*All* <FORM> blocks now contain a nonce field, and the use of

[citadel.git] / webcit / webcit.c

diff --git a/webcit/webcit.c b/webcit/webcit.c
index 1efd44c92e41b138b398adf96bd2fe5eaf4ab5aa..c6677b285e1d0f8d24ac59ca7238fb56dae1fc22 100644 (file)
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -28,11 +28,16 @@ void unescape_input(char *buf)
 {
        int a, b;
        char hex[3];
+       long buflen;
 
-       while ((isspace(buf[strlen(buf) - 1])) && (strlen(buf) > 0))
-               buf[strlen(buf) - 1] = 0;
+       buflen = strlen(buf);
 
-       for (a = 0; a < strlen(buf); ++a) {
+       while ((isspace(buf[buflen - 1])) && (buflen > 0)){
+               buf[buflen - 1] = 0;
+               buflen --;
+       }
+
+       for (a = 0; a < buflen; ++a) {
                if (buf[a] == '+')
                        buf[a] = ' ';
                if (buf[a] == '%') {
@@ -42,7 +47,9 @@ void unescape_input(char *buf)
                        b = 0;
                        sscanf(hex, "%02x", &b);
                        buf[a] = (char) b;
-                       strcpy(&buf[a + 1], &buf[a + 3]);
+                       memmove(&buf[a + 1], &buf[a + 3], buflen - a - 2);
+                       
+                       buflen -=2;
                }
        }
 
@@ -262,7 +269,7 @@ void escputs(char *strbuf)
 void urlesc(char *outbuf, char *strbuf)
 {
        int a, b, c;
-       char *ec = " #&;`'|*?-~<>^()[]{}$\"\\";
+       char *ec = " #&;`'|*?-~<>^()[]{}/$\"\\";
 
        strcpy(outbuf, "");
 
@@ -1193,14 +1200,28 @@ void session_loop(struct httprequest *req)
                else 
                {
                        lprintf(9, "Suspicious request. Ignoring.");
-                       wprintf("HTTP/1.1 404 Not found. Don't try to Trick me DUDE!\r\n");
+                       wprintf("HTTP/1.1 404 Security check failed\r\n");
                        wprintf("Content-Type: text/plain\r\n");
                        wprintf("\r\n");
-                       wprintf("Not found. Don't play games on me!\r\n");
+                       wprintf("Security check failed.\r\n");
                }
                goto SKIP_ALL_THIS_CRAP;        /* Don't try to connect */
        }
 
+       /* If the client sent a nonce that is incorrect, kill the request. */
+       if (!strcasecmp(request_method, "POST")) {
+               lprintf(9, "Comparing supplied nonce %s to session nonce %ld\n", 
+                       bstr("nonce"), WC->nonce);
+               if (atoi(bstr("nonce")) != WC->nonce) {
+                       lprintf(9, "Ignoring request with mismatched nonce.\n");
+                       wprintf("HTTP/1.1 404 Security check failed\r\n");
+                       wprintf("Content-Type: text/plain\r\n");
+                       wprintf("\r\n");
+                       wprintf("Security check failed.\r\n");
+                       goto SKIP_ALL_THIS_CRAP;
+               }
+       }
+
        /**
         * If we're not connected to a Citadel server, try to hook up the
         * connection now.
@@ -1388,6 +1409,22 @@ void session_loop(struct httprequest *req)
                begin_ajax_response();
                who_inner_div();
                end_ajax_response();
+       } else if (!strcasecmp(action, "wholist_section")) {
+               begin_ajax_response();
+               wholist_section();
+               end_ajax_response();
+       } else if (!strcasecmp(action, "new_messages_html")) {
+               begin_ajax_response();
+               new_messages_section();
+               end_ajax_response();
+       } else if (!strcasecmp(action, "tasks_inner_html")) {
+               begin_ajax_response();
+               tasks_section();
+               end_ajax_response();
+       } else if (!strcasecmp(action, "calendar_inner_html")) {
+               begin_ajax_response();
+               calendar_section();
+               end_ajax_response();
        } else if (!strcasecmp(action, "iconbar_ajax_menu")) {
                begin_ajax_response();
                do_iconbar();