prevent double escaping of & in htmlsafe

[cgilite] / index.cgi

diff --git a/index.cgi b/index.cgi
index 61073454582d8d8a9212491dd4c221fa2ddaa3f3..d83cb2ad944a5cf26cd2494f04a6854e9c0546c5 100755 (executable)
--- a/index.cgi
+++ b/index.cgi
@@ -1,6 +1,6 @@
 #!/bin/zsh
 
-# Copyright 2014, 2015 Paul Hänsch
+# Copyright 2014 - 2016 Paul Hänsch
 #
 # This file is part of shcgi.
 # 
@@ -29,17 +29,27 @@ _DATA="$(dirname "$call")"  #storage directory
 _EXEC="${real%/shcgi/index.cgi}"  #execution directory
 
 . "$_EXEC/shcgi/misc.sh"
+
 # put debug options in the local.opts file
 . "$_EXEC/shcgi/debug.sh"
 [ -r "$_DATA/local.opts" ] && . "$_DATA/local.opts"
 
 . "$_EXEC/shcgi/cgi.sh"
-cgi_get
 
 [ -x "$_EXEC/globals.sh" ] && . "$_EXEC/globals.sh"
 
-if [ -n "${_GET[action]}" ]; then
-  . "$_EXEC/shcgi/action.sh"
+  PAGE=$(validate   "${PAGE:-${_GET[page]}}"   '[a-zA-Z0-9_-]+' '')
+ACTION=$(validate "${ACTION:-${_GET[action]}}" '[a-zA-Z0-9_-]+' '')
+STATIC=$(invalidate "${STATIC:-${_GET[static]}}" '(^|.*/)\.\./.*' '')
+
+if [ -n "$STATIC" -a -e "${_EXEC}/static/${STATIC}" ]; then
+  . "$_EXEC/shcgi/static.sh"
+elif [ -n "$ACTION" -a -x "${_EXEC}/actions/${ACTION}.sh" ]; then
+  . "${_EXEC}/actions/${ACTION}.sh"
+elif   [ -n "$PAGE"   -a -x "${_EXEC}/pages/${PAGE}.sh" ]; then
+  . "$_EXEC/shcgi/page.sh"
 else
+  printf 'HTTP/1.1 404 Not Found\r\n'
+  PAGE=error
   . "$_EXEC/shcgi/page.sh"
 fi