annotate src/c/cgi.c @ 1252:2e4159a7d2d3

Safe unmodeled SQL expressions marked as known
author Adam Chlipala <adamc@hcoop.net>
date Sat, 01 May 2010 11:59:35 -0400
parents b0d632cc9edf
children 236dc296c32d
rev   line source
adamc@856 1 #include <stdio.h>
adamc@856 2 #include <ctype.h>
adamc@856 3 #include <string.h>
adamc@856 4 #include <stdlib.h>
adamc@856 5 #include <unistd.h>
adamc@856 6 #include <stdarg.h>
adamc@856 7
adamc@1094 8 #include "urweb.h"
adamc@856 9 #include "request.h"
adamc@856 10
adamc@1094 11 extern uw_app uw_application;
adamc@1094 12
adamc@856 13 static char *uppercased;
adamc@856 14 static size_t uppercased_len;
adamc@856 15
adamc@856 16 static char *get_header(void *data, const char *h) {
adamc@856 17 size_t len = strlen(h);
adamc@856 18 char *s, *r;
adamc@856 19 const char *saved_h = h;
adamc@856 20
adamc@856 21 if (len > uppercased_len) {
adamc@856 22 uppercased_len = len;
adamc@856 23 uppercased = realloc(uppercased, len + 6);
adamc@856 24 }
adamc@856 25
adamc@856 26 strcpy(uppercased, "HTTP_");
adamc@856 27 for (s = uppercased+5; *h; ++h)
adamc@1154 28 *s++ = *h == '-' ? '_' : toupper((int)*h);
adamc@856 29 *s = 0;
adamc@856 30
adamc@1134 31 if ((r = getenv(uppercased)))
adamc@856 32 return r;
adamc@856 33 else if (!strcasecmp(saved_h, "Content-length")
adamc@856 34 || !strcasecmp(saved_h, "Content-type"))
adamc@856 35 return getenv(uppercased + 5);
adamc@856 36 else
adamc@856 37 return NULL;
adamc@856 38 }
adamc@856 39
adamc@856 40 static void on_success(uw_context ctx) { }
adamc@856 41
adamc@856 42 static void on_failure(uw_context ctx) {
adamc@856 43 uw_write_header(ctx, "Status: 500 Internal Server Error\r\n");
adamc@856 44 }
adamc@856 45
adamc@856 46 static void log_error(void *data, const char *fmt, ...) {
adamc@856 47 va_list ap;
adamc@856 48 va_start(ap, fmt);
adamc@856 49
adamc@856 50 vfprintf(stderr, fmt, ap);
adamc@856 51 }
adamc@856 52
adamc@856 53 static void log_debug(void *data, const char *fmt, ...) {
adamc@856 54 }
adamc@856 55
adamc@856 56 int main(int argc, char *argv[]) {
adamc@1094 57 uw_context ctx = uw_request_new_context(&uw_application, NULL, log_error, log_debug);
adamc@856 58 uw_request_context rc = uw_new_request_context();
adamc@856 59 request_result rr;
adamc@856 60 char *method = getenv("REQUEST_METHOD"),
adamc@856 61 *path = getenv("SCRIPT_NAME"), *path_info = getenv("PATH_INFO"),
adamc@856 62 *query_string = getenv("QUERY_STRING");
adamc@856 63 char *body = malloc(1);
adamc@856 64 ssize_t body_len = 1, body_pos = 0, res;
adamc@856 65
adamc@856 66 uppercased = malloc(6);
adamc@856 67
adamc@856 68 if (!method) {
adamc@856 69 log_error(NULL, "REQUEST_METHOD not set\n");
adamc@856 70 exit(1);
adamc@856 71 }
adamc@856 72
adamc@856 73 if (!path) {
adamc@856 74 log_error(NULL, "SCRIPT_NAME not set\n");
adamc@856 75 exit(1);
adamc@856 76 }
adamc@856 77
adamc@856 78 if (path_info) {
adamc@856 79 char *new_path = malloc(strlen(path) + strlen(path_info) + 1);
adamc@856 80 sprintf(new_path, "%s%s", path, path_info);
adamc@856 81 path = new_path;
adamc@856 82 }
adamc@856 83
adamc@856 84 if (!query_string)
adamc@856 85 query_string = "";
adamc@856 86
adamc@856 87 while ((res = read(0, body + body_pos, body_len - body_pos)) > 0) {
adamc@856 88 body_pos += res;
adamc@856 89
adamc@856 90 if (body_pos == body_len) {
adamc@856 91 body_len *= 2;
adamc@856 92 body = realloc(body, body_len);
adamc@856 93 }
adamc@856 94 }
adamc@856 95
adamc@856 96 if (res < 0) {
adamc@856 97 log_error(NULL, "Error reading stdin\n");
adamc@856 98 exit(1);
adamc@856 99 }
adamc@856 100
adamc@856 101 uw_set_on_success("");
adamc@856 102 uw_set_headers(ctx, get_header, NULL);
adamc@1094 103 uw_request_init(&uw_application, NULL, log_error, log_debug);
adamc@856 104
adamc@856 105 body[body_pos] = 0;
adamc@856 106 rr = uw_request(rc, ctx, method, path, query_string, body, body_pos,
adamc@856 107 on_success, on_failure,
adamc@856 108 NULL, log_error, log_debug,
adamc@863 109 -1, NULL, NULL);
adamc@856 110 uw_print(ctx, 1);
adamc@856 111
adamc@856 112 if (rr == SERVED)
adamc@856 113 return 0;
adamc@856 114 else
adamc@856 115 return 1;
adamc@856 116 }
adamc@1121 117
adamc@1121 118 void *uw_init_client_data() {
adamc@1121 119 return NULL;
adamc@1121 120 }
adamc@1121 121
adamc@1121 122 void uw_free_client_data(void *data) {
adamc@1121 123 }
adamc@1121 124
adamc@1121 125 void uw_copy_client_data(void *dst, void *src) {
adamc@1121 126 }
adamc@1121 127
adamc@1121 128 void uw_do_expunge(uw_context ctx, uw_Basis_client cli, void *data) {
adamc@1121 129 if (uw_get_app(ctx)->db_begin(ctx))
adamc@1121 130 uw_error(ctx, FATAL, "Error running SQL BEGIN");
adamc@1121 131 uw_get_app(ctx)->expunger(ctx, cli);
adamc@1121 132 if (uw_get_app(ctx)->db_commit(ctx))
adamc@1121 133 uw_error(ctx, FATAL, "Error running SQL COMMIT");
adamc@1121 134 }
adamc@1121 135
adamc@1121 136 void uw_post_expunge(uw_context ctx, void *data) {
adamc@1121 137 }