/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* * http_include.c: Handles the server-parsed HTML documents * * Original by Rob McCool; substantial fixups by David Robinson; * incorporated into the Apache module framework by rst. * */ #include "apr.h" #include "apr_strings.h" #include "apr_thread_proc.h" #include "apr_hash.h" #include "apr_user.h" #include "apr_lib.h" #include "apr_optional.h" #define APR_WANT_STRFUNC #define APR_WANT_MEMFUNC #include "apr_want.h" #define CORE_PRIVATE #include "ap_config.h" #include "util_filter.h" #include "httpd.h" #include "http_config.h" #include "http_core.h" #include "http_request.h" #include "http_core.h" #include "http_protocol.h" #include "http_log.h" #include "http_main.h" #include "util_script.h" #include "http_core.h" #define MOD_INCLUDE_REDESIGN #include "mod_include.h" #include "util_ebcdic.h" module AP_MODULE_DECLARE_DATA include_module; static apr_hash_t *include_hash; static APR_OPTIONAL_FN_TYPE(ap_register_include_handler) *ssi_pfn_register; /***************************************************************** * * XBITHACK. Sigh... NB it's configurable per-directory; the compile-time * option only changes the default. */ enum xbithack { xbithack_off, xbithack_on, xbithack_full }; struct bndm_t { unsigned int T[256]; unsigned int x; } ; typedef struct { char *default_error_msg; char *default_time_fmt; enum xbithack *xbithack; } include_dir_config; typedef struct { char *default_start_tag; char *default_end_tag; int start_tag_len; bndm_t start_seq_pat; char *undefinedEcho; int undefinedEchoLen; } include_server_config; /* main parser states */ typedef enum { PARSE_PRE_HEAD, PARSE_HEAD, PARSE_DIRECTIVE, PARSE_DIRECTIVE_POSTNAME, PARSE_DIRECTIVE_TAIL, PARSE_DIRECTIVE_POSTTAIL, PARSE_PRE_ARG, PARSE_ARG, PARSE_ARG_NAME, PARSE_ARG_POSTNAME, PARSE_ARG_EQ, PARSE_ARG_PREVAL, PARSE_ARG_VAL, PARSE_ARG_VAL_ESC, PARSE_ARG_POSTVAL, PARSE_TAIL, PARSE_TAIL_SEQ, PARSE_EXECUTE } parse_state_t; typedef struct ssi_arg_item { struct ssi_arg_item *next; char *name; apr_size_t name_len; char *value; apr_size_t value_len; } ssi_arg_item_t; typedef struct { parse_state_t state; int seen_eos; int error; char quote; /* quote character value (or \0) */ apr_bucket_brigade *tmp_bb; apr_size_t end_seq_len; char *directive; /* name of the current directive */ unsigned argc; /* argument counter (of the current * directive) */ ssi_arg_item_t *argv; /* all arguments */ ssi_arg_item_t *current_arg; /* currently parsed argument */ request_rec *r; include_ctx_t *ctx; /* public part of the context structure */ apr_pool_t *dpool; } ssi_ctx_t; #ifdef XBITHACK #define DEFAULT_XBITHACK xbithack_full #else #define DEFAULT_XBITHACK xbithack_off #endif #define BYTE_COUNT_THRESHOLD AP_MIN_BYTES_TO_WRITE #define SSI_CREATE_ERROR_BUCKET(ctx, f, bb) APR_BRIGADE_INSERT_TAIL((bb), \ apr_bucket_pool_create(apr_pstrdup((ctx)->pool, (ctx)->error_str), \ strlen((ctx)->error_str), (ctx)->pool, \ (f)->c->bucket_alloc)) /* ------------------------ Environment function -------------------------- */ /* Sentinel value to store in subprocess_env for items that * shouldn't be evaluated until/unless they're actually used */ static const char lazy_eval_sentinel; #define LAZY_VALUE (&lazy_eval_sentinel) static void add_include_vars(request_rec *r, char *timefmt) { apr_table_t *e = r->subprocess_env; char *t; apr_table_setn(e, "DATE_LOCAL", LAZY_VALUE); apr_table_setn(e, "DATE_GMT", LAZY_VALUE); apr_table_setn(e, "LAST_MODIFIED", LAZY_VALUE); apr_table_setn(e, "DOCUMENT_URI", r->uri); if (r->path_info && *r->path_info) { apr_table_setn(e, "DOCUMENT_PATH_INFO", r->path_info); } apr_table_setn(e, "USER_NAME", LAZY_VALUE); if (r->filename && (t = strrchr(r->filename, '/'))) { apr_table_setn(e, "DOCUMENT_NAME", ++t); } else { apr_table_setn(e, "DOCUMENT_NAME", r->uri); } if (r->args) { char *arg_copy = apr_pstrdup(r->pool, r->args); ap_unescape_url(arg_copy); apr_table_setn(e, "QUERY_STRING_UNESCAPED", ap_escape_shell_cmd(r->pool, arg_copy)); } } static const char *add_include_vars_lazy(request_rec *r, const char *var) { char *val; if (!strcasecmp(var, "DATE_LOCAL")) { include_dir_config *conf = (include_dir_config *)ap_get_module_config(r->per_dir_config, &include_module); val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 0); } else if (!strcasecmp(var, "DATE_GMT")) { include_dir_config *conf = (include_dir_config *)ap_get_module_config(r->per_dir_config, &include_module); val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 1); } else if (!strcasecmp(var, "LAST_MODIFIED")) { include_dir_config *conf = (include_dir_config *)ap_get_module_config(r->per_dir_config, &include_module); val = ap_ht_time(r->pool, r->finfo.mtime, conf->default_time_fmt, 0); } else if (!strcasecmp(var, "USER_NAME")) { if (apr_get_username(&val, r->finfo.user, r->pool) != APR_SUCCESS) { val = ""; } } else { val = NULL; } if (val) { apr_table_setn(r->subprocess_env, var, val); } return val; } static const char *get_include_var(request_rec *r, include_ctx_t *ctx, const char *var) { const char *val; if (apr_isdigit(*var) && !var[1]) { /* Handle $0 .. $9 from the last regex evaluated. * The choice of returning NULL strings on not-found, * v.s. empty strings on an empty match is deliberate. */ if (!ctx->re_result || !ctx->re_string) { return NULL; } else { int idx = atoi(var); apr_size_t len = (*ctx->re_result)[idx].rm_eo - (*ctx->re_result)[idx].rm_so; if ( (*ctx->re_result)[idx].rm_so < 0 || (*ctx->re_result)[idx].rm_eo < 0) { return NULL; } val = apr_pstrmemdup(r->pool, ctx->re_string + (*ctx->re_result)[idx].rm_so, len); } } else { val = apr_table_get(r->subprocess_env, var); if (val == LAZY_VALUE) val = add_include_vars_lazy(r, var); } return val; } /* --------------------------- Parser functions --------------------------- */ /* This is an implementation of the BNDM search algorithm. * * Fast and Flexible String Matching by Combining Bit-parallelism and * Suffix Automata (2001) * Gonzalo Navarro, Mathieu Raffinot * * http://www-igm.univ-mlv.fr/~raffinot/ftp/jea2001.ps.gz * * Initial code submitted by Sascha Schumann. */ /* Precompile the bndm_t data structure. */ static void bndm_compile(bndm_t *t, const char *n, apr_size_t nl) { unsigned int x; const char *ne = n + nl; memset(t->T, 0, sizeof(unsigned int) * 256); for (x = 1; n < ne; x <<= 1) t->T[(unsigned char) *n++] |= x; t->x = x - 1; } /* Implements the BNDM search algorithm (as described above). * * n - the pattern to search for * nl - length of the pattern to search for * h - the string to look in * hl - length of the string to look for * t - precompiled bndm structure against the pattern * * Returns the count of character that is the first match or hl if no * match is found. */ static apr_size_t bndm(const char *n, apr_size_t nl, const char *h, apr_size_t hl, bndm_t *t) { const char *skip; const char *he, *p, *pi; unsigned int *T, x, d; he = h + hl; T = t->T; x = t->x; pi = h - 1; /* pi: p initial */ p = pi + nl; /* compare window right to left. point to the first char */ while (p < he) { skip = p; d = x; do { d &= T[(unsigned char) *p--]; if (!d) { break; } if ((d & 1)) { if (p != pi) skip = p; else return p - h + 1; } d >>= 1; } while (d); pi = skip; p = pi + nl; } return hl; } /* * decodes a string containing html entities or numeric character references. * 's' is overwritten with the decoded string. * If 's' is syntatically incorrect, then the followed fixups will be made: * unknown entities will be left undecoded; * references to unused numeric characters will be deleted. * In particular, � will not be decoded, but will be deleted. * * drtr */ /* maximum length of any ISO-LATIN-1 HTML entity name. */ #define MAXENTLEN (6) /* The following is a shrinking transformation, therefore safe. */ static void decodehtml(char *s) { int val, i, j; char *p; const char *ents; static const char * const entlist[MAXENTLEN + 1] = { NULL, /* 0 */ NULL, /* 1 */ "lt\074gt\076", /* 2 */ "amp\046ETH\320eth\360", /* 3 */ "quot\042Auml\304Euml\313Iuml\317Ouml\326Uuml\334auml\344euml\353\ iuml\357ouml\366uuml\374yuml\377", /* 4 */ "Acirc\302Aring\305AElig\306Ecirc\312Icirc\316Ocirc\324Ucirc\333\ THORN\336szlig\337acirc\342aring\345aelig\346ecirc\352icirc\356ocirc\364\ ucirc\373thorn\376", /* 5 */ "Agrave\300Aacute\301Atilde\303Ccedil\307Egrave\310Eacute\311\ Igrave\314Iacute\315Ntilde\321Ograve\322Oacute\323Otilde\325Oslash\330\ Ugrave\331Uacute\332Yacute\335agrave\340aacute\341atilde\343ccedil\347\ egrave\350eacute\351igrave\354iacute\355ntilde\361ograve\362oacute\363\ otilde\365oslash\370ugrave\371uacute\372yacute\375" /* 6 */ }; /* Do a fast scan through the string until we find anything * that needs more complicated handling */ for (; *s != '&'; s++) { if (*s == '\0') { return; } } for (p = s; *s != '\0'; s++, p++) { if (*s != '&') { *p = *s; continue; } /* find end of entity */ for (i = 