#!/bin/zsh
-# Copyright 2014,2015 Paul Hänsch
+# Copyright 2014 - 2016 Paul Hänsch
#
# This file is part of shcgi.
#
# You should have received a copy of the GNU Affero General Public License
# along with shcgi. If not, see <http://www.gnu.org/licenses/>.
+unset _GET _POST _REF _COOKIE
declare -A _GET
declare -A _POST
declare -A _REF
debug "_GET[$key] => $val"
done
-if [ "$REQUEST_METHOD" = POST ]; then
+if [ "$REQUEST_METHOD" = POST -a "${HTTP_CONTENT_LENGTH:=$CONTENT_LENGTH}" -gt 0 ]; then
# parse HTTP POST string
debug "== CGI DATA: POST =="
- sed -u 1q |tr '&' '\n' |while read query; do
+ head -c "$HTTP_CONTENT_LENGTH" \
+ | sed -un 's;&;\n;g; p; q' \
+ | while read query; do
key="$(printf %s "$query" |sed -r 's:^([\.a-zA-Z0-9_-]+)=(.*)$:\1:')"
val="$(printf %s "$query" |sed -r 's:^([\.a-zA-Z0-9_-]+)=(.*)$:\2:')"
value="$(printf "$(printf %s "$val" |sed 's:+: :g;s:\\:\\\\:g;s:%:\\x:g;')")"
done
}
+htmlsafe(){
+ # escape HTML code from string
+
+ printf %s "$*" \
+ | sed 's;&;\&\;;g;
+ s;<;\<\;;g;
+ s;>;\>\;;g;
+ s;";\"\;;g;
+ s;/;\/\;;g;
+ s;'\'';\'\;;g;'
+}
+
urlsafe(){
+ # Code every character in URL escape hex format
+ # except alphanumeric ascii
+
printf %s "$*" \
- | sed 's;%;%25;g;
- s;\?;%3f;g;
- s;#;%23;g;
- s;<;%3c;g;
- s;>;%3e;g;
- s;&;%26;g;
- s;";%22;g;
- s;'\'';%27;g;'
+ | hexdump -v -e '/1 ",%02X"' \
+ | tr , % \
+ | sed 's;%30;0;g; s;%31;1;g; s;%32;2;g; s;%33;3;g; s;%34;4;g; s;%35;5;g;
+ s;%36;6;g; s;%37;7;g; s;%38;8;g; s;%39;9;g;
+ s;%41;A;g; s;%42;B;g; s;%43;C;g; s;%44;D;g; s;%45;E;g; s;%46;F;g;
+ s;%47;G;g; s;%48;H;g; s;%49;I;g; s;%4A;J;g; s;%4B;K;g; s;%4C;L;g;
+ s;%4D;M;g; s;%4E;N;g; s;%4F;O;g; s;%50;P;g; s;%51;Q;g; s;%52;R;g;
+ s;%53;S;g; s;%54;T;g; s;%55;U;g; s;%56;V;g; s;%57;W;g; s;%58;X;g;
+ s;%59;Y;g; s;%5A;Z;g;
+ s;%61;a;g; s;%62;b;g; s;%63;c;g; s;%64;d;g; s;%65;e;g; s;%66;f;g;
+ s;%67;g;g; s;%68;h;g; s;%69;i;g; s;%6A;j;g; s;%6B;k;g; s;%6C;l;g;
+ s;%6D;m;g; s;%6E;n;g; s;%6F;o;g; s;%70;p;g; s;%71;q;g; s;%72;r;g;
+ s;%73;s;g; s;%74;t;g; s;%75;u;g; s;%76;v;g; s;%77;w;g; s;%78;x;g;
+ s;%79;y;g; s;%7A;z;g; s;%2D;-;g; s;%2E;.;g; s;%2F;/;g; s;%5F;_;g'
}
-htmlsafe(){
+attribsafe(){
+ # Code every character in HTML escape hex format
+ # except alphanumerig ascii
+
printf %s "$*" \
- | sed 's;<;\<\;;g;
- s;>;\>\;;g;
- s;&;\&\;;g;
- s;";\"\;;g;
- s;'\'';\&apos\;;g;'
+ | iconv -f utf-8 -t utf32le \
+ | hexdump -v -e '/4 "&#x%02X;"' \
+ | sed 's;0\;;0;g; s;1\;;1;g; s;2\;;2;g; s;3\;;3;g; s;4\;;4;g; s;5\;;5;g;
+ s;6\;;6;g; s;7\;;7;g; s;8\;;8;g; s;9\;;9;g;
+ s;A\;;A;g; s;B\;;B;g; s;C\;;C;g; s;D\;;D;g; s;E\;;E;g; s;F\;;F;g;
+ s;G\;;G;g; s;H\;;H;g; s;I\;;I;g; s;J\;;J;g; s;K\;;K;g; s;L\;;L;g;
+ s;M\;;M;g; s;N\;;N;g; s;O\;;O;g; s;P\;;P;g; s;Q\;;Q;g; s;R\;;R;g;
+ s;S\;;S;g; s;T\;;T;g; s;U\;;U;g; s;V\;;V;g; s;W\;;W;g; s;X\;;X;g;
+ s;Y\;;Y;g; s;Z\;;Z;g;
+ s;a\;;a;g; s;b\;;b;g; s;c\;;c;g; s;d\;;d;g; s;e\;;e;g; s;f\;;f;g;
+ s;g\;;g;g; s;h\;;h;g; s;i\;;i;g; s;j\;;j;g; s;k\;;k;g; s;l\;;l;g;
+ s;m\;;m;g; s;n\;;n;g; s;o\;;o;g; s;p\;;p;g; s;q\;;q;g; s;r\;;r;g;
+ s;s\;;s;g; s;t\;;t;g; s;u\;;u;g; s;v\;;v;g; s;w\;;w;g; s;x\;;x;g;
+ s;y\;;y;g; s;z\;;z;g;'
}
redirect(){
- printf '%s\n\n' "Location: $*"
+ printf '%s\r\n\r\n' "Location: $*"
exit 0
}
printf 'Set-Cookie: %s' "$cookie"
[ -n "$expire" ] && printf '; Expires=%s' "$expire"
[ $# -ge 3 ] && shift 2 && printf '; %s' "$@"
- printf '\n'
+ printf '\r\n'
}