- Didn't close main file if loading an included template fails.
- I'm paranoid and want to disallow "#include /etc/passwd".
-const char cgi_rcs[] = "$Id: cgi.c,v 1.60 2002/04/08 20:50:25 swa Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.61 2002/04/10 13:37:48 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
*
* Revisions :
* $Log: cgi.c,v $
*
* Revisions :
* $Log: cgi.c,v $
+ * Revision 1.61 2002/04/10 13:37:48 oes
+ * Made templates modular: template_load now recursive with max depth 1
+ *
* Revision 1.60 2002/04/08 20:50:25 swa
* fixed JB spelling
*
* Revision 1.60 2002/04/08 20:50:25 swa
* fixed JB spelling
*
char *full_path;
char *file_buffer;
char *included_module;
char *full_path;
char *file_buffer;
char *included_module;
FILE *fp;
char buf[BUFFER_SIZE];
FILE *fp;
char buf[BUFFER_SIZE];
- /*
- * Open template file or fail
- */
+ /* Validate template name. Paranoia. */
+ for (p = templatename; *p != 0; p++)
+ {
+ if ( ((*p < 'a') || (*p > 'z'))
+ && ((*p < 'A') || (*p > 'Z'))
+ && ((*p < '0') || (*p > '9'))
+ && (*p != '-')
+ && (*p != '.'))
+ {
+ /* Illegal character */
+ return JB_ERR_FILE;
+ }
+ }
+
+ /* Generate full path */
templates_dir_path = make_path(csp->config->confdir, "templates");
if (templates_dir_path == NULL)
templates_dir_path = make_path(csp->config->confdir, "templates");
if (templates_dir_path == NULL)
+ /* Allocate buffer */
+
file_buffer = strdup("");
if (file_buffer == NULL)
{
file_buffer = strdup("");
if (file_buffer == NULL)
{
+ /* Open template file */
+
if (NULL == (fp = fopen(full_path, "r")))
{
log_error(LOG_LEVEL_ERROR, "Cannot open template file %s: %E", full_path);
if (NULL == (fp = fopen(full_path, "r")))
{
log_error(LOG_LEVEL_ERROR, "Cannot open template file %s: %E", full_path);
- * Read the file, ignoring comments, and honring #include
+ * Read the file, ignoring comments, and honoring #include
* statements, unless we're already called recursively.
*
* FIXME: The comment handling could break with lines >BUFFER_SIZE long.
* statements, unless we're already called recursively.
*
* FIXME: The comment handling could break with lines >BUFFER_SIZE long.
if (JB_ERR_OK != (err = template_load(csp, &included_module, chomp(buf + 9), 1)))
{
free(file_buffer);
if (JB_ERR_OK != (err = template_load(csp, &included_module, chomp(buf + 9), 1)))
{
free(file_buffer);
- if (string_append(&file_buffer, included_module))
+ if (string_join(&file_buffer, included_module))