1; s[i] != ';' && s[i] != '\0'; i++) { continue; } if (s[i] == '\0') { /* treat as normal data */ *p = *s; continue; } /* is it numeric ? */ if (s[1] == '#') { for (j = 2, val = 0; j < i && apr_isdigit(s[j]); j++) { val = val * 10 + s[j] - '0'; } s += i; if (j < i || val <= 8 || (val >= 11 && val <= 31) || (val >= 127 && val <= 160) || val >= 256) { p--; /* no data to output */ } else { *p = RAW_ASCII_CHAR(val); } } else { j = i - 1; if (j > MAXENTLEN || entlist[j] == NULL) { /* wrong length */ *p = '&'; continue; /* skip it */ } for (ents = entlist[j]; *ents != '\0'; ents += i) { if (strncmp(s + 1, ents, j) == 0) { break; } } if (*ents == '\0') { *p = '&'; /* unknown */ } else { *p = RAW_ASCII_CHAR(((const unsigned char *) ents)[j]); s += i; } } } *p = '\0'; } /* * Extract the next tag name and value. * If there are no more tags, set the tag name to NULL. * The tag value is html decoded if dodecode is non-zero. * The tag value may be NULL if there is no tag value.. * format: * [WS][WS]=[WS]['|"|`][['|"|`|]|WS] */ #define SKIP_TAG_WHITESPACE(ptr) while ((*ptr != '\0') && (apr_isspace (*ptr))) ptr++ static void ap_ssi_get_tag_and_value(include_ctx_t *ctx, char **tag, char **tag_val, int dodecode) { *tag_val = NULL; if (ctx->curr_tag_pos >= ctx->combined_tag + ctx->tag_length) { *tag = NULL; return; } *tag = ctx->curr_tag_pos; if (!**tag) { *tag = NULL; /* finitio */ ctx->curr_tag_pos = ctx->combined_tag + ctx->tag_length; return; } *tag_val = ap_strchr(*tag, '='); if (!*tag_val) { ctx->curr_tag_pos = ctx->combined_tag + ctx->tag_length; return; } /* if it starts with '=' there was no tag name, just a value */ if (*tag_val == *tag) { *tag = NULL; } *(*tag_val)++ = '\0'; ctx->curr_tag_pos = *tag_val + strlen(*tag_val) + 1; /* skip \0 byte */ if (dodecode) { decodehtml(*tag_val); } return; } /* initial buffer size for power-of-two allocator in ap_ssi_parse_string */ #define PARSE_STRING_INITIAL_SIZE 64 /* * Do variable substitution on strings * (Note: If out==NULL, this function allocs a buffer for the resulting * string from r->pool. The return value is the parsed string) */ static char *ap_ssi_parse_string(request_rec *r, include_ctx_t *ctx, const char *in, char *out, apr_size_t length, int leave_name) { char ch; char *next; char *end_out; apr_size_t out_size; /* allocate an output buffer if needed */ if (!out) { out_size = PARSE_STRING_INITIAL_SIZE; if (out_size > length) { out_size = length; } out = apr_palloc(r->pool, out_size); } else { out_size = length; } /* leave room for nul terminator */ end_out = out + out_size - 1; next = out; while ((ch = *in++) != '\0') { switch (ch) { case '\\': if (next == end_out) { if (out_size < length) { /* double the buffer size */ apr_size_t new_out_size = out_size * 2; apr_size_t current_length = next - out; char *new_out; if (new_out_size > length) { new_out_size = length; } new_out = apr_palloc(r->pool, new_out_size); memcpy(new_out, out, current_length); out = new_out; out_size = new_out_size; end_out = out + out_size - 1; next = out + current_length; } else { /* truncated */ *next = '\0'; return out; } } if (*in == '$') { *next++ = *in++; } else { *next++ = ch; } break; case '$': { const char *start_of_var_name; char *end_of_var_name; /* end of var name + 1 */ const char *expansion, *temp_end, *val; char tmp_store; apr_size_t l; /* guess that the expansion won't happen */ expansion = in - 1; if (*in == '{') { ++in; start_of_var_name = in; in = ap_strchr_c(in, '}'); if (in == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Missing '}' on variable \"%s\"", expansion); *next = '\0'; return out; } temp_end = in; end_of_var_name = (char *)temp_end; ++in; } else { start_of_var_name = in; while (apr_isalnum(*in) || *in == '_') { ++in; } temp_end = in; end_of_var_name = (char *)temp_end; } /* what a pain, too bad there's no table_getn where you can * pass a non-nul terminated string */ l = end_of_var_name - start_of_var_name; if (l != 0) { tmp_store = *end_of_var_name; *end_of_var_name = '\0'; val = get_include_var(r, ctx, start_of_var_name); *end_of_var_name = tmp_store; if (val) { expansion = val; l = strlen(expansion); } else if (leave_name) { l = in - expansion; } else { /* no expansion to be done */ break; } } else { /* zero-length variable name causes just the $ to be * copied */ l = 1; } if ((next + l > end_out) && (out_size < length)) { /* increase the buffer size to accommodate l more chars */ apr_size_t new_out_size = out_size; apr_size_t current_length = next - out; char *new_out; do { new_out_size *= 2; } while (new_out_size < current_length + l + 1); /* +1 for NUL */ if (new_out_size > length) { new_out_size = length; } new_out = apr_palloc(r->pool, new_out_size); memcpy(new_out, out, current_length); out = new_out; out_size = new_out_size; end_out = out + out_size - 1; next = out + current_length; } l = ((int)l > end_out - next) ? (end_out - next) : l; memcpy(next, expansion, l); next += l; break; } default: if (next == end_out) { if (out_size < length) { /* double the buffer size */ apr_size_t new_out_size = out_size * 2; apr_size_t current_length = next - out; char *new_out; if (new_out_size > length) { new_out_size = length; } new_out = apr_palloc(r->pool, new_out_size); memcpy(new_out, out, current_length); out = new_out; out_size = new_out_size; end_out = out + out_size - 1; next = out + current_length; } else { /* truncated */ *next = '\0'; return out; } } *next++ = ch; break; } } *next = '\0'; return out; } /* --------------------------- Action handlers ---------------------------- */ /* ensure that path is relative, and does not contain ".." elements * ensentially ensure that it does not match the regex: * (^/|(^|/)\.\.(/|$)) * XXX: Simply replace with apr_filepath_merge */ static int is_only_below(const char *path) { #ifdef HAVE_DRIVE_LETTERS if (path[1] == ':') return 0; #endif #ifdef NETWARE if (ap_strchr_c(path, ':')) return 0; #endif if (path[0] == '/') { return 0; } while (*path) { int dots = 0; while (path[dots] == '.') ++dots; #if defined(WIN32) /* If the name is canonical this is redundant * but in security, redundancy is worthwhile. * Does OS2 belong here (accepts ... for ..)? */ if (dots > 1 && (!path[dots] || path[dots] == '/')) return 0; #else if (dots == 2 && (!path[dots] || path[dots] == '/')) return 0; #endif path += dots; /* Advance to either the null byte at the end of the * string or the character right after the next slash, * whichever comes first */ while (*path && (*path++ != '/')) { continue; } } return 1; } static int handle_include(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; apr_bucket *tmp_buck; char *parsed_string; int loglevel = APLOG_ERR; *inserted_head = NULL; if (ctx->flags & FLAG_PRINTING) { while (1) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1); if (tag_val == NULL) { if (tag == NULL) { return (0); } else { return (1); } } if (!strcmp(tag, "virtual") || !strcmp(tag, "file")) { request_rec *rr = NULL; char *error_fmt = NULL; apr_status_t rc = APR_SUCCESS; SPLIT_AND_PASS_PRETAG_BUCKETS(*bb, ctx, f->next, rc); if (rc != APR_SUCCESS) { return rc; } parsed_string = ap_ssi_parse_string(r, ctx, tag_val, NULL, MAX_STRING_LEN, 0); if (tag[0] == 'f') { /* XXX: Port to apr_filepath_merge * be safe; only files in this directory or below allowed */ if (!is_only_below(parsed_string)) { error_fmt = "unable to include file \"%s\" " "in parsed file %s"; } else { rr = ap_sub_req_lookup_uri(parsed_string, r, f->next); } } else { rr = ap_sub_req_lookup_uri(parsed_string, r, f->next); } if (!error_fmt && rr->status != HTTP_OK) { error_fmt = "unable to include \"%s\" in parsed file %s"; } if (!error_fmt && (ctx->flags & FLAG_NO_EXEC) && rr->content_type && (strncmp(rr->content_type, "text/", 5))) { error_fmt = "unable to include potential exec \"%s\" " "in parsed file %s"; } /* See the Kludge in send_parsed_file for why */ /* Basically, it puts a bread crumb in here, then looks */ /* for the crumb later to see if its been here. */ if (rr) ap_set_module_config(rr->request_config, &include_module, r); if (!error_fmt && ap_run_sub_req(rr)) { error_fmt = "unable to include \"%s\" in parsed file %s"; } if (error_fmt) { ap_log_rerror(APLOG_MARK, loglevel, 0, r, error_fmt, tag_val, r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); } /* Do *not* destroy the subrequest here; it may have allocated * variables in this r->subprocess_env in the subrequest's * r->pool, so that pool must survive as long as this request. * Yes, this is a memory leak. */ } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" to tag include in %s", tag, r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } } } return 0; } static int handle_echo(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; const char *echo_text = NULL; apr_bucket *tmp_buck; apr_size_t e_len; enum {E_NONE, E_URL, E_ENTITY} encode; encode = E_ENTITY; *inserted_head = NULL; if (ctx->flags & FLAG_PRINTING) { while (1) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1); if (tag_val == NULL) { if (tag != NULL) { return 1; } else { return 0; } } if (!strcmp(tag, "var")) { conn_rec *c = r->connection; const char *val = get_include_var(r, ctx, ap_ssi_parse_string(r, ctx, tag_val, NULL, MAX_STRING_LEN, 0)); if (val) { switch(encode) { case E_NONE: echo_text = val; break; case E_URL: echo_text = ap_escape_uri(r->pool, val); break; case E_ENTITY: echo_text = ap_escape_html(r->pool, val); break; } e_len = strlen(echo_text); tmp_buck = apr_bucket_pool_create(echo_text, e_len, r->pool, c->bucket_alloc); } else { include_server_config *sconf= ap_get_module_config(r->server->module_config, &include_module); tmp_buck = apr_bucket_pool_create(sconf->undefinedEcho, sconf->undefinedEchoLen, r->pool, c->bucket_alloc); } APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck); if (*inserted_head == NULL) { *inserted_head = tmp_buck; } } else if (!strcmp(tag, "encoding")) { if (!strcasecmp(tag_val, "none")) encode = E_NONE; else if (!strcasecmp(tag_val, "url")) encode = E_URL; else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY; else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown value \"%s\" to parameter \"encoding\" of " "tag echo in %s", tag_val, r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" in tag echo of %s", tag, r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } } } return 0; } /* error and tf must point to a string with room for at * least MAX_STRING_LEN characters */ static int handle_config(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; char *parsed_string; apr_table_t *env = r->subprocess_env; *inserted_head = NULL; if (ctx->flags & FLAG_PRINTING) { while (1) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 0); if (tag_val == NULL) { if (tag == NULL) { return 0; /* Reached the end of the string. */ } else { return 1; /* tags must have values. */ } } if (!strcmp(tag, "errmsg")) { if (ctx->error_str_override == NULL) { ctx->error_str_override = (char *)apr_palloc(ctx->pool, MAX_STRING_LEN); ctx->error_str = ctx->error_str_override; } ap_ssi_parse_string(r, ctx, tag_val, ctx->error_str_override, MAX_STRING_LEN, 0); } else if (!strcmp(tag, "timefmt")) { apr_time_t date = r->request_time; if (ctx->time_str_override == NULL) { ctx->time_str_override = (char *)apr_palloc(ctx->pool, MAX_STRING_LEN); ctx->time_str = ctx->time_str_override; } ap_ssi_parse_string(r, ctx, tag_val, ctx->time_str_override, MAX_STRING_LEN, 0); apr_table_setn(env, "DATE_LOCAL", ap_ht_time(r->pool, date, ctx->time_str, 0)); apr_table_setn(env, "DATE_GMT", ap_ht_time(r->pool, date, ctx->time_str, 1)); apr_table_setn(env, "LAST_MODIFIED", ap_ht_time(r->pool, r->finfo.mtime, ctx->time_str, 0)); } else if (!strcmp(tag, "sizefmt")) { parsed_string = ap_ssi_parse_string(r, ctx, tag_val, NULL, MAX_STRING_LEN, 0); decodehtml(parsed_string); if (!strcmp(parsed_string, "bytes")) { ctx->flags |= FLAG_SIZE_IN_BYTES; } else if (!strcmp(parsed_string, "abbrev")) { ctx->flags &= FLAG_SIZE_ABBREV; } } else { apr_bucket *tmp_buck; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" to tag config in %s", tag, r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } } } return 0; } static int find_file(request_rec *r, const char *directive, const char *tag, char *tag_val, apr_finfo_t *finfo) { char *to_send = tag_val; request_rec *rr = NULL; int ret=0; char *error_fmt = NULL; apr_status_t rv = APR_SUCCESS; if (!strcmp(tag, "file")) { /* XXX: Port to apr_filepath_merge * be safe; only files in this directory or below allowed */ if (!is_only_below(tag_val)) { error_fmt = "unable to access file \"%s\" " "in parsed file %s"; } else { ap_getparents(tag_val); /* get rid of any nasties */ /* note: it is okay to pass NULL for the "next filter" since we never attempt to "run" this sub request. */ rr = ap_sub_req_lookup_file(tag_val, r, NULL); if (rr->status == HTTP_OK && rr->finfo.filetype != 0) { to_send = rr->filename; if ((rv = apr_stat(finfo, to_send, APR_FINFO_GPROT | APR_FINFO_MIN, rr->pool)) != APR_SUCCESS && rv != APR_INCOMPLETE) { error_fmt = "unable to get information about \"%s\" " "in parsed file %s"; } } else { error_fmt = "unable to lookup information about \"%s\" " "in parsed file %s"; } } if (error_fmt) { ret = -1; ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, error_fmt, to_send, r->filename); } if (rr) ap_destroy_sub_req(rr); return ret; } else if (!strcmp(tag, "virtual")) { /* note: it is okay to pass NULL for the "next filter" since we never attempt to "run" this sub request. */ rr = ap_sub_req_lookup_uri(tag_val, r, NULL); if (rr->status == HTTP_OK && rr->finfo.filetype != 0) { memcpy((char *) finfo, (const char *) &rr->finfo, sizeof(rr->finfo)); ap_destroy_sub_req(rr); return 0; } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unable to get information about \"%s\" " "in parsed file %s", tag_val, r->filename); ap_destroy_sub_req(rr); return -1; } } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" to tag %s in %s", tag, directive, r->filename); return -1; } } static int handle_fsize(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; apr_finfo_t finfo; apr_size_t s_len; apr_bucket *tmp_buck; char *parsed_string; *inserted_head = NULL; if (ctx->flags & FLAG_PRINTING) { while (1) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1); if (tag_val == NULL) { if (tag == NULL) { return 0; } else { return 1; } } else { parsed_string = ap_ssi_parse_string(r, ctx, tag_val, NULL, MAX_STRING_LEN, 0); if (!find_file(r, "fsize", tag, parsed_string, &finfo)) { /* XXX: if we *know* we're going to have to copy the * thing off of the stack anyway, why not palloc buff * instead of sticking it on the stack; then we can just * use a pool bucket and skip the copy */ char buff[50]; if (!(ctx->flags & FLAG_SIZE_IN_BYTES)) { apr_strfsize(finfo.size, buff); s_len = strlen (buff); } else { int l, x, pos = 0; char tmp_buff[50]; apr_snprintf(tmp_buff, sizeof(tmp_buff), "%" APR_OFF_T_FMT, finfo.size); l = strlen(tmp_buff); /* grrr */ for (x = 0; x < l; x++) { if (x && (!((l - x) % 3))) { buff[pos++] = ','; } buff[pos++] = tmp_buff[x]; } buff[pos] = '\0'; s_len = pos; } tmp_buck = apr_bucket_heap_create(buff, s_len, NULL, r->connection->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck); if (*inserted_head == NULL) { *inserted_head = tmp_buck; } } else { CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } } } } return 0; } static int handle_flastmod(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; apr_finfo_t finfo; apr_size_t t_len; apr_bucket *tmp_buck; char *parsed_string; *inserted_head = NULL; if (ctx->flags & FLAG_PRINTING) { while (1) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1); if (tag_val == NULL) { if (tag == NULL) { return 0; } else { return 1; } } else { parsed_string = ap_ssi_parse_string(r, ctx, tag_val, NULL, MAX_STRING_LEN, 0); if (!find_file(r, "flastmod", tag, parsed_string, &finfo)) { char *t_val; t_val = ap_ht_time(r->pool, finfo.mtime, ctx->time_str, 0); t_len = strlen(t_val); tmp_buck = apr_bucket_pool_create(t_val, t_len, r->pool, r->connection->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck); if (*inserted_head == NULL) { *inserted_head = tmp_buck; } } else { CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } } } } return 0; } static int re_check(request_rec *r, include_ctx_t *ctx, char *string, char *rexp) { regex_t *compiled; const apr_size_t nres = sizeof(*ctx->re_result) / sizeof(regmatch_t); int regex_error; compiled = ap_pregcomp(r->pool, rexp, REG_EXTENDED | REG_NOSUB); if (compiled == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unable to compile pattern \"%s\"", rexp); return -1; } if (!ctx->re_result) { ctx->re_result = apr_pcalloc(r->pool, sizeof(*ctx->re_result)); } ctx->re_string = string; regex_error = ap_regexec(compiled, string, nres, *ctx->re_result, 0); ap_pregfree(r->pool, compiled); return (!regex_error); } enum token_type { token_string, token_re, token_and, token_or, token_not, token_eq, token_ne, token_rbrace, token_lbrace, token_group, token_ge, token_le, token_gt, token_lt }; struct token { enum token_type type; char* value; }; static const char *get_ptoken(request_rec *r, const char *string, struct token *token, int *unmatched) { char ch; int next = 0; char qs = 0; int tkn_fnd = 0; token->value = NULL; /* Skip leading white space */ if (string == (char *) NULL) { return (char *) NULL; } while ((ch = *string++)) { if (!apr_isspace(ch)) { break; } } if (ch == '\0') { return (char *) NULL; } token->type = token_string; /* the default type */ switch (ch) { case '(': token->type = token_lbrace; return (string); case ')': token->type = token_rbrace; return (string); case '=': token->type = token_eq; return (string); case '!': if (*string == '=') { token->type = token_ne; return (string + 1); } else { token->type = token_not; return (string); } case '\'': /* already token->type == token_string */ qs = '\''; break; case '/': token->type = token_re; qs = '/'; break; case '|': if (*string == '|') { token->type = token_or; return (string + 1); } break; case '&': if (*string == '&') { token->type = token_and; return (string + 1); } break; case '>': if (*string == '=') { token->type = token_ge; return (string + 1); } else { token->type = token_gt; return (string); } case '<': if (*string == '=') { token->type = token_le; return (string + 1); } else { token->type = token_lt; return (string); } default: /* already token->type == token_string */ break; } /* We should only be here if we are in a string */ token->value = apr_palloc(r->pool, strlen(string) + 2); /* 2 for ch plus trailing null */ if (!qs) { --string; } /* * I used the ++string throughout this section so that string * ends up pointing to the next token and I can just return it */ for (ch = *string; ((ch != '\0') && (!tkn_fnd)); ch = *++string) { if (ch == '\\') { if ((ch = *++string) == '\0') { tkn_fnd = 1; } else { token->value[next++] = ch; } } else { if (!qs) { if (apr_isspace(ch)) { tkn_fnd = 1; } else { switch (ch) { case '(': case ')': case '=': case '!': case '<': case '>': tkn_fnd = 1; break; case '|': if (*(string + 1) == '|') { tkn_fnd = 1; } break; case '&': if (*(string + 1) == '&') { tkn_fnd = 1; } break; } if (!tkn_fnd) { token->value[next++] = ch; } } } else { if (ch == qs) { qs = 0; tkn_fnd = 1; string++; } else { token->value[next++] = ch; } } } if (tkn_fnd) { break; } } /* If qs is still set, we have an unmatched quote */ if (qs) { *unmatched = 1; next = 0; } token->value[next] = '\0'; return (string); } /* there is an implicit assumption here that expr is at most MAX_STRING_LEN-1 * characters long... */ static int parse_expr(request_rec *r, include_ctx_t *ctx, const char *expr, int *was_error, int *was_unmatched, char *debug) { struct parse_node { struct parse_node *left, *right, *parent; struct token token; int value, done; } *root, *current, *new; const char *parse; char* buffer; int retval = 0; apr_size_t debug_pos = 0; debug[debug_pos] = '\0'; *was_error = 0; *was_unmatched = 0; if ((parse = expr) == (char *) NULL) { return (0); } root = current = (struct parse_node *) NULL; /* Create Parse Tree */ while (1) { new = (struct parse_node *) apr_palloc(r->pool, sizeof(struct parse_node)); new->parent = new->left = new->right = (struct parse_node *) NULL; new->done = 0; if ((parse = get_ptoken(r, parse, &new->token, was_unmatched)) == (char *) NULL) { break; } switch (new->token.type) { case token_string: #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Token: string (%s)\n", new->token.value); #endif if (current == (struct parse_node *) NULL) { root = current = new; break; } switch (current->token.type) { case token_string: current->token.value = apr_pstrcat(r->pool, current->token.value, current->token.value[0] ? " " : "", new->token.value, NULL); break; case token_eq: case token_ne: case token_and: case token_or: case token_lbrace: case token_not: case token_ge: case token_gt: case token_le: case token_lt: new->parent = current; current = current->right = new; break; default: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } break; case token_re: #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Token: regex (%s)\n", new->token.value); #endif if (current == (struct parse_node *) NULL) { root = current = new; break; } switch (current->token.type) { case token_eq: case token_ne: case token_and: case token_or: case token_lbrace: case token_not: new->parent = current; current = current->right = new; break; default: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } break; case token_and: case token_or: #ifdef DEBUG_INCLUDE memcpy (&debug[debug_pos], " Token: and/or\n", sizeof (" Token: and/or\n")); debug_pos += sizeof (" Token: and/or\n"); #endif if (current == (struct parse_node *) NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } /* Percolate upwards */ while (current != (struct parse_node *) NULL) { switch (current->token.type) { case token_string: case token_re: case token_group: case token_not: case token_eq: case token_ne: case token_and: case token_or: case token_ge: case token_gt: case token_le: case token_lt: current = current->parent; continue; case token_lbrace: break; default: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } break; } if (current == (struct parse_node *) NULL) { new->left = root; new->left->parent = new; new->parent = (struct parse_node *) NULL; root = new; } else { new->left = current->right; new->left->parent = new; current->right = new; new->parent = current; } current = new; break; case token_not: #ifdef DEBUG_INCLUDE memcpy(&debug[debug_pos], " Token: not\n", sizeof(" Token: not\n")); debug_pos += sizeof(" Token: not\n"); #endif if (current == (struct parse_node *) NULL) { root = current = new; break; } /* Percolate upwards */ if (current != (struct parse_node *) NULL) { switch (current->token.type) { case token_not: case token_eq: case token_ne: case token_and: case token_or: case token_lbrace: case token_ge: case token_gt: case token_le: case token_lt: break; default: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } } if (current == (struct parse_node *) NULL) { new->left = root; new->left->parent = new; new->parent = (struct parse_node *) NULL; root = new; } else { new->left = current->right; current->right = new; new->parent = current; } current = new; break; case token_eq: case token_ne: case token_ge: case token_gt: case token_le: case token_lt: #ifdef DEBUG_INCLUDE memcpy(&debug[debug_pos], " Token: eq/ne/ge/gt/le/lt\n", sizeof(" Token: eq/ne/ge/gt/le/lt\n")); debug_pos += sizeof(" Token: eq/ne/ge/gt/le/lt\n"); #endif if (current == (struct parse_node *) NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } /* Percolate upwards */ while (current != (struct parse_node *) NULL) { switch (current->token.type) { case token_string: case token_re: case token_group: current = current->parent; continue; case token_lbrace: case token_and: case token_or: break; case token_not: case token_eq: case token_ne: case token_ge: case token_gt: case token_le: case token_lt: default: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } break; } if (current == (struct parse_node *) NULL) { new->left = root; new->left->parent = new; new->parent = (struct parse_node *) NULL; root = new; } else { new->left = current->right; new->left->parent = new; current->right = new; new->parent = current; } current = new; break; case token_rbrace: #ifdef DEBUG_INCLUDE memcpy (&debug[debug_pos], " Token: rbrace\n", sizeof (" Token: rbrace\n")); debug_pos += sizeof (" Token: rbrace\n"); #endif while (current != (struct parse_node *) NULL) { if (current->token.type == token_lbrace) { current->token.type = token_group; break; } current = current->parent; } if (current == (struct parse_node *) NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Unmatched ')' in \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } break; case token_lbrace: #ifdef DEBUG_INCLUDE memcpy (&debug[debug_pos], " Token: lbrace\n", sizeof (" Token: lbrace\n")); debug_pos += sizeof (" Token: lbrace\n"); #endif if (current == (struct parse_node *) NULL) { root = current = new; break; } /* Percolate upwards */ if (current != (struct parse_node *) NULL) { switch (current->token.type) { case token_not: case token_eq: case token_ne: case token_and: case token_or: case token_lbrace: case token_ge: case token_gt: case token_le: case token_lt: break; case token_string: case token_re: case token_group: default: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } } if (current == (struct parse_node *) NULL) { new->left = root; new->left->parent = new; new->parent = (struct parse_node *) NULL; root = new; } else { new->left = current->right; current->right = new; new->parent = current; } current = new; break; default: break; } } /* Evaluate Parse Tree */ current = root; while (current != (struct parse_node *) NULL) { switch (current->token.type) { case token_string: #ifdef DEBUG_INCLUDE memcpy (&debug[debug_pos], " Evaluate string\n", sizeof (" Evaluate string\n")); debug_pos += sizeof (" Evaluate string\n"); #endif buffer = ap_ssi_parse_string(r, ctx, current->token.value, NULL, MAX_STRING_LEN, 0); current->token.value = buffer; current->value = (current->token.value[0] != '\0'); current->done = 1; current = current->parent; break; case token_re: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No operator before regex of expr \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; case token_and: case token_or: #ifdef DEBUG_INCLUDE memcpy(&debug[debug_pos], " Evaluate and/or\n", sizeof(" Evaluate and/or\n")); debug_pos += sizeof(" Evaluate and/or\n"); #endif if (current->left == (struct parse_node *) NULL || current->right == (struct parse_node *) NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } if (!current->left->done) { switch (current->left->token.type) { case token_string: buffer = ap_ssi_parse_string(r, ctx, current->left->token.value, NULL, MAX_STRING_LEN, 0); current->left->token.value = buffer; current->left->value = (current->left->token.value[0] != '\0'); current->left->done = 1; break; default: current = current->left; continue; } } if (!current->right->done) { switch (current->right->token.type) { case token_string: buffer = ap_ssi_parse_string(r, ctx, current->right->token.value, NULL, MAX_STRING_LEN, 0); current->right->token.value = buffer; current->right->value = (current->right->token.value[0] != '\0'); current->right->done = 1; break; default: current = current->right; continue; } } #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Left: %c\n", current->left->value ? '1' : '0'); debug_pos += sprintf (&debug[debug_pos], " Right: %c\n", current->right->value ? '1' : '0'); #endif if (current->token.type == token_and) { current->value = current->left->value && current->right->value; } else { current->value = current->left->value || current->right->value; } #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Returning %c\n", current->value ? '1' : '0'); #endif current->done = 1; current = current->parent; break; case token_eq: case token_ne: #ifdef DEBUG_INCLUDE memcpy (&debug[debug_pos], " Evaluate eq/ne\n", sizeof (" Evaluate eq/ne\n")); debug_pos += sizeof (" Evaluate eq/ne\n"); #endif if ((current->left == (struct parse_node *) NULL) || (current->right == (struct parse_node *) NULL) || (current->left->token.type != token_string) || ((current->right->token.type != token_string) && (current->right->token.type != token_re))) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } buffer = ap_ssi_parse_string(r, ctx, current->left->token.value, NULL, MAX_STRING_LEN, 0); current->left->token.value = buffer; buffer = ap_ssi_parse_string(r, ctx, current->right->token.value, NULL, MAX_STRING_LEN, 0); current->right->token.value = buffer; if (current->right->token.type == token_re) { #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Re Compare (%s) with /%s/\n", current->left->token.value, current->right->token.value); #endif current->value = re_check(r, ctx, current->left->token.value, current->right->token.value); } else { #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Compare (%s) with (%s)\n", current->left->token.value, current->right->token.value); #endif current->value = (strcmp(current->left->token.value, current->right->token.value) == 0); } if (current->token.type == token_ne) { current->value = !current->value; } #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Returning %c\n", current->value ? '1' : '0'); #endif current->done = 1; current = current->parent; break; case token_ge: case token_gt: case token_le: case token_lt: #ifdef DEBUG_INCLUDE memcpy (&debug[debug_pos], " Evaluate ge/gt/le/lt\n", sizeof (" Evaluate ge/gt/le/lt\n")); debug_pos += sizeof (" Evaluate ge/gt/le/lt\n"); #endif if ((current->left == (struct parse_node *) NULL) || (current->right == (struct parse_node *) NULL) || (current->left->token.type != token_string) || (current->right->token.type != token_string)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid expression \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; } buffer = ap_ssi_parse_string(r, ctx, current->left->token.value, NULL, MAX_STRING_LEN, 0); current->left->token.value = buffer; buffer = ap_ssi_parse_string(r, ctx, current->right->token.value, NULL, MAX_STRING_LEN, 0); current->right->token.value = buffer; #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Compare (%s) with (%s)\n", current->left->token.value, current->right->token.value); #endif current->value = strcmp(current->left->token.value, current->right->token.value); if (current->token.type == token_ge) { current->value = current->value >= 0; } else if (current->token.type == token_gt) { current->value = current->value > 0; } else if (current->token.type == token_le) { current->value = current->value <= 0; } else if (current->token.type == token_lt) { current->value = current->value < 0; } else { current->value = 0; /* Don't return -1 if unknown token */ } #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Returning %c\n", current->value ? '1' : '0'); #endif current->done = 1; current = current->parent; break; case token_not: if (current->right != (struct parse_node *) NULL) { if (!current->right->done) { current = current->right; continue; } current->value = !current->right->value; } else { current->value = 0; } #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Evaluate !: %c\n", current->value ? '1' : '0'); #endif current->done = 1; current = current->parent; break; case token_group: if (current->right != (struct parse_node *) NULL) { if (!current->right->done) { current = current->right; continue; } current->value = current->right->value; } else { current->value = 1; } #ifdef DEBUG_INCLUDE debug_pos += sprintf (&debug[debug_pos], " Evaluate (): %c\n", current->value ? '1' : '0'); #endif current->done = 1; current = current->parent; break; case token_lbrace: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Unmatched '(' in \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; case token_rbrace: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Unmatched ')' in \"%s\" in file %s", expr, r->filename); *was_error = 1; return retval; default: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "bad token type"); *was_error = 1; return retval; } } retval = (root == (struct parse_node *) NULL) ? 0 : root->value; return (retval); } /*-------------------------------------------------------------------------*/ #ifdef DEBUG_INCLUDE #define MAX_DEBUG_SIZE MAX_STRING_LEN #define LOG_COND_STATUS(cntx, t_buck, h_ptr, ins_head, tag_text) \ { \ char cond_txt[] = "**** X conditional_status=\"0\"\n"; \ \ if (cntx->flags & FLAG_COND_TRUE) { \ cond_txt[31] = '1'; \ } \ memcpy(&cond_txt[5], tag_text, sizeof(tag_text)-1); \ t_buck = apr_bucket_heap_create(cond_txt, sizeof(cond_txt)-1, \ NULL, h_ptr->list); \ APR_BUCKET_INSERT_BEFORE(h_ptr, t_buck); \ \ if (ins_head == NULL) { \ ins_head = t_buck; \ } \ } #define DUMP_PARSE_EXPR_DEBUG(t_buck, h_ptr, d_buf, ins_head) \ { \ if (d_buf[0] != '\0') { \ t_buck = apr_bucket_heap_create(d_buf, strlen(d_buf), \ NULL, h_ptr->list); \ APR_BUCKET_INSERT_BEFORE(h_ptr, t_buck); \ \ if (ins_head == NULL) { \ ins_head = t_buck; \ } \ } \ } #else #define MAX_DEBUG_SIZE 10 #define LOG_COND_STATUS(cntx, t_buck, h_ptr, ins_head, tag_text) #define DUMP_PARSE_EXPR_DEBUG(t_buck, h_ptr, d_buf, ins_head) #endif /*-------------------------------------------------------------------------*/ /* pjr - These seem to allow expr="fred" expr="joe" where joe overwrites fred. */ static int handle_if(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; char *expr = NULL; int expr_ret, was_error, was_unmatched; apr_bucket *tmp_buck; char debug_buf[MAX_DEBUG_SIZE]; *inserted_head = NULL; if (!(ctx->flags & FLAG_PRINTING)) { ctx->if_nesting_level++; } else { while (1) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 0); if (tag == NULL) { if (expr == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "missing expr in if statement: %s", r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } expr_ret = parse_expr(r, ctx, expr, &was_error, &was_unmatched, debug_buf); if (was_error) { CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } if (was_unmatched) { DUMP_PARSE_EXPR_DEBUG(tmp_buck, head_ptr, "\nUnmatched '\n", *inserted_head); } DUMP_PARSE_EXPR_DEBUG(tmp_buck, head_ptr, debug_buf, *inserted_head); if (expr_ret) { ctx->flags |= (FLAG_PRINTING | FLAG_COND_TRUE); } else { ctx->flags &= FLAG_CLEAR_PRINT_COND; } LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, " if"); ctx->if_nesting_level = 0; return 0; } else if (!strcmp(tag, "expr")) { expr = tag_val; #ifdef DEBUG_INCLUDE if (1) { apr_size_t d_len = 0; d_len = sprintf(debug_buf, "**** if expr=\"%s\"\n", expr); tmp_buck = apr_bucket_heap_create(debug_buf, d_len, NULL, r->connection->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck); if (*inserted_head == NULL) { *inserted_head = tmp_buck; } } #endif } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" to tag if in %s", tag, r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } } } return 0; } static int handle_elif(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; char *expr = NULL; int expr_ret, was_error, was_unmatched; apr_bucket *tmp_buck; char debug_buf[MAX_DEBUG_SIZE]; *inserted_head = NULL; if (!ctx->if_nesting_level) { while (1) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 0); if (tag == '\0') { LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, " elif"); if (ctx->flags & FLAG_COND_TRUE) { ctx->flags &= FLAG_CLEAR_PRINTING; return (0); } if (expr == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "missing expr in elif statement: %s", r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } expr_ret = parse_expr(r, ctx, expr, &was_error, &was_unmatched, debug_buf); if (was_error) { CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } if (was_unmatched) { DUMP_PARSE_EXPR_DEBUG(tmp_buck, head_ptr, "\nUnmatched '\n", *inserted_head); } DUMP_PARSE_EXPR_DEBUG(tmp_buck, head_ptr, debug_buf, *inserted_head); if (expr_ret) { ctx->flags |= (FLAG_PRINTING | FLAG_COND_TRUE); } else { ctx->flags &= FLAG_CLEAR_PRINT_COND; } LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, " elif"); return (0); } else if (!strcmp(tag, "expr")) { expr = tag_val; #ifdef DEBUG_INCLUDE if (1) { apr_size_t d_len = 0; d_len = sprintf(debug_buf, "**** elif expr=\"%s\"\n", expr); tmp_buck = apr_bucket_heap_create(debug_buf, d_len, NULL, r->connection->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck); if (*inserted_head == NULL) { *inserted_head = tmp_buck; } } #endif } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" to tag if in %s", tag, r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return 1; } } } return 0; } static int handle_else(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; apr_bucket *tmp_buck; *inserted_head = NULL; if (!ctx->if_nesting_level) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1); if ((tag != NULL) || (tag_val != NULL)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "else directive does not take tags in %s", r->filename); if (ctx->flags & FLAG_PRINTING) { CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); } return -1; } else { LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, " else"); if (ctx->flags & FLAG_COND_TRUE) { ctx->flags &= FLAG_CLEAR_PRINTING; } else { ctx->flags |= (FLAG_PRINTING | FLAG_COND_TRUE); } return 0; } } return 0; } static int handle_endif(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; apr_bucket *tmp_buck; *inserted_head = NULL; if (!ctx->if_nesting_level) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1); if ((tag != NULL) || (tag_val != NULL)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "endif directive does not take tags in %s", r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return -1; } else { LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, "endif"); ctx->flags |= (FLAG_PRINTING | FLAG_COND_TRUE); return 0; } } else { ctx->if_nesting_level--; return 0; } } static int handle_set(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; char *var = NULL; apr_bucket *tmp_buck; char *parsed_string; request_rec *sub = r->main; apr_pool_t *p = r->pool; /* we need to use the 'main' request pool to set notes as that is * a notes lifetime */ while (sub) { p = sub->pool; sub = sub->main; } *inserted_head = NULL; if (ctx->flags & FLAG_PRINTING) { while (1) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1); if ((tag == NULL) && (tag_val == NULL)) { return 0; } else if (tag_val == NULL) { return 1; } else if (!strcmp(tag, "var")) { var = ap_ssi_parse_string(r, ctx, tag_val, NULL, MAX_STRING_LEN, 0); } else if (!strcmp(tag, "value")) { if (var == (char *) NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "variable must precede value in set directive in %s", r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return (-1); } parsed_string = ap_ssi_parse_string(r, ctx, tag_val, NULL, MAX_STRING_LEN, 0); apr_table_setn(r->subprocess_env, apr_pstrdup(p, var), apr_pstrdup(p, parsed_string)); } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid tag for set directive in %s", r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return -1; } } } return 0; } static int handle_printenv(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r, ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head) { char *tag = NULL; char *tag_val = NULL; apr_bucket *tmp_buck; if (ctx->flags & FLAG_PRINTING) { ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1); if ((tag == NULL) && (tag_val == NULL)) { const apr_array_header_t *arr = apr_table_elts(r->subprocess_env); const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts; int i; const char *key_text, *val_text; char *key_val, *next; apr_size_t k_len, v_len, kv_length; *inserted_head = NULL; for (i = 0; i < arr->nelts; ++i) { key_text = ap_escape_html(r->pool, elts[i].key); val_text = elts[i].val; if (val_text == LAZY_VALUE) { val_text = add_include_vars_lazy(r, elts[i].key); } val_text = ap_escape_html(r->pool, elts[i].val); k_len = strlen(key_text); v_len = strlen(val_text); kv_length = k_len + v_len + sizeof("=\n"); key_val = apr_palloc(r->pool, kv_length); next = key_val; memcpy(next, key_text, k_len); next += k_len; *next++ = '='; memcpy(next, val_text, v_len); next += v_len; *next++ = '\n'; *next = 0; tmp_buck = apr_bucket_pool_create(key_val, kv_length - 1, r->pool, r->connection->bucket_alloc); APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck); if (*inserted_head == NULL) { *inserted_head = tmp_buck; } } return 0; } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "printenv directive does not take tags in %s", r->filename); CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head); return -1; } } return 0; } /* -------------------------- The main function --------------------------- */ /* * returns the index position of the first byte of start_seq (or the len of * the buffer as non-match) */ static apr_size_t find_start_sequence(ssi_ctx_t *ctx, const char *data, apr_size_t len) { apr_size_t slen = ctx->ctx->start_seq_len; apr_size_t index; const char *p, *ep; if (len < slen) { p = data; /* try partial match at the end of the buffer (below) */ } else { /* try fast bndm search over the buffer * (hopefully the whole start sequence can be found in this buffer) */ index = bndm(ctx->ctx->start_seq, ctx->ctx->start_seq_len, data, len, ctx->ctx->start_seq_pat); /* wow, found it. ready. */ if (index < len) { ctx->state = PARSE_DIRECTIVE; return index; } else { /* ok, the pattern can't be found as whole in the buffer, * check the end for a partial match */ p = data + len - slen + 1; } } ep = data + len; do { while (p < ep && *p != *ctx->ctx->start_seq) { ++p; } index = p - data; /* found a possible start_seq start */ if (p < ep) { apr_size_t pos = 1; ++p; while (p < ep && *p == ctx->ctx->start_seq[pos]) { ++p; ++pos; } /* partial match found. Store the info for the next round */ if (p == ep) { ctx->state = PARSE_HEAD; ctx->ctx->parse_pos = pos; return index; } } /* we must try all combinations; consider (e.g.) SSIStartTag "--->" * and a string data of "--.-" and the end of the buffer */ p = data + index + 1; } while (p < ep); /* no match */ return len; } /* * returns the first byte *after* the partial (or final) match. * * If we had to trick with the start_seq start, 'release' returns the * number of chars of the start_seq which appeared not to be part of a * full tag and may have to be passed down the filter chain. */ static apr_size_t find_partial_start_sequence(ssi_ctx_t *ctx, const char *data, apr_size_t len, apr_size_t *release) { apr_size_t pos, spos = 0; apr_size_t slen = ctx->ctx->start_seq_len; const char *p, *ep; pos = ctx->ctx->parse_pos; ep = data + len; *release = 0; do { p = data; while (p < ep && pos < slen && *p == ctx->ctx->start_seq[pos]) { ++p; ++pos; } /* full match */ if (pos == slen) { ctx->state = PARSE_DIRECTIVE; return (p - data); } /* the whole buffer is a partial match */ if (p == ep) { ctx->ctx->parse_pos = pos; return (p - data); } /* No match so far, but again: * We must try all combinations, since the start_seq is a random * user supplied string * * So: look if the first char of start_seq appears somewhere within * the current partial match. If it does, try to start a match that * begins with this offset. (This can happen, if a strange * start_seq like "---->" spans buffers) */ if (spos < ctx->ctx->parse_pos) { do { ++spos; ++*release; p = ctx->ctx->start_seq + spos; pos = ctx->ctx->parse_pos - spos; while (pos && *p != *ctx->ctx->start_seq) { ++p; ++spos; ++*release; --pos; } /* if a matching beginning char was found, try to match the * remainder of the old buffer. */ if (pos > 1) { apr_size_t t = 1; ++p; while (t < pos && *p == ctx->ctx->start_seq[t]) { ++p; ++t; } if (t == pos) { /* yeah, another partial match found in the *old* * buffer, now test the *current* buffer for * continuing match */ break; } } } while (pos > 1); if (pos) { continue; } } break; } while (1); /* work hard to find a match ;-) */ /* no match at all, release all (wrongly) matched chars so far */ *release = ctx->ctx->parse_pos; ctx->state = PARSE_PRE_HEAD; return 0; } /* * returns the position after the directive */ static apr_size_t find_directive(ssi_ctx_t *ctx, const char *data, apr_size_t len, char ***store, apr_size_t **store_len) { const char *p = data; const char *ep = data + len; apr_size_t pos; switch (ctx->state) { case PARSE_DIRECTIVE: while (p < ep && !apr_isspace(*p)) { /* we have to consider the case of missing space between directive * and end_seq (be somewhat lenient), e.g. */ if (*p == *ctx->ctx->end_seq) { ctx->state = PARSE_DIRECTIVE_TAIL; ctx->ctx->parse_pos = 1; ++p; return (p - data); } ++p; } if (p < ep) { /* found delimiter whitespace */ ctx->state = PARSE_DIRECTIVE_POSTNAME; *store = &ctx->directive; *store_len = &ctx->ctx->directive_length; } break; case PARSE_DIRECTIVE_TAIL: pos = ctx->ctx->parse_pos; while (p < ep && pos < ctx->end_seq_len && *p == ctx->ctx->end_seq[pos]) { ++p; ++pos; } /* full match, we're done */ if (pos == ctx->end_seq_len) { ctx->state = PARSE_DIRECTIVE_POSTTAIL; *store = &ctx->directive; *store_len = &ctx->ctx->directive_length; break; } /* partial match, the buffer is too small to match fully */ if (p == ep) { ctx->ctx->parse_pos = pos; break; } /* no match. continue normal parsing */ ctx->state = PARSE_DIRECTIVE; return 0; case PARSE_DIRECTIVE_POSTTAIL: ctx->state = PARSE_EXECUTE; ctx->ctx->directive_length -= ctx->end_seq_len; /* continue immediately with the next state */ case PARSE_DIRECTIVE_POSTNAME: if (PARSE_DIRECTIVE_POSTNAME == ctx->state) { ctx->state = PARSE_PRE_ARG; } ctx->argc = 0; ctx->argv = NULL; if (!ctx->ctx->directive_length) { ctx->error = 1; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, "missing directive " "name in parsed document %s", ctx->r->filename); } else { char *sp = ctx->directive; char *sep = ctx->directive + ctx->ctx->directive_length; /* normalize directive name */ for (; sp < sep; ++sp) { *sp = apr_tolower(*sp); } } return 0; default: /* get a rid of a gcc warning about unhandled enumerations */ break; } return (p - data); } /* * find out whether the next token is (a possible) end_seq or an argument */ static apr_size_t find_arg_or_tail(ssi_ctx_t *ctx, const char *data, apr_size_t len) { const char *p = data; const char *ep = data + len; /* skip leading WS */ while (p < ep && apr_isspace(*p)) { ++p; } /* buffer doesn't consist of whitespaces only */ if (p < ep) { ctx->state = (*p == *ctx->ctx->end_seq) ? PARSE_TAIL : PARSE_ARG; } return (p - data); } /* * test the stream for end_seq. If it doesn't match at all, it must be an * argument */ static apr_size_t find_tail(ssi_ctx_t *ctx, const char *data, apr_size_t len) { const char *p = data; const char *ep = data + len; apr_size_t pos = ctx->ctx->parse_pos; if (PARSE_TAIL == ctx->state) { ctx->state = PARSE_TAIL_SEQ; pos = ctx->ctx->parse_pos = 0; } while (p < ep && pos < ctx->end_seq_len && *p == ctx->ctx->end_seq[pos]) { ++p; ++pos; } /* bingo, full match */ if (pos == ctx->end_seq_len) { ctx->state = PARSE_EXECUTE; return (p - data); } /* partial match, the buffer is too small to match fully */ if (p == ep) { ctx->ctx->parse_pos = pos; return (p - data); } /* no match. It must be an argument string then */ ctx->state = PARSE_ARG; return 0; } /* * extract name=value from the buffer * A pcre-pattern could look (similar to): * name\s*(?:=\s*(["'`]?)value\1(?>\s*))? */ static apr_size_t find_argument(ssi_ctx_t *ctx, const char *data, apr_size_t len, char ***store, apr_size_t **store_len) { const char *p = data; const char *ep = data + len; switch (ctx->state) { case PARSE_ARG: /* * create argument structure and append it to the current list */ ctx->current_arg = apr_palloc(ctx->dpool, sizeof(*ctx->current_arg)); ctx->current_arg->next = NULL; ++(ctx->argc); if (!ctx->argv) { ctx->argv = ctx->current_arg; } else { ssi_arg_item_t *newarg = ctx->argv; while (newarg->next) { newarg = newarg->next; } newarg->next = ctx->current_arg; } /* check whether it's a valid one. If it begins with a quote, we * can safely assume, someone forgot the name of the argument */ switch (*p) { case '"': case '\'': case '`': *store = NULL; ctx->state = PARSE_ARG_VAL; ctx->quote = *p++; ctx->current_arg->name = NULL; ctx->current_arg->name_len = 0; ctx->error = 1; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, "missing argument " "name for value to tag %s in %s", apr_pstrmemdup(ctx->r->pool, ctx->directive, ctx->ctx->directive_length), ctx->r->filename); return (p - data); default: ctx->state = PARSE_ARG_NAME; } /* continue immediately with next state */ case PARSE_ARG_NAME: while (p < ep && !apr_isspace(*p) && *p != '=') { ++p; } if (p < ep) { ctx->state = PARSE_ARG_POSTNAME; *store = &ctx->current_arg->name; *store_len = &ctx->current_arg->name_len; return (p - data); } break; case PARSE_ARG_POSTNAME: ctx->current_arg->name = apr_pstrmemdup(ctx->dpool, ctx->current_arg->name, ctx->current_arg->name_len); if (!ctx->current_arg->name_len) { ctx->error = 1; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, "missing argument " "name for value to tag %s in %s", apr_pstrmemdup(ctx->r->pool, ctx->directive, ctx->ctx->directive_length), ctx->r->filename); } else { char *sp = ctx->current_arg->name; /* normalize the name */ while (*sp) { *sp = apr_tolower(*sp); ++sp; } } ctx->state = PARSE_ARG_EQ; /* continue with next state immediately */ case PARSE_ARG_EQ: *store = NULL; while (p < ep && apr_isspace(*p)) { ++p; } if (p < ep) { if (*p == '=') { ctx->state = PARSE_ARG_PREVAL; ++p; } else { /* no value */ ctx->current_arg->value = NULL; ctx->state = PARSE_PRE_ARG; } return (p - data); } break; case PARSE_ARG_PREVAL: *store = NULL; while (p < ep && apr_isspace(*p)) { ++p; } /* buffer doesn't consist of whitespaces only */ if (p < ep) { ctx->state = PARSE_ARG_VAL; switch (*p) { case '"': case '\'': case '`': ctx->quote = *p++; break; default: ctx->quote = '\0'; break; } return (p - data); } break; case PARSE_ARG_VAL_ESC: if (*p == ctx->quote) { ++p; } ctx->state = PARSE_ARG_VAL; /* continue with next state immediately */ case PARSE_ARG_VAL: for (; p < ep; ++p) { if (ctx->quote && *p == '\\') { ++p; if (p == ep) { ctx->state = PARSE_ARG_VAL_ESC; break; } if (*p != ctx->quote) { --p; } } else if (ctx->quote && *p == ctx->quote) { ++p; *store = &ctx->current_arg->value; *store_len = &ctx->current_arg->value_len; ctx->state = PARSE_ARG_POSTVAL; break; } else if (!ctx->quote && apr_isspace(*p)) { ++p; *store = &ctx->current_arg->value; *store_len = &ctx->current_arg->value_len; ctx->state = PARSE_ARG_POSTVAL; break; } } return (p - data); case PARSE_ARG_POSTVAL: /* * The value is still the raw input string. Finally clean it up. */ --(ctx->current_arg->value_len); /* strip quote escaping \ from the string */ if (ctx->quote) { apr_size_t shift = 0; char *sp; sp = ctx->current_arg->value; ep = ctx->current_arg->value + ctx->current_arg->value_len; while (sp < ep && *sp != '\\') { ++sp; } for (; sp < ep; ++sp) { if (*sp == '\\' && sp[1] == ctx->quote) { ++sp; ++shift; } if (shift) { *(sp-shift) = *sp; } } ctx->current_arg->value_len -= shift; } ctx->current_arg->value[ctx->current_arg->value_len] = '\0'; ctx->state = PARSE_PRE_ARG; return 0; default: /* get a rid of a gcc warning about unhandled enumerations */ break; } return len; /* partial match of something */ } /* * This is the main loop over the current bucket brigade. */ static apr_status_t send_parsed_content(ap_filter_t *f, apr_bucket_brigade *bb) { ssi_ctx_t *ctx = f->ctx; request_rec *r = f->r; apr_bucket *b = APR_BRIGADE_FIRST(bb); apr_bucket_brigade *pass_bb; apr_status_t rv = APR_SUCCESS; char *magic; /* magic pointer for sentinel use */ /* fast exit */ if (APR_BRIGADE_EMPTY(bb)) { return APR_SUCCESS; } /* we may crash, since already cleaned up; hand over the responsibility * to the next filter;-) */ if (ctx->seen_eos) { return ap_pass_brigade(f->next, bb); } /* All stuff passed along has to be put into that brigade */ pass_bb = apr_brigade_create(ctx->ctx->pool, f->c->bucket_alloc); ctx->ctx->bytes_parsed = 0; ctx->ctx->output_now = 0; ctx->error = 0; /* loop over the current bucket brigade */ while (b != APR_BRIGADE_SENTINEL(bb)) { const char *data = NULL; apr_size_t len, index, release; apr_bucket *newb = NULL; char **store = &magic; apr_size_t *store_len; /* handle meta buckets before reading any data */ if (APR_BUCKET_IS_METADATA(b)) { newb = APR_BUCKET_NEXT(b); APR_BUCKET_REMOVE(b); if (APR_BUCKET_IS_EOS(b)) { ctx->seen_eos = 1; /* Hit end of stream, time for cleanup ... But wait! * Perhaps we're not ready yet. We may have to loop one or * two times again to finish our work. In that case, we * just re-insert the EOS bucket to allow for an extra loop. * * PARSE_EXECUTE means, we've hit a directive just before the * EOS, which is now waiting for execution. * * PARSE_DIRECTIVE_POSTTAIL means, we've hit a directive with * no argument and no space between directive and end_seq * just before the EOS. (consider as last * or only string within the stream). This state, however, * just cleans up and turns itself to PARSE_EXECUTE, which * will be passed through