'
HEX_DECODE(){
- printf "$(printf %s "$1" |sed -r "$HEX_DECODE")"
+ printf -- "$(printf %s "$1" |sed -r "$HEX_DECODE")"
}
if [ -z "$REQUEST_METHOD" ]; then
str=${str#*&${name}=}
cnt=$((cnt - 1))
done
- printf "$(printf %s "${str%%&*}" |sed -r 's;\+; ;g;'"$HEX_DECODE")"
+ printf -- "$(printf %s "${str%%&*}" |sed -r 's;\+; ;g;'"$HEX_DECODE")"
}
cgilite_keys(){
-#!/bin/sed -nrf
+#!/bin/sed -nEf
+
+:Escapes
+s,\\\\,\\,g; s,\\&,\&,g;
+s,\\<,\<,g; s,\\>,\>,g;
+s,\\",\",g; s,\\',\',g;
+s,\\\[,\[,g; s,\\\],\],g;
+s,\\\.,\.,g; s,\\#,\#,g;
+s,\\,,g;
:CommentHandle
x; /^<\/!-->/{
--- /dev/null
+#!/bin/sh
+
+# LOGLEVEL 1: Crash condition
+# LOGLEVEL 2: Unexpected condition
+# LOGLEVEL 3: Failed action (i.e. due to config error)
+# LOGLEVEL 4: Debug
+
+[ -n "$include_logging" ] && return 0
+include_logging="$0"
+
+LOGLEVEL="${LOGLEVEL:-3}"
+LOGFILE="${LOGFILE:-/dev/stderr}"
+
+logmsg(){
+ local ll="${1:-3}"
+ shift 1
+ if [ "$ll" -le "$LOGLEVEL" -a "$#" -gt 0 ]; then
+ printf %s\\n "$*" >>"${LOGFILE}"
+ elif [ "$ll" -le "$LOGLEVEL" ]; then
+ tee -a "${LOGFILE}"
+ elif [ ! "$#" -gt 0 ]; then
+ cat
+ fi
+}
+
+die(){
+ [ "$#" -gt 0 ] && logmsg 1 "$@"
+ exit 1
+}
+panic(){ logmsg 2 "$@"; }
+error(){ logmsg 3 "$@"; }
+debug(){ logmsg 4 "$@"; }
--- /dev/null
+#!/bin/sh
+
+[ -n "$include_session" ] && return 0
+include_session="$0"
+
+server_key(){
+ IDFILE="${IDFILE:-${_DATA:-.}/serverkey}"
+ if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then
+ dd count=1 bs=512 if=/dev/urandom \
+ | tee "$IDFILE"
+ fi 2>&-
+}
+
+slopecode(){
+ # 6-Bit Code that retains sort order of input data, while beeing safe to use
+ # in ascii transmissions, unix file names, HTTP URLs, and HTML attributes
+
+ uuencode -m - | sed '
+ 1d;$d;
+ y;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;0123456789:=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz;
+ '
+}
+
+randomid(){
+ dd bs=12 count=1 if=/dev/urandom 2>&- \
+ | slopecode
+}
+
+timeid(){
+ d=$(($(date +%s) % 4294967296))
+ { printf "$(
+ printf \\%o \
+ $((d / 16777216 % 256)) \
+ $((d / 65536 % 256)) \
+ $((d / 256 % 256)) \
+ $((d % 256))
+ )"
+ dd bs=8 count=1 if=/dev/urandom 2>&-
+ } | slopecode
+}
+
+checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; }
+
+update_session(){
+ local session sid time sig serverkey checksig
+
+ IFS=- read -r sid time sig <<-END
+ $(COOKIE session)
+ END
+ serverkey="$(server_key)"
+
+ checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)"
+ checksig="${checksig%% *}"
+ d=$(date +%s)
+
+ if [ "$checksig" != "$sig" \
+ -o "$time" -lt "$d" \
+ -o ! "$(printf %s "$sid" |checkid)" ] 2>&-
+ then
+ debug Setting up new session
+ sid="$(randomid)"
+ fi
+
+ time=$(( $(date +%s) + 7200 ))
+ sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)"
+ sig="${sig%% *}"
+ printf %s\\n "${sid}-${time}-${sig}"
+}
+
+SESSION_ID="$(update_session)"
+SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly
+SESSION_ID="${SESSION_ID%%-*}"