#include "webserver.h"
#include "mime_parser.h"
+#include <stdio.h>
+#include <stdarg.h>
+
/**
* String to unset the cookie.
* Any date "in the past" will work, so I chose my birthday, right down to
{
int a, b;
char hex[3];
+ long buflen;
+
+ buflen = strlen(buf);
- while ((isspace(buf[strlen(buf) - 1])) && (strlen(buf) > 0))
- buf[strlen(buf) - 1] = 0;
+ while ((isspace(buf[buflen - 1])) && (buflen > 0)){
+ buf[buflen - 1] = 0;
+ buflen --;
+ }
- for (a = 0; a < strlen(buf); ++a) {
+ for (a = 0; a < buflen; ++a) {
if (buf[a] == '+')
buf[a] = ' ';
if (buf[a] == '%') {
b = 0;
sscanf(hex, "%02x", &b);
buf[a] = (char) b;
- strcpy(&buf[a + 1], &buf[a + 3]);
+ memmove(&buf[a + 1], &buf[a + 3], buflen - a - 2);
+
+ buflen -=2;
}
}
{
char *up, *ptr;
char buf[SIZ];
- int a, b;
+ int a, b, len;
struct urlcontent *u;
up = url;
- while (strlen(up) > 0) {
+ while (!IsEmptyStr(up)) {
/** locate the = sign */
safestrncpy(buf, up, sizeof buf);
/** locate "&" and "?" delimiters */
ptr = up;
- b = strlen(up);
- for (a = 0; a < strlen(up); ++a) {
+ len = b = strlen(up);
+ for (a = 0; a < len; ++a) {
if ( (ptr[0] == '&') || (ptr[0] == '?') ) {
b = a;
break;
}
++ptr;
}
- ptr = up;
- for (a = 0; a < b; ++a)
- ++ptr;
- strcpy(ptr, "");
+ ptr = up + b;
+ *ptr = '\0';
- u->url_data = malloc(strlen(up) + 2);
- safestrncpy(u->url_data, up, strlen(up) + 1);
+ len = b;
+ u->url_data = malloc(len + 2);
+ safestrncpy(u->url_data, up, b + 1);
u->url_data[b] = 0;
unescape_input(u->url_data);
up = ptr;
++up;
+
+ /* lprintf(9, "%s = %s\n", u->url_key, u->url_data); */
}
}
*/
void stresc(char *target, char *strbuf, int nbsp, int nolinebreaks)
{
- int a;
+ int a, len;
strcpy(target, "");
- for (a = 0; a < strlen(strbuf); ++a) {
+ len = strlen(strbuf);
+ for (a = 0; a < len; ++a) {
if (strbuf[a] == '<')
strcat(target, "<");
else if (strbuf[a] == '>')
/**
* \brief Escape a string for feeding out as a URL.
- * Returns a pointer to a buffer that must be freed by the caller!
