/*
* Copyright (c) 2007 Denys Vlasenko <vda.linux@googlemail.com>
*
- * Licensed under GPLv2, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2, see file LICENSE in this source tree.
*/
/*
* 2576 4 2048 4628 1214 index.cgi.o
*/
+#define _GNU_SOURCE 1 /* for strchrnul */
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>
unsigned long long size_total;
int odd;
DIR *dirp;
- char *QUERY_STRING;
-
- QUERY_STRING = getenv("QUERY_STRING");
- if (!QUERY_STRING
- || QUERY_STRING[0] != '/'
- || strstr(QUERY_STRING, "//")
- || strstr(QUERY_STRING, "/../")
- || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
+ char *location;
+
+ location = getenv("REQUEST_URI");
+ if (!location)
+ return 1;
+
+ /* drop URL arguments if any */
+ strchrnul(location, '?')[0] = '\0';
+
+ if (location[0] != '/'
+ || strstr(location, "//")
+ || strstr(location, "/../")
+ || strcmp(strrchr(location, '/'), "/..") == 0
) {
return 1;
}
if (chdir("..")
- || (QUERY_STRING[1] && chdir(QUERY_STRING + 1))
+ || (location[1] && chdir(location + 1))
) {
return 1;
}
"\r\n" /* Mandatory empty line after headers */
"<html><head><title>Index of ");
/* Guard against directories with &, > etc */
- fmt_html(QUERY_STRING);
+ fmt_html(location);
fmt_str(
"</title>\n"
STYLE_STR
"</head>" "\n"
"<body>" "\n"
"<h1>Index of ");
- fmt_html(QUERY_STRING);
+ fmt_html(location);
fmt_str(
"</h1>" "\n"
"<table>" "\n"
size_total = 0;
cdir = dir_list;
while (dir_list_count--) {
- struct tm *tm;
+ struct tm *ptm;
if (S_ISDIR(cdir->dl_mode)) {
count_dirs++;
if (S_ISREG(cdir->dl_mode))
fmt_ull(cdir->dl_size);
fmt_str("<td class=dt>");
- tm = gmtime(&cdir->dl_mtime);
- fmt_04u(1900 + tm->tm_year); *dst++ = '-';
- fmt_02u(tm->tm_mon + 1); *dst++ = '-';
- fmt_02u(tm->tm_mday); *dst++ = ' ';
- fmt_02u(tm->tm_hour); *dst++ = ':';
- fmt_02u(tm->tm_min); *dst++ = ':';
- fmt_02u(tm->tm_sec);
+ ptm = gmtime(&cdir->dl_mtime);
+ fmt_04u(1900 + ptm->tm_year); *dst++ = '-';
+ fmt_02u(ptm->tm_mon + 1); *dst++ = '-';
+ fmt_02u(ptm->tm_mday); *dst++ = ' ';
+ fmt_02u(ptm->tm_hour); *dst++ = ':';
+ fmt_02u(ptm->tm_min); *dst++ = ':';
+ fmt_02u(ptm->tm_sec);
*dst++ = '\n';
odd = 1 - odd;