X-Git-Url: https://git.distorted.org.uk/~mdw/disorder/blobdiff_plain/968f044ac93cee0b8ead3f36b76543324de0106f..06638b8da63effe8cc24af0a6a13745583262dcf:/server/dcgi.c

diff --git a/server/dcgi.c b/server/dcgi.c
index 4e289a0..19e25e0 100644
--- a/server/dcgi.c
+++ b/server/dcgi.c
@@ -1,6 +1,6 @@
 /*
  * This file is part of DisOrder.
- * Copyright (C) 2004, 2005, 2006, 2007 Richard Kettlewell
+ * Copyright (C) 2004-2008 Richard Kettlewell
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -57,6 +57,7 @@
 #include "url.h"
 #include "mime.h"
 #include "sendmail.h"
+#include "base64.h"
 
 char *login_cookie;
 
@@ -73,15 +74,23 @@ struct entry {
   const char *display;
 };
 
+static const char nonce_base64_table[] =
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-/*";
+
 static const char *nonce(void) {
-  static unsigned long count;
-  char *s;
+  static uint32_t count;
+
+  struct ndata {
+    uint16_t count;
+    uint16_t pid;
+    uint32_t when;
+  } nd;
 
-  byte_xasprintf(&s, "%lx%lx%lx",
-	   (unsigned long)time(0),
-	   (unsigned long)getpid(),
-	   count++);
-  return s;
+  nd.count = count++;
+  nd.pid = (uint32_t)getpid();
+  nd.when = (uint32_t)time(0);
+  return generic_to_base64((void *)&nd, sizeof nd,
+			   nonce_base64_table);
 }
 
 static int compare_entry(const void *a, const void *b) {
@@ -113,7 +122,7 @@ static void header_cookie(struct sink *output) {
   parse_url(config->url, &u);
   if(login_cookie) {
     dynstr_append_string(d, "disorder=");
-    dynstr_append_string(d, quote822(login_cookie, 0));
+    dynstr_append_string(d, login_cookie);
   } else {
     /* Force browser to discard cookie */
     dynstr_append_string(d, "disorder=none;Max-Age=0");
@@ -123,8 +132,14 @@ static void header_cookie(struct sink *output) {
      * that.  But the default path only goes up to the rightmost /, which would
      * cause the browser to expose the cookie to other CGI programs on the same
      * web server. */
-    dynstr_append_string(d, ";Path=");
-    dynstr_append_string(d, quote822(u.path, 0));
+    dynstr_append_string(d, ";Version=1;Path=");
+    /* Formally we are supposed to quote the path, since it invariably has a
+     * slash in it.  However Safari does not parse quoted paths correctly, so
+     * this won't work.  Fortunately nothing else seems to care about proper
+     * quoting of paths, so in practice we get with it.  (See also
+     * parse_cookie() where we are liberal about cookie paths on the way back
+     * in.) */
+    dynstr_append_string(d, u.path);
   }
   dynstr_terminate(d);
   cgi_header(output, "Set-Cookie", d->vec);
@@ -645,6 +660,24 @@ static void act_edituser(cgi_sink *output,
   expand_template(ds, output, "login");  
 }
 
+static void act_reminder(cgi_sink *output,
+			 dcgi_state *ds) {
+  const char *const username = cgi_get("username");
+
+  if(!username || !*username) {
+    cgi_set_option("error", "nousername");
+    expand_template(ds, output, "login");
+    return;
+  }
+  if(disorder_reminder(ds->g->client, username)) {
+    cgi_set_option("error", "reminderfailed");
+    expand_template(ds, output, "login");
+    return;
+  }
+  cgi_set_option("status", "reminded");
+  expand_template(ds, output, "login");  
+}
+
 static const struct action {
   const char *name;
   void (*handler)(cgi_sink *output, dcgi_state *ds);
@@ -663,6 +696,7 @@ static const struct action {
   { "random-disable", act_random_disable },
   { "random-enable", act_random_enable },
   { "register", act_register },
+  { "reminder", act_reminder },
   { "remove", act_remove },
   { "resume", act_resume },
   { "scratch", act_scratch },
@@ -1696,6 +1730,26 @@ static void exp_userinfo(int attribute((unused)) nargs,
   cgi_output(output, "%s", value);
 }
 
+static void exp_image(int attribute((unused)) nargs,
+		      char **args,
+		      cgi_sink *output,
+		      void attribute((unused)) *u) {
+  char *labelname;
+  const char *imagestem;
+
+  byte_xasprintf(&labelname, "images.%s", args[0]);
+  if(cgi_label_exists(labelname))
+    imagestem = cgi_label(labelname);
+  else if(strchr(args[0], '.'))
+    imagestem = args[0];
+  else
+    byte_xasprintf((char **)&imagestem, "%s.png", args[0]);
+  if(cgi_label_exists("url.static"))
+    cgi_output(output, "%s/%s", cgi_label("url.static"), imagestem);
+  else
+    cgi_output(output, "/disorder/%s", imagestem);
+}
+
 static const struct cgi_expansion expansions[] = {
   { "#", 0, INT_MAX, EXP_MAGIC, exp_comment },
   { "action", 0, 0, 0, exp_action },
@@ -1711,6 +1765,7 @@ static const struct cgi_expansion expansions[] = {
   { "fullname", 0, 0, 0, exp_fullname },
   { "id", 0, 0, 0, exp_id },
   { "if", 2, 3, EXP_MAGIC, exp_if },
+  { "image", 1, 1, 0, exp_image },
   { "include", 1, 1, 0, exp_include },
   { "index", 0, 0, 0, exp_index },
   { "isdirectories", 0, 0, 0, exp_isdirectories },