X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=94742bda2ac2d70a973a8d6a4906a0718a016c9c;hb=828cdbf49f52572e93c5c5a48e05277525a4055f;hp=75863c1fb04b2f4449b427a096f2ffb1fd8d88b5;hpb=7e9d726ccd53626251e56b92c8eec47772bfe0f9;p=matches%2FMCTX3420.git diff --git a/server/fastcgi.c b/server/fastcgi.c index 75863c1..94742bd 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "common.h" #include "sensor.h" @@ -78,7 +79,7 @@ static void IdentifyHandler(FCGIContext *context, char *params) FCGI_JSONValue(",\n\t\t"); } - DataPoint d = Sensor_LastData(i); + DataPoint d = Actuator_LastData(i); FCGI_JSONValue("\"%d\" : {\"name\" : \"%s\", \"value\" : [%f, %f] }", i, Actuator_GetName(i), d.time_stamp, d.value); } FCGI_JSONValue("\n\t}"); @@ -537,6 +538,40 @@ char *FCGI_EscapeText(char *buf) return buf; } +/** + * Unescapes a URL encoded string in-place. The string + * must be NULL terminated. + * (e.g this%2d+string --> this- string) + * @param buf The buffer to decode. Will be modified in-place. + * @return The same buffer. + */ +char *FCGI_URLDecode(char *buf) +{ + char *head = buf, *tail = buf; + char hex[3] = {0}; + + while (*tail) { + if (*tail == '%') { //%hh hex to char + tail++; + if (isxdigit(*tail) && isxdigit(*(tail+1))) { + hex[0] = *tail++; + hex[1] = *tail++; + *head++ = (char)strtol(hex, NULL, 16); + } else { //Not valid format; keep original + head++; + } + } else if (*tail == '+') { //Plus to space + tail++; + *head++ = ' '; + } else { //Anything else + *head++ = *tail++; + } + } + *head = 0; //NULL-terminate at new end point + + return buf; +} + /** * Main FCGI request loop that receives/responds to client requests. * @param data Reserved. @@ -555,7 +590,11 @@ void * FCGI_RequestLoop (void *data) //strncpy doesn't zero-truncate properly snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL")); + + //Get the GET query string snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING")); + //URL decode the parameters + FCGI_URLDecode(params); FCGI_GetControlCookie(context.received_key); Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params); @@ -592,35 +631,38 @@ void * FCGI_RequestLoop (void *data) context.current_module = module; context.response_number++; - if (module_handler) - { - if (module_handler != Login_Handler && module_handler != IdentifyHandler && module_handler) - //if (false) // Testing - { + if (module_handler) { + if (module_handler == IdentifyHandler) { + FCGI_EscapeText(params); + } else if (module_handler != Login_Handler) { if (!FCGI_HasControl(&context)) { - if (g_options.auth_method == AUTH_NONE) - { //:( + if (g_options.auth_method == AUTH_NONE) { //:( Log(LOGWARN, "Locking control (no auth!)"); FCGI_LockControl(&context, NOAUTH_USERNAME, USER_ADMIN); FCGI_SendControlCookie(&context, true); } - else - { + else { FCGI_RejectJSON(&context, "Please login. Invalid control key."); continue; } } - + //Escape all special characters. //Don't escape for login (password may have special chars?) FCGI_EscapeText(params); + } else { //Only for Login handler. + //If GET data is empty, use POST instead. + if (*params == '\0') { + Log(LOGDEBUG, "Using POST!"); + fgets(params, BUFSIZ, stdin); + FCGI_URLDecode(params); + } } module_handler(&context, params); } - else - { + else { FCGI_RejectJSON(&context, "Unhandled module"); } }