* \param outbuf the output buffer
* \param strbuf the input buffer
*/
void urlesc(char *outbuf, char *strbuf)
{
- int a, b, c;
- char *ec = " #&;`'|*?-~<>^()[]{}$\"\\";
+ int a, b, c, len, eclen, olen;
+ char *ec = " #&;`'|*?-~<>^()[]{}/$\"\\";
strcpy(outbuf, "");
-
- for (a = 0; a < strlen(strbuf); ++a) {
+ len = strlen(strbuf);
+ eclen = strlen(ec);
+ olen = 0;
+ for (a = 0; a < len; ++a) {
c = 0;
- for (b = 0; b < strlen(ec); ++b) {
+ for (b = 0; b < eclen; ++b) {
if (strbuf[a] == ec[b])
c = 1;
}
- b = strlen(outbuf);
- if (c == 1)
- sprintf(&outbuf[b], "%%%02x", strbuf[a]);
- else
- sprintf(&outbuf[b], "%c", strbuf[a]);
+ if (c == 1) {
+ sprintf(&outbuf[olen], "%%%02x", strbuf[a]);
+ olen += 3;
+ }
+ else
+ outbuf[olen ++] = strbuf[a];
}
+ outbuf[olen] = '\0';
}
/**
*/
void jsesc(char *target, char *strbuf)
{
- int a;
- strcpy(target, "");
+ int a, len;
- for (a = 0; a < strlen(strbuf); ++a) {
+ target[0]='\0';
+ len = strlen (strbuf);
+ for (a = 0; a < len; ++a) {
if (strbuf[a] == '<')
strcat(target, "[");
else if (strbuf[a] == '>')
*/
void msgesc(char *target, char *strbuf)
{
- int a;
- strcpy(target, "");
+ int a, len;
- for (a = 0; a < strlen(strbuf); ++a) {
+ *target='\0';
+ len = strlen(strbuf);
+ for (a = 0; a < len; ++a) {
if (strbuf[a] == '\n')
strcat(target, " ");
else if (strbuf[a] == '\r')
if (do_htmlhead) {
begin_burst();
+ if (!access("static.local/webcit.css", R_OK)) {
+ svprintf("CSSLOCAL", WCS_STRING,
+ "<link href=\"static.local/webcit.css\" rel=\"stylesheet\" type=\"text/css\">"
+ );
+ }
do_template("head");
}
/** check for ImportantMessages (these display in a div overlaying the main screen) */
- if (strlen(WC->ImportantMessage) > 0) {
+ if (!IsEmptyStr(WC->ImportantMessage)) {
wprintf("<div id=\"important_message\">\n");
wprintf("<span class=\"imsg\">"
"%s</span><br />\n", WC->ImportantMessage);
client_write(thing, (size_t)length);
}
+/**
+ * \brief print menu box like used in the floor view or admin interface.
+ * This function takes pair of strings as va_args,
+ * \param Title Title string of the box
+ * \param Class CSS Class for the box
+ * \param nLines How many string pairs should we print? (URL, UrlText)
+ * \param ... Pairs of URL Strings and their Names
+ */
+void print_menu_box(char* Title, char *Class, int nLines, ...)
+{
+ va_list arg_list;
+ long i;
+
+ svprintf("BOXTITLE", WCS_STRING, Title);
+ do_template("beginbox");
+
+ wprintf("<ul class=\"%s\">", Class);
+
+ va_start(arg_list, (nLines * 2));
+ for (i = 0; i < nLines * 2; i += 2)
+ {
+ wprintf("<li><a href=\"%s\">", va_arg(arg_list, char *));
+ wprintf((char *) va_arg(arg_list, char *));
+ wprintf("</a></li>\n");
+ }
+ va_end (arg_list);
+
+ wprintf("</a></li>\n");
+
+ wprintf("</ul>");
+
+ do_template("endbox");
+}
/**
off_t bytes;
char *bigbuffer;
char content_type[128];
+ int len;
fp = fopen(what, "rb");
if (fp == NULL) {
wprintf("\r\n");
wprintf("Cannot open %s: %s\n", what, strerror(errno));
} else {
- if (!strncasecmp(&what[strlen(what) - 4], ".gif", 4))
+ len = strlen (what);
+ if (!strncasecmp(&what[len - 4], ".gif", 4))
safestrncpy(content_type, "image/gif", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".txt", 4))
+ else if (!strncasecmp(&what[len - 4], ".txt", 4))
safestrncpy(content_type, "text/plain", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".css", 4))
+ else if (!strncasecmp(&what[len - 4], ".css", 4))
safestrncpy(content_type, "text/css", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".jpg", 4))
+ else if (!strncasecmp(&what[len - 4], ".jpg", 4))
