diff options
| author | jcid <devnull@localhost> | 2008-09-14 15:10:41 +0200 |
|---|---|---|
| committer | jcid <devnull@localhost> | 2008-09-14 15:10:41 +0200 |
| commit | 4272ccda16b3d6b8695f01eb3c6ea544a97cbf54 (patch) | |
| tree | fe04b225b6adeecc2fce18d175368efa6ff89c94 /src | |
| parent | f6940d9ad7ee28c7226b8e66798fb9537ae3e238 (diff) | |
- Forbid dpi GET and POST from non dpi-generated urls.
- Cleaned up a_Url_new().
Diffstat (limited to 'src')
| -rw-r--r-- | src/IO/http.c | 2 | ||||
| -rw-r--r-- | src/cache.c | 18 | ||||
| -rw-r--r-- | src/dillo.cc | 4 | ||||
| -rw-r--r-- | src/form.cc | 10 | ||||
| -rw-r--r-- | src/html.cc | 27 | ||||
| -rw-r--r-- | src/html_common.hh | 1 | ||||
| -rw-r--r-- | src/prefs.c | 10 | ||||
| -rw-r--r-- | src/uicmd.cc | 14 | ||||
| -rw-r--r-- | src/url.c | 23 | ||||
| -rw-r--r-- | src/url.h | 6 |
10 files changed, 50 insertions, 65 deletions
diff --git a/src/IO/http.c b/src/IO/http.c index ec87a7a4..33236b52 100644 --- a/src/IO/http.c +++ b/src/IO/http.c @@ -81,7 +81,7 @@ int a_Http_init(void) char *env_proxy = getenv("http_proxy"); if (env_proxy && strlen(env_proxy)) - HTTP_Proxy = a_Url_new(env_proxy, NULL, 0, 0, 0); + HTTP_Proxy = a_Url_new(env_proxy, NULL); if (!HTTP_Proxy && prefs.http_proxy) HTTP_Proxy = a_Url_dup(prefs.http_proxy); diff --git a/src/cache.c b/src/cache.c index 0aaa4b14..29829964 100644 --- a/src/cache.c +++ b/src/cache.c @@ -124,7 +124,7 @@ void a_Cache_init(void) /* inject the splash screen in the cache */ { - DilloUrl *url = a_Url_new("about:splash", NULL, 0, 0, 0); + DilloUrl *url = a_Url_new("about:splash", NULL); Dstr *ds = dStr_new(AboutSplash); a_Cache_entry_inject(url, ds); dStr_free(ds, 1); @@ -621,6 +621,7 @@ static void Cache_parse_header(CacheEntry_t *entry) #ifndef DISABLE_COOKIES Dlist *Cookies; #endif + DilloUrl *location_url; Dlist *warnings; void *data; int i; @@ -643,7 +644,17 @@ static void Cache_parse_header(CacheEntry_t *entry) entry->Flags |= CA_TempRedirect; /* 302 Temporary Redirect */ location_str = Cache_parse_field(header, "Location"); - entry->Location = a_Url_new(location_str,URL_STR_(entry->Url),0,0,0); + location_url = a_Url_new(location_str, URL_STR_(entry->Url)); + if (URL_FLAGS(location_url) & (URL_Post + URL_Get) && + dStrcasecmp(URL_SCHEME(location_url), "dpi") == 0 && + dStrcasecmp(URL_SCHEME(entry->Url), "dpi") != 0) { + /* Forbid dpi GET and POST from non dpi-generated urls */ + MSG("Redirection Denied! '%s' -> '%s'\n", + URL_STR(entry->Url), URL_STR(location_url)); + a_Url_free(location_url); + } else { + entry->Location = location_url; + } dFree(location_str); } else if (strncmp(header + 9, "404", 3) == 0) { @@ -901,8 +912,7 @@ static int Cache_redirect(CacheEntry_t *entry, int Flags, BrowserWindow *bw) if (Flags & WEB_RootUrl) { /* Redirection of the main page */ - NewUrl = a_Url_new(URL_STR_(entry->Location), URL_STR_(entry->Url), - 0, 0, 0); + NewUrl = a_Url_new(URL_STR_(entry->Location), URL_STR_(entry->Url)); if (entry->Flags & CA_TempRedirect) a_Url_set_flags(NewUrl, URL_FLAGS(NewUrl) | URL_E2EQuery); a_Nav_push(bw, NewUrl); diff --git a/src/dillo.cc b/src/dillo.cc index 