Sanitize local user names in the greeting page.

author: default 2023-08-14 09:32:17 +0200
committer: default 2023-08-14 09:32:17 +0200
commit: 4c14a2e93ce4c2ac9f523deb7ae1ec2396a0aaa2 (patch)
tree: c16afc1bca980c953f2dff6b51c278fd39927643 /httpd.c
parent: Backport from xs. (diff)
download: penes-snac2-4c14a2e93ce4c2ac9f523deb7ae1ec2396a0aaa2.tar.gz
penes-snac2-4c14a2e93ce4c2ac9f523deb7ae1ec2396a0aaa2.tar.xz
penes-snac2-4c14a2e93ce4c2ac9f523deb7ae1ec2396a0aaa2.zip
1 files changed, 55 insertions, 46 deletions
diff --git a/httpd.c b/httpd.c
index 1145abd..85f098c 100644
--- a/httpd.c
+++ b/httpd.c
@@ -36,7 +36,7 @@ const char *nodeinfo_2_0_template = ""
    "\"localPosts\":%d},"
    "\"openRegistrations\":false,\"metadata\":{}}";
-d_char *nodeinfo_2_0(void)
+xs_str *nodeinfo_2_0(void)
 /* builds a nodeinfo json object */
 {
    xs *users   = user_list();
@@ -47,66 +47,75 @@ d_char *nodeinfo_2_0(void)
 }
-int server_get_handler(xs_dict *req, char *q_path,
+static xs_str *greeting_html(void)
-                       char **body, int *b_size, char **ctype)
+/* processes and returns greeting.html */
-/* basic server services */
 {
-    int status = 0;
+    /* try to open greeting.html */
+    xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
+    FILE *f;
+    xs_str *s = NULL;
-    (void)req;
+    if ((f = fopen(fn, "r")) != NULL) {
+        s = xs_readall(f);
+        fclose(f);
-    /* is it the server root? */
+        /* replace %host% */
-    if (*q_path == '\0') {
+        s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));
-        /* try to open greeting.html */
-        xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
-        FILE *f;
-        if ((f = fopen(fn, "r")) != NULL) {
+        const char *adm_email = xs_dict_get(srv_config, "admin_email");
-            d_char *s = xs_readall(f);
+        if (xs_is_null(adm_email) || *adm_email == '\0')
-            fclose(f);
+            adm_email = "the administrator of this instance";
-            status = 200;
+        /* replace %admin_email */
+        s = xs_replace_i(s, "%admin_email%", adm_email);
-            /* replace %host% */
+        /* does it have a %userlist% mark? */
-            s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));
+        if (xs_str_in(s, "%userlist%") != -1) {
+            const char *host = xs_dict_get(srv_config, "host");
+            xs *list = user_list();
+            xs_list *p;
+            xs_str *uid;
+            xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
-            const char *adm_email = xs_dict_get(srv_config, "admin_email");
+            p = list;
-            if (xs_is_null(adm_email) || *adm_email == '\0')
+            while (xs_list_iter(&p, &uid)) {
-                adm_email = "the administrator of this instance";
+                snac user;
-            /* replace %admin_email */
+                if (user_open(&user, uid)) {
-            s = xs_replace_i(s, "%admin_email%", adm_email);
+                    xs *uname = encode_html(xs_dict_get(user.config, "name"));
-            /* does it have a %userlist% mark? */
+                    xs *u = xs_fmt(
-            if (xs_str_in(s, "%userlist%") != -1) {
+                        "<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",
-                char *host = xs_dict_get(srv_config, "host");
+                            user.actor, uid, host, uname);
-                xs *list = user_list();
-                char *p, *uid;
-                xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
-                p = list;
+                    ul = xs_str_cat(ul, u);
-                while (xs_list_iter(&p, &uid)) {
-                    snac snac;
-                    if (user_open(&snac, uid)) {
+                    user_free(&user);
-                        xs *u = xs_fmt(
+                }
-                            "<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",
+            }
-                                snac.actor, uid, host,
-                                xs_dict_get(snac.config, "name"));
-                        ul = xs_str_cat(ul, u);
+            ul = xs_str_cat(ul, "</ul>\n");
-                        user_free(&snac);
+            s = xs_replace_i(s, "%userlist%", ul);
-                    }
+        }
-                }
+    }
-                ul = xs_str_cat(ul, "</ul>\n");
+    return s;
+}
-                s = xs_replace_i(s, "%userlist%", ul);
-            }
-            *body = s;
+int server_get_handler(xs_dict *req, const char *q_path,
-        }
+                       char **body, int *b_size, char **ctype)
+/* basic server services */
+{
+    int status = 0;
+    (void)req;
+    /* is it the server root? */
+    if (*q_path == '\0') {
+        if ((*body = greeting_html()) != NULL)
+            status = 200;
    }
    else
    if (strcmp(q_path, "/susie.png") == 0 || strcmp(q_path, "/favicon.ico") == 0 ) {