safestrncpy(content_type, "image/jpeg", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".png", 4))
+ else if (!strncasecmp(&what[len - 4], ".png", 4))
safestrncpy(content_type, "image/png", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".ico", 4))
+ else if (!strncasecmp(&what[len - 4], ".ico", 4))
safestrncpy(content_type, "image/x-icon", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 5], ".html", 5))
+ else if (!strncasecmp(&what[len - 5], ".html", 5))
safestrncpy(content_type, "text/html", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".htm", 4))
+ else if (!strncasecmp(&what[len - 4], ".htm", 4))
safestrncpy(content_type, "text/html", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 4], ".wml", 4))
+ else if (!strncasecmp(&what[len - 4], ".wml", 4))
safestrncpy(content_type, "text/vnd.wap.wml", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 5], ".wmls", 5))
+ else if (!strncasecmp(&what[len - 5], ".wmls", 5))
safestrncpy(content_type, "text/vnd.wap.wmlscript", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 5], ".wmlc", 5))
+ else if (!strncasecmp(&what[len - 5], ".wmlc", 5))
safestrncpy(content_type, "application/vnd.wap.wmlc", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 6], ".wmlsc", 6))
+ else if (!strncasecmp(&what[len - 6], ".wmlsc", 6))
safestrncpy(content_type, "application/vnd.wap.wmlscriptc", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 5], ".wbmp", 5))
+ else if (!strncasecmp(&what[len - 5], ".wbmp", 5))
safestrncpy(content_type, "image/vnd.wap.wbmp", sizeof content_type);
- else if (!strncasecmp(&what[strlen(what) - 3], ".js", 3))
+ else if (!strncasecmp(&what[len - 3], ".js", 3))
safestrncpy(content_type, "text/javascript", sizeof content_type);
else
safestrncpy(content_type, "application/octet-stream", sizeof content_type);
void offer_start_page(void) {
wprintf("<a href=\"change_start_page?startpage=");
urlescputs(WC->this_page);
- wprintf("\"><font size=-2 color=\"#AAAAAA\">");
+ wprintf("\">");
wprintf(_("Make this my start page"));
- wprintf("</font></a>");
+ wprintf("</a>");
/*
wprintf("<br/><a href=\"rss?room=");
urlescputs(WC->wc_roomname);
{
struct urlcontent *u;
- /* lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n",
- name, cbtype, length); */
+ lprintf(9, "upload_handler() name=%s, type=%s, len=%d\n", name, cbtype, length);
/* Form fields */
- if ( (length > 0) && (strlen(cbtype) == 0) ) {
+ if ( (length > 0) && (IsEmptyStr(cbtype)) ) {
u = (struct urlcontent *) malloc(sizeof(struct urlcontent));
u->next = WC->urlstrings;
WC->urlstrings = u;
u->url_data = malloc(length + 1);
memcpy(u->url_data, content, length);
u->url_data[length] = 0;
+ /* lprintf(9, "Key: <%s> Data: <%s>\n", u->url_key, u->url_data); */
}
/** Uploaded files */
- if ( (length > 0) && (strlen(cbtype) > 0) ) {
+ if ( (length > 0) && (!IsEmptyStr(cbtype)) ) {
WC->upload = malloc(length);
if (WC->upload != NULL) {
WC->upload_length = length;
{
char cmd[1024];
char action[1024];
- char arg1[128];
- char arg2[128];
- char arg3[128];
- char arg4[128];
- char arg5[128];
- char arg6[128];
- char arg7[128];
+ char arg[8][128];
+ size_t sizes[10];
+ char *index[10];
char buf[SIZ];
char request_method[128];
char pathname[1024];
- int a, b;
+ int a, b, nBackDots, nEmpty;
int ContentLength = 0;
int BytesRead = 0;
char ContentType[512];
char user_agent[256];
int body_start = 0;
int is_static = 0;
-
+ int n_static = 0;
+ int len = 0;
/**
* We stuff these with the values coming from the client cookies,
* so we can use them to reconnect a timed out session if we have to.
