X-Git-Url: https://git.plutz.net/?a=blobdiff_plain;f=cgilite.sh;h=f766ee2a425591245926952a5b961dde86cac4ee;hb=49b4c44fb341804acf0165105e2234c2e57d1a67;hp=b7067a70ae2fd95bb84e70cc89d43f2441d56173;hpb=4a73c7164a28728de0b717e869704c803ef9ca65;p=cgilite diff --git a/cgilite.sh b/cgilite.sh index b7067a7..f766ee2 100755 --- a/cgilite.sh +++ b/cgilite.sh @@ -18,6 +18,9 @@ # You should have received a copy of the GNU Affero General Public License # along with CGIlite. If not, see . +[ -n "$include_cgilite" ] && return 0 +# guard set after webserver part + # ksh and zsh workaround # set -o posix # ksh, not portable setopt -o OCTAL_ZEROES 2>&- @@ -119,11 +122,14 @@ if [ -z "$REQUEST_METHOD" ]; then exit 0 fi +include_cgilite="$0" + if [ "${REQUEST_METHOD}" = POST -a "${CONTENT_LENGTH:-0}" -gt 0 -a \ "${CONTENT_TYPE}" = "application/x-www-form-urlencoded" ]; then cgilite_post="$(head -c "$CONTENT_LENGTH")" fi +debug(){ [ $# -gt 0 ] && printf '%s\n' "$@" >&2 || tee -a /dev/stderr; } [ "${DEBUG+x}" ] && env >&2 cgilite_count(){ @@ -187,6 +193,8 @@ COOKIE(){ } HTML(){ + # Escape HTML cahracters + # Also escape [, ], and \n for use in html-sh local str out [ $# -eq 0 ] && str="$(cat)" || str="$*" while [ "$str" ]; do @@ -196,6 +204,10 @@ HTML(){ \>*) out="${out}>";; \"*) out="${out}"";; \'*) out="${out}'";; + \[*) out="${out}[";; + \]*) out="${out}]";; + "${CR}"*) out="${out} ";; + "${BR}"*) out="${out} ";; *) out="${out}${str%"${str#?}"}";; esac str="${str#?}" @@ -204,6 +216,7 @@ HTML(){ } URL(){ + # Escape pathes, so they can be used in link tags and HTTP Headers local str out [ $# -eq 0 ] && str="$(cat)" || str="$*" while [ "$str" ]; do @@ -213,6 +226,12 @@ URL(){ \'*) out="${out}%27";; \?*) out="${out}%3F";; \#*) out="${out}%23";; + \[*) out="${out}%5B";; + \]*) out="${out}%5D";; + \ *) out="${out}%20";; + " "*) out="${out}%09";; + "${CR}"*) out="${out}%0D";; + "${BR}"*) out="${out}%0A";; %*) out="${out}%25";; *) out="${out}${str%"${str#?}"}";; esac