2 * This file is part of DisOrder.
3 * Copyright (C) 2004, 2005, 2007, 2008 Richard Kettlewell
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
44 /** @brief Hash of arguments */
45 static hash *cgi_args;
47 /** @brief Get CGI arguments from a GET request's query string */
48 static struct kvp *cgi__init_get(void) {
51 if((q = getenv("QUERY_STRING")))
52 return kvp_urldecode(q, strlen(q));
53 error(0, "QUERY_STRING not set, assuming empty");
57 /** @brief Read the HTTP request body */
58 static void cgi__input(char **ptrp, size_t *np) {
64 if(!(cl = getenv("CONTENT_LENGTH")))
65 fatal(0, "CONTENT_LENGTH not set");
67 /* We check for overflow and also limit the input to 16MB. Lower
68 * would probably do. */
69 if(!(n+1) || n > 16 * 1024 * 1024)
70 fatal(0, "input is much too large");
71 q = xmalloc_noptr(n + 1);
73 r = read(0, q + m, n - m);
77 fatal(0, "unexpected end of file reading request body");
80 default: fatal(errno, "error reading request body");
84 fatal(0, "null character in request body");
91 /** @brief Called for each part header field (see cgi__part_callback()) */
92 static int cgi__field_callback(const char *name, const char *value,
94 char *disposition, *pname, *pvalue;
97 if(!strcmp(name, "content-disposition")) {
98 if(mime_rfc2388_content_disposition(value,
102 fatal(0, "error parsing Content-Disposition field");
103 if(!strcmp(disposition, "form-data")
105 && !strcmp(pname, "name")) {
107 fatal(0, "duplicate Content-Disposition field");
114 /** @brief Called for each part (see cgi__init_multipart()) */
115 static int cgi__part_callback(const char *s,
118 struct kvp *k, **head = u;
120 if(!(s = mime_parse(s, cgi__field_callback, &name)))
121 fatal(0, "error parsing part header");
123 fatal(0, "no name found");
124 k = xmalloc(sizeof *k);
132 /** @brief Initialize CGI arguments from a multipart/form-data request body */
133 static struct kvp *cgi__init_multipart(const char *boundary) {
135 struct kvp *head = 0;
138 if(mime_multipart(q, cgi__part_callback, boundary, &head))
139 fatal(0, "invalid multipart object");
143 /** @brief Initialize CGI arguments from a POST request */
144 static struct kvp *cgi__init_post(void) {
145 const char *ct, *boundary;
150 if(!(ct = getenv("CONTENT_TYPE")))
151 ct = "application/x-www-form-urlencoded";
152 if(mime_content_type(ct, &type, &k))
153 fatal(0, "invalid content type '%s'", ct);
154 if(!strcmp(type, "application/x-www-form-urlencoded")) {
156 return kvp_urldecode(q, n);
158 if(!strcmp(type, "multipart/form-data")) {
159 if(!(boundary = kvp_get(k, "boundary")))
160 fatal(0, "no boundary parameter found");
161 return cgi__init_multipart(boundary);
163 fatal(0, "unrecognized content type '%s'", type);
166 /** @brief Initialize CGI arguments
168 * Must be called before other cgi_ functions are used.
170 * This function can be called more than once, in which case it
171 * revisits the environment and (perhaps) standard input. This is
172 * only intended to be used for testing, actual CGI applications
173 * should call it exactly once.
175 void cgi_init(void) {
179 cgi_args = hash_new(sizeof (char *));
180 if(!(p = getenv("REQUEST_METHOD")))
181 error(0, "REQUEST_METHOD not set, assuming GET");
182 if(!p || !strcmp(p, "GET"))
184 else if(!strcmp(p, "POST"))
185 k = cgi__init_post();
187 fatal(0, "unknown request method %s", p);
188 /* Validate the arguments and put them in a hash */
189 for(; k; k = k->next) {
190 if(!utf8_valid(k->name, strlen(k->name))
191 || !utf8_valid(k->value, strlen(k->value)))
192 error(0, "invalid UTF-8 sequence in cgi argument %s", k->name);
194 hash_add(cgi_args, k->name, &k->value, HASH_INSERT_OR_REPLACE);
195 /* We just drop bogus arguments. */
199 /** @brief Get a CGI argument by name
201 * cgi_init() must be called first. Names and values are all valid
202 * UTF-8 strings (and this is enforced at initialization time).
