2 * This file is part of DisOrder.
3 * Copyright (C) 2004, 2005, 2007, 2008 Richard Kettlewell
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
44 /** @brief Hash of arguments */
45 static hash
*cgi_args
;
47 /** @brief Get CGI arguments from a GET request's query string */
48 static struct kvp
*cgi__init_get(void) {
51 if((q
= getenv("QUERY_STRING")))
52 return kvp_urldecode(q
, strlen(q
));
53 error(0, "QUERY_STRING not set, assuming empty");
57 /** @brief Read the HTTP request body */
58 static void cgi__input(char **ptrp
, size_t *np
) {
64 if(!(cl
= getenv("CONTENT_LENGTH")))
65 fatal(0, "CONTENT_LENGTH not set");
67 /* We check for overflow and also limit the input to 16MB. Lower
68 * would probably do. */
69 if(!(n
+1) || n
> 16 * 1024 * 1024)
70 fatal(0, "input is much too large");
71 q
= xmalloc_noptr(n
+ 1);
73 r
= read(0, q
+ m
, n
- m
);
77 fatal(0, "unexpected end of file reading request body");
80 default: fatal(errno
, "error reading request body");
84 fatal(0, "null character in request body");
91 /** @brief Called for each part header field (see cgi__part_callback()) */
92 static int cgi__field_callback(const char *name
, const char *value
,
94 char *disposition
, *pname
, *pvalue
;
97 if(!strcmp(name
, "content-disposition")) {
98 if(mime_rfc2388_content_disposition(value
,
102 fatal(0, "error parsing Content-Disposition field");
103 if(!strcmp(disposition
, "form-data")
105 && !strcmp(pname
, "name")) {
107 fatal(0, "duplicate Content-Disposition field");
114 /** @brief Called for each part (see cgi__init_multipart()) */
115 static int cgi__part_callback(const char *s
,
118 struct kvp
*k
, **head
= u
;
120 if(!(s
= mime_parse(s
, cgi__field_callback
, &name
)))
121 fatal(0, "error parsing part header");
123 fatal(0, "no name found");
124 k
= xmalloc(sizeof *k
);
132 /** @brief Initialize CGI arguments from a multipart/form-data request body */
133 static struct kvp
*cgi__init_multipart(const char *boundary
) {
135 struct kvp
*head
= 0;
138 if(mime_multipart(q
, cgi__part_callback
, boundary
, &head
))
139 fatal(0, "invalid multipart object");
143 /** @brief Initialize CGI arguments from a POST request */
144 static struct kvp
*cgi__init_post(void) {
145 const char *ct
, *boundary
;
150 if(!(ct
= getenv("CONTENT_TYPE")))
151 ct
= "application/x-www-form-urlencoded";
152 if(mime_content_type(ct
, &type
, &k
))
153 fatal(0, "invalid content type '%s'", ct
);
154 if(!strcmp(type
, "application/x-www-form-urlencoded")) {
156 return kvp_urldecode(q
, n
);
158 if(!strcmp(type
, "multipart/form-data")) {
159 if(!(boundary
= kvp_get(k
, "boundary")))
160 fatal(0, "no boundary parameter found");
161 return cgi__init_multipart(boundary
);
163 fatal(0, "unrecognized content type '%s'", type
);
166 /** @brief Initialize CGI arguments
168 * Must be called before other cgi_ functions are used.
170 * This function can be called more than once, in which case it
171 * revisits the environment and (perhaps) standard input. This is
172 * only intended to be used for testing, actual CGI applications
173 * should call it exactly once.
175 void cgi_init(void) {
179 cgi_args
= hash_new(sizeof (char *));
180 if(!(p
= getenv("REQUEST_METHOD")))
181 error(0, "REQUEST_METHOD not set, assuming GET");
182 if(!p
|| !strcmp(p
, "GET"))
184 else if(!strcmp(p
, "POST"))
185 k
= cgi__init_post();
187 fatal(0, "unknown request method %s", p
);
188 /* Validate the arguments and put them in a hash */
189 for(; k
; k
= k
->next
) {
190 if(!utf8_valid(k
->name
, strlen(k
->name
))
191 || !utf8_valid(k
->value
, strlen(k
->value
)))
192 error(0, "invalid UTF-8 sequence in cgi argument %s", k
->name
);
194 hash_add(cgi_args
, k
->name
, &k
->value
, HASH_INSERT_OR_REPLACE
);
195 /* We just drop bogus arguments. */
199 /** @brief Get a CGI argument by name
201 * cgi_init() must be called first. Names and values are all valid
202 * UTF-8 strings (and this is enforced at initialization time).
