X-Git-Url: http://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=cgilite.sh;h=e1b34802577a64c762d6f76828d8d992f90413cc;hp=f227d27fe47f65832bf9aefbec77dbcb4e262612;hb=d214859aadb31a565718da69754ad2573fa3f917;hpb=eadd19bbf26273a47f1ec3561f67db4a0f6bd12b

diff --git a/cgilite.sh b/cgilite.sh
index f227d27..e1b3480 100755
--- a/cgilite.sh
+++ b/cgilite.sh
@@ -50,7 +50,7 @@ HEX_DECODE(){
   ')"
 }
 
-if [ -z "$REQUEST_METHOD" -a -z "$SERVER_PROTOCOL" ]; then
+if [ -z "$REQUEST_METHOD" ]; then
   # no webserver variables means we are running via inetd / ncat
   # so use builtin web server
 
@@ -145,7 +145,7 @@ HTML(){
   # HTML Entity Coding
   # Prints UTF-8 string as decimal Unicode Code Points
   # Useful for escaping user input for use in HTML text and attributes
-  printf %s "$*" \
+  { [ $# -eq 0 ] && cat || printf %s "$*"; } \
   | hexdump -ve '/1 "%03o\n"' \
   | while read n; do
     case $n in
@@ -168,12 +168,25 @@ URL(){
   # Code every character in URL escape hex format
   # except alphanumeric ascii
 
-  printf %s "$*" \
+  { [ $# -eq 0 ] && cat || printf %s "$*"; } \
   | hexdump -v -e '/1 ",%02X"' \
-  | tr , %
+  | sed 's;,;%;g; s;%2F;/;g;'
 }
 
+PATH(){
+  { [ $# -eq 0 ] && cat || printf %s "$*"; } \
+  | sed -r 's;^.*$;/&/;; s;/+;/;g;
+            :X;
+            s;^/\.\./;/;; s;/\./;/;g;
+            tX;
+            s;/[^/]+/\.\./;/;;
+            tX;
+            s;^(/.*)/$;\1;'
+}
+
+
 SET_COOKIE(){
+  local expire cookie
   case "$1" in
     ''|0|session) expire='';;
     [+-][0-9]*)   expire="$(date -R -d @$(($(date +%s) + $1)))";;
@@ -188,7 +201,7 @@ SET_COOKIE(){
 }
 
 REDIRECT(){
-  printf '%s: %s\r\n'
+  printf '%s: %s\r\n' \
     Status "303 See Other" \
     Content-Length 0 \
     Location "$*"