From d86724ff87cf2ed1245532a614dcaed697b26cb9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Sat, 30 Jun 2018 19:51:19 +0200 Subject: [PATCH] unified function for %hex unescaping --- cgilite.sh | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/cgilite.sh b/cgilite.sh index d6f2242..9f2eedc 100755 --- a/cgilite.sh +++ b/cgilite.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2017 Paul Hänsch +# Copyright 2017 - 2018 Paul Hänsch # # This is CGIlite. # A collection of posix shell functions for writing CGI scripts. @@ -26,21 +26,36 @@ BR="$(printf '\n')" CR="$(printf '\r')" HEADER(){ - if [ -n "$cgilite_headers+x" ]; then + # Read value of header line. Use this instead of + # referencing HTTP_* environment variables. + if [ -n "${cgilite_headers+x}" ]; then printf %s "$cgilite_headers" \ | sed -rn 's;^'"${1}"': ([^\r]+)\r?$;\1;ip;q;' else - eval $(printf 'printf $HTTP_'; printf '%s' "${1}" |tr '[a-z]-' '[A-Z]_') + eval "printf %s \"\$HTTP_$(printf %s "${1}" |tr a-z A-Z |tr -c A-Z _)\"" fi } +HEX_DECODE(){ + printf "$(printf %s "$1" \ + | sed -r ' + s;\\;\\\\;g; :x; s;%([^0-9A-F]);\\045\1;g; tx; + # Hexadecimal { %00 - %FF } will be transformed to octal { \000 - \377 } for posix printf + s;%[0123].;&\\0;g; s;%[4567].;&\\1;g; s;%[89AB].;&\\2;g; s;%[CDEF].;&\\3;g; + s;%[048C][0-7]\\.;&0;g; s;%[048C][89A-F]\\.;&1;g; s;%[159D][0-7]\\.;&2;g; s;%[159D][89A-F]\\.;&3;g; + s;%[26AE][0-7]\\.;&4;g; s;%[26AE][89A-F]\\.;&5;g; s;%[37BF][0-7]\\.;&6;g; s;%[37BF][89A-F]\\.;&7;g; + s;%.[08](\\..);\10;g; s;%.[19](\\..);\11;g; s;%.[2A](\\..);\12;g; s;%.[3B](\\..);\13;g; + s;%.[4C](\\..);\14;g; s;%.[5D](\\..);\15;g; s;%.[6E](\\..);\16;g; s;%.[7F](\\..);\17;g; + ')" +} + if [ "$1" = '--inetd' -a -z "$REQUEST_METHOD" ]; then REMOTE_ADDR="${TCPREMOTEIP:-$NCAT_REMOTE_ADDR}" SERVER_NAME="${TCPLOCALIP:-$NCAT_LOCAL_ADDR}" SERVER_PORT="${TCPLOCALPORT:-$NCAT_LOCAL_PORT}" read REQUEST_METHOD REQUEST_URI SERVER_PROTOCOL - PATH_INFO="${REQUEST_URI%\?*}" + PATH_INFO="$(HEX_DECODE "${REQUEST_URI%\?*}")" QUERY_STRING="${REQUEST_URI#*\?}" cgilite_headers="$(sed -u '/^\r\?$/q')" @@ -72,21 +87,14 @@ cgilite_count(){ } cgilite_value(){ - printf "$( + HEX_DECODE "$( case $1 in GET) printf %s "&${QUERY_STRING}";; POST) printf %s "&${cgilite_post}";; REF) printf %s "&${HTTP_REFERER#*\?}";; esac \ | grep -Eo '&'"$2"'=[^&]*' \ - | sed -rn "${3:-1}"'{s;^[^=]+=;;; s;\+; ;g; s;\\;\\\\;g; - # Hexadecimal { %00 - %FF } will be transformed to octal { \000 - \377 } for posix printf - s;%[0123].;&\\0;g; s;%[4567].;&\\1;g; s;%[89AB].;&\\2;g; s;%[CDEF].;&\\3;g; - s;%[048C][0-7]\\.;&0;g; s;%[048C][89A-F]\\.;&1;g; s;%[159D][0-7]\\.;&2;g; s;%[159D][89A-F]\\.;&3;g; - s;%[26AE][0-7]\\.;&4;g; s;%[26AE][89A-F]\\.;&5;g; s;%[37BF][0-7]\\.;&6;g; s;%[37BF][89A-F]\\.;&7;g; - s;%.[08](\\..);\10;g; s;%.[19](\\..);\11;g; s;%.[2A](\\..);\12;g; s;%.[3B](\\..);\13;g; - s;%.[4C](\\..);\14;g; s;%.[5D](\\..);\15;g; s;%.[6E](\\..);\16;g; s;%.[7F](\\..);\17;g; - p}' + | sed -rn "${3:-1}"'{s;^[^=]+=;;; s;\+; ;g; p;}' )" } @@ -100,17 +108,10 @@ REF(){ cgilite_value REF $@; } REF_COUNT(){ cgilite_count REF $1; } COOKIE(){ - printf "$( + HEX_DECODE "$( HEADER Cookie \ | grep -oE '(^|; ?)'"$1"'=[^;]*' \ - | sed -rn "${2:-1}"'{s;^[^=]+=;;; s;\+; ;g; s;\\;\\\\;g; - # Hexadecimal { %00 - %FF } will be transformed to octal { \000 - \377 } for posix printf - s;%[0123].;&\\0;g; s;%[4567].;&\\1;g; s;%[89AB].;&\\2;g; s;%[CDEF].;&\\3;g; - s;%[048C][0-7]\\.;&0;g; s;%[048C][89A-F]\\.;&1;g; s;%[159D][0-7]\\.;&2;g; s;%[159D][89A-F]\\.;&3;g; - s;%[26AE][0-7]\\.;&4;g; s;%[26AE][89A-F]\\.;&5;g; s;%[37BF][0-7]\\.;&6;g; s;%[37BF][89A-F]\\.;&7;g; - s;%.[08](\\..);\10;g; s;%.[19](\\..);\11;g; s;%.[2A](\\..);\12;g; s;%.[3B](\\..);\13;g; - s;%.[4C](\\..);\14;g; s;%.[5D](\\..);\15;g; s;%.[6E](\\..);\16;g; s;%.[7F](\\..);\17;g; - p}' + | sed -rn "${2:-1}"'{s;^[^=]+=;;; s;\+; ;g; p;}' )" } -- 2.39.2