2 * This file is part of DisOrder.
3 * Copyright (C) 2004, 2005, 2007, 2008 Richard Kettlewell
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
39 /** @brief Hash of arguments */
40 static hash
*cgi_args
;
42 /** @brief Get CGI arguments from a GET request's query string */
43 static struct kvp
*cgi__init_get(void) {
46 if((q
= getenv("QUERY_STRING")))
47 return kvp_urldecode(q
, strlen(q
));
48 error(0, "QUERY_STRING not set, assuming empty");
52 /** @brief Read the HTTP request body */
53 static void cgi__input(char **ptrp
, size_t *np
) {
59 if(!(cl
= getenv("CONTENT_LENGTH")))
60 fatal(0, "CONTENT_LENGTH not set");
62 /* We check for overflow and also limit the input to 16MB. Lower
63 * would probably do. */
64 if(!(n
+1) || n
> 16 * 1024 * 1024)
65 fatal(0, "input is much too large");
66 q
= xmalloc_noptr(n
+ 1);
68 r
= read(0, q
+ m
, n
- m
);
72 fatal(0, "unexpected end of file reading request body");
75 default: fatal(errno
, "error reading request body");
79 fatal(0, "null character in request body");
86 /** @brief Called for each part header field (see cgi__part_callback()) */
87 static int cgi__field_callback(const char *name
, const char *value
,
89 char *disposition
, *pname
, *pvalue
;
92 if(!strcmp(name
, "content-disposition")) {
93 if(mime_rfc2388_content_disposition(value
,
97 fatal(0, "error parsing Content-Disposition field");
98 if(!strcmp(disposition
, "form-data")
100 && !strcmp(pname
, "name")) {
102 fatal(0, "duplicate Content-Disposition field");
109 /** @brief Called for each part (see cgi__init_multipart()) */
110 static int cgi__part_callback(const char *s
,
113 struct kvp
*k
, **head
= u
;
115 if(!(s
= mime_parse(s
, cgi__field_callback
, &name
)))
116 fatal(0, "error parsing part header");
118 fatal(0, "no name found");
119 k
= xmalloc(sizeof *k
);
127 /** @brief Initialize CGI arguments from a multipart/form-data request body */
128 static struct kvp
*cgi__init_multipart(const char *boundary
) {
130 struct kvp
*head
= 0;
133 if(mime_multipart(q
, cgi__part_callback
, boundary
, &head
))
134 fatal(0, "invalid multipart object");
138 /** @brief Initialize CGI arguments from a POST request */
139 static struct kvp
*cgi__init_post(void) {
140 const char *ct
, *boundary
;
145 if(!(ct
= getenv("CONTENT_TYPE")))
146 ct
= "application/x-www-form-urlencoded";
147 if(mime_content_type(ct
, &type
, &k
))
148 fatal(0, "invalid content type '%s'", ct
);
149 if(!strcmp(type
, "application/x-www-form-urlencoded")) {
151 return kvp_urldecode(q
, n
);
153 if(!strcmp(type
, "multipart/form-data")) {
154 if(!(boundary
= kvp_get(k
, "boundary")))
155 fatal(0, "no boundary parameter found");
156 return cgi__init_multipart(boundary
);
158 fatal(0, "unrecognized content type '%s'", type
);
161 /** @brief Initialize CGI arguments
163 * Must be called before other cgi_ functions are used.
165 * This function can be called more than once, in which case it
166 * revisits the environment and (perhaps) standard input. This is
167 * only intended to be used for testing, actual CGI applications
168 * should call it exactly once.
170 void cgi_init(void) {
174 cgi_args
= hash_new(sizeof (char *));
175 if(!(p
= getenv("REQUEST_METHOD")))
176 error(0, "REQUEST_METHOD not set, assuming GET");
177 if(!p
|| !strcmp(p
, "GET"))
179 else if(!strcmp(p
, "POST"))
180 k
= cgi__init_post();
182 fatal(0, "unknown request method %s", p
);
183 /* Validate the arguments and put them in a hash */
184 for(; k
; k
= k
->next
) {
185 if(!utf8_valid(k
->name
, strlen(k
->name
))
186 || !utf8_valid(k
->value
, strlen(k
->value
)))
187 error(0, "invalid UTF-8 sequence in cgi argument %s", k
->name
);
189 hash_add(cgi_args
, k
->name
, &k
->value
, HASH_INSERT_OR_REPLACE
);
190 /* We just drop bogus arguments. */
194 /** @brief Get a CGI argument by name
196 * cgi_init() must be called first. Names and values are all valid
197 * UTF-8 strings (and this is enforced at initialization time).
