Fix error handling to avoid XSS attacks.

[citadel.git] / webcit / webcit.h

diff --git a/webcit/webcit.h b/webcit/webcit.h
index 6a8d034000d2f31449ac5c5d14e527c8a61f4624..8913f4fed01a8fa73efe673522ce4bd6635283df 100644 (file)
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1987-2013 by the citadel.org team
+ * Copyright (c) 1987-2015 by the citadel.org team
  *
  * This program is open source software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License version 3.
@@ -25,9 +25,6 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/socket.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
 #include <sys/stat.h>
 #ifdef HAVE_LIMITS_H
 #include <limits.h>
@@ -64,8 +61,6 @@
 #define _(string)      (string)
 #endif
 
-#define IsEmptyStr(a) ((a)[0] == '\0')
-
 #define DO_DBG_QR 0
 #define DBG_QR(x) if(DO_DBG_QR) _DBG_QR(x)
 #define DBG_QR2(x) if(DO_DBG_QR) _DBG_QR2(x)
@@ -132,9 +127,9 @@ extern char *ssl_cipher_list;
 #define PORT_NUM               2000            /* port number to listen on */
 #define DEVELOPER_ID           0
 #define CLIENT_ID              4
-#define CLIENT_VERSION         829             /* This version of WebCit */
-#define MINIMUM_CIT_VERSION    829             /* Minimum required version of Citadel server */
-#define        LIBCITADEL_MIN          821             /* Minimum required version of libcitadel */
+#define CLIENT_VERSION         901             /* This version of WebCit */
+#define MINIMUM_CIT_VERSION    901             /* Minimum required version of Citadel server */
+#define        LIBCITADEL_MIN          901             /* Minimum required version of libcitadel */
 #define DEFAULT_HOST           "localhost"     /* Default Citadel server */
 #define DEFAULT_PORT           "504"
 #define TARGET                 "webcit01"      /* Window target for inline URL's */
@@ -219,7 +214,9 @@ void SaveExpirePolicyFromHTTP(GPEXWhichPolicy which);
 typedef struct urlcontent urlcontent;
 struct urlcontent {
        char url_key[32];               /* key */
+       long klen;
        StrBuf *url_data;               /* value */
+       HashList *sub;
 };
 
 /*
@@ -425,6 +422,7 @@ struct wcsession {
        int ctdl_pid;                           /* Session ID on the Citadel server */
        int nonce;                              /* session nonce (to prevent session riding) */
        int inuse;                              /* set to nonzero if bound to a running thread */
+       int isFailure;                          /* Http 2xx or 5xx? */
 
 /* Session local Members */
        int serv_sock;                          /* Client socket to Citadel server */
@@ -695,7 +693,7 @@ extern char *days[];
 long locate_user_vcard_in_this_room(message_summary **VCMsg,
                                    wc_mime_attachment **VCAtt);
 void http_transmit_thing(const char *content_type, int is_static);
-void http_transmit_headers(const char *content_type, int is_static, long is_chunked);
+void http_transmit_headers(const char *content_type, int is_static, long is_chunked, int is_gzip);
 long unescape_input(char *buf);
 void check_thread_pool_size(void);
 void StrEndTab(StrBuf *Target, int tabnum, int num_tabs);
@@ -756,6 +754,7 @@ struct blogpost {
        long *msgs;             /* Array of msgnums for messages we are displaying */
        int num_msgs;           /* Number of msgnums stored in 'msgs' */
        int alloc_msgs;         /* Currently allocated size of array */
+       int unread_oments;
 };