changeset 334:619177c88430

- Forbid dpi GET and POST from non dpi-generated urls. - Cleaned up a_Url_new().
author jcid
date Sun, 14 Sep 2008 15:10:41 +0200
parents 9b507e8840a2
children 4a6db4341660
files ChangeLog src/IO/http.c src/cache.c src/dillo.cc src/form.cc src/html.cc src/html_common.hh src/prefs.c src/uicmd.cc src/url.c src/url.h
diffstat 11 files changed, 52 insertions(+), 65 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri Sep 12 22:50:43 2008 +0200
+++ b/ChangeLog	Sun Sep 14 15:10:41 2008 +0200
@@ -55,6 +55,8 @@
  - CCC: added reentrancy control to the OpEnd and OpAbort operations.
  - CCC: enhanced the debug function and implemented OpAbort for dpi.
  - Hooked a decoder for text/plain with charset.
+ - Forbid dpi GET and POST from non dpi-generated urls.
+ - Cleaned up a_Url_new().
    Patches: Jorge Arellano Cid
 +- Connected signals to <li> elements (fixes links within lists).
  - Enabled text, background-color, panel_size, geometry, fullscreen,
--- a/src/IO/http.c	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/IO/http.c	Sun Sep 14 15:10:41 2008 +0200
@@ -81,7 +81,7 @@
    char *env_proxy = getenv("http_proxy");
 
    if (env_proxy && strlen(env_proxy))
-      HTTP_Proxy = a_Url_new(env_proxy, NULL, 0, 0, 0);
+      HTTP_Proxy = a_Url_new(env_proxy, NULL);
    if (!HTTP_Proxy && prefs.http_proxy)
       HTTP_Proxy = a_Url_dup(prefs.http_proxy);
 
--- a/src/cache.c	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/cache.c	Sun Sep 14 15:10:41 2008 +0200
@@ -124,7 +124,7 @@
 
    /* inject the splash screen in the cache */
    {
-      DilloUrl *url = a_Url_new("about:splash", NULL, 0, 0, 0);
+      DilloUrl *url = a_Url_new("about:splash", NULL);
       Dstr *ds = dStr_new(AboutSplash);
       a_Cache_entry_inject(url, ds);
       dStr_free(ds, 1);
@@ -621,6 +621,7 @@
 #ifndef DISABLE_COOKIES
    Dlist *Cookies;
 #endif
+   DilloUrl *location_url;
    Dlist *warnings;
    void *data;
    int i;
@@ -643,7 +644,17 @@
             entry->Flags |= CA_TempRedirect;   /* 302 Temporary Redirect */
    
          location_str = Cache_parse_field(header, "Location");
-         entry->Location = a_Url_new(location_str,URL_STR_(entry->Url),0,0,0);
+         location_url = a_Url_new(location_str, URL_STR_(entry->Url));
+         if (URL_FLAGS(location_url) & (URL_Post + URL_Get) &&
+             dStrcasecmp(URL_SCHEME(location_url), "dpi") == 0 &&
+             dStrcasecmp(URL_SCHEME(entry->Url), "dpi") != 0) {
+            /* Forbid dpi GET and POST from non dpi-generated urls */
+            MSG("Redirection Denied! '%s' -> '%s'\n",
+                URL_STR(entry->Url), URL_STR(location_url));
+            a_Url_free(location_url);
+         } else {
+            entry->Location = location_url;
+         }
          dFree(location_str);
 
       } else if (strncmp(header + 9, "404", 3) == 0) {
@@ -901,8 +912,7 @@
 
       if (Flags & WEB_RootUrl) {
          /* Redirection of the main page */
-         NewUrl = a_Url_new(URL_STR_(entry->Location), URL_STR_(entry->Url),
-                            0, 0, 0);
+         NewUrl = a_Url_new(URL_STR_(entry->Location), URL_STR_(entry->Url));
          if (entry->Flags & CA_TempRedirect)
             a_Url_set_flags(NewUrl, URL_FLAGS(NewUrl) | URL_E2EQuery);
          a_Nav_push(bw, NewUrl);
--- a/src/dillo.cc	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/dillo.cc	Sun Sep 14 15:10:41 2008 +0200
@@ -68,9 +68,9 @@
    dFree(p);
 
    if (is_file) {
-      start_url = a_Url_new(url_str + 1, "file:/", 0, 0, 0);
+      start_url = a_Url_new(url_str + 1, "file:/");
    } else {
-      start_url = a_Url_new(url_str, NULL, 0, 0, 0);
+      start_url = a_Url_new(url_str, NULL);
    }
    dFree(url_str);
 