199 const char *cgi_get(const char *name
) {
200 const char **v
= hash_find(cgi_args
, name
);
202 return v ?
*v
: NULL
;
205 /** @brief Set a CGI argument */
206 void cgi_set(const char *name
, const char *value
) {
207 value
= xstrdup(value
);
208 hash_add(cgi_args
, name
, &value
, HASH_INSERT_OR_REPLACE
);
211 /** @brief Clear CGI arguments */
212 void cgi_clear(void) {
213 cgi_args
= hash_new(sizeof (char *));
216 /** @brief Add SGML-style quoting
217 * @param src String to quote (UTF-8)
218 * @return Quoted string
220 * Quotes characters for insertion into HTML output. Anything that is
221 * not a printable ASCII character will be converted to a numeric
222 * character references, as will '"', '&', '<' and '>' (since those
223 * have special meanings).
225 * Quoting everything down to ASCII means we don't care what the
226 * content encoding really is (as long as it's not anything insane
229 char *cgi_sgmlquote(const char *src
) {
235 if(!(ucs
= utf8_to_utf32(src
, strlen(src
), 0)))
240 /* format the string */
241 while((c
= *ucs
++)) {
244 if(c
> 126 || c
< 32) {
249 /* For simplicity we always use numeric character references
250 * even if a named reference is available. */
251 sink_printf(s
, "&#%"PRIu32
";", c
);
254 sink_writec(s
, (char)c
);
261 /** @brief Write a CGI attribute
262 * @param output Where to send output
263 * @param name Attribute name
264 * @param value Attribute value
266 void cgi_attr(struct sink
*output
, const char *name
, const char *value
) {
267 /* Try to avoid needless quoting */
268 if(!value
[strspn(value
, "abcdefghijklmnopqrstuvwxyz"
269 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
271 sink_printf(output
, "%s=%s", name
, value
);
273 sink_printf(output
, "%s=\"%s\"", name
, cgi_sgmlquote(value
));
276 /** @brief Write an open tag
277 * @param output Where to send output
278 * @param name Element name
279 * @param ... Attribute name/value pairs
281 * The name/value pair list is terminated by a single (char *)0.
283 void cgi_opentag(struct sink
*output
, const char *name
, ...) {
287 sink_printf(output
, "<%s", name
);
289 while((n
= va_arg(ap
, const char *))) {
290 sink_printf(output
, " ");
291 v
= va_arg(ap
, const char *);
293 cgi_attr(output
, n
, v
);
295 sink_printf(output
, n
);
298 sink_printf(output
, ">");
301 /** @brief Write a close tag
302 * @param output Where to send output
303 * @param name Element name
305 void cgi_closetag(struct sink
*output
, const char *name
) {
306 sink_printf(output
, "</%s>", name
);
309 /** @brief Construct a URL
310 * @param url Base URL
311 * @param ... Name/value pairs for constructed query string
312 * @return Constructed URL
314 * The name/value pair list is terminated by a single (char *)0.
316 char *cgi_makeurl(const char *url
, ...) {
318 struct kvp
*kvp
, *k
, **kk
= &kvp
;
323 dynstr_append_string(&d
, url
);
325 while((n
= va_arg(ap
, const char *))) {
326 v
= va_arg(ap
, const char *);
327 *kk
= k
= xmalloc(sizeof *k
);
335 dynstr_append(&d
, '?');
336 dynstr_append_string(&d
, kvp_urlencode(kvp
, 0));
338 dynstr_terminate(&d
);
342 /** @brief Construct a URL from current parameters
343 * @param url Base URL
344 * @return Constructed URL
346 char *cgi_thisurl(const char *url
) {
348 char **keys
= hash_keys(cgi_args
);
352 dynstr_append_string(d
, url
);
353 for(n
= 0; keys
[n
]; ++n
) {
354 dynstr_append(d
, n ?
'&' : '?');
355 dynstr_append_string(d
, urlencodestring(keys
[n
]));
356 dynstr_append(d
, '=');
357 dynstr_append_string(d
, urlencodestring(cgi_get(keys
[n
])));