From: Paul Hänsch Date: Wed, 10 Feb 2021 11:35:52 +0000 (+0100) Subject: Merge commit '01b13a65484a01f314d6d97c74b48216ead2bc24' X-Git-Url: https://git.plutz.net/?p=confetti;a=commitdiff_plain;h=34a5543f2f7be2b5892f8624481334a071e9d7ad;hp=625d391932052a4d1514c754b1262b5791207474 Merge commit '01b13a65484a01f314d6d97c74b48216ead2bc24' --- diff --git a/cgilite/common.css b/cgilite/common.css new file mode 100644 index 0000000..4b9501b --- /dev/null +++ b/cgilite/common.css @@ -0,0 +1,128 @@ +/* ======= GENERIC HTML STYLES ======= */ + +* { + box-sizing: border-box; + position: relative; + font: inherit; + text-decoration: inherit; + color: inherit; background: transparent; + max-width: 100%; + margin: 0; padding: 0; + border: none; +} + +body { + font: normal normal normal medium/1.5em sans-serif; + color: #000; background: #FFF; +} + +ul, ol, dl, table, p { margin-bottom: .5em; } + +a { + font-style: italic; + text-decoration: underline; + color: #068; +} +a.button { + font-style: inherit; + text-decoration: inherit; + color: inherit; +} + +sup { vertical-align: super; } +sub { vertical-align: sub; } +small { font-size: .75em; } +big { font-size: 1.25em; } +strike, del, s { text-decoration: line-through; } +u {text-decoration: underline; } +i, em { font-style: italic; } +b, strong { font-weight: bolder; } +tt, code, var, samp, kbd { font-family: monospace; } +kbd { font-style: italic; } + +ul, ol { margin-left: 1.125em; } +dl dt { font-weight: bolder; } +table th { font-weight: bold; } + +h1, h2, h3 { + font-weight: bold; + margin-top: .75em; + margin-bottom: .5em; +} + +h4, h5, h6, form legend { + font-weight: bolder; + margin-bottom: .25em; +} + +h1 { font-size: 1.5em; } +h2 { font-size: 1.125em; } + +select, input, button, textarea, a.button { + display: inline-block; + background-color: #FFF; + border: .5pt solid; + padding: .25em .75em; + vertical-align: text-bottom; + border: 1pt solid #888; + border-radius: 2pt; +} +select { padding: .375em 0; } + +input[type=radio], input[type=checkbox] { + vertical-align: baseline; +} +input[type=number] { text-align: right; padding-right: 0; } + +button, input[type=button], a.button { + box-shadow: .125em .125em .25em; + cursor: pointer; +} +input[type=radio], input[type=checkbox], label[for] { + cursor: pointer; +} + +label { margin-right: .75em; } +input + label { + margin-left: .375em; +} + +/* ======= End Generic Styles ======= */ + +/* ======= Common Styles ======= */ + +*[tooltip]:hover:after { + display: block; + position: absolute; + bottom: -100%; left: 50%; transform: translate(-50%, 0); + content: attr(tooltip); + padding: .5em; + background-color: #FFC; + color: #000; + border: .5pt solid; + z-index: 1; +} + +input[type=radio].tab { display: none; } +input[type=radio].tab + label { + display: table-cell; + padding: .5em 1em; + background-color: #EEE; + border: .5pt solid; +} +input[type=radio].tab:checked + label { + background-color: #FFF; + border-bottom: none; + box-shadow: .125em -.125em .125em #888; + z-index: 1; +} +input[type=radio].tab ~ *.tab { + display: none; + width: 100%; + margin-top: 0; padding: .25em .75em; + border: .5pt solid; border-top: none; + border-radius: 0; + box-shadow: .125em .125em .125em #888; +} + +/* ======= End Common Styles ======= */ diff --git a/cgilite/session.sh b/cgilite/session.sh index 0a2a2e8..93cc2f4 100755 --- a/cgilite/session.sh +++ b/cgilite/session.sh @@ -25,10 +25,13 @@ slopecode(){ } session_mac(){ + local info + [ $# -eq 0 ] && info="$(cat)" || info="$*" + if which openssl >/dev/null; then - openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode + printf %s "$info" |openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode else - { cat; server_key; } |sha256sum |cut -d\ -f1 + { printf %s "$info"; server_key; } |sha256sum |cut -d\ -f1 fi } @@ -55,20 +58,17 @@ checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; } transid(){ # transaction ID to modify a given file local file="$1" - { stat -c %F%i%n%N%s%Y "$file" 2>&- - printf %s "$SESSION_ID" - } | session_mac + session_mac "$(stat -c %F%i%n%N%s%Y "$file" 2>&-)" "$SESSION_ID" } update_session(){ - local session sid time sig serverkey checksig + local session sid time sig checksig - IFS=- read -r sid time sig <<-END + read -r sid time sig <<-END $(POST session_key || COOKIE session) END - serverkey="$(server_key)" - checksig="$(printf %s "$sid" "$time" |session_mac)" + checksig="$(session_mac "$sid" "$time")" if ! [ "$checksig" = "$sig" \ -a "$time" -ge "$_DATE" \ @@ -79,10 +79,10 @@ update_session(){ fi time=$(( $_DATE + $SESSION_TIMEOUT )) - sig="$(printf %s "$sid" "$time" |session_mac)" - printf %s\\n "${sid}-${time}-${sig}" + sig="$(session_mac "$sid" "$time")" + printf %s\\n "${sid} ${time} ${sig}" } SESSION_KEY="$(update_session)" SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly -SESSION_ID="${SESSION_KEY%%-*}" +SESSION_ID="${SESSION_KEY%% *}"