X-Git-Url: http://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=cgi.sh;h=f79d41635746e19ce821700ec9fe80a8956913a0;hp=d9ee5bd012ed8b3780a4ed78ae75c8f82dda0d0a;hb=1a1d111199b770c092e1b16a7e03568d3d911b79;hpb=d7ba9fdbc590932d2f59be6534ca1c5738fe2085 diff --git a/cgi.sh b/cgi.sh index d9ee5bd..f79d416 100755 --- a/cgi.sh +++ b/cgi.sh @@ -1,6 +1,6 @@ #!/bin/zsh -# Copyright 2014,2015 Paul Hänsch +# Copyright 2014 - 2016 Paul Hänsch # # This file is part of shcgi. # @@ -17,6 +17,7 @@ # You should have received a copy of the GNU Affero General Public License # along with shcgi. If not, see . +unset _GET _POST _REF _COOKIE declare -A _GET declare -A _POST declare -A _REF @@ -24,38 +25,39 @@ declare -A _COOKIE [ -z "$HTTP_REFERER" ] && HTTP_REFERER="./" -cgi_get() { # parse HTTP GET string - debug "== CGI DATA: GET ==" - printf '%s\n' "$QUERY_STRING" |tr '&' '\n' |while read query; do - key="$(printf %s "$query" |sed -r 's:^([a-zA-Z0-9_-]+)=(.*)$:\1:')" - val="$(printf %s "$query" |sed -r 's:^([a-zA-Z0-9_-]+)=(.*)$:\2:')" - _GET[$key]="$(printf "$(printf %s "$val" |sed 's:+: :g;s:\\:\\\\:g;s:%:\\x:g')")" - debug "_GET[$key] => $val" - done -} +# parse HTTP GET string +debug "== CGI DATA: GET ==" +printf '%s\n' "$QUERY_STRING" |tr '&' '\n' |while read query; do + key="$(printf %s "$query" |sed -r 's:^([\.a-zA-Z0-9_-]+)=(.*)$:\1:')" + val="$(printf %s "$query" |sed -r 's:^([\.a-zA-Z0-9_-]+)=(.*)$:\2:')" + _GET[$key]="$(printf "$(printf %s "$val" |sed 's:+: :g;s:\\:\\\\:g;s:%:\\x:g')")" + debug "_GET[$key] => $val" +done -cgi_post() { # parse HTTP POST string +if [ "$REQUEST_METHOD" = POST -a "${HTTP_CONTENT_LENGTH:=$CONTENT_LENGTH}" -gt 0 ]; then + # parse HTTP POST string debug "== CGI DATA: POST ==" - sed -u 1q |tr '&' '\n' |while read query; do - key="$(printf %s "$query" |sed -r 's:^([a-zA-Z0-9_-]+)=(.*)$:\1:')" - val="$(printf %s "$query" |sed -r 's:^([a-zA-Z0-9_-]+)=(.*)$:\2:')" + head -c "$HTTP_CONTENT_LENGTH" \ + | sed -un 's;&;\n;g; p; q' \ + | while read query; do + key="$(printf %s "$query" |sed -r 's:^([\.a-zA-Z0-9_-]+)=(.*)$:\1:')" + val="$(printf %s "$query" |sed -r 's:^([\.a-zA-Z0-9_-]+)=(.*)$:\2:')" value="$(printf "$(printf %s "$val" |sed 's:+: :g;s:\\:\\\\:g;s:%:\\x:g;')")" - if [ -n "${_POST[$key]}" ]; then + n='' + if [ -n "${_POST[$key$n]+x}" ]; then n=0 - while [ -n "${_POST[$key$n]}" ]; do n=$(($n + 1)); done - _POST[$key$n]="$value" - else - _POST[$key]="$value" + while [ -n "${_POST[$key$n]+x}" ]; do n=$(($n + 1)); done fi - debug "_POST[$key] => $value" + _POST[$key$n]="$value" + debug "_POST[$key$n] => $value" done -} +fi cgi_refdata() { # Parse GET data from referer debug "== CGI DATA: REFERER ==" - printf '%s\n' "$HTTP_REFERER" |cut -d'?' -f2- |tr '&' '\n' |while read query; do - key="$(printf %s "$query" |sed -r 's:^([a-zA-Z0-9_-]+)=(.*)$:\1:')" - val="$(printf %s "$query" |sed -r 's:^([a-zA-Z0-9_-]+)=(.*)$:\2:')" + printf '%s\n' "${HTTP_REFERER#*\?}" |tr '&' '\n' |while read query; do + key="$(printf %s "$query" |sed -r 's:^([\.a-zA-Z0-9_-]+)=(.*)$:\1:')" + val="$(printf %s "$query" |sed -r 's:^([\.a-zA-Z0-9_-]+)=(.