follow OWASP recommendation for html escapes

[cgilite] / misc.sh

#!/bin/zsh

# Copyright 2014, 2015 Paul Hänsch
#
# This file is part of shcgi.
# 
# shcgi is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# 
# shcgi is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with shcgi.  If not, see <http://www.gnu.org/licenses/>. 

data_dirs(){
  # set up directories for object storage

  [ -d "$_DATA" -a -w "$_DATA" ] || die "storage directory must be writable"
  for each in "$@"; do
    [ ! -e "$_DATA/$each" ] && mkdir "$_DATA/$each"
    [ -d "$_DATA/$each" -a -w "$_DATA/$each" ] || die "storage \"$_DATA/$each\" must be a writable directory"
  done
}

validate(){
  # print value if value matches regex; otherwise print default
  value="$1"
  regex="$(printf %s\\n "$2" | sed -r ':X;s;(^|[^\\])((\\\\)*)/;\1\2\\/;g;tX')"
                             # ^^ escape only unescaped slash characters for later insertion
  default="$3"

  printf %s\\n "${value}" \
  | sed -rn "2q; /^(${regex})\$/{p;q}; a${default}
            "
}

invalidate(){
  # print default if value matches regex; otherwise print value
  value="$1"
  regex="$(printf %s\\n "$2" | sed -r ':X;s;(^|[^\\])((\\\\)*)/;\1\2\\/;g;tX')"
                             # ^^ escape only unescaped slash characters for later insertion
  default="$3"

  printf %s\\n "${value}" \
  | sed -rn "2q; /^(${regex})\$/{bX}; p;q; :X;a${default}
            "
}

declare -A item_name
l10n(){
  [ -n "${item_name[$1]+x}" ] && printf %s "$item_name[$1]" || printf %s "$1"
}