1999-10-04
1999-10-04 00:05:55 by Johan Sundström <oyasumi@gmail.com>
-
5e6383f94188afa37b83e4ac46011d7595d13796
(119 lines)
(+75/-44)
[
Show
| Annotate
]
Branch: 5.2
Cleaned up code and plugged some security holes where supernumerary
RXML parsing of tag output made it possible for a cracker to evaluate
RXML code of his own choosing on the server under certain conditions.
Rev: server/modules/tags/rxmltags.pike:1.11
10:
#define old_rxml_compat 1
#define old_rxml_warning id->conf->api_functions()->old_rxml_warning[0]
- constant cvs_version="$Id: rxmltags.pike,v 1.10 1999/10/03 01:10:36 jhs Exp $";
+ constant cvs_version="$Id: rxmltags.pike,v 1.11 1999/10/04 00:05:55 jhs Exp $";
constant thread_safe=1;
#include <module.h>
162:
array(string) tag_realfile(string tag, mapping m, object id)
{
- return ({ id->realfile || rxml_error(tag, "Real file unknown", id) });
+ if(id->realfile)
+ return ({ id->realfile });
+ return rxml_error(tag, "Real file unknown", id);
}
string tag_redirect(string tag, mapping m, object id)
283:
array(string) tag_vfs(string tag, mapping m, object id)
{
- return ({ id->virtfile || rxml_error(tag, "Virtual file unknown.", id) });
+ if(id->virtfile)
+ return ({ id->virtfile });
+ return rxml_error(tag, "Virtual file unknown.", id);
}
string tag_language(string tag, mapping m, object id)
489:
}
#endif
- string tag_insert(string tag,mapping m,object id)
+ string|array(string) tag_insert(string tag,mapping m,object id)
{
if(m->help)
return "Inserts a file, variable or other object into a webpage";
502: Inside #if old_rxml_compat
old_rxml_warning(id, "define or name attribute in insert tag","only variables");
m_delete(m, "define");
m_delete(m, "name");
- return do_replace(id->misc->defines[n]||rxml_error(tag, "No such define ("+n+").",id), m, id);
+ if(id->misc->defines[n])
+ return ({ do_replace(id->misc->defines[n], m, id) });
+ return rxml_error(tag, "No such define ("+n+").", id);
}
#endif
- if (n=m->variable)
- #if old_rxml_compat
+ if(n = m->variable)
{
-
+ if(!id->variables[n])
+ return rxml_error(tag, "No such variable ("+n+").", id);
+ #if old_rxml_compat
m_delete(m, "variable");
- return do_replace(id->variables[n]||rxml_error(tag, "No such variable ("+n+").",id), m, id);
+ if(m->parse)
+ {
+ m_delete(m, "parse");
+ return do_replace(id->variables[n]);
}
-
+ return ({ do_replace(id->variables[n], m, id) });
#else
- return id->variables[n]||rxml_error(tag, "No such variable ("+n+").",id);
+ if(m->parse)
+ return id->variables[n];
+ return ({ id->variables[n] });
#endif
-
+ }
#if old_rxml_compat
- if(m->variables && m->variables!="variables") {
- old_rxml_warning(id, "insert attribute variables set to an value","<debug showid=\"id->variables\">");
- return Array.map(indices(id->variables), lambda(string s, mapping m) {
- return s+"="+sprintf("%O", m[s])+"\n";
- }, id->variables)*"\n";
+ if(m->variables && m->variables!="variables")
+ {
+ old_rxml_warning(id, "insert attribute variables set to an value",
+ "<debug showid=\"id->variables\">" );
+ return ({ Array.map(indices(id->variables),
+ lambda(string s, mapping m)
+ { return sprintf("%s=%O\n", s, m[s]); },
+ id->variables) * "\n"
+ });
}
#endif
- if (n=m->variables)
- return String.implode_nicely(indices(id->variables));
+ if(n = m->variables)
+ return ({ String.implode_nicely(indices(id->variables)) });
- if (n=m->other)
- return (stringp(id->misc[n])||intp(id->misc[n])?(string)id->misc[n]:rxml_error(tag, "No such variable ("+n+").",id));
+ if(n = m->other)
+ if(stringp(id->misc[n]) || intp(id->misc[n]))
+ return ({ (string)id->misc[n] });
+ else
+ return rxml_error(tag, "No such other variable ("+n+").", id);
- if (n=m->cookies)
+ if(n = m->cookies)
