{
int a, b;
char hex[3];
+ long buflen;
- while ((isspace(buf[strlen(buf) - 1])) && (strlen(buf) > 0))
- buf[strlen(buf) - 1] = 0;
+ buflen = strlen(buf);
- for (a = 0; a < strlen(buf); ++a) {
+ while ((isspace(buf[buflen - 1])) && (buflen > 0)){
+ buf[buflen - 1] = 0;
+ buflen --;
+ }
+
+ for (a = 0; a < buflen; ++a) {
if (buf[a] == '+')
buf[a] = ' ';
if (buf[a] == '%') {
b = 0;
sscanf(hex, "%02x", &b);
buf[a] = (char) b;
- strcpy(&buf[a + 1], &buf[a + 3]);
+ memmove(&buf[a + 1], &buf[a + 3], buflen - a - 2);
+
+ buflen -=2;
}
}
/**
* \brief Escape a string for feeding out as a URL.
- * Returns a pointer to a buffer that must be freed by the caller!
* \param outbuf the output buffer
* \param strbuf the input buffer
*/
void urlesc(char *outbuf, char *strbuf)
{
int a, b, c;
- char *ec = " #&;`'|*?-~<>^()[]{}$\"\\";
+ char *ec = " #&;`'|*?-~<>^()[]{}/$\"\\";
strcpy(outbuf, "");
void offer_start_page(void) {
wprintf("<a href=\"change_start_page?startpage=");
urlescputs(WC->this_page);
- wprintf("\"><font size=-2 color=\"#AAAAAA\">");
+ wprintf("\">");
wprintf(_("Make this my start page"));
- wprintf("</font></a>");
+ wprintf("</a>");
/*
wprintf("<br/><a href=\"rss?room=");
urlescputs(WC->wc_roomname);
{
struct urlcontent *u;
- /* lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n",
- name, cbtype, length); */
+ lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n", name, cbtype, length);
/* Form fields */
if ( (length > 0) && (strlen(cbtype) == 0) ) {
u->url_data = malloc(length + 1);
memcpy(u->url_data, content, length);
u->url_data[length] = 0;
+ /* lprintf(9, "Key: <%s> Data: <%s>\n", u->url_key, u->url_data); */
}
/** Uploaded files */
char user_agent[256];
int body_start = 0;
int is_static = 0;
-
+ int n_static = 0;
/**
* We stuff these with the values coming from the client cookies,
* so we can use them to reconnect a timed out session if we have to.
body_start = strlen(content);
/** Read the entire input data at once. */
- client_read(WC->http_sock, &content[BytesRead+body_start],
- ContentLength);
+ client_read(WC->http_sock, &content[BytesRead+body_start], ContentLength);
- if (!strncasecmp(ContentType,
- "application/x-www-form-urlencoded", 33)) {
+ if (!strncasecmp(ContentType, "application/x-www-form-urlencoded", 33)) {
addurls(&content[body_start]);
} else if (!strncasecmp(ContentType, "multipart", 9)) {
content_end = content + ContentLength + body_start;
- mime_parser(content, content_end, *upload_handler,
- NULL, NULL, NULL, 0);
+ mime_parser(content, content_end, *upload_handler, NULL, NULL, NULL, 0);
}
} else {
content = NULL;
for (a=0; a<ndirs; ++a) {
if (!strcasecmp(action, (char*)static_content_dirs[a])) { /* map web to disk location */
is_static = 1;
+ n_static = a;
}
}
if (is_static) {
if (nBackDots < 2)
{
snprintf(buf, sizeof buf, "%s/%s/%s/%s/%s/%s/%s/%s",
- index[0], index[1], index[2], index[3], index[4], index[5], index[6], index[7]);
+ static_dirs[n_static],
+ index[1], index[2], index[3], index[4], index[5], index[6], index[7]);
for (a=0; a<8; ++a) {
if (buf[strlen(buf)-1] == '/') {
buf[strlen(buf)-1] = 0;
else
{
lprintf(9, "Suspicious request. Ignoring.");
- wprintf("HTTP/1.1 404 Not found. Don't try to Trick me DUDE!\r\n");
+ wprintf("HTTP/1.1 404 Security check failed\r\n");
wprintf("Content-Type: text/plain\r\n");
wprintf("\r\n");
- wprintf("Not found. Don't play games on me!\r\n");
+ wprintf("Security check failed.\r\n");
}
goto SKIP_ALL_THIS_CRAP; /* Don't try to connect */
}
+ /* If the client sent a nonce that is incorrect, kill the request. */
+ if (strlen(bstr("nonce")) > 0) {
+ if (atoi(bstr("nonce")) != WC->nonce) {
+ lprintf(9, "Ignoring request with mismatched nonce.\n");
+ wprintf("HTTP/1.1 404 Security check failed\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Security check failed.\r\n");
+ goto SKIP_ALL_THIS_CRAP;
+ }
+ }
+
/**
* If we're not connected to a Citadel server, try to hook up the
* connection now.
begin_ajax_response();
who_inner_div();
end_ajax_response();
+ } else if (!strcasecmp(action, "wholist_section")) {
+ begin_ajax_response();
+ wholist_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "new_messages_html")) {
+ begin_ajax_response();
+ new_messages_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "tasks_inner_html")) {
+ begin_ajax_response();
+ tasks_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "calendar_inner_html")) {
+ begin_ajax_response();
+ calendar_section();
+ end_ajax_response();
} else if (!strcasecmp(action, "iconbar_ajax_menu")) {
begin_ajax_response();
do_iconbar();
} else if (!strcasecmp(action, "editroom")) {
editroom();
} else if (!strcasecmp(action, "display_editinfo")) {
- display_edit(_("Room info"), "EINF 0", "RINF", "/editinfo", 1);
+ display_edit(_("Room info"), "EINF 0", "RINF", "editinfo", 1);
} else if (!strcasecmp(action, "editinfo")) {
save_edit(_("Room info"), "EINF 1", 1);
} else if (!strcasecmp(action, "display_editbio")) {
recp_autocomplete(bstr("cc"));
} else if (!strcasecmp(action, "bcc_autocomplete")) {
recp_autocomplete(bstr("bcc"));
+ } else if (!strcasecmp(action, "display_address_book_middle_div")) {
+ display_address_book_middle_div();
+ } else if (!strcasecmp(action, "display_address_book_inner_div")) {
+ display_address_book_inner_div();
} else if (!strcasecmp(action, "set_floordiv_expanded")) {
set_floordiv_expanded(index[1]);
} else if (!strcasecmp(action, "diagnostics")) {
wDumpContent(1);
} else if (!strcasecmp(action, "updatenote")) {
updatenote();
+ } else if (!strcasecmp(action, "display_room_directory")) {
+ display_room_directory();
+ } else if (!strcasecmp(action, "download_file")) {
+ download_file(index[1]);
+ } else if (!strcasecmp(action, "upload_file")) {
+ upload_file();
}
/** When all else fais, display the main menu. */