204 const char *cgi_get(const char *name
) {
205 const char **v
= hash_find(cgi_args
, name
);
207 return v ?
*v
: NULL
;
210 /** @brief Set a CGI argument */
211 void cgi_set(const char *name
, const char *value
) {
212 value
= xstrdup(value
);
213 hash_add(cgi_args
, name
, &value
, HASH_INSERT_OR_REPLACE
);
216 /** @brief Add SGML-style quoting
217 * @param src String to quote (UTF-8)
218 * @return Quoted string
220 * Quotes characters for insertion into HTML output. Anything that is
221 * not a printable ASCII character will be converted to a numeric
222 * character references, as will '"', '&', '<' and '>' (since those
223 * have special meanings).
225 * Quoting everything down to ASCII means we don't care what the
226 * content encoding really is (as long as it's not anything insane
229 char *cgi_sgmlquote(const char *src
) {
235 if(!(ucs
= utf8_to_utf32(src
, strlen(src
), 0)))
240 /* format the string */
241 while((c
= *ucs
++)) {
244 if(c
> 126 || c
< 32) {
249 /* For simplicity we always use numeric character references
250 * even if a named reference is available. */
251 sink_printf(s
, "&#%"PRIu32
";", c
);
254 sink_writec(s
, (char)c
);
261 /** @brief Write a CGI attribute
262 * @param output Where to send output
263 * @param name Attribute name
264 * @param value Attribute value
266 void cgi_attr(struct sink
*output
, const char *name
, const char *value
) {
267 /* Try to avoid needless quoting */
268 if(!value
[strspn(value
, "abcdefghijklmnopqrstuvwxyz"
269 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
271 sink_printf(output
, "%s=%s", name
, value
);
273 sink_printf(output
, "%s=\"%s\"", name
, cgi_sgmlquote(value
));
276 /** @brief Write an open tag
277 * @param output Where to send output
278 * @param name Element name
279 * @param ... Attribute name/value pairs
281 * The name/value pair list is terminated by a single (char *)0.
283 void cgi_opentag(struct sink
*output
, const char *name
, ...) {
287 sink_printf(output
, "<%s", name
);
289 while((n
= va_arg(ap
, const char *))) {
290 sink_printf(output
, " ");
291 v
= va_arg(ap
, const char *);
293 cgi_attr(output
, n
, v
);
295 sink_printf(output
, n
);
298 sink_printf(output
, ">");
301 /** @brief Write a close tag
302 * @param output Where to send output
303 * @param name Element name
305 void cgi_closetag(struct sink
*output
, const char *name
) {
306 sink_printf(output
, "</%s>", name
);
309 /** @brief Construct a URL
310 * @param url Base URL
311 * @param ... Name/value pairs for constructed query string
312 * @return Constructed URL
314 * The name/value pair list is terminated by a single (char *)0.
316 char *cgi_makeurl(const char *url
, ...) {
318 struct kvp
*kvp
, *k
, **kk
= &kvp
;
323 dynstr_append_string(&d
, url
);
325 while((n
= va_arg(ap
, const char *))) {
326 v
= va_arg(ap
, const char *);
327 *kk
= k
= xmalloc(sizeof *k
);
335 dynstr_append(&d
, '?');
336 dynstr_append_string(&d
, kvp_urlencode(kvp
, 0));
338 dynstr_terminate(&d
);
342 /** @brief Construct a URL from current parameters
343 * @param url Base URL
344 * @return Constructed URL
346 char *cgi_thisurl(const char *url
) {
348 char **keys
= hash_keys(cgi_args
);
352 dynstr_append_string(d
, url
);
353 for(n
= 0; keys
[n
]; ++n
) {
354 dynstr_append(d
, n ?
'&' : '?');
355 dynstr_append_string(d
, urlencodestring(keys
[n
]));
356 dynstr_append(d
, '=');
357 dynstr_append_string(d
, cgi_get(keys
[n
]));