{
NOCACHE();
if(n!="cookies")
- return Array.map(indices(id->cookies), lambda(string s, mapping m) {
- return s+"="+sprintf("%O", m[s])+"\n";
- }, id->cookies)*"\n";
- return String.implode_nicely(indices(id->cookies));
+ return ({ Array.map(indices(id->cookies),
+ lambda(string s, mapping m)
+ { return sprintf("%s=%O\n", s, m[s]); },
+ id->cookies) * "\n";
+ });
+ return ({ String.implode_nicely(indices(id->cookies)) });
}
- if (n=m->cookie) {
+ if(n=m->cookie)
+ {
NOCACHE();
#if old_rxml_compat
m_delete(m, "cookie");
- return do_replace(id->cookies[n]||rxml_error(tag, "No such cookie ("+n+").", id), m, id);
+ if(id->cookies[n])
+ return ({ do_replace(id->cookies[n], m, id) });
#else
- return id->cookies[n]||rxml_error(tag, "No such cookie ("+n+").", id);
+ if(id->cookies[n])
+ return ({ id->cookies[n] });
#endif
-
+ return rxml_error(tag, "No such cookie ("+n+").", id);
}
- if (m->file)
+ if(m->file)
{
if(m->nocache) {
int nocache=id->pragma["no-cache"];
582:
CACHE(60);
object q=Protocols.HTTP.get_url(m->href);
if(q && q->status>0 && q->status<400)
- return q->data();
- return rxml_error(tag,(q?q->status_desc:0)||"No server respons",id);
+ return ({ q->data() });
+ return rxml_error(tag, (q ? q->status_desc: "No server response"), id);
}
string ret="Could not fullfill your request.<br>\nArguments:";
593:
return rxml_error(tag, ret, id);
}
- string tag_configurl(string tag, mapping m, object id) {
- return id->conf->api_functions()->config_url[0]();
+ string|array(string) tag_configurl(string tag, mapping m, object id)
+ {
+ return ({ id->conf->api_functions()->config_url[0]() });
}
string tag_return(string tag, mapping m, object id)
635:
return "";
}
- string tag_user(string tag, mapping m, object id, object file)
+ array(string) tag_user(string tag, mapping m, object id, object file)
{
- return id->conf->api_functions()->tag_user_wrapper[0](id, tag, m, file);
+ return ({ id->conf->api_functions()->tag_user_wrapper[0](id, tag, m, file) });
}
- string tag_modified(string tag, mapping m, object id, object file)
+ array(string) tag_modified(string tag, mapping m, object id, object file)
{
- return id->conf->api_functions()->tag_user_wrapper[0](id, tag, m, file);
+ return ({ id->conf->api_functions()->tag_user_wrapper[0](id, tag, m, file) });
}
// ------------------- Containers ----------------
- string tag_aprestate(string tag, mapping m, string q, object id)
+ array(string) tag_aprestate(string tag, mapping m, string q, object id)
{
string href, s, *foo;
657:
else
{
if ((sizeof(foo = href / ":") > 1) && (sizeof(foo[0] / "/") == 1))
- return make_container("a",m,q);
+ return ({ make_container("a", m, q) });
href=strip_prestate(fix_relative(href, id));
m_delete(m, "href");
}
681: Inside #if old_rxml_compat
prestate[s]=1;
}
}
- if(oldflag) old_rxml_warning(id, "prestates as atomic attributs in apre tag","add and drop");
+ if(oldflag)
+ old_rxml_warning(id, "prestates as atomic attributs in apre tag","add and drop");
#endif
if(m->add) {
695:
m_delete(m,"drop");
}
m->href = add_pre_state(href, prestate);
- return make_container("a",m,q);
+ return ({ make_container("a", m, q) });
}
- string tag_aconf(string tag, mapping m, string q, object id)
+ string|array(string) tag_aconf(string tag, mapping m, string q, object id)
{
string href,s;
mapping cookies = ([]);
751:
}
m->href = add_config(href, indices(cookies), id->prestate);
- return make_container("a", m, q);
+ return ({ make_container("a", m, q) });
}
string tag_maketag(string tag, mapping m, string cont, object id) {
1299:
if(m->compare)
return crypt(c,m->compare)?"<true>":"<false>";
else
- return crypt(c);
+ return ({ crypt(c) });
},
"doc":tag_doc,
"default":tag_default,