extract_token(pathname, cmd, 1, ' ', sizeof pathname);
/** Figure out the action */
- extract_token(action, pathname, 1, '/', sizeof action);
- if (strstr(action, "?")) *strstr(action, "?") = 0;
- if (strstr(action, "&")) *strstr(action, "&") = 0;
- if (strstr(action, " ")) *strstr(action, " ") = 0;
-
- extract_token(arg1, pathname, 2, '/', sizeof arg1);
- if (strstr(arg1, "?")) *strstr(arg1, "?") = 0;
- if (strstr(arg1, "&")) *strstr(arg1, "&") = 0;
- if (strstr(arg1, " ")) *strstr(arg1, " ") = 0;
-
- extract_token(arg2, pathname, 3, '/', sizeof arg2);
- if (strstr(arg2, "?")) *strstr(arg2, "?") = 0;
- if (strstr(arg2, "&")) *strstr(arg2, "&") = 0;
- if (strstr(arg2, " ")) *strstr(arg2, " ") = 0;
-
- extract_token(arg3, pathname, 4, '/', sizeof arg3);
- if (strstr(arg3, "?")) *strstr(arg3, "?") = 0;
- if (strstr(arg3, "&")) *strstr(arg3, "&") = 0;
- if (strstr(arg3, " ")) *strstr(arg3, " ") = 0;
-
- extract_token(arg4, pathname, 5, '/', sizeof arg4);
- if (strstr(arg4, "?")) *strstr(arg4, "?") = 0;
- if (strstr(arg4, "&")) *strstr(arg4, "&") = 0;
- if (strstr(arg4, " ")) *strstr(arg4, " ") = 0;
-
- extract_token(arg5, pathname, 6, '/', sizeof arg5);
- if (strstr(arg5, "?")) *strstr(arg5, "?") = 0;
- if (strstr(arg5, "&")) *strstr(arg5, "&") = 0;
- if (strstr(arg5, " ")) *strstr(arg5, " ") = 0;
-
- extract_token(arg6, pathname, 7, '/', sizeof arg6);
- if (strstr(arg6, "?")) *strstr(arg6, "?") = 0;
- if (strstr(arg6, "&")) *strstr(arg6, "&") = 0;
- if (strstr(arg6, " ")) *strstr(arg6, " ") = 0;
-
- extract_token(arg7, pathname, 8, '/', sizeof arg7);
- if (strstr(arg7, "?")) *strstr(arg7, "?") = 0;
- if (strstr(arg7, "&")) *strstr(arg7, "&") = 0;
- if (strstr(arg7, " ")) *strstr(arg7, " ") = 0;
+ index[0] = action;
+ sizes[0] = sizeof action;
+ for (a=1; a<9; a++)
+ {
+ index[a] = arg[a-1];
+ sizes[a] = sizeof arg[a-1];
+ }
+//// index[9] = &foo; todo
+ nBackDots = 0;
+ nEmpty = 0;
+ for ( a = 0; a < 9; ++a)
+ {
+ extract_token(index[a], pathname, a + 1, '/', sizes[a]);
+ if (strstr(index[a], "?")) *strstr(index[a], "?") = 0;
+ if (strstr(index[a], "&")) *strstr(index[a], "&") = 0;
+ if (strstr(index[a], " ")) *strstr(index[a], " ") = 0;
+ if ((index[a][0] == '.') && (index[a][1] == '.'))
