-
Notifications
You must be signed in to change notification settings - Fork 2
/
bashlib.in
250 lines (220 loc) · 6.47 KB
/
bashlib.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
#!/bin/bash
# Author: darren chamberlain <dlc@sevenroot.org>
# Co-Author: Paul Bournival <paulb-ns@cajun.nu>
#
#######
# Updated Oct 15 2004 by Tony Clayton <t ny-bashlib@clayt n.ca>
# * add safe_param() function with XSS and shell-invocation prevention
# * add extra "| tr -d '$`'" sanity check to name decoding to prevent shell
# invocation of param names.
# * ported function defs to be bash/ash compatible
#######
# bashlib is used by sourcing it at the beginning of scripts that
# needs its functionality (by using the . or source commands).
PATH=/bin:/usr/bin
#
# Set version number
#
VERSION="0.05"
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# Initialization stuff begins here. These things run immediately, and
# do the parameter/cookie parsing.
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# Global debug flag. Set to 0 to disable debugging throughout the lib
DEBUG=0
# capture stdin for POST methods. POST requests don't always come in
# with a newline attached, so we use cat to grab stdin and append a newline.
# This is a wonderful hack, and thanks to paulb.
STDIN=$(@CAT@)
if [ -n "${STDIN}" ]; then
QUERY_STRING="${STDIN}&${QUERY_STRING}"
fi
# Handle GET and POST requests... (the QUERY_STRING will be set)
if [ -n "${QUERY_STRING}" ]; then
# name=value params, separated by either '&' or ';'
if echo ${QUERY_STRING} | grep '=' >/dev/null ; then
for Q in $(@ECHO@ ${QUERY_STRING} | @TR@ ";&" "\012") ; do
#
# Clear our local variables
#
unset name
unset value
unset tmpvalue
#
# get the name of the key, and decode it
#
name=${Q%%=*}
name=$(@ECHO@ ${name} | \
@SED@ -e 's/%\(\)/\\\x/g' | \
@TR@ "+" " ")
name=$(@ECHO@ ${name} | \
@TR@ -d ".-")
name=$(@PRINTF@ ${name} | @TR@ -d '$`')
#
# get the value and decode it. This is tricky... printf chokes on
# hex values in the form \xNN when there is another hex-ish value
# (i.e., a-fA-F) immediately after the first two. My (horrible)
# solution is to put a space aftet the \xNN, give the value to
# printf, and then remove it.
#
tmpvalue=${Q#*=}
tmpvalue=$(@ECHO@ ${tmpvalue} | \
@SED@ -e 's/%\(..\)/\\\x\1 /g')
#echo "Intermediate \$value: ${tmpvalue}" 1>&2
#
# Iterate through tmpvalue and printf each string, and append it to
# value
#
for i in ${tmpvalue}; do
g=$(@PRINTF@ ${i})
value="${value}${g}"
done
#value=$(echo ${value})
eval "export FORM_${name}='${value}'"
done
else # keywords: foo.cgi?a+b+c
Q=$(echo ${QUERY_STRING} | tr '+' ' ')
eval "export KEYWORDS='${Q}'"
fi
fi
#
# this section works identically to the query string parsing code,
# with the (obvious) exception that variables are stuck into the
# environment with the prefix COOKIE_ rather than FORM_. This is to
# help distinguish them from the other variables that get set
# automatically.
#
if [ -n "${HTTP_COOKIE}" ]; then
for Q in ${HTTP_COOKIE}; do
#
# Clear our local variables
#
name=
value=
tmpvalue=
#
# Strip trailing ; off the value
#
Q=${Q%;}
#
# get the name of the key, and decode it
#
name=${Q%%=*}
name=$(@ECHO@ ${name} | \
@SED@ -e 's/%\(\)/\\\x/g' | \
@TR@ "+" " ")
name=$(@ECHO@ ${name} | \
@TR@ -d ".-")
name=$(@PRINTF@ ${name})
# Decode the cookie value. See the parameter section above for
# an explanation of what this is doing.
tmpvalue=${Q#*=}
tmpvalue=$(@ECHO@ ${tmpvalue} | \
@SED@ -e 's/%\(..\)/\\\x\1 /g')
#echo "Intermediate \$value: ${tmpvalue}" 1>&2
#
# Iterate through tmpvalue and printf each string, and append it to
# value
#
for i in ${tmpvalue}; do
g=$(@PRINTF@ ${i})
value="${value}${g}"
done
#value=$(echo ${value})
#
# Export COOKIE_${name} into the environment
#
#echo "exporting COOKIE_${name}=${value}" 1>&2
eval "export COOKIE_${name}='${value}'"
done
fi
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# functions and all that groovy stuff
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#
# Shameless plug, advertises verion.
version {
echo "bashlib, version ${VERSION}"
}
version_html {
echo -n "<a href=\"http://sevenroot.org/dlc/2000/12/bashlib\">bashlib</a>,"
echo "version ${VERSION}"
}
#
# Parameter function.
# * When called with no arguments, returns a list of parameters that
# were passed in.
# * When called with one argument, returns the value of that parameter
# (if any)
# * When called with more than one argument, assumes that the first is a
# paramter name and the rest are values to be assigned to a paramter of
# that name.
#
param() {
local name
local value
if [ $# -eq 1 ]; then
name=$1
name=$(echo ${name} | @SED@ -e 's/FORM_//')
value=$(@ENV@ | @GREP@ "^FORM_${name}" | @SED@ -e 's/FORM_//' | @CUT@ -d= -f2-)
elif [ $# -gt 1 ]; then
name=$1
shift
eval "export 'FORM_${name}=$*'"
else
value=$(@ENV@ | @GREP@ '^FORM_' | @SED@ -e 's/FORM_//' | @CUT@ -d= -f1)
fi
echo ${value}
unset name
unset value
}
# shell invocation and X-site scripting prevention
safe_param() {
param $* | @TR@ -d '$`<>"%;)(&+'"'"
}
# cookie function. Same explanation as param
cookie() {
local name
local value
if [ $# -eq 1 ]; then
name=$1
name=$(echo ${name} | @SED@ -e 's/COOKIE_//')
value=$(@ENV@ | @GREP@ "^COOKIE_${name}" | @SED@ -e 's/COOKIE_//' | @CUT@ -d= -f2-)
elif [ $# -gt 1 ]; then
name=$1
shift
eval "export 'COOKIE_${name}=$*'"
else
value=$(@ENV@ | @GREP@ '^COOKIE_' | @SED@ -e 's/COOKIE_//' | @CUT@ -d= -f1)
fi
echo ${value}
unset name
unset value
}
# keywords returns a list of keywords. This is only set when the script is
# called with an ISINDEX form (these are pretty rare nowadays).
keywords() {
echo ${KEYWORDS}
}
set_cookie() {
local name=$1
shift
local value=$*
bashlib_cookies="${bashlib_cookies}; ${name}=${value}"
bashlib_cookies=${bashlib_cookies#;}
cookie $name $value
}
#
# send_redirect takes a URI and redirects the browser to that uri, exiting
# the script along the way.
#
send_redirect() {
local uri
if [ $# -eq 1 ]; then
uri=$1
else
uri="http://${SERVER_NAME}/${SCRIPT_NAME}"
fi
echo "Location: ${uri}"
echo ""
}