3b384cfe..aef192b8 100644 --- a/src/dillo.cc +++ b/src/dillo.cc @@ -68,9 +68,9 @@ static DilloUrl *Dillo_make_start_url(char *str) dFree(p); if (is_file) { - start_url = a_Url_new(url_str + 1, "file:/", 0, 0, 0); + start_url = a_Url_new(url_str + 1, "file:/"); } else { - start_url = a_Url_new(url_str, NULL, 0, 0, 0); + start_url = a_Url_new(url_str, NULL); } dFree(url_str); diff --git a/src/form.cc b/src/form.cc index c1f9c2fb..c79c31ed 100644 --- a/src/form.cc +++ b/src/form.cc @@ -310,7 +310,7 @@ void Html_tag_open_form(DilloHtml *html, const char *tag, int tagsize) } } if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "action"))) - action = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0); + action = a_Html_url_new(html, attrbuf, NULL, 0); else action = a_Url_dup(html->base_url); enc = DILLO_HTML_ENC_URLENCODING; @@ -581,7 +581,7 @@ void Html_tag_open_isindex(DilloHtml *html, const char *tag, int tagsize) } if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "action"))) - action = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0); + action = a_Html_url_new(html, attrbuf, NULL, 0); else action = a_Url_dup(html->base_url); @@ -1012,7 +1012,7 @@ DilloUrl *DilloHtmlForm::buildQueryUrl(DilloHtmlInput *input) char *action_str = dStrdup(URL_STR(action)); if (method == DILLO_HTML_METHOD_POST) { - new_url = a_Url_new(action_str, NULL, 0, 0, 0); + new_url = a_Url_new(action_str, NULL); /* new_url keeps the dStr and sets DataStr to NULL */ a_Url_set_data(new_url, &DataStr); a_Url_set_flags(new_url, URL_FLAGS(new_url) | URL_Post); @@ -1027,7 +1027,7 @@ DilloUrl *DilloHtmlForm::buildQueryUrl(DilloHtmlInput *input) *p = 0; url_str = dStrconcat(action_str, "?", DataStr->str, NULL); - new_url = a_Url_new(url_str, NULL, 0, 0, 0); + new_url = a_Url_new(url_str, NULL); a_Url_set_flags(new_url, URL_FLAGS(new_url) | URL_Get); dFree(url_str); } @@ -1922,7 +1922,7 @@ static dw::core::ui::Embed *Html_input_image(DilloHtml *html, DilloUrl *url = NULL; if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "src")) && - (url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0))) { + (url = a_Html_url_new(html, attrbuf, NULL, 0))) { style_attrs = *S_TOP(html)->style; style_attrs.cursor = CURSOR_POINTER; diff --git a/src/html.cc b/src/html.cc index 9e69a3d9..7986c168 100644 --- a/src/html.cc +++ b/src/html.cc @@ -163,16 +163,13 @@ void DilloHtml::bugMessage(const char *format, ... ) */ DilloUrl *a_Html_url_new(DilloHtml *html, const char *url_str, const char *base_url, - int flags, int32_t posx, int32_t posy, int use_base_url) { DilloUrl *url; int n_ic, n_ic_spc; - url = a_Url_new( - url_str, - (use_base_url) ? base_url : URL_STR_(html->base_url), - flags, posx, posy); + url = a_Url_new(url_str, + (use_base_url) ? base_url : URL_STR_(html->base_url)); if ((n_ic = URL_ILLEGAL_CHARS(url)) != 0) { const char *suffix = (n_ic) > 1 ? "s" : ""; n_ic_spc = URL_ILLEGAL_CHARS_SPC(url); @@ -1816,7 +1813,7 @@ static void Html_tag_open_frame (DilloHtml *html, const char *tag, int tagsize) if (!(attrbuf = a_Html_get_attr(html, tag, tagsize, "src"))) return; - if (!(url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0))) + if (!