*)$:\2:')" _REF[$key]="$(printf "$(printf %s "$val" |sed 's:+: :g;s:\\:\\\\:g;s:%:\\x:g')")" debug "_REF[$key] => $val" done @@ -64,30 +66,82 @@ cgi_refdata() { # Parse GET data from referer cgi_cookie() { # Parse GET data from referer debug "== CGI DATA: COOKIE ==" printf '%s\n' "$HTTP_COOKIE" |tr ';' '\n' |while read query; do - key="$(printf %s "$query" |sed -r 's:^ *([a-zA-Z0-9_-]+)=(.*)$:\1:')" - val="$(printf %s "$query" |sed -r 's:^ *([a-zA-Z0-9_-]+)=(.*)$:\2:')" + key="$(printf %s "$query" |sed -r 's:^ *([\.a-zA-Z0-9_-]+)=(.*)$:\1:')" + val="$(printf %s "$query" |sed -r 's:^ *([\.a-zA-Z0-9_-]+)=(.*)$:\2:')" _COOKIE[$key]="$(printf "$(printf %s "$val" |sed 's:+: :g;s:\\:\\\\:g;s:%:\\x:g')")" debug "_COOKIE[$key] => $val" done } -urlsave(){ +htmlsafe(){ + # escape HTML code from string + + printf %s "$*" \ + | sed 's;&;\&\;;g; + s;<;\<\;;g; + s;>;\>\;;g; + s;";\"\;;g; + s;/;\/\;;g; + s;'\'';\'\;;g;' +} + +urlsafe(){ + # Code every character in URL escape hex format + # except alphanumeric ascii + printf %s "$*" \ - | sed 's;%;%25;g; - s; ;%20;g; - s;!;%21;g; - s;";%22;g; - s;&;%26;g; - s;(;%28;g; - s;);%29;g; - s;:;%3a;g - s;<;%3c;g; - s;>;%3e;g; - s;'\'';%27;g; - s;\?;%3f;g;' + | hexdump -v -e '/1 ",%02X"' \ + | tr , % \ + | sed 's;%30;0;g; s;%31;1;g; s;%32;2;g; s;%33;3;g; s;%34;4;g; s;%35;5;g; + s;%36;6;g; s;%37;7;g; s;%38;8;g; s;%39;9;g; + s;%41;A;g; s;%42;B;g; s;%43;C;g; s;%44;D;g; s;%45;E;g; s;%46;F;g; + s;%47;G;g; s;%48;H;g; s;%49;I;g; s;%4A;J;g; s;%4B;K;g; s;%4C;L;g; + s;%4D;M;g; s;%4E;N;g; s;%4F;O;g; s;%50;P;g; s;%51;Q;g; s;%52;R;g; + s;%53;S;g; s;%54;T;g; s;%55;U;g; s;%56;V;g; s;%57;W;g; s;%58;X;g; + s;%59;Y;g; s;%5A;Z;g; + s;%61;a;g; s;%62;b;g; s;%63;c;g; s;%64;d;g; s;%65;e;g; s;%66;f;g; + s;%67;g;g; s;%68;h;g; s;%69;i;g; s;%6A;j;g; s;%6B;k;g; s;%6C;l;g; + s;%6D;m;g; s;%6E;n;g; s;%6F;o;g; s;%70;p;g; s;%71;q;g; s;%72;r;g; + s;%73;s;g; s;%74;t;g; s;%75;u;g; s;%76;v;g; s;%77;w;g; s;%78;x;g; + s;%79;y;g; s;%7A;z;g; s;%2D;-;g; s;%2E;.;g; s;%2F;/;g; s;%5F;_;g' +} + +attribsafe(){ + # Code every character in HTML escape hex format + # except alphanumerig ascii + + printf %s "$*" \ + | iconv -f utf-8 -t utf32le \ + | hexdump -v -e '/4 "&#x%02X;"' \ + | sed 's;0\;;0;g; s;1\;;1;g; s;2\;;2;g; s;3\;;3;g; s;4\;;4;g; s;5\;;5;g; + s;6\;;6;g; s;7\;;7;g; s;8\;;8;g; s;9\;;9;g; + s;A\;;A;g; s;B\;;B;g; s;C\;;C;g; s;D\;;D;g; s;E\;;E;g; s;F\;;F;g; + s;G\;;G;g; s;H\;;H;g; s;I\;;I;g; s;J\;;J;g; s;K\;;K;g; s;L\;;L;g; + s;M\;;M;g; s;N\;;N;g; s;O\;;O;g; s;P\;;P;g; s;Q\;;Q;g; s;R\;;R;g; + s;S\;;S;g; s;T\;;T;g; s;U\;;U;g; s;V\;;V;g; s;W\;;W;g; s;X\;;X;g; + s;Y\;;Y;g; s;Z\;;Z;g; + s;a\;;a;g; s;b\;;b;g; s;c\;;c;g; s;d\;;d;g; s;e\;;e;g; s;f\;;f;g; + s;g\;;g;g; s;h\;;h;g; s;i\;;i;g; s;j\;;j;g; s;k\;;k;g; s;l\;;l;g; + s;m\;;m;g; s;n\;;n;g; s;o\;;o;g; s;p\;;p;g; s;q\;;q;g; s;r\;;r;g; + s;s\;;s;g; s;t\;;t;g; s;u\;;u;g; s;v\;;v;g; s;w\;;w;g; s;x\;;x;g; + s;y\;;y;g; s;z\;;z;g;' } redirect(){ - printf '%s\n\n' "Location: $*" + printf 'Status: 303 See Other\r\nLocation: %s\r\n\r\n' "$*" exit 0 } + +set_cookie(){ + case "$1" in + session|0) expire='';; + ''|default) expire="$(LANG=C date -d "+ 1 week" +'%a, %d %b %Y %T %Z')";; + *) expire="$(LANG=C date -d "$1" +'%a, %d %b %Y %T %Z' 2>&-)";; + esac + cookie="$2" + + printf 'Set-Cookie: %s' "$cookie" + [ -n "$expire" ] && printf '; Expires=%s' "$expire" + [ $# -ge 3 ] && shift 2 && printf '; %s' "$@" + printf '\r\n' +}