin_ajax_response();
+ wholist_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "new_messages_html")) {
+ begin_ajax_response();
+ new_messages_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "tasks_inner_html")) {
+ begin_ajax_response();
+ tasks_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "calendar_inner_html")) {
+ begin_ajax_response();
+ calendar_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "iconbar_ajax_menu")) {
+ begin_ajax_response();
+ do_iconbar();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "iconbar_ajax_rooms")) {
+ begin_ajax_response();
+ do_iconbar_roomlist();
+ end_ajax_response();
} else if (!strcasecmp(action, "knrooms")) {
knrooms();
} else if (!strcasecmp(action, "gotonext")) {
readloop("readfwd");
} else if (!strcasecmp(action, "headers")) {
readloop("headers");
+ } else if (!strcasecmp(action, "do_search")) {
+ readloop("do_search");
} else if (!strcasecmp(action, "msg")) {
- embed_message(arg1);
+ embed_message(index[1]);
} else if (!strcasecmp(action, "printmsg")) {
- print_message(arg1);
+ print_message(index[1]);
+ } else if (!strcasecmp(action, "msgheaders")) {
+ display_headers(index[1]);
+ } else if (!strcasecmp(action, "wiki")) {
+ display_wiki_page();
} else if (!strcasecmp(action, "display_enter")) {
display_enter();
} else if (!strcasecmp(action, "post")) {
} else if (!strcasecmp(action, "editroom")) {
editroom();
} else if (!strcasecmp(action, "display_editinfo")) {
- display_edit(_("Room info"), "EINF 0", "RINF", "/editinfo", 1);
+ display_edit(_("Room info"), "EINF 0", "RINF", "editinfo", 1);
} else if (!strcasecmp(action, "editinfo")) {
save_edit(_("Room info"), "EINF 1", 1);
} else if (!strcasecmp(action, "display_editbio")) {
- sprintf(buf, "RBIO %s", WC->wc_username);
+ sprintf(buf, "RBIO %s", WC->wc_fullname);
display_edit(_("Your bio"), "NOOP", buf, "editbio", 3);
} else if (!strcasecmp(action, "editbio")) {
save_edit(_("Your bio"), "EBIO", 0);
} else if (!strcasecmp(action, "display_editpic")) {
display_graphics_upload(_("your photo"),
"UIMG 0|_userpic_",
- "/editpic");
+ "editpic");
} else if (!strcasecmp(action, "editpic")) {
do_graphics_upload("UIMG 1|_userpic_");
} else if (!strcasecmp(action, "display_editroompic")) {
display_graphics_upload(_("the icon for this room"),
"UIMG 0|_roompic_",
- "/editroompic");
+ "editroompic");
} else if (!strcasecmp(action, "editroompic")) {
do_graphics_upload("UIMG 1|_roompic_");
} else if (!strcasecmp(action, "delete_floor")) {
bstr("which_floor"));
display_graphics_upload(_("the icon for this floor"),
buf,
- "/editfloorpic");
+ "editfloorpic");
} else if (!strcasecmp(action, "editfloorpic")) {
sprintf(buf, "UIMG 1|_floorpic_|%s",
bstr("which_floor"));
} else if (!strcasecmp(action, "display_menubar")) {
display_menubar(1);
} else if (!strcasecmp(action, "mimepart")) {
- mimepart(arg1, arg2);
+ mimepart(index[1], index[2], 0);
+ } else if (!strcasecmp(action, "mimepart_download")) {
+ mimepart(index[1], index[2], 1);
} else if (!strcasecmp(action, "edit_vcard")) {
edit_vcard();
} else if (!strcasecmp(action, "submit_vcard")) {
create_user();
} else if (!strcasecmp(action, "changeview")) {
change_view();
- } else if (!strcasecmp(action, "do_stuff_to_msgs")) {
- do_stuff_to_msgs();
} else if (!strcasecmp(action, "change_start_page")) {
change_start_page();
} else if (!strcasecmp(action, "display_floorconfig")) {
begin_ajax_response();
summary_inner_div();
end_ajax_response();
- } else if (!strcasecmp(action, "iconbar")) {
- do_iconbar();
} else if (!strcasecmp(action, "display_customize_iconbar")) {
display_customize_iconbar();
} else if (!strcasecmp(action, "commit_iconbar")) {
display_inetconf();
} else if (!strcasecmp(action, "save_inetconf")) {
save_inetconf();
+ } else if (!strcasecmp(action, "display_smtpqueue")) {
+ display_smtpqueue();
+ } else if (!strcasecmp(action, "display_smtpqueue_inner_div")) {
+ display_smtpqueue_inner_div();
+ } else if (!strcasecmp(action, "display_sieve")) {
+ display_sieve();
+ } else if (!strcasecmp(action, "save_sieve")) {
+ save_sieve();
+ } else if (!strcasecmp(action, "display_add_remove_scripts")) {
+ display_add_remove_scripts(NULL);
+ } else if (!strcasecmp(action, "create_script")) {
+ create_script();
+ } else if (!strcasecmp(action, "delete_script")) {
+ delete_script();
} else if (!strcasecmp(action, "setup_wizard")) {
do_setup_wizard();
} else if (!strcasecmp(action, "display_preferences")) {
recp_autocomplete(bstr("cc"));
} else if (!strcasecmp(action, "bcc_autocomplete")) {
recp_autocomplete(bstr("bcc"));
+ } else if (!strcasecmp(action, "display_address_book_middle_div")) {
+ display_address_book_middle_div();
+ } else if (!strcasecmp(action, "display_address_book_inner_div")) {
+ display_address_book_inner_div();
+ } else if (!strcasecmp(action, "set_floordiv_expanded")) {
+ set_floordiv_expanded(index[1]);
} else if (!strcasecmp(action, "diagnostics")) {
output_headers(1, 1, 1, 0, 0, 0);
wprintf("Session: %d<hr />\n", WC->wc_session);
dump_vars();
wprintf("</PRE><hr />\n");
wDumpContent(1);
+ } else if (!strcasecmp(action, "updatenote")) {
+ updatenote();
+ } else if (!strcasecmp(action, "display_room_directory")) {
+ display_room_directory();
+ } else if (!strcasecmp(action, "download_file")) {
+ download_file(index[1]);
+ } else if (!strcasecmp(action, "upload_file")) {
+ upload_file();
}
- /* When all else fais, display the main menu. */
+ /** When all else fais, display the main menu. */
else {
display_main_menu();
}
free(WC->upload);
WC->upload_length = 0;
}
-
}
+
+
+/*@}*/
projects / citadel.git / blobdiff