+ nBackDots++;
+ if (index[a][0] == '\0')
+ nEmpty++;
+ }
while (hptr != NULL) {
safestrncpy(buf, hptr->line, sizeof buf);
}
}
else if (!strncasecmp(buf, "Host: ", 6)) {
- if (strlen(WC->http_host) == 0) {
+ if (IsEmptyStr(WC->http_host)) {
safestrncpy(WC->http_host, &buf[6], sizeof WC->http_host);
}
}
body_start = strlen(content);
/** Read the entire input data at once. */
- client_read(WC->http_sock, &content[BytesRead+body_start],
- ContentLength);
+ client_read(WC->http_sock, &content[BytesRead+body_start], ContentLength);
- if (!strncasecmp(ContentType,
- "application/x-www-form-urlencoded", 33)) {
+ if (!strncasecmp(ContentType, "application/x-www-form-urlencoded", 33)) {
addurls(&content[body_start]);
} else if (!strncasecmp(ContentType, "multipart", 9)) {
content_end = content + ContentLength + body_start;
- mime_parser(content, content_end, *upload_handler,
- NULL, NULL, NULL, 0);
+ mime_parser(content, content_end, *upload_handler, NULL, NULL, NULL, 0);
}
} else {
content = NULL;
remove_token(WC->this_page, 0, ' ');
/** If there are variables in the URL, we must grab them now */
- for (a = 0; a < strlen(cmd); ++a) {
+ len = strlen(cmd);
+ for (a = 0; a < len; ++a) {
if ((cmd[a] == '?') || (cmd[a] == '&')) {
- for (b = a; b < strlen(cmd); ++b)
- if (isspace(cmd[b]))
+ for (b = a; b < len; ++b) {
+ if (isspace(cmd[b])){
cmd[b] = 0;
+ len = b - 1;
+ }
+ }
addurls(&cmd[a + 1]);
cmd[a] = 0;
+ len = a - 1;
}
}
for (a=0; a<ndirs; ++a) {
if (!strcasecmp(action, (char*)static_content_dirs[a])) { /* map web to disk location */
is_static = 1;
+ n_static = a;
}
}
if (is_static) {
- snprintf(buf, sizeof buf, "%s/%s/%s/%s/%s/%s/%s/%s",
- action, arg1, arg2, arg3, arg4, arg5, arg6, arg7);
- for (a=0; a<8; ++a) {
- if (buf[strlen(buf)-1] == '/') {
- buf[strlen(buf)-1] = 0;
+ if (nBackDots < 2)
+ {
+ snprintf(buf, sizeof buf, "%s/%s/%s/%s/%s/%s/%s/%s",
+ static_dirs[n_static],
+ index[1], index[2], index[3], index[4], index[5], index[6], index[7]);
+ for (a=0; a<8; ++a) {
+ if (buf[strlen(buf)-1] == '/') {
+ buf[strlen(buf)-1] = 0;
+ }
}
- }
- for (a = 0; a < strlen(buf); ++a) {
- if (isspace(buf[a])) {
- buf[a] = 0;
+ for (a = 0; a < strlen(buf); ++a) {
+ if (isspace(buf[a])) {
+ buf[a] = 0;
+ }
}
+ output_static(buf);
+ }
+ else
+ {
+ lprintf(9, "Suspicious request. Ignoring.");
+ wprintf("HTTP/1.1 404 Security check failed\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Security check failed.\r\n");
}
- output_static(buf);
goto SKIP_ALL_THIS_CRAP; /* Don't try to connect */
}
+ /* If the client sent a nonce that is incorrect, kill the request. */
+ if (strlen(bstr("nonce")) > 0) {
+ lprintf(9, "Comparing supplied nonce %s to session nonce %ld\n",
+ bstr("nonce"), WC->nonce);
+ if (atoi(bstr("nonce")) != WC->nonce) {
+ lprintf(9, "Ignoring request with mismatched nonce.\n");
+ wprintf("HTTP/1.1 404 Security check failed\r\n");
+ wprintf("Content-Type: text/plain\r\n");
+ wprintf("\r\n");
+ wprintf("Security check failed.\r\n");
+ goto SKIP_ALL_THIS_CRAP;
+ }
+ }
+
/**
* If we're not connected to a Citadel server, try to hook up the
* connection now.
* supplied by the browser, try using them to log in.
*/
if ((!WC->logged_in)
- && (strlen(c_username) > 0)
- && (strlen(c_password) > 0)) {
+ && (!IsEmptyStr(c_username))
+ && (!IsEmptyStr(c_password))) {
serv_printf("USER %s", c_username);
serv_getln(buf, sizeof buf);
if (buf[0] == '3') {
* If we don't have a current room, but a cookie specifying the
* current room is supplied, make an effort to go there.