204 const char *cgi_get(const char *name) {
205 const char **v = hash_find(cgi_args, name);
207 return v ? *v : NULL;
210 /** @brief Set a CGI argument */
211 void cgi_set(const char *name, const char *value) {
212 value = xstrdup(value);
213 hash_add(cgi_args, name, &value, HASH_INSERT_OR_REPLACE);
216 /** @brief Add SGML-style quoting
217 * @param src String to quote (UTF-8)
218 * @return Quoted string
220 * Quotes characters for insertion into HTML output. Anything that is
221 * not a printable ASCII character will be converted to a numeric
222 * character references, as will '"', '&', '<' and '>' (since those
223 * have special meanings).
225 * Quoting everything down to ASCII means we don't care what the
226 * content encoding really is (as long as it's not anything insane
229 char *cgi_sgmlquote(const char *src) {
235 if(!(ucs = utf8_to_utf32(src, strlen(src), 0)))
240 /* format the string */
241 while((c = *ucs++)) {
244 if(c > 126 || c < 32) {
249 /* For simplicity we always use numeric character references
250 * even if a named reference is available. */
251 sink_printf(s, "&#%"PRIu32";", c);
254 sink_writec(s, (char)c);
261 /** @brief Write a CGI attribute
262 * @param output Where to send output
263 * @param name Attribute name
264 * @param value Attribute value
266 void cgi_attr(struct sink *output, const char *name, const char *value) {
267 /* Try to avoid needless quoting */
268 if(!value[strspn(value, "abcdefghijklmnopqrstuvwxyz"
269 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
271 sink_printf(output, "%s=%s", name, value);
273 sink_printf(output, "%s=\"%s\"", name, cgi_sgmlquote(value));
276 /** @brief Write an open tag
277 * @param output Where to send output
278 * @param name Element name
279 * @param ... Attribute name/value pairs
281 * The name/value pair list is terminated by a single (char *)0.
283 void cgi_opentag(struct sink *output, const char *name, ...) {
287 sink_printf(output, "<%s", name);
289 while((n = va_arg(ap, const char *))) {
290 sink_printf(output, " ");
291 v = va_arg(ap, const char *);
293 cgi_attr(output, n, v);
295 sink_printf(output, n);
298 sink_printf(output, ">");
301 /** @brief Write a close tag
302 * @param output Where to send output
303 * @param name Element name
305 void cgi_closetag(struct sink *output, const char *name) {
306 sink_printf(output, "</%s>", name);
309 /** @brief Construct a URL
310 * @param url Base URL
311 * @param ... Name/value pairs for constructed query string
312 * @return Constructed URL
314 * The name/value pair list is terminated by a single (char *)0.
316 char *cgi_makeurl(const char *url, ...) {
318 struct kvp *kvp, *k, **kk = &kvp;
323 dynstr_append_string(&d, url);
325 while((n = va_arg(ap, const char *))) {
326 v = va_arg(ap, const char *);
327 *kk = k = xmalloc(sizeof *k);
335 dynstr_append(&d, '?');
336 dynstr_append_string(&d, kvp_urlencode(kvp, 0));
338 dynstr_terminate(&d);
342 /** @brief Construct a URL from current parameters
343 * @param url Base URL
344 * @return Constructed URL
346 char *cgi_thisurl(const char *url) {
348 char **keys = hash_keys(cgi_args);
352 dynstr_append_string(d, url);
354 dynstr_append(d, '?');
355 for(n = 0; keys[n]; ++n) {
356 dynstr_append_string(d, urlencodestring(keys[n]));
357 dynstr_append(d, '=');
358 dynstr_append_string(d, cgi_get(keys[n]));