within the next (and actually * last) round. */ if (PARSE_EXECUTE == ctx->state || PARSE_DIRECTIVE_POSTTAIL == ctx->state) { APR_BUCKET_INSERT_BEFORE(newb, b); } else { break; /* END OF STREAM */ } } else { APR_BRIGADE_INSERT_TAIL(pass_bb, b); if (APR_BUCKET_IS_FLUSH(b)) { ctx->ctx->output_now = 1; } b = newb; continue; } } /* enough is enough ... */ if (ctx->ctx->output_now || ctx->ctx->bytes_parsed > AP_MIN_BYTES_TO_WRITE) { if (!APR_BRIGADE_EMPTY(pass_bb)) { rv = ap_pass_brigade(f->next, pass_bb); if (!APR_STATUS_IS_SUCCESS(rv)) { apr_brigade_destroy(pass_bb); return rv; } } ctx->ctx->output_now = 0; ctx->ctx->bytes_parsed = 0; } /* read the current bucket data */ len = 0; if (!ctx->seen_eos) { if (ctx->ctx->bytes_parsed > 0) { rv = apr_bucket_read(b, &data, &len, APR_NONBLOCK_READ); if (APR_STATUS_IS_EAGAIN(rv)) { ctx->ctx->output_now = 1; continue; } } if (!len || !APR_STATUS_IS_SUCCESS(rv)) { rv = apr_bucket_read(b, &data, &len, APR_BLOCK_READ); } if (!APR_STATUS_IS_SUCCESS(rv)) { apr_brigade_destroy(pass_bb); return rv; } ctx->ctx->bytes_parsed += len; } /* zero length bucket, fetch next one */ if (!len && !ctx->seen_eos) { b = APR_BUCKET_NEXT(b); continue; } /* * it's actually a data containing bucket, start/continue parsing */ switch (ctx->state) { /* no current tag; search for start sequence */ case PARSE_PRE_HEAD: index = find_start_sequence(ctx, data, len); if (index < len) { apr_bucket_split(b, index); } newb = APR_BUCKET_NEXT(b); if (ctx->ctx->flags & FLAG_PRINTING) { APR_BUCKET_REMOVE(b); APR_BRIGADE_INSERT_TAIL(pass_bb, b); } else { apr_bucket_delete(b); } if (index < len) { /* now delete the start_seq stuff from the remaining bucket */ if (PARSE_DIRECTIVE == ctx->state) { /* full match */ apr_bucket_split(newb, ctx->ctx->start_seq_len); ctx->ctx->output_now = 1; /* pass pre-tag stuff */ } b = APR_BUCKET_NEXT(newb); apr_bucket_delete(newb); } else { b = newb; } break; /* we're currently looking for the end of the start sequence */ case PARSE_HEAD: index = find_partial_start_sequence(ctx, data, len, &release); /* check if we mismatched earlier and have to release some chars */ if (release && (ctx->ctx->flags & FLAG_PRINTING)) { char *to_release = apr_palloc(ctx->ctx->pool, release); memcpy(to_release, ctx->ctx->start_seq, release); newb = apr_bucket_pool_create(to_release, release, ctx->ctx->pool, f->c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(pass_bb, newb); } if (index) { /* any match */ /* now delete the start_seq stuff from the remaining bucket */ if (PARSE_DIRECTIVE == ctx->state) { /* final match */ apr_bucket_split(b, index); ctx->ctx->output_now = 1; /* pass pre-tag stuff */ } newb = APR_BUCKET_NEXT(b); apr_bucket_delete(b); b = newb; } break; /* we're currently grabbing the directive name */ case PARSE_DIRECTIVE: case PARSE_DIRECTIVE_POSTNAME: case PARSE_DIRECTIVE_TAIL: case PARSE_DIRECTIVE_POSTTAIL: index = find_directive(ctx, data, len, &store, &store_len); if (index) { apr_bucket_split(b, index); newb = APR_BUCKET_NEXT(b); } if (store) { if (index) { APR_BUCKET_REMOVE(b); APR_BRIGADE_INSERT_TAIL(ctx->tmp_bb, b); b = newb; } /* time for cleanup? */ if (store != &magic) { apr_brigade_pflatten(ctx->tmp_bb, store, store_len, ctx->dpool); apr_brigade_cleanup(ctx->tmp_bb); } } else if (index) { apr_bucket_delete(b); b = newb; } break; /* skip WS and find out what comes next (arg or end_seq) */ case PARSE_PRE_ARG: index = find_arg_or_tail(ctx, data, len); if (index) { /* skipped whitespaces */ if (index < len) { apr_bucket_split(b, index); } newb = APR_BUCKET_NEXT(b); apr_bucket_delete(b); b = newb; } break; /* currently parsing name[=val] */ case PARSE_ARG: case PARSE_ARG_NAME: case PARSE_ARG_POSTNAME: case PARSE_ARG_EQ: case PARSE_ARG_PREVAL: case PARSE_ARG_VAL: case PARSE_ARG_VAL_ESC: case PARSE_ARG_POSTVAL: index = find_argument(ctx, data, len, &store, &store_len); if (index) { apr_bucket_split(b, index); newb = APR_BUCKET_NEXT(b); } if (store) { if (index) { APR_BUCKET_REMOVE(b); APR_BRIGADE_INSERT_TAIL(ctx->tmp_bb, b); b = newb; } /* time for cleanup? */ if (store != &magic) { apr_brigade_pflatten(ctx->tmp_bb, store, store_len, ctx->dpool); apr_brigade_cleanup(ctx->tmp_bb); } } else if (index) { apr_bucket_delete(b); b = newb; } break; /* try to match end_seq at current pos. */ case PARSE_TAIL: case PARSE_TAIL_SEQ: index = find_tail(ctx, data, len); switch (ctx->state) { case PARSE_EXECUTE: /* full match */ apr_bucket_split(b, index); newb = APR_BUCKET_NEXT(b); apr_bucket_delete(b); b = newb; break; case PARSE_ARG: /* no match */ /* PARSE_ARG must reparse at the beginning */ APR_BRIGADE_PREPEND(bb, ctx->tmp_bb); b = APR_BRIGADE_FIRST(bb); break; default: /* partial match */ newb = APR_BUCKET_NEXT(b); APR_BUCKET_REMOVE(b); APR_BRIGADE_INSERT_TAIL(ctx->tmp_bb, b); b = newb; break; } break; /* now execute the parsed directive, cleanup the space and * start again with PARSE_PRE_HEAD */ case PARSE_EXECUTE: /* if there was an error, it was already logged; just stop here */ if (ctx->error) { if (ctx->ctx->flags & FLAG_PRINTING) { SSI_CREATE_ERROR_BUCKET(ctx->ctx, f, pass_bb); ctx->error = 0; } } else { include_handler_fn_t *handle_func; handle_func = (include_handler_fn_t *) apr_hash_get(include_hash, ctx->directive, ctx->ctx->directive_length); if (handle_func) { apr_bucket *dummy; char *tag; apr_size_t tag_len = 0; ssi_arg_item_t *carg = ctx->argv; /* legacy wrapper code */ while (carg) { /* +1 \0 byte (either after tag or value) * +1 = byte (before value) */ tag_len += (carg->name ? carg->name_len : 0) + (carg->value ? carg->value_len + 1 : 0) + 1; carg = carg->next; } tag = ctx->ctx->combined_tag = ctx->ctx->curr_tag_pos = apr_palloc(ctx->dpool, tag_len); carg = ctx->argv; while (carg) { if (carg->name) { memcpy(tag, carg->name, carg->name_len); tag += carg->name_len; } if (carg->value) { *tag++ = '='; memcpy(tag, carg->value, carg->value_len); tag += carg->value_len; } *tag++ = '\0'; carg = carg->next; } ctx->ctx->tag_length = tag_len; /* create dummy buckets for backards compat */ ctx->ctx->head_start_bucket = apr_bucket_pool_create(apr_pmemdup(ctx->ctx->pool, ctx->ctx->start_seq, ctx->ctx->start_seq_len), ctx->ctx->start_seq_len, ctx->ctx->pool, f->c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(ctx->ctx->ssi_tag_brigade, ctx->ctx->head_start_bucket); ctx->ctx->tag_start_bucket = apr_bucket_pool_create(apr_pmemdup(ctx->ctx->pool, ctx->ctx->combined_tag, ctx->ctx->tag_length), ctx->ctx->tag_length, ctx->ctx->pool, f->c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(ctx->ctx->ssi_tag_brigade, ctx->ctx->tag_start_bucket); ctx->ctx->tail_start_bucket = apr_bucket_pool_create(apr_pmemdup(ctx->ctx->pool, ctx->ctx->end_seq, ctx->end_seq_len), ctx->end_seq_len, ctx->ctx->pool, f->c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(ctx->ctx->ssi_tag_brigade, ctx->ctx->tail_start_bucket); rv = handle_func(ctx->ctx, &bb, r, f, b, &dummy); apr_brigade_cleanup(ctx->ctx->ssi_tag_brigade); if (rv != 0 && rv != 1 && rv != -1) { apr_brigade_destroy(pass_bb); return rv; } if (dummy) { apr_bucket_brigade *remain; remain = apr_brigade_split(bb, b); APR_BRIGADE_CONCAT(pass_bb, bb); bb = remain; } } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown directive \"%s\" in parsed doc %s", apr_pstrmemdup(r->pool, ctx->directive, ctx->ctx->directive_length), r->filename); if (ctx->ctx->flags & FLAG_PRINTING) { SSI_CREATE_ERROR_BUCKET(ctx->ctx, f, pass_bb); } } } /* cleanup */ apr_pool_clear(ctx->dpool); apr_brigade_cleanup(ctx->tmp_bb); /* Oooof. Done here, start next round */ ctx->state = PARSE_PRE_HEAD; break; } } /* while (brigade) */ /* End of stream. Final cleanup */ if (ctx->seen_eos) { if (PARSE_HEAD == ctx->state) { if (ctx->ctx->flags & FLAG_PRINTING) { char *to_release = apr_palloc(ctx->ctx->pool, ctx->ctx->parse_pos); memcpy(to_release, ctx->ctx->start_seq, ctx->ctx->parse_pos); APR_BRIGADE_INSERT_TAIL(pass_bb, apr_bucket_pool_create(to_release, ctx->ctx->parse_pos, ctx->ctx->pool, f->c->bucket_alloc)); } } else if (PARSE_PRE_HEAD != ctx->state) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SSI directive was not properly finished at the end " "of parsed document %s", r->filename); if (ctx->ctx->flags & FLAG_PRINTING) { SSI_CREATE_ERROR_BUCKET(ctx->ctx, f, pass_bb); } } if (!(ctx->ctx->flags & FLAG_PRINTING)) { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "missing closing endif directive in parsed document" " %s", r->filename); } /* cleanup our temporary memory */ apr_brigade_destroy(ctx->tmp_bb); apr_pool_destroy(ctx->dpool); /* don't forget to finally insert the EOS bucket */ APR_BRIGADE_INSERT_TAIL(pass_bb, b); } /* if something's left over, pass it along */ if (!APR_BRIGADE_EMPTY(pass_bb)) { rv = ap_pass_brigade(f->next, pass_bb); } else { rv = APR_SUCCESS; } apr_brigade_destroy(pass_bb); return rv; } static void *create_includes_dir_config(apr