(url = a_Html_url_new(html, attrbuf, NULL, 0))) return; src = dStrdup(attrbuf); @@ -2180,7 +2177,7 @@ static void Html_tag_open_img(DilloHtml *html, const char *tag, int tagsize) return; if (!(attrbuf = a_Html_get_attr(html, tag, tagsize, "src")) || - !(url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0))) + !(url = a_Html_url_new(html, attrbuf, NULL, 0))) return; textblock = DW2TB(html->dw); @@ -2188,7 +2185,7 @@ static void Html_tag_open_img(DilloHtml *html, const char *tag, int tagsize) usemap_url = NULL; if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "usemap"))) /* todo: usemap URLs outside of the document are not used. */ - usemap_url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0); + usemap_url = a_Html_url_new(html, attrbuf, NULL, 0); /* Set the style attributes for this image */ style_attrs = *S_TOP(html)->style; @@ -2246,7 +2243,7 @@ static void Html_tag_open_map(DilloHtml *html, const char *tag, int tagsize) } else { if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "name"))) { hash_name = dStrconcat("#", attrbuf, NULL); - url = a_Html_url_new(html, hash_name, NULL, 0, 0, 0, 0); + url = a_Html_url_new(html, hash_name, NULL, 0); html->maps.startNewMap(new ::object::String(url->url_string->str)); a_Url_free (url); dFree(hash_name); @@ -2365,7 +2362,7 @@ static void Html_tag_open_area(DilloHtml *html, const char *tag, int tagsize) } if (shape != NULL || type == BACKGROUND) { if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "href"))) { - url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0); + url = a_Html_url_new(html, attrbuf, NULL, 0); dReturn_if_fail ( url != NULL ); if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "alt"))) a_Url_set_alt(url, attrbuf); @@ -2391,12 +2388,12 @@ static void Html_tag_open_object(DilloHtml *html, const char *tag, int tagsize) const char *attrbuf; if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "codebase"))) { - base_url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0); + base_url = a_Html_url_new(html, attrbuf, NULL, 0); } if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "data"))) { - url = a_Html_url_new(html, attrbuf, URL_STR(base_url), 0, 0, 0, - (base_url != NULL)); + url = a_Html_url_new(html, attrbuf, + URL_STR(base_url), (base_url != NULL)); dReturn_if_fail ( url != NULL ); style_attrs = *S_TOP(html)->style; @@ -2488,7 +2485,7 @@ static void Html_tag_open_a(DilloHtml *html, const char *tag, int tagsize) if (tolower(attrbuf[0]) == 'j') attrbuf = Html_get_javascript_link(html); - url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0); + url = a_Html_url_new(html, attrbuf, NULL, 0); dReturn_if_fail ( url != NULL ); old_style = S_TOP(html)->style; @@ -3015,7 +3012,7 @@ static void Html_tag_open_base(DilloHtml *html, const char *tag, int tagsize) if (html->InFlags & IN_HEAD) { if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "href"))) { - BaseUrl = a_Html_url_new(html, attrbuf, "", 0, 0, 0, 1); + BaseUrl = a_Html_url_new(html, attrbuf, "", 1); if (URL_SCHEME_(BaseUrl)) { /* Pass the URL_SpamSafe flag to the new base url */ a_Url_set_flags( diff --git a/src/html_common.hh b/src/html_common.hh index 47b0c1a7..d7b02b8e 100644 --- a/src/html_common.hh +++ b/src/html_common.hh @@ -242,7 +242,6 @@ char *a_Html_get_attr_wdef(DilloHtml *html, DilloUrl *a_Html_url_new(DilloHtml *html, const char *url_str, const char *base_url, - int flags, int32_t posx, int32_t posy, int use_base_url); DilloImage *a_Html_add_new_image(DilloHtml *html, const char *tag, diff --git a/src/prefs.c b/src/prefs.c index 797f2cf7..dc453655 100644 --- a/src/prefs.c +++ b/src/prefs.c @@ -201,7 +201,7 @@ static int Prefs_parse_pair(char *name, char *value) break; case DRC_TOKEN_PROXY: a_Url_free(prefs.http_proxy); - prefs.http_proxy = a_Url_new(value, NULL, 0, 0, 0); + prefs.http_proxy = a_Url_new(value, NULL); break; case DRC_TOKEN_PROXYUSER: dFree(prefs.http_proxyuser); @@ -254,11 +254,11 @@ static int Prefs_parse_pair(char *name, char *value) break; case DRC_TOKEN_START_PAGE: a_Url_free(prefs.start_page); - prefs.start_page = a_Url_new(value, NULL, 0, 0, 0); + prefs.start_page = a_Url_new(value, NULL); break; case DRC_TOKEN_HOME: a_Url_free(prefs.home); - prefs.home = a_Url_new(value, NULL, 0, 0, 0); + prefs.home = a_Url_new(value, NULL); break; case DRC_TOKEN_SHOW_TOOLTIP: prefs.show_tooltip = (strcmp(value, "YES") == 0); @@ -407,8 +407,8 @@ void a_Prefs_init(void) prefs.visited_color = DW_COLOR_DEFAULT_VLINK; prefs.bg_color = DW_COLOR_DEFAULT_BGND; prefs.text_color = DW_COLOR_DEFAULT_TEXT; - prefs.start_page = a_Url_new(DILLO_START_PAGE, NULL, 0, 0, 0); - prefs.home = a_Url_new(DILLO_HOME, NULL, 0, 0, 0); + prefs.start_page = a_Url_new(DILLO_START_PAGE, NULL); + prefs.home = a_Url_new(DILLO_HOME, NULL); prefs.allow_white_bg = TRUE; prefs.force_my_colors = FALSE; prefs.contrast_visited_color = TRUE; diff --git a/src/uicmd.cc b/src/uicmd.cc index 93f49adf..5634e676 100644 --- a/src/uicmd.cc +++ b/src/uicmd.cc @@ -161,16 +161,16 @@ void a_UIcmd_open_urlstr(void *vbw, const char *urlstr) /* file URI */ ch = new_urlstr[5]; if (!ch || ch == '.') { - url = a_Url_new(a_Dir_get_owd(), "file:", 0, 0, 0); + url = a_Url_new(a_Dir_get_owd(), "file:"); } else if (ch == '~') { - url = a_Url_new(dGethomedir(), "file:", 0, 0, 0); + url = a_Url_new(dGethomedir(), "file:"); } else { - url = a_Url_new(new_urlstr, "file:", 0, 0, 0); + url = a_Url_new(new_urlstr, "file:"); } } else { /* common case */ - url = a_Url_new(new_urlstr, NULL, 0, 0, 0); + url = a_Url_new(new_urlstr, NULL); } dFree(new_urlstr); @@ -302,7 +302,7 @@ void a_UIcmd_save(void *vbw) a_UIcmd_set_save_dir(prefs.save_dir); urlstr = a_UIcmd_get_location_text((BrowserWindow*)vbw); - url = a_Url_new(urlstr, NULL, 0, 0, 0); + url = a_Url_new(urlstr, NULL); SuggestedName = UIcmd_make_save_filename(URL_PATH(url)); name = a_Dialog_save_file("Save Page as File", NULL, SuggestedName); MSG("a_UIcmd_save: %s\n", name); @@ -348,7 +348,7 @@ void a_UIcmd_open_file(void *vbw) name = a_Dialog_open_file("Open File", NULL, ""); if (name) { - url = a_Url_new(name, "file:", 0, 0, 0); + url = a_Url_new(name, "file:"); a_Nav_push((BrowserWindow*)vbw, url); a_Url_free(url); dFree(name); @@ -438,7 +438,7 @@ void