X-Git-Url: http://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=cgilite.sh;h=2e538324c0a8b5ec45f6fb2235f254fcf359db22;hp=90d65577648d2d78efa7d349e90677984f87c436;hb=refs%2Fheads%2Fmaster;hpb=1d27862fc4c0ced76afb8bdfa04a9ab0f50208ef diff --git a/cgilite.sh b/cgilite.sh index 90d6557..b2467c3 100755 --- a/cgilite.sh +++ b/cgilite.sh @@ -1,22 +1,21 @@ #!/bin/sh -# Copyright 2017 - 2021 Paul Hänsch -# # This is CGIlite. # A collection of posix shell functions for writing CGI scripts. + +# Copyright 2017 - 2023 Paul Hänsch # -# CGIlite is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# CGIlite is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. # -# You should have received a copy of the GNU Affero General Public License -# along with CGIlite. If not, see . +# THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +# IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. [ -n "$include_cgilite" ] && return 0 # guard set after webserver part @@ -85,11 +84,18 @@ HEX_DECODE(){ # will be copied to the output literally while [ "$in" ]; do + [ "$pfx" ] || case $in in + [0-9a-fA-F][0-9a-fA-F]*):;; + ?*) out="${out}${in%%"${in#?}"}" + in="${in#?}"; continue;; + esac + case $in in - "$pfx"[0-9a-fA-F][0-9a-fA-F]*) in="${in#${pfx}}";; + "$pfx"[0-9a-fA-F][0-9a-fA-F]*) in="${in#"${pfx}"}";; \\*) in="${in#?}"; out="${out}\\\\"; continue;; %*) in="${in#?}"; out="${out}%%"; continue;; - *) out="${out}${in%"${in#?}"}"; in="${in#?}"; continue;; + *) att="${in%%"${pfx}"*}"; att="${att%%%*}"; att="${att%%\\*}" + out="${out}${att}"; in="${in#"${att}"}"; continue;; esac; # Hex escapes for printf (e.g. \x41) are not portable @@ -143,6 +149,8 @@ if [ -z "$REQUEST_METHOD" ]; then (sleep $cgilite_timeout && kill $$) & cgilite_watchdog=$! while read REQUEST_METHOD REQUEST_URI SERVER_PROTOCOL; do + unset PATH_INFO QUERY_STRING cgilite_headers CONTENT_LENGTH CONTENT_TYPE + [ "${SERVER_PROTOCOL#HTTP/1.[01]${CR}}" ] && break kill $cgilite_watchdog @@ -151,7 +159,7 @@ if [ -z "$REQUEST_METHOD" ]; then [ "${REQUEST_URI}" = "${REQUEST_URI#*\?}" ] \ && QUERY_STRING='' \ || QUERY_STRING="${REQUEST_URI#*\?}" - cgilite_headers=''; while read -r hl; do + while read -r hl; do hl="${hl%${CR}}"; [ "$hl" ] || break case $hl in 'Content-Length: '*) CONTENT_LENGTH="${hl#*: }";; @@ -161,7 +169,7 @@ if [ -z "$REQUEST_METHOD" ]; then done export REMOTE_ADDR SERVER_NAME SERVER_PORT REQUEST_METHOD REQUEST_URI SERVER_PROTOCOL \ - PATH_INFO QUERY_STRING CONTENT_TYPE CONTENT_LENGTH + PATH_INFO QUERY_STRING CONTENT_TYPE CONTENT_LENGTH cgilite_headers # Try to serve multiple requests, provided that script serves a # Content-Length header. @@ -261,7 +269,7 @@ HEADER(){ str="${str#*${BR}${1}: }" printf %s "${str%%${BR}*}" else - local var="HTTP_$(printf %s "$1" |tr a-z- A-Z-)" + local var="HTTP_$(printf %s "$1" |tr a-z- A-Z_)" eval "[ \"\$$var\" ] && printf %s \"\$$var\" || return 1" # eval "printf %s \"\$HTTP_$(printf %s "${1}" |tr a-z A-Z |tr -c A-Z _)\"" fi @@ -291,7 +299,7 @@ HTML(){ \]*) out="${out}]"; str="${str#?}";; "${CR}"*) out="${out} "; str="${str#?}";; "${BR}"*) out="${out} "; str="${str#?}";; - *) out="${out}${str%%[]&<>\"\'[]*}"; str="${str#"${str%%[]&<>\"\'[]*}"}";; + *) out="${out}${str%%[]&<>\"\'${CR}${BR}[]*}"; str="${str#"${str%%[]&<>\"\'${CR}${BR}[]*}"}";; esac; done printf %s "$out" } @@ -304,6 +312,7 @@ URL(){ \&*) out="${out}%26"; str="${str#?}";; \"*) out="${out}%22"; str="${str#?}";; \'*) out="${out}%27"; str="${str#?}";; + \`*) out="${out}%60"; str="${str#?}";; \?*) out="${out}%3F"; str="${str#?}";; \#*) out="${out}%23"; str="${str#?}";; \[*) out="${out}%5B"; str="${str#?}";;