#include <stdarg.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <ctype.h>
#include "common.h"
#include "sensor.h"
return buf;
}
+/**
+ * Unescapes a URL encoded string in-place. The string
+ * must be NULL terminated.
+ * (e.g this%2d+string --> this- string)
+ * @param buf The buffer to decode. Will be modified in-place.
+ * @return The same buffer.
+ */
+char *FCGI_URLDecode(char *buf)
+{
+ char *head = buf, *tail = buf;
+ char hex[3] = {0};
+
+ while (*tail) {
+ if (*tail == '%') { //%hh hex to char
+ tail++;
+ if (isxdigit(*tail) && isxdigit(*(tail+1))) {
+ hex[0] = *tail++;
+ hex[1] = *tail++;
+ *head++ = (char)strtol(hex, NULL, 16);
+ } else { //Not valid format; keep original
+ head++;
+ }
+ } else if (*tail == '+') { //Plus to space
+ tail++;
+ *head++ = ' ';
+ } else { //Anything else
+ *head++ = *tail++;
+ }
+ }
+ *head = 0; //NULL-terminate at new end point
+
+ return buf;
+}
+
/**
* Main FCGI request loop that receives/responds to client requests.
* @param data Reserved.
//strncpy doesn't zero-truncate properly
snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL"));
- snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
+
+ //Read from post body. If not empty, try GET instead.
+ if (fgets(params, BUFSIZ, stdin) == NULL || *params == '\0') {
+ snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
+ }
+ //URL decode the parameters
+ FCGI_URLDecode(params);
FCGI_GetControlCookie(context.received_key);
Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params);
context.current_module = module;
context.response_number++;
- if (module_handler)
- {
- if (module_handler != Login_Handler && module_handler != IdentifyHandler && module_handler)
- //if (false) // Testing
- {
+ if (module_handler) {
+ if (module_handler == IdentifyHandler) {
+ FCGI_EscapeText(params);
+ } else if (module_handler != Login_Handler) {
if (!FCGI_HasControl(&context))
{
- if (g_options.auth_method == AUTH_NONE)
- { //:(
+ if (g_options.auth_method == AUTH_NONE) { //:(
Log(LOGWARN, "Locking control (no auth!)");
FCGI_LockControl(&context, NOAUTH_USERNAME, USER_ADMIN);
FCGI_SendControlCookie(&context, true);
}
- else
- {
+ else {
FCGI_RejectJSON(&context, "Please login. Invalid control key.");
continue;
}
}
-
+
//Escape all special characters.
//Don't escape for login (password may have special chars?)
FCGI_EscapeText(params);
module_handler(&context, params);
}
- else
- {
+ else {
FCGI_RejectJSON(&context, "Unhandled module");
}
}
--- /dev/null
+#include <fcgi_stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+char *FCGI_URLDecode(char *buf);
+
+int main() {
+ while (FCGI_Accept() >= 0) {
+ char buf[BUFSIZ];
+ printf("Content-type: text/plain\r\n\r\n");
+
+
+ while(fgets(buf, BUFSIZ, stdin)) {
+ printf("POST (raw):\r\n");
+ printf("%s", buf);
+ printf("\r\nPOST (decoded):\r\n");
+ printf("%s", FCGI_URLDecode(buf));
+ }
+
+ snprintf(buf, BUFSIZ, "%s", getenv("QUERY_STRING"));
+ printf("\r\nGET (raw):\r\n");
+ printf("%s", getenv("QUERY_STRING"));
+
+ printf("\r\nGET (decoded):\r\n");
+ printf("%s", FCGI_URLDecode(buf));
+ }
+ return 0;
+
+}
+
+char *FCGI_URLDecode(char *buf) {
+ char *head = buf, *tail = buf;
+ char hex[3] = {0};
+ while (*tail) {
+ if (*tail == '%') {
+ tail++;
+ if (isxdigit(*tail) && isxdigit(*(tail+1))) {
+ hex[0] = *tail++;
+ hex[1] = *tail++;
+ *head++ = (char)strtol(hex, NULL, 16);
+ } else {
+ head++;
+ }
+ } else if (*tail == '+') {
+ tail++;
+ *head++ = ' ';
+ } else {
+ *head++ = *tail++;
+ }
+ }
+ *head = 0;
+ return buf;
+}
git.ucc.asn.au / matches / MCTX3420.git / commitdiff
UCC git Repository :: git.ucc.asn.au