head 1.4; access; symbols pkgsrc-2023Q4:1.4.0.78 pkgsrc-2023Q4-base:1.4 pkgsrc-2023Q3:1.4.0.76 pkgsrc-2023Q3-base:1.4 pkgsrc-2023Q2:1.4.0.74 pkgsrc-2023Q2-base:1.4 pkgsrc-2023Q1:1.4.0.72 pkgsrc-2023Q1-base:1.4 pkgsrc-2022Q4:1.4.0.70 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.68 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.66 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.64 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.62 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.4.0.60 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.4.0.58 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.56 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.54 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.52 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.48 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.28 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.50 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.46 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.44 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.4.0.42 pkgsrc-2019Q1-base:1.4 pkgsrc-2018Q4:1.4.0.40 pkgsrc-2018Q4-base:1.4 pkgsrc-2018Q3:1.4.0.38 pkgsrc-2018Q3-base:1.4 pkgsrc-2018Q2:1.4.0.36 pkgsrc-2018Q2-base:1.4 pkgsrc-2018Q1:1.4.0.34 pkgsrc-2018Q1-base:1.4 pkgsrc-2017Q4:1.4.0.32 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.30 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.26 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.4.0.24 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.4.0.22 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.4.0.20 pkgsrc-2016Q3-base:1.4 pkgsrc-2016Q2:1.4.0.18 pkgsrc-2016Q2-base:1.4 pkgsrc-2016Q1:1.4.0.16 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.14 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.4.0.12 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.4.0.10 pkgsrc-2015Q2-base:1.4 pkgsrc-2015Q1:1.4.0.8 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.6 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.4 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.2 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.3.0.52 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.50 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.48 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.46 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.44 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.42 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.40 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.38 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.36 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.34 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.32 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.30 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.28 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.26 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.24 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.22 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.20 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.18 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.16 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.14 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.12 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.10 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.8 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.6 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.4 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.2 pkgsrc-2008Q1:1.2.0.18 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.16 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.14 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.12 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.10 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.8 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.6 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.4 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.2 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.1.1.1.0.12 pkgsrc-2005Q4-base:1.1.1.1 pkgsrc-2005Q3:1.1.1.1.0.10 pkgsrc-2005Q3-base:1.1.1.1 pkgsrc-2005Q2:1.1.1.1.0.8 pkgsrc-2005Q2-base:1.1.1.1 pkgsrc-2005Q1:1.1.1.1.0.6 pkgsrc-2005Q1-base:1.1.1.1 pkgsrc-2004Q4:1.1.1.1.0.4 pkgsrc-2004Q4-base:1.1.1.1 pkgsrc-2004Q3:1.1.1.1.0.2 pkgsrc-2004Q3-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.4 date 2014.04.07.15.01.44; author