a_UIcmd_save_link(BrowserWindow *bw, const DilloUrl *url) */ void a_UIcmd_book(void *vbw) { - DilloUrl *url = a_Url_new("dpi:/bm/", NULL, 0, 0, 0); + DilloUrl *url = a_Url_new("dpi:/bm/", NULL); a_Nav_push((BrowserWindow*)vbw, url); a_Url_free(url); } @@ -167,6 +167,7 @@ static DilloUrl *Url_object_new(const char *uri_str) s = p + 1; url->query = s; p = strpbrk(s, "#"); + url->flags |= URL_Get; } if (p && p[0] == '#') { /* fragment */ *p = 0; @@ -338,17 +339,15 @@ done: * fragment = "part2" * hostname = "dillo.sf.net" * port = 8080 - * flags = 0 + * flags = URL_Get * data = Dstr * ("") * alt = NULL * ismap_url_len = 0 - * scrolling_position = 0 * } * * Return NULL if URL is badly formed. */ -DilloUrl* a_Url_new(const char *url_str, const char *base_url, - int flags, int32_t posx, int32_t posy) +DilloUrl* a_Url_new(const char *url_str, const char *base_url) { DilloUrl *url; char *urlstr = (char *)url_str; /* auxiliar variable, don't free */ @@ -399,9 +398,6 @@ DilloUrl* a_Url_new(const char *url_str, const char *base_url, url = Url_object_new(SolvedUrl->str); url->data = dStr_new(""); url->url_string = SolvedUrl; - url->flags = flags; - url->scrolling_position_x = posx; - url->scrolling_position_y = posy; url->illegal_chars = n_ic; url->illegal_chars_spc = n_ic_spc; @@ -426,8 +422,6 @@ DilloUrl* a_Url_dup(const DilloUrl *ori) url->flags = ori->flags; url->alt = dStrdup(ori->alt); url->ismap_url_len = ori->ismap_url_len; - url->scrolling_position_x = ori->scrolling_position_x; - url->scrolling_position_y = ori->scrolling_position_y; url->illegal_chars = ori->illegal_chars; url->illegal_chars_spc = ori->illegal_chars_spc; url->data = dStr_sized_new(URL_DATA(ori)->len); @@ -497,17 +491,6 @@ void a_Url_set_alt(DilloUrl *u, const char *alt) } /* - * Set DilloUrl scrolling position - */ -void a_Url_set_pos(DilloUrl *u, int32_t posx, int32_t posy) -{ - if (u) { - u->scrolling_position_x = posx; - u->scrolling_position_y = posy; - } -} - -/* * Set DilloUrl ismap coordinates * (this is optimized for not hogging the CPU) */ @@ -110,15 +110,12 @@ struct _DilloUrl { Dstr *data; /* POST */ const char *alt; /* "alt" text (used by image maps) */ int ismap_url_len; /* Used by server side image maps */ - int32_t scrolling_position_x, /* remember position of visited urls */ - scrolling_position_y; int illegal_chars; /* number of illegal chars */ int illegal_chars_spc; /* number of illegal space chars */ }; -DilloUrl* a_Url_new(const char *url_str, const char *base_url, - int flags, int32_t posx, int32_t posy); +DilloUrl* a_Url_new(const char *url_str, const char *base_url); void a_Url_free(DilloUrl *u); char *a_Url_str(const DilloUrl *url); const char *a_Url_hostname(const DilloUrl *u); @@ -127,7 +124,6 @@ int a_Url_cmp(const DilloUrl *A, const DilloUrl *B); void a_Url_set_flags(DilloUrl *u, int flags); void a_Url_set_data(DilloUrl *u, Dstr **data); void a_Url_set_alt(DilloUrl *u, const char *alt); -void a_Url_set_pos(DilloUrl *u, int32_t posx, int32_t posy); void a_Url_set_ismap_coords(DilloUrl *u, char *coord_str); char *a_Url_decode_hex_str(const char *str); char *a_Url_encode_hex_str(const char *str); |