X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=networking%2Fhttpd_indexcgi.c;h=562cd7fbef495b0102763bf032cb5134833937b4;hb=3f21044f20ef304309651bbdef8b275475f03a28;hp=fd64af38f70687e183fcbda431f8a4fccdeca756;hpb=de4c5d3d8c77f0c1f68b72fff3d7e3be0dc2dec2;p=oweals%2Fbusybox.git diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c index fd64af38f..562cd7fbe 100644 --- a/networking/httpd_indexcgi.c +++ b/networking/httpd_indexcgi.c @@ -1,7 +1,7 @@ /* * Copyright (c) 2007 Denys Vlasenko * - * Licensed under GPLv2, see file LICENSE in this tarball for details. + * Licensed under GPLv2, see file LICENSE in this source tree. */ /* @@ -28,12 +28,14 @@ httpd_indexcgi.c -o index.cgi /* We don't use printf, as it pulls in >12 kb of code from uclibc (i386). */ /* Currently malloc machinery is the biggest part of libc we pull in. */ /* We have only one realloc and one strdup, any idea how to do without? */ -/* Size (i386, approximate): + +/* Size (i386, static uclibc, approximate): * text data bss dec hex filename * 13036 44 3052 16132 3f04 index.cgi * 2576 4 2048 4628 1214 index.cgi.o */ +#define _GNU_SOURCE 1 /* for strchrnul */ #include #include #include @@ -125,7 +127,7 @@ static void guarantee(int size) { if (buffer + (BUFFER_SIZE-HEADROOM) - dst >= size) return; - write(1, buffer, dst - buffer); + write(STDOUT_FILENO, buffer, dst - buffer); dst = buffer; } @@ -148,7 +150,7 @@ static void fmt_url(/*char *dst,*/ const char *name) guarantee(3); *dst = c; if ((c - '0') > 9 /* not a digit */ - && ((c|0x20) - 'a') > 26 /* not A-Z or a-z */ + && ((c|0x20) - 'a') > ('z' - 'a') /* not A-Z or a-z */ && !strchr("._-+@", c) ) { *dst++ = '%'; @@ -210,7 +212,7 @@ static void fmt_04u(/*char *dst,*/ unsigned n) fmt_02u(n % 100); } -int main(void) +int main(int argc, char *argv[]) { dir_list_t *dir_list; dir_list_t *cdir; @@ -220,19 +222,25 @@ int main(void) unsigned long long size_total; int odd; DIR *dirp; - char *QUERY_STRING; + char *location; + + location = getenv("REQUEST_URI"); + if (!location) + return 1; + + /* drop URL arguments if any */ + strchrnul(location, '?')[0] = '\0'; - QUERY_STRING = getenv("QUERY_STRING"); - if (!QUERY_STRING - || QUERY_STRING[0] != '/' - || strstr(QUERY_STRING, "/../") - || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0 + if (location[0] != '/' + || strstr(location, "//") + || strstr(location, "/../") + || strcmp(strrchr(location, '/'), "/..") == 0 ) { return 1; } if (chdir("..") - || (QUERY_STRING[1] && chdir(QUERY_STRING + 1)) + || (location[1] && chdir(location + 1)) ) { return 1; } @@ -269,14 +277,14 @@ int main(void) "\r\n" /* Mandatory empty line after headers */ "Index of "); /* Guard against directories with &, > etc */ - fmt_html(QUERY_STRING); + fmt_html(location); fmt_str( "\n" STYLE_STR "" "\n" "" "\n" "

Index of "); - fmt_html(QUERY_STRING); + fmt_html(location); fmt_str( "

" "\n" "" "\n" @@ -289,7 +297,7 @@ int main(void) size_total = 0; cdir = dir_list; while (dir_list_count--) { - struct tm *tm; + struct tm *ptm; if (S_ISDIR(cdir->dl_mode)) { count_dirs++; @@ -313,13 +321,13 @@ int main(void) if (S_ISREG(cdir->dl_mode)) fmt_ull(cdir->dl_size); fmt_str("

"); - tm = gmtime(&cdir->dl_mtime); - fmt_04u(1900 + tm->tm_year); *dst++ = '-'; - fmt_02u(tm->tm_mon + 1); *dst++ = '-'; - fmt_02u(tm->tm_mday); *dst++ = ' '; - fmt_02u(tm->tm_hour); *dst++ = ':'; - fmt_02u(tm->tm_min); *dst++ = ':'; - fmt_02u(tm->tm_sec); + ptm = gmtime(&cdir->dl_mtime); + fmt_04u(1900 + ptm->tm_year); *dst++ = '-'; + fmt_02u(ptm->tm_mon + 1); *dst++ = '-'; + fmt_02u(ptm->tm_mday); *dst++ = ' '; + fmt_02u(ptm->tm_hour); *dst++ = ':'; + fmt_02u(ptm->tm_min); *dst++ = ':'; + fmt_02u(ptm->tm_sec); *dst++ = '\n'; odd = 1 - odd;