Roxen.git / server / modules / scripting / cgi.pike

version» Context lines:

Roxen.git/server/modules/scripting/cgi.pike:1:   // This is a roxen module. Copyright © 1996 - 2009, Roxen IS.   //    - constant cvs_version = "$Id: cgi.pike,v 2.71 2011/09/12 10:54:42 grubba Exp $"; + constant cvs_version = "$Id$";      #if !defined(__NT__) && !defined(__AmigaOS__)   # define UNIX 1   #else   # define UNIX 0   #endif      #include <module.h>   #include <roxen.h>   inherit "module";
Roxen.git/server/modules/scripting/cgi.pike:420:    output( NOHEADER );    ::done();    }       string handle_headers( string headers )    {    DWERR(sprintf("CGIWrapper::handle_headers(%O)", headers));       string result = "", post="";    string code = "200 OK"; -  int ct_received = 0, sv_received = 0; +  int ct_received = 0, sv_received = 0, con_received = 0;    foreach((headers-"\r") / "\n", string h)    {    string header, value;    sscanf(h, "%s:%s", header, value);    if(!header || !value)    {    // Heavy DWIM. For persons who forget about headers altogether. -  +  if (mid->method != "HEAD") {    post += h+"\n"; -  +  }    continue;    }    header = String.trim_whites(header);    value = String.trim_whites(value);    switch(lower_case( header ))    {    case "status":    code = value;    break;   
Roxen.git/server/modules/scripting/cgi.pike:454:    case "server":    sv_received=1;    result += header+": "+value+"\r\n";    break;       case "location":    code = "302 Redirection";    result += header+": "+value+"\r\n";    break;    +  case "connection": +  con_received=1; +  result += header+": "+value+"\r\n"; +  break; +     default:    result += header+": "+value+"\r\n";    break;    }    }    if(!sv_received)    result += "Server: "+roxen.version()+"\r\n";    if(!ct_received)    result += "Content-Type: text/html\r\n"; -  +  if(!con_received) +  result += "Connection: close\r\n";    return "HTTP/1.0 "+code+"\r\n"+result+"\r\n"+post;    }       // Rewritten by David. Before it bugged when headers were terminated with    // \n\n, but the document contained \r\n\r\n somewhere in it. More complex    // now, but it works and parsing-time-wise it should be about the same.       int parse_headers( )    {    DWERR("CGIWrapper::parse_headers()");       int pos, skip = 4, force_exit; -  +  pos = search(headers, "\r\n\r\n"); +  if(pos == -1) { +  // Check if there's a \n\n instead. +  pos = search(headers, "\n\n"); +  if(pos == -1) { +  // Still haven't found the end of the headers. +     if(strlen(headers) > MAXHEADERLEN)    {    DWERR("CGIWrapper::parse_headers()::Incorrect Headers");    output( LONGHEADER );    close_when_done = 1;    mode++;    done();    return 1; - // destroy( ); + // destroy( );    } -  pos = search(headers, "\r\n\r\n"); -  if(pos == -1) { -  // Check if there's a \n\n instead. -  pos = search(headers, "\n\n"); -  if(pos == -1) { -  // Still haven't found the end of the headers. +     return 0;    }    skip = 2;    } else {    // Check if there's a \n\n before the \r\n\r\n.    int pos2 = search(headers[..pos], "\n\n");    if(pos2 != -1) {    pos = pos2;    skip = 2;    }    }    string tmphead = headers;    headers = "";       output( handle_headers( tmphead[..pos-1] ) ); -  +  if (mid->method == "HEAD") { +  mode++; +  return 1; +  }    output( tmphead[pos+skip..] );       if(force_exit)    call_out(done, 0);    return 1;    }       protected int mode;    void process( string what )    {
Roxen.git/server/modules/scripting/cgi.pike:883:    }       if(environment->INDEX)    arguments = Array.map(environment->INDEX/"+", http_decode_string);    else    arguments = ({});       tosend = id->data;    if( id->method == "PUT" )    ffd = id->my_fd; +  +  // Protect against execution of arbitrary code in broken bash. +  foreach(environment; string e; string v) { +  if (has_prefix(v, "() {")) { +  report_warning("CGI: Function definition in environment variable:\n" +  "CGI: %O=%O\n", +  e, v); +  environment[e] = " " + v;    }    } -  +  } + }      mapping(string:string) global_env = ([]);   string searchpath, location;   int handle_ext, noexec, buffer_high, buffer_low;      void start(int n, Configuration conf)   {    DWERR("start()");       searchpath = combine_path(getcwd(), query("searchpath"));