adam; state Exp; branches; next 1.3; commitid EASOZtjTwHL5kLvx; 1.3 date 2008.06.20.01.09.41; author joerg; state Exp; branches; next 1.2; 1.2 date 2006.01.06.22.46.51; author adam; state Exp; branches; next 1.1; 1.1 date 2004.07.20.21.44.29; author jmmv; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2004.07.20.21.44.29; author jmmv; state Exp; branches; next ; desc @@ 1.4 log @Changes 2.06: * In main(), when parsing form input fails, the CGI script exits without producing any output whatsoever. Wouldn't it be better to actually emit an error status, instead of expecting the server to do something sane with a script that produces no output? * In mpRead(), a check is done to insure the requested length is not greater than the amount of data still available, and to adjust it if necessary. However, this check is currently done _after_ reading data from the putback buffer, in which process len is decremented by the amount of putback data read, but mpp->offset is not correspondingly incremented (this happens later). As a result, the check uses too small a value for len, and so fails to stop reading soon enough if the requested length is greater than what is available _and_ there was any data in the putback buffer. The fix is to move the check to the beginning of mpRead() * Further, if a read request is satisfied _entirely_ from the putback buffer, mpp->offset is not updated at all, resulting in a similar problem. The solution is to update mpp->offset in the "else if (got)" case. * In cgiParsePostMultipartInput(), if the Content-Disposition of a part is not "form-data", afterNextBoundary() is not called before beginning to process the next part. As a result, parsing of the next part headers begins with the body of the unwanted part. It is necessary in this case to call afterNextBoundary() before continuing with the next cycle. * In handling out-of-memory conditions in afterNextBoundary(), *outP is set to '\0'. While this is technically legal ('\0' is "an integral constant expression with the value 0"), it looks funny. * In cgiCookieString(), a change was introduced in v2.02 which purports to prevent an overrun in cases where cgiCookie is exactly equal to the requested cookie name. In fact, the problem can also occur if the requested name occurs with no values at the end of cgiCookie. Further, the change from v2.02 does not fix the problem, because it compares the _pointers_ p and n to NULL, which they will never equal, rather than comparing the pointers they point at to NUL. * Also in cgiCookieString(), there is a comment suggesting that the main loop never terminates except with a return. This is not the case. For example, it will terminate if the requested cookie is not found and the cgiCookie string ends in a semicolon. * Why did days[] (formerly daysOfWeek[]) and months[] become non-static? This pollutes the namespace of programs using CGIC. * In cgiReadEnvironment(), when reading in the contents of an uploaded file, it is possible that a temporary file is successfully created but then cannot be opened. In this case, no attempt is made to remove the tempoary file. * Further, when a form entry does _not_ include an uploaded file, e->tfileName is set to malloc'd but uninitialized memory. It should be set to an empty string, by setting e->tfileName[0] to zero after the 1-byte buffer is allocated. @ text @$NetBSD: patch-aa,v 1.3 2008/06/20 01:09:41 joerg Exp $ --- Makefile.orig 2005-12-16 15:52:31.000000000 +0100 +++ Makefile @@@@ -1,29 +1,38 @@@@ -CFLAGS=-g -Wall -CC=gcc -AR=ar -RANLIB=ranlib -LIBS=-L./ -lcgic - -all: libcgic.a cgictest.cgi capture - -install: libcgic.a - cp libcgic.a /usr/local/lib - cp cgic.h /usr/local/include - @@echo libcgic.a is in /usr/local/lib. cgic.h is in /usr/local/include. - -libcgic.a: cgic.o cgic.h - rm -f libcgic.a - $(AR) rc libcgic.a cgic.o - $(RANLIB) libcgic.a - -#mingw32 and cygwin users: replace .cgi with .exe - -cgictest.cgi: cgictest.o libcgic.a - gcc cgictest.o -o cgictest.cgi ${LIBS} - -capture: capture.o libcgic.a - gcc capture.o -o capture ${LIBS} - +CFLAGS+= -Wall +LIBS= libcgic.la +OBJS= cgic.o + +all: libcgic.la cgictest capture + +.SUFFIXES: .lo + +.c.lo: + ${LIBTOOL} --mode=compile ${CC} ${CFLAGS} -o $@@ -c $< + +libcgic.la: $(OBJS:.o=.lo) + ${LIBTOOL} --mode=link ${CC} -o $@@ ${OBJS:.o=.lo} \ + -rpath ${PREFIX}/lib -version-info 0:0 + +cgictest: cgictest.lo libcgic.la + ${LIBTOOL} --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@@ cgictest.lo $(LIBS) + +capture: capture.lo libcgic.la + ${LIBTOOL} --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@@ cgictest.lo $(LIBS) + +install: libcgic.la cgictest + mkdir -p ${DESTDIR}${PREFIX}/libexec/cgi-bin + mkdir -p ${DESTDIR}${PREFIX}/share/examples/cgiclib + ${INSTALL} -c -m 444 capture.c ${DESTDIR}${PREFIX}/share/examples/cgiclib + ${INSTALL} -c -m 444 cgictest.c ${DESTDIR}${PREFIX}/share/examples/cgiclib + ${LIBTOOL} --mode=install ${BSD_INSTALL_LIB} libcgic.la ${DESTDIR}${PREFIX}/lib + ${LIBTOOL} --mode=install ${BSD_INSTALL_PROGRAM} capture ${DESTDIR}${PREFIX}/libexec/cgi-bin + ${LIBTOOL} --mode=install ${BSD_INSTALL_PROGRAM} cgictest ${DESTDIR}${PREFIX}/libexec/cgi-bin + ${INSTALL} -c -m 444 cgic.h ${DESTDIR}${PREFIX}/include + mkdir -p ${DESTDIR}${PREFIX}/share/doc/cgiclib + for i in *.html; do \ + ${INSTALL} -c -m 444 $$i ${DESTDIR}${PREFIX}/share/doc/cgiclib ; \ + done + clean: - rm -f *.o *.a cgictest.cgi capture + rm -f *.o *.la cgictest capture @ 1.3 log @Add DESTDIR support. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.2 2006/01/06 22:46:51 adam Exp $ d62 1 a62 1 + mkdir -p ${DESTDIR}${PREFIX}/share/doc/html/cgiclib d64 1 a64 1 + ${INSTALL} -c -m 444 $$i ${DESTDIR}${PREFIX}/share/doc/html/cgiclib ; \ @ 1.2 log @Changes 2.05: Temporary files used to accept file uploads were not closed properly. This resulted in a file descriptor leak, which was unlikely to be serious because of the short lifespan of CGI programs and the fact that very few forms upload many files at once. However, on the Windows platform and possibly some others, file locking semantics prevented file uploads from working at all with these files not properly closed. Fixed in 2.05. Changes 2.04: Documentation fixes: the cgiHtmlEscape, cgiHtmlEscapeData, cgiValueEscape, and cgiValueEscapeData routines were named incorrectly in the manual. No code changes in version 2.04. Changes 2.03: Support for setting cookies has been reimplemented. The new code closely follows the actual practice of web sites that successfully use cookies, rather than attempting to implement the specification. The new code can successfully set more than one cookie at a time in typical web browsers. @ text @d1 1 a1 1 $NetBSD$ d54 9 a62 9 + -mkdir -p ${PREFIX}/libexec/cgi-bin + -mkdir -p ${PREFIX}/share/examples/cgiclib + ${INSTALL} -c -m 444 capture.c ${PREFIX}/share/examples/cgiclib + ${INSTALL} -c -m 444 cgictest.c ${PREFIX}/share/examples/cgiclib + ${LIBTOOL} --mode=install ${BSD_INSTALL_LIB} libcgic.la ${PREFIX}/lib + ${LIBTOOL} --mode=install ${BSD_INSTALL_PROGRAM} capture ${PREFIX}/libexec/cgi-bin + ${LIBTOOL} --mode=install ${BSD_INSTALL_PROGRAM} cgictest ${PREFIX}/libexec/cgi-bin + ${INSTALL} -c -m 444 cgic.h ${PREFIX}/include + -mkdir -p ${PREFIX}/share/doc/html/cgiclib d64 1 a64 1 + ${INSTALL} -c -m 444 $$i ${PREFIX}/share/doc/html/cgiclib ; \ @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- Makefile.orig Sun Jan 12 13:59:43 2003 d5 1 a5 1 @@@@ -1,27 +1,42 @@@@ d7 3 a9 3 +CFLAGS += -g -Wall CC=gcc AR=ar d11 1 a11 2 +LIBS = libcgic.la d13 1 a13 2 +OBJS = cgic.o d18 1 a18 2 +all: libcgic.la cgictest capture d22 2 a23 2 +.SUFFIXES: .lo d31 9 d45 1 a45 2 + -rpath ${PREFIX}/lib \ + -version-info 0:0 d58 3 a60 3 + ${LIBTOOL} --mode=install ${INSTALL} -c -m 444 libcgic.la ${PREFIX}/lib + ${LIBTOOL} --mode=install ${INSTALL} -c -m 755 capture ${PREFIX}/libexec/cgi-bin + ${LIBTOOL} --mode=install ${INSTALL} -c -m 755 cgictest ${PREFIX}/libexec/cgi-bin d66 1 a66 1 @ 1.1.1.1 log @Initial import of cgic, version 2.02, provided by cinnion at ka8zrt.com: This is the code written to accompany Thomas Boutell's book "CGI Programming in C & Perl". It provides a library of routines for use in CGI programming, and unlike cgilib-0.5, this library handles the "multipart/form-data" encoding required to use the FILE input control type as defined in the HTML specification. NOTE: It should be aware that there were a few developer visible changes made from Thomas Boutell's original distribution when integrating it with the NetBSD packages environment. They are: 1) Instead of being yet another source file which is used in building the application, the package have been converted totally into a library format. This library is linked using "-lcgic". 2) As a result of the first item, the developer no longer writes their entry point under the function name of cgiMain(). Instead, the user will provide their own main(), and will need to call cgiInit() before any other cgic function is called. @ text @@