Merge branch 'master' of plutz.net:cgilite

diff --git a/cgilite.sh b/cgilite.sh
index 8af3eb12790b998f59d8421778aff333c619ca53..7eab08a5b4bc92691b34e7cdc3e61679f2f8d2b6 100755 (executable)
--- a/cgilite.sh
+++ b/cgilite.sh
@@ -49,7 +49,7 @@ HEX_DECODE='
 '
 
 HEX_DECODE(){
-  printf "$(printf %s "$1" |sed -r "$HEX_DECODE")"
+  printf -- "$(printf %s "$1" |sed -r "$HEX_DECODE")"
 }
 
 if [ -z "$REQUEST_METHOD" ]; then
@@ -116,7 +116,7 @@ cgilite_value(){
     str=${str#*&${name}=}
     cnt=$((cnt - 1))
   done
-  printf "$(printf %s "${str%%&*}" |sed -r 's;\+; ;g;'"$HEX_DECODE")"
+  printf -- "$(printf %s "${str%%&*}" |sed -r 's;\+; ;g;'"$HEX_DECODE")"
 }
 
 cgilite_keys(){

diff --git a/html-sh.sed b/html-sh.sed
index cb1c613185356b03eac15be9fd59967f3b769784..976d42e814d4f4d836f3bb93df97653f10fd4b48 100755 (executable)
--- a/html-sh.sed
+++ b/html-sh.sed
@@ -1,4 +1,12 @@
-#!/bin/sed -nrf
+#!/bin/sed -nEf
+
+:Escapes
+s,\\\\,\\,g; s,\\&,\&,g;
+s,\\<,\&lt;,g; s,\\>,\&gt;,g;
+s,\\",\&quot;,g; s,\\',\&apos;,g;
+s,\\\[,\&#91;,g; s,\\\],\&#93;,g;
+s,\\\.,\&#46;,g; s,\\#,\&#35;,g;
+s,\\,,g;
 
 :CommentHandle
 x; /^<\/!-->/{

diff --git a/logging.sh b/logging.sh
new file mode 100755 (executable)
index 0000000..31bb24d
--- /dev/null
+++ b/logging.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# LOGLEVEL 1: Crash condition
+# LOGLEVEL 2: Unexpected condition
+# LOGLEVEL 3: Failed action (i.e. due to config error)
+# LOGLEVEL 4: Debug
+
+[ -n "$include_logging" ] && return 0
+include_logging="$0"
+
+LOGLEVEL="${LOGLEVEL:-3}"
+LOGFILE="${LOGFILE:-/dev/stderr}"
+
+logmsg(){
+  local ll="${1:-3}"
+  shift 1
+  if [ "$ll" -le "$LOGLEVEL" -a "$#" -gt 0 ]; then
+    printf %s\\n "$*" >>"${LOGFILE}"
+  elif [ "$ll" -le "$LOGLEVEL" ]; then
+    tee -a "${LOGFILE}"
+  elif [ ! "$#" -gt 0 ]; then
+    cat
+  fi
+}
+
+die(){
+  [ "$#" -gt 0 ] && logmsg 1 "$@"
+  exit 1
+}
+panic(){ logmsg 2 "$@"; }
+error(){ logmsg 3 "$@"; }
+debug(){ logmsg 4 "$@"; }

diff --git a/session.sh b/session.sh
new file mode 100755 (executable)
index 0000000..25a6598
--- /dev/null
+++ b/session.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+[ -n "$include_session" ] && return 0
+include_session="$0"
+
+server_key(){
+  IDFILE="${IDFILE:-${_DATA:-.}/serverkey}"
+  if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then
+    dd count=1 bs=512 if=/dev/urandom \
+    | tee "$IDFILE"
+  fi 2>&-
+}
+
+slopecode(){
+  # 6-Bit Code that retains sort order of input data, while beeing safe to use
+  # in ascii transmissions, unix file names, HTTP URLs, and HTML attributes
+
+  uuencode -m - | sed '
+    1d;$d; 
+    y;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;0123456789:=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz;
+  '
+}
+
+randomid(){
+  dd bs=12 count=1 if=/dev/urandom 2>&- \
+  | slopecode
+}
+
+timeid(){
+  d=$(($(date +%s) % 4294967296))
+  { printf "$(
+      printf \\%o \
+        $((d / 16777216 % 256)) \
+        $((d / 65536 % 256)) \
+        $((d / 256 % 256)) \
+        $((d % 256))
+    )"
+    dd bs=8 count=1 if=/dev/urandom 2>&-
+  } | slopecode
+}
+
+checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; }
+
+update_session(){
+  local session sid time sig serverkey checksig
+
+  IFS=- read -r sid time sig <<-END
+       $(COOKIE session)
+       END
+  serverkey="$(server_key)"
+  
+  checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)"
+  checksig="${checksig%% *}"
+  d=$(date +%s)
+  
+  if [ "$checksig" != "$sig" \
+    -o "$time" -lt "$d" \
+    -o ! "$(printf %s "$sid" |checkid)" ] 2>&-
+  then
+    debug Setting up new session
+    sid="$(randomid)"
+  fi
+
+  time=$(( $(date +%s) + 7200 ))
+  sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)"
+  sig="${sig%% *}"
+  printf %s\\n "${sid}-${time}-${sig}"
+}
+
+SESSION_ID="$(update_session)"
+SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly
+SESSION_ID="${SESSION_ID%%-*}"