@@ -150,7 +159,7 @@ void httpd_connection(FILE *f)
    xs *req;
    char *method;
    int status   = 0;
-    d_char *body = NULL;
+    xs_str *body = NULL;
    int b_size   = 0;
    char *ctype  = NULL;
    xs *headers  = xs_dict_new();
author	default	2023-08-14 09:32:17 +0200
committer	default	2023-08-14 09:32:17 +0200
commit	4c14a2e93ce4c2ac9f523deb7ae1ec2396a0aaa2 (patch)
tree	c16afc1bca980c953f2dff6b51c278fd39927643 /httpd.c
parent	Backport from xs. (diff)
download	penes-snac2-4c14a2e93ce4c2ac9f523deb7ae1ec2396a0aaa2.tar.gz penes-snac2-4c14a2e93ce4c2ac9f523deb7ae1ec2396a0aaa2.tar.xz penes-snac2-4c14a2e93ce4c2ac9f523deb7ae1ec2396a0aaa2.zip

diff --git a/httpd.c b/httpd.c index 1145abd..85f098c 100644 --- a/httpd.c +++ b/httpd.c
@@ -36,7 +36,7 @@ const char *nodeinfo_2_0_template = ""
36	"\"localPosts\":%d},"	36	"\"localPosts\":%d},"
37	"\"openRegistrations\":false,\"metadata\":{}}";	37	"\"openRegistrations\":false,\"metadata\":{}}";
38		38
39	d_char *nodeinfo_2_0(void)	39	xs_str *nodeinfo_2_0(void)
40	/* builds a nodeinfo json object */	40	/* builds a nodeinfo json object */
41	{	41	{
42	xs *users = user_list();	42	xs *users = user_list();
@@ -47,66 +47,75 @@ d_char *nodeinfo_2_0(void)
47	}	47	}
48		48
49		49
50	int server_get_handler(xs_dict req, char q_path,	50	static xs_str *greeting_html(void)
51	char *body, int b_size, char **ctype)	51	/* processes and returns greeting.html */
52	/* basic server services */
53	{	52	{
54	int status = 0;	53	/* try to open greeting.html */
		54	xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
		55	FILE *f;
		56	xs_str *s = NULL;
55		57
56	(void)req;	58	if ((f = fopen(fn, "r")) != NULL) {
		59	s = xs_readall(f);
		60	fclose(f);
57		61
58	/* is it the server root? */	62	/* replace %host% */
59	if (*q_path == '\0') {	63	s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));
60	/* try to open greeting.html */
61	xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
62	FILE *f;
63		64
64	if ((f = fopen(fn, "r")) != NULL) {	65	const char *adm_email = xs_dict_get(srv_config, "admin_email");
65	d_char *s = xs_readall(f);	66	if (xs_is_null(adm_email) \|\| *adm_email == '\0')
66	fclose(f);	67	adm_email = "the administrator of this instance";
67		68
68	status = 200;	69	/* replace %admin_email */
		70	s = xs_replace_i(s, "%admin_email%", adm_email);
69		71
70	/* replace %host% */	72	/* does it have a %userlist% mark? */
71	s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));	73	if (xs_str_in(s, "%userlist%") != -1) {
		74	const char *host = xs_dict_get(srv_config, "host");
		75	xs *list = user_list();
		76	xs_list *p;
		77	xs_str *uid;
		78	xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
72		79
73	const char *adm_email = xs_dict_get(srv_config, "admin_email");	80	p = list;
74	if (xs_is_null(adm_email) \|\| *adm_email == '\0')	81	while (xs_list_iter(&p, &uid)) {
75	adm_email = "the administrator of this instance";	82	snac user;
76		83
77	/* replace %admin_email */	84	if (user_open(&user, uid)) {
78	s = xs_replace_i(s, "%admin_email%", adm_email);	85	xs *uname = encode_html(xs_dict_get(user.config, "name"));
79		86
80	/* does it have a %userlist% mark? */	87	xs *u = xs_fmt(
81	if (xs_str_in(s, "%userlist%") != -1) {	88	"<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",
82	char *host = xs_dict_get(srv_config, "host");	89	user.actor, uid, host, uname);
83	xs *list = user_list();
84	char p, uid;
85	xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
86		90
87	p = list;	91	ul = xs_str_cat(ul, u);
88	while (xs_list_iter(&p, &uid)) {
89	snac snac;
90		92
91	if (user_open(&snac, uid)) {	93	user_free(&user);
92	xs *u = xs_fmt(	94	}
93	"<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",	95	}
94	snac.actor, uid, host,
95	xs_dict_get(snac.config, "name"));
96		96
97	ul = xs_str_cat(ul, u);	97	ul = xs_str_cat(ul, "</ul>\n");
98		98
99	user_free(&snac);	99	s = xs_replace_i(s, "%userlist%", ul);
100	}	100	}
101	}	101	}
102		102
103	ul = xs_str_cat(ul, "</ul>\n");	103	return s;
		104	}
104		105
105	s = xs_replace_i(s, "%userlist%", ul);
106	}
107		106
108	*body = s;	107	int server_get_handler(xs_dict req, const char q_path,
109	}	108	char *body, int b_size, char **ctype)
		109	/* basic server services */
		110	{
		111	int status = 0;
		112
		113	(void)req;
		114
		115	/* is it the server root? */
		116	if (*q_path == '\0') {
		117	if ((*body = greeting_html()) != NULL)
		118	status = 200;
110	}	119	}
111	else	120	else
112	if (strcmp(q_path, "/susie.png") == 0 \|\| strcmp(q_path, "/favicon.ico") == 0 ) {	121	if (strcmp(q_path, "/susie.png") == 0 \|\| strcmp(q_path, "/favicon.ico") == 0 ) {
@@ -150,7 +159,7 @@ void httpd_connection(FILE *f)
150	xs *req;	159	xs *req;
151	char *method;	160	char *method;
152	int status = 0;	161	int status = 0;
153	d_char *body = NULL;	162	xs_str *body = NULL;
154	int b_size = 0;	163	int b_size = 0;
155	char *ctype = NULL;	164	char *ctype = NULL;
156	xs *headers = xs_dict_new();	165	xs *headers = xs_dict_new();