* the key) has control or not. If validated, the context control_timestamp is
* updated.
* @param context The context to work in
- * @param key The control key to be validated.
* @return TRUE if authorized, FALSE if not.
*/
bool FCGI_HasControl(FCGIContext *context)
* Generic accept response in JSON format.
* @param context The context to work in
* @param description A short description.
- * @param cookie Optional. If given, the cookie field is set to that value.
*/
void FCGI_AcceptJSON(FCGIContext *context, const char *description)
{
/**
* Escapes a string so it can be used safely.
* Currently escapes to ensure the validity for use as a JSON string
- * Does not support unicode specifiers in the form of \uXXXX.
+ * Does not support unicode specifiers in the form of \\uXXXX.
* @param buf The string to be escaped
* @return The escaped string (return value == buf)
*/
char *FCGI_URLDecode(char *buf)
{
char *head = buf, *tail = buf;
- char hex[3] = {0};
+ char val, hex[3] = {0};
while (*tail) {
if (*tail == '%') { //%hh hex to char
if (isxdigit(*tail) && isxdigit(*(tail+1))) {
hex[0] = *tail++;
hex[1] = *tail++;
- *head++ = (char)strtol(hex, NULL, 16);
+ val = (char)strtol(hex, NULL, 16);
+ //Control codes --> Space character
+ *head++ = (val < 0x20) ? 0x20 : val;
} else { //Not valid format; keep original
head++;
}
//strncpy doesn't zero-truncate properly
snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL"));
- //Read from post body. If not empty, try GET instead.
- if (fgets(params, BUFSIZ, stdin) == NULL || *params == '\0') {
- snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
- }
+ //Get the GET query string
+ snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
//URL decode the parameters
FCGI_URLDecode(params);
//Escape all special characters.
//Don't escape for login (password may have special chars?)
FCGI_EscapeText(params);
+ } else { //Only for Login handler.
+ //If GET data is empty, use POST instead.
+ if (*params == '\0') {
+ Log(LOGDEBUG, "Using POST!");
+ fgets(params, BUFSIZ, stdin);
+ FCGI_URLDecode(params);
+ }
}
module_handler(&context, params);