*/
- if ((strlen(WC->wc_roomname) == 0) && (strlen(c_roomname) > 0)) {
+ if ((IsEmptyStr(WC->wc_roomname)) && (!IsEmptyStr(c_roomname))) {
serv_printf("GOTO %s", c_roomname);
serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
begin_ajax_response();
who_inner_div();
end_ajax_response();
+ } else if (!strcasecmp(action, "wholist_section")) {
+ begin_ajax_response();
+ wholist_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "new_messages_html")) {
+ begin_ajax_response();
+ new_messages_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "tasks_inner_html")) {
+ begin_ajax_response();
+ tasks_section();
+ end_ajax_response();
+ } else if (!strcasecmp(action, "calendar_inner_html")) {
+ begin_ajax_response();
+ calendar_section();
+ end_ajax_response();
} else if (!strcasecmp(action, "iconbar_ajax_menu")) {
begin_ajax_response();
do_iconbar();
} else if (!strcasecmp(action, "do_search")) {
readloop("do_search");
} else if (!strcasecmp(action, "msg")) {
- embed_message(arg1);
+ embed_message(index[1]);
} else if (!strcasecmp(action, "printmsg")) {
- print_message(arg1);
+ print_message(index[1]);
} else if (!strcasecmp(action, "msgheaders")) {
- display_headers(arg1);
+ display_headers(index[1]);
} else if (!strcasecmp(action, "wiki")) {
display_wiki_page();
} else if (!strcasecmp(action, "display_enter")) {
} else if (!strcasecmp(action, "editroom")) {
editroom();
} else if (!strcasecmp(action, "display_editinfo")) {
- display_edit(_("Room info"), "EINF 0", "RINF", "/editinfo", 1);
+ display_edit(_("Room info"), "EINF 0", "RINF", "editinfo", 1);
} else if (!strcasecmp(action, "editinfo")) {
save_edit(_("Room info"), "EINF 1", 1);
} else if (!strcasecmp(action, "display_editbio")) {
} else if (!strcasecmp(action, "display_menubar")) {
display_menubar(1);
} else if (!strcasecmp(action, "mimepart")) {
- mimepart(arg1, arg2, 0);
+ mimepart(index[1], index[2], 0);
} else if (!strcasecmp(action, "mimepart_download")) {
- mimepart(arg1, arg2, 1);
+ mimepart(index[1], index[2], 1);
} else if (!strcasecmp(action, "edit_vcard")) {
edit_vcard();
} else if (!strcasecmp(action, "submit_vcard")) {
display_smtpqueue();
} else if (!strcasecmp(action, "display_smtpqueue_inner_div")) {
display_smtpqueue_inner_div();
+ } else if (!strcasecmp(action, "display_sieve")) {
+ display_sieve();
+ } else if (!strcasecmp(action, "save_sieve")) {
+ save_sieve();
+ } else if (!strcasecmp(action, "display_add_remove_scripts")) {
+ display_add_remove_scripts(NULL);
+ } else if (!strcasecmp(action, "create_script")) {
+ create_script();
+ } else if (!strcasecmp(action, "delete_script")) {
+ delete_script();
} else if (!strcasecmp(action, "setup_wizard")) {
do_setup_wizard();
} else if (!strcasecmp(action, "display_preferences")) {
recp_autocomplete(bstr("cc"));
} else if (!strcasecmp(action, "bcc_autocomplete")) {
recp_autocomplete(bstr("bcc"));
+ } else if (!strcasecmp(action, "display_address_book_middle_div")) {
+ display_address_book_middle_div();
+ } else if (!strcasecmp(action, "display_address_book_inner_div")) {
+ display_address_book_inner_div();
} else if (!strcasecmp(action, "set_floordiv_expanded")) {
- set_floordiv_expanded(arg1);
+ set_floordiv_expanded(index[1]);
} else if (!strcasecmp(action, "diagnostics")) {
output_headers(1, 1, 1, 0, 0, 0);
wprintf("Session: %d<hr />\n", WC->wc_session);
wDumpContent(1);
} else if (!strcasecmp(action, "updatenote")) {
updatenote();
+ } else if (!strcasecmp(action, "display_room_directory")) {
+ display_room_directory();
+ } else if (!strcasecmp(action, "download_file")) {
+ download_file(index[1]);
+ } else if (!strcasecmp(action, "upload_file")) {
+ upload_file();
}
/** When all else fais, display the main menu. */
projects / citadel.git / blobdiff