--- a/src/form.cc	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/form.cc	Sun Sep 14 15:10:41 2008 +0200
@@ -310,7 +310,7 @@
       }
    }
    if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "action")))
-      action = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0);
+      action = a_Html_url_new(html, attrbuf, NULL, 0);
    else
       action = a_Url_dup(html->base_url);
    enc = DILLO_HTML_ENC_URLENCODING;
@@ -581,7 +581,7 @@
    }
 
    if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "action")))
-      action = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0);
+      action = a_Html_url_new(html, attrbuf, NULL, 0);
    else
       action = a_Url_dup(html->base_url);
   
@@ -1012,7 +1012,7 @@
          char *action_str = dStrdup(URL_STR(action));
 
          if (method == DILLO_HTML_METHOD_POST) {
-            new_url = a_Url_new(action_str, NULL, 0, 0, 0);
+            new_url = a_Url_new(action_str, NULL);
             /* new_url keeps the dStr and sets DataStr to NULL */
             a_Url_set_data(new_url, &DataStr);
             a_Url_set_flags(new_url, URL_FLAGS(new_url) | URL_Post);
@@ -1027,7 +1027,7 @@
                *p = 0;
 
             url_str = dStrconcat(action_str, "?", DataStr->str, NULL);
-            new_url = a_Url_new(url_str, NULL, 0, 0, 0);
+            new_url = a_Url_new(url_str, NULL);
             a_Url_set_flags(new_url, URL_FLAGS(new_url) | URL_Get);
             dFree(url_str);
          }
@@ -1922,7 +1922,7 @@
    DilloUrl *url = NULL;
   
    if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "src")) &&
-       (url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0))) {
+       (url = a_Html_url_new(html, attrbuf, NULL, 0))) {
       style_attrs = *S_TOP(html)->style;
       style_attrs.cursor = CURSOR_POINTER;
 
--- a/src/html.cc	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/html.cc	Sun Sep 14 15:10:41 2008 +0200
@@ -163,16 +163,13 @@
  */
 DilloUrl *a_Html_url_new(DilloHtml *html,
                          const char *url_str, const char *base_url,
-                         int flags, int32_t posx, int32_t posy,
                          int use_base_url)
 {
    DilloUrl *url;
    int n_ic, n_ic_spc;
 
-   url = a_Url_new(
-            url_str,
-            (use_base_url) ? base_url : URL_STR_(html->base_url),
-            flags, posx, posy);
+   url = a_Url_new(url_str,
+                   (use_base_url) ? base_url : URL_STR_(html->base_url));
    if ((n_ic = URL_ILLEGAL_CHARS(url)) != 0) {
       const char *suffix = (n_ic) > 1 ? "s" : "";
       n_ic_spc = URL_ILLEGAL_CHARS_SPC(url);
@@ -1816,7 +1813,7 @@
    if (!(attrbuf = a_Html_get_attr(html, tag, tagsize, "src")))
       return;
 
-   if (!(url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0)))
+   if (!(url = a_Html_url_new(html, attrbuf, NULL, 0)))
       return;
 
    src = dStrdup(attrbuf);
@@ -2180,7 +2177,7 @@
       return;
 
    if (!(attrbuf = a_Html_get_attr(html, tag, tagsize, "src")) ||
-       !(url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0)))
+       !(url = a_Html_url_new(html, attrbuf, NULL, 0)))
       return;
 
    textblock = DW2TB(html->dw);
@@ -2188,7 +2185,7 @@
    usemap_url = NULL;
    if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "usemap")))
       /* todo: usemap URLs outside of the document are not used. */
-      usemap_url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0);
+      usemap_url = a_Html_url_new(html, attrbuf, NULL, 0);
 
    /* Set the style attributes for this image */
    style_attrs = *S_TOP(html)->style;
@@ -2246,7 +2243,7 @@
    } else {
       if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "name"))) {
          hash_name = dStrconcat("#", attrbuf, NULL);
-         url = a_Html_url_new(html, hash_name, NULL, 0, 0, 0, 0);
+         url = a_Html_url_new(html, hash_name, NULL, 0);
          html->maps.startNewMap(new ::object::String(url->url_string->str));
          a_Url_free (url);
          dFree(hash_name);
@@ -2365,7 +2362,7 @@
    }
    if (shape != NULL || type == BACKGROUND) {
       if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "href"))) {
-         url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0);
+         url = a_Html_url_new(html, attrbuf, NULL, 0);
          dReturn_if_fail ( url != NULL );
          if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "alt")))
             a_Url_set_alt(url, attrbuf);
@@ -2391,12 +2388,12 @@
    const char *attrbuf;
 
    if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "codebase"))) {
-      base_url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0);
+      base_url = a_Html_url_new(html, attrbuf, NULL, 0);
    }
    
    if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "data"))) {
-      url = a_Html_url_new(html, attrbuf, URL_STR(base_url), 0, 0, 0,
-                           (base_url != NULL));
+      url = a_Html_url_new(html, attrbuf,
+                           URL_STR(base_url), (base_url != NULL));
       dReturn_if_fail ( url != NULL );
 
       style_attrs = *S_TOP(html)->style;
@@ -2488,7 +2485,7 @@
       if (tolower(attrbuf[0]) == 'j')
          attrbuf = Html_get_javascript_link(html);
 
