aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/capi.c22
-rw-r--r--src/capi.h1
-rw-r--r--src/html.cc3
3 files changed, 14 insertions, 12 deletions
diff --git a/src/capi.c b/src/capi.c
index ca5210ec..e857127f 100644
--- a/src/capi.c
+++ b/src/capi.c
@@ -200,19 +200,19 @@ void a_Capi_conn_abort_by_url(const DilloUrl *url)
/* ------------------------------------------------------------------------- */
/*
- * Safety test: only allow dpi-urls from dpi-generated pages.
+ * Safety test: only allow GET|POST dpi-urls from dpi-generated pages.
*/
-static int Capi_dpi_verify_request(DilloWeb *web)
+int a_Capi_dpi_verify_request(BrowserWindow *bw, DilloUrl *url)
{
DilloUrl *referer;
int allow = FALSE;
/* test POST and GET */
- if (dStrcasecmp(URL_SCHEME(web->url), "dpi") == 0 &&
- URL_FLAGS(web->url) & (URL_Post + URL_Get)) {
+ if (dStrcasecmp(URL_SCHEME(url), "dpi") == 0 &&
+ URL_FLAGS(url) & (URL_Post + URL_Get)) {
/* only allow dpi requests from dpi-generated urls */
- if (a_Nav_stack_size(web->bw)) {
- referer = a_History_get_url(NAV_TOP_UIDX(web->bw));
+ if (a_Nav_stack_size(bw)) {
+ referer = a_History_get_url(NAV_TOP_UIDX(bw));
if (dStrcasecmp(URL_SCHEME(referer), "dpi") == 0) {
allow = TRUE;
}
@@ -222,10 +222,10 @@ static int Capi_dpi_verify_request(DilloWeb *web)
}
if (!allow) {
- MSG("Capi_dpi_verify_request: Permission Denied!\n");
- MSG(" URL_STR : %s\n", URL_STR(web->url));
- if (URL_FLAGS(web->url) & URL_Post) {
- MSG(" URL_DATA: %s\n", dStr_printable(URL_DATA(web->url), 1024));
+ MSG("a_Capi_dpi_verify_request: Permission Denied!\n");
+ MSG(" URL_STR : %s\n", URL_STR(url));
+ if (URL_FLAGS(url) & URL_Post) {
+ MSG(" URL_DATA: %s\n", dStr_printable(URL_DATA(url), 1024));
}
}
return allow;
@@ -344,7 +344,7 @@ int a_Capi_open_url(DilloWeb *web, CA_Callback_t Call, void *CbData)
} else if (Capi_url_uses_dpi(web->url, &server)) {
/* dpi request */
- if ((safe = Capi_dpi_verify_request(web))) {
+ if ((safe = a_Capi_dpi_verify_request(web->bw, web->url))) {
if (dStrcasecmp(scheme, "dpi") == 0) {
/* make "dpi:/" prefixed urls always reload. */
a_Url_set_flags(web->url, URL_FLAGS(web->url) | URL_E2EQuery);
diff --git a/src/capi.h b/src/capi.h
index 94a8d1c4..45df8f64 100644
--- a/src/capi.h
+++ b/src/capi.h
@@ -30,6 +30,7 @@ const char *a_Capi_set_content_type(const DilloUrl *url, const char *ctype,
const char *from);
int a_Capi_get_flags(const DilloUrl *Url);
int a_Capi_get_flags_with_redirection(const DilloUrl *Url);
+int a_Capi_dpi_verify_request(BrowserWindow *bw, DilloUrl *url);
int a_Capi_dpi_send_cmd(DilloUrl *url, void *bw, char *cmd, char *server,
int flags);
void a_Capi_stop_client(int Key, int force);
diff --git a/src/html.cc b/src/html.cc
index 68465b08..abb3c416 100644
--- a/src/html.cc
+++ b/src/html.cc
@@ -2831,7 +2831,8 @@ static void Html_tag_open_meta(DilloHtml *html, const char *tag, int tagsize)
/* zero-delay redirection */
html->stop_parser = true;
DilloUrl *new_url = a_Url_new(mr_url, URL_STR(html->base_url));
- a_UIcmd_redirection0((void*)html->bw, new_url);
+ if (a_Capi_dpi_verify_request(html->bw, new_url))
+ a_UIcmd_redirection0((void*)html->bw, new_url);
a_Url_free(new_url);
} else {
/* Send a custom HTML message.