summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eee1bc3)
raw | patch | inline | side by side (parent: eee1bc3)
author | oetiker <oetiker@a5681a0c-68f1-0310-ab6d-d61299d08faa> | |
Sun, 8 Aug 2004 21:54:07 +0000 (21:54 +0000) | ||
committer | oetiker <oetiker@a5681a0c-68f1-0310-ab6d-d61299d08faa> | |
Sun, 8 Aug 2004 21:54:07 +0000 (21:54 +0000) |
program/src/rrd_cgi.c | patch | blob | history |
diff --git a/program/src/rrd_cgi.c b/program/src/rrd_cgi.c
index d72879f023a2c4a55b03b3a42fc2067a5d50e0e2..411b02bb23f75bafa0324a5379d26a5601c41dae 100644 (file)
--- a/program/src/rrd_cgi.c
+++ b/program/src/rrd_cgi.c
parse(&buffer, i, "<RRD::CV::PATH", cgigetqp);
parse(&buffer, i, "<RRD::GETENV", rrdgetenv);
parse(&buffer, i, "<RRD::GETVAR", rrdgetvar);
+ parse(&buffer, i, "<RRD::TIME::LAST", printtimelast);
+ parse(&buffer, i, "<RRD::TIME::NOW", printtimenow);
+ parse(&buffer, i, "<RRD::TIME::STRFTIME", printstrftime);
}
return buffer;
}
/* initialize variable heap */
initvar();
+#ifdef DEBUG_PARSER
+ /* some fake header for testing */
+ printf ("Content-Type: text/html\nContent-Length: 10000000\n\n\n");
+#endif
+
+
/* expand rrd directives in buffer recursivly */
for (i=0; buffer[i]; i++) {
if (buffer[i] != '<')
if (envvar) {
return stralloc(envvar);
} else {
- snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
- return stralloc(buf);
+#ifdef WIN32
+ _snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
+#else
+ snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
+#endif
+ return stralloc(buf);
}
}
if (value) {
return stralloc(value);
} else {
- snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#ifdef WIN32
+ _snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#else
+ snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#endif
return stralloc(buf);
}
}
char* includefile(long argc, const char **args){
char *buffer;
if (argc >= 1) {
- readfile(args[0], &buffer, 0);
+ char* filename = args[0];
+ readfile(filename, &buffer, 0);
if (rrd_test_error()) {
char *err = malloc((strlen(rrd_get_error())+DS_NAM_SIZE));
sprintf(err, "[ERROR: %s]",rrd_get_error());
paths which came in via cgi do not go UP ... */
char* cgigetqp(long argc, const char **args){
- if (argc>= 1) {
- char *buf = rrdstrip(cgiGetValue(cgiArg,args[0]));
- char *buf2;
- char *c,*d;
- int qc=0;
-
- if (buf==NULL)
- return NULL;
-
- for(c=buf;*c != '\0';c++) {
- if (*c == '"') {
- qc++;
- }
- }
-
- if ((buf2 = malloc((strlen(buf) + 4 * qc + 4))) == NULL) {
- perror("Malloc Buffer");
- exit(1);
+ char* buf;
+ char* buf2;
+ char* p;
+ char* d;
+
+ if (argc < 1)
+ {
+ return stralloc("[ERROR: not enough arguments for RRD::CV::PATH]");
+ }
+
+ buf = rrdstrip(cgiGetValue(cgiArg, args[0]));
+ if (!buf)
+ {
+ return NULL;
+ }
+
+ buf2 = malloc(strlen(buf)+1);
+ if (!buf2)
+ {
+ perror("cgigetqp(): Malloc Path Buffer");
+ exit(1);
};
- c=buf;
- d=buf2;
-
- *(d++) = '"';
- while (*c != '\0') {
- if (*c == '"') {
- *(d++) = '"';
- *(d++) = '\'';
- *(d++) = '"';
- *(d++) = '\'';
- }
- if(*c == '/') {
- *(d++) = '_';
- c++;
- } else {
- if (*c=='.' && *(c+1) == '.') {
- c += 2;
- *(d++) = '_'; *(d++) ='_';
- } else {
- *(d++) = *(c++);
- }
- }
+ p = buf;
+ d = buf2;
+
+ while (*p)
+ {
+ /* prevent mallicious paths from entering the system */
+ if (p[0] == '.' && p[1] == '.')
+ {
+ p += 2;
+ *d++ = '_';
+ *d++ = '_';
+ }
+ else
+ {
+ *d++ = *p++;
+ }
}
- *(d++) = '"';
- *(d) = '\0';
+
+ *d = 0;
free(buf);
+
+ /* Make sure the path is relative, e.g. does not start with '/' */
+ p = buf2;
+ while ('/' == *p)
+ {
+ *p++ = '_';
+ }
+
return buf2;
- }
- return stralloc("[ERROR: not enough arguments for RRD::CV::PATH]");
}
{
case ' ':
if (Quote || tagcount) {
- /* copy quoted/tagged string */
+ /* copy quoted/tagged (=RRD expanded) string */
*putP++ = c;
}
else if (in_arg)
}
} else {
if (!in_arg) {
- /* reference argument string in argument array */
+ /* reference start of argument string in argument array */
argv[argc++] = putP;
in_arg=1;
}
break;
default:
- if (!Quote) {
if (!in_arg) {
/* start new argument */
argv[argc++] = putP;
curarg_contains_rrd_directives = 1;
}
}
- }
*putP++ = c;
break;
}