-      url = a_Html_url_new(html, attrbuf, NULL, 0, 0, 0, 0);
+      url = a_Html_url_new(html, attrbuf, NULL, 0);
       dReturn_if_fail ( url != NULL );
 
       old_style = S_TOP(html)->style;
@@ -3015,7 +3012,7 @@
 
    if (html->InFlags & IN_HEAD) {
       if ((attrbuf = a_Html_get_attr(html, tag, tagsize, "href"))) {
-         BaseUrl = a_Html_url_new(html, attrbuf, "", 0, 0, 0, 1);
+         BaseUrl = a_Html_url_new(html, attrbuf, "", 1);
          if (URL_SCHEME_(BaseUrl)) {
             /* Pass the URL_SpamSafe flag to the new base url */
             a_Url_set_flags(
--- a/src/html_common.hh	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/html_common.hh	Sun Sep 14 15:10:41 2008 +0200
@@ -242,7 +242,6 @@
 
 DilloUrl *a_Html_url_new(DilloHtml *html,
                          const char *url_str, const char *base_url,
-                         int flags, int32_t posx, int32_t posy,
                          int use_base_url);
 
 DilloImage *a_Html_add_new_image(DilloHtml *html, const char *tag,
--- a/src/prefs.c	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/prefs.c	Sun Sep 14 15:10:41 2008 +0200
@@ -201,7 +201,7 @@
       break;
    case DRC_TOKEN_PROXY:
       a_Url_free(prefs.http_proxy);
-      prefs.http_proxy = a_Url_new(value, NULL, 0, 0, 0);
+      prefs.http_proxy = a_Url_new(value, NULL);
       break;
    case DRC_TOKEN_PROXYUSER:
       dFree(prefs.http_proxyuser);
@@ -254,11 +254,11 @@
       break;
    case DRC_TOKEN_START_PAGE:
       a_Url_free(prefs.start_page);
-      prefs.start_page = a_Url_new(value, NULL, 0, 0, 0);
+      prefs.start_page = a_Url_new(value, NULL);
       break;
    case DRC_TOKEN_HOME:
       a_Url_free(prefs.home);
-      prefs.home = a_Url_new(value, NULL, 0, 0, 0);
+      prefs.home = a_Url_new(value, NULL);
       break;
    case DRC_TOKEN_SHOW_TOOLTIP:
       prefs.show_tooltip = (strcmp(value, "YES") == 0);
@@ -407,8 +407,8 @@
    prefs.visited_color = DW_COLOR_DEFAULT_VLINK;
    prefs.bg_color = DW_COLOR_DEFAULT_BGND;
    prefs.text_color = DW_COLOR_DEFAULT_TEXT;
-   prefs.start_page = a_Url_new(DILLO_START_PAGE, NULL, 0, 0, 0);
-   prefs.home = a_Url_new(DILLO_HOME, NULL, 0, 0, 0);
+   prefs.start_page = a_Url_new(DILLO_START_PAGE, NULL);
+   prefs.home = a_Url_new(DILLO_HOME, NULL);
    prefs.allow_white_bg = TRUE;
    prefs.force_my_colors = FALSE;
    prefs.contrast_visited_color = TRUE;
--- a/src/uicmd.cc	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/uicmd.cc	Sun Sep 14 15:10:41 2008 +0200
@@ -161,16 +161,16 @@
          /* file URI */
          ch = new_urlstr[5];
          if (!ch || ch == '.') {
-            url = a_Url_new(a_Dir_get_owd(), "file:", 0, 0, 0);
+            url = a_Url_new(a_Dir_get_owd(), "file:");
          } else if (ch == '~') {
-            url = a_Url_new(dGethomedir(), "file:", 0, 0, 0);
+            url = a_Url_new(dGethomedir(), "file:");
          } else {
-            url = a_Url_new(new_urlstr, "file:", 0, 0, 0);
+            url = a_Url_new(new_urlstr, "file:");
          }
 
       } else {
          /* common case */
-         url = a_Url_new(new_urlstr, NULL, 0, 0, 0);
+         url = a_Url_new(new_urlstr, NULL);
       }
       dFree(new_urlstr);
 
@@ -302,7 +302,7 @@
    a_UIcmd_set_save_dir(prefs.save_dir);
 
    urlstr = a_UIcmd_get_location_text((BrowserWindow*)vbw);
-   url = a_Url_new(urlstr, NULL, 0, 0, 0);
+   url = a_Url_new(urlstr, NULL);
    SuggestedName = UIcmd_make_save_filename(URL_PATH(url));
    name = a_Dialog_save_file("Save Page as File", NULL, SuggestedName);
    MSG("a_UIcmd_save: %s\n", name);
@@ -348,7 +348,7 @@
    name = a_Dialog_open_file("Open File", NULL, "");
 
    if (name) {
-      url = a_Url_new(name, "file:", 0, 0, 0);
+      url = a_Url_new(name, "file:");
       a_Nav_push((BrowserWindow*)vbw, url);
       a_Url_free(url);
       dFree(name);
@@ -438,7 +438,7 @@
  */
 void a_UIcmd_book(void *vbw)
 {
-   DilloUrl *url = a_Url_new("dpi:/bm/", NULL, 0, 0, 0);
+   DilloUrl *url = a_Url_new("dpi:/bm/", NULL);
    a_Nav_push((BrowserWindow*)vbw, url);
    a_Url_free(url);
 }
--- a/src/url.c	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/url.c	Sun Sep 14 15:10:41 2008 +0200
@@ -167,6 +167,7 @@
       s = p + 1;
       url->query = s;
       p = strpbrk(s, "#");
+      url->flags |= URL_Get;
    }
    if (p && p[0] == '#') {                         /* fragment */
       *p = 0;
@@ -338,17 +339,15 @@
  *     fragment           = "part2"
  *     hostname           = "dillo.sf.net"
  *     port               = 8080
- *     flags              = 0
+ *     flags              = URL_Get
  *     data               = Dstr * ("")
  *     alt                = NULL
  *     ismap_url_len      = 0
- *     scrolling_position = 0
  *  }
  *
  *  Return NULL if URL is badly formed.
  */
-DilloUrl* a_Url_new(const char *url_str, const char *base_url,
-                    int flags, int32_t posx, int32_t posy)
+DilloUrl* a_Url_new(const char *url_str, const char *base_url)
 {
    DilloUrl *url;
    char *urlstr = (char *)url_str;  /* auxiliar variable, don't free */
@@ -399,9 +398,6 @@
    url = Url_object_new(SolvedUrl->str);
    url->data = dStr_new("");
    url->url_string = SolvedUrl;
-   url->flags = flags;
-   url->scrolling_position_x = posx;
-   url->scrolling_position_y = posy;
    url->illegal_chars = n_ic;
    url->illegal_chars_spc = n_ic_spc;
 
@@ -426,8 +422,6 @@
    url->flags                = ori->flags;
    url->alt                  = dStrdup(ori->alt);
    url->ismap_url_len        = ori->ismap_url_len;
-   url->scrolling_position_x = ori->scrolling_position_x;
-   url->scrolling_position_y = ori->scrolling_position_y;
    url->illegal_chars        = ori->illegal_chars;
    url->illegal_chars_spc    = ori->illegal_chars_spc;
    url->data                 = dStr_sized_new(URL_DATA(ori)->len);
@@ -497,17 +491,6 @@
 }
 
 /*
- * Set DilloUrl scrolling position
- */
-void a_Url_set_pos(DilloUrl *u, int32_t posx, int32_t posy)
-{
-   if (u) {
-      u->scrolling_position_x = posx;
-      u->scrolling_position_y = posy;
-   }
-}
-
-/*
  * Set DilloUrl ismap coordinates
  * (this is optimized for not hogging the CPU)
  */
--- a/src/url.h	Fri Sep 12 22:50:43 2008 +0200
+++ b/src/url.h	Sun Sep 14 15:10:41 2008 +0200
@@ -110,15 +110,12 @@
    Dstr *data;                    /* POST */
    const char *alt;               /* "alt" text (used by image maps) */
    int ismap_url_len;             /* Used by server side image maps */
-   int32_t scrolling_position_x,  /* remember position of visited urls */
-           scrolling_position_y;
    int illegal_chars;             /* number of illegal chars */
    int illegal_chars_spc;         /* number of illegal space chars */
 };
 
 
-DilloUrl* a_Url_new(const char *url_str, const char *base_url,
-                    int flags, int32_t posx, int32_t posy);
+DilloUrl* a_Url_new(const char *url_str, const char *base_url);
 void a_Url_free(DilloUrl *u);
 char *a_Url_str(const DilloUrl *url);
 const char *a_Url_hostname(const DilloUrl *u);
@@ -127,7 +124,6 @@
 void a_Url_set_flags(DilloUrl *u, int flags);
 void a_Url_set_data(DilloUrl *u, Dstr **data);
 void a_Url_set_alt(DilloUrl *u, const char *alt);
-void a_Url_set_pos(DilloUrl *u, int32_t posx, int32_t posy);
 void a_Url_set_ismap_coords(DilloUrl *u, char *coord_str);
 char *a_Url_decode_hex_str(const char *str);
 char *a_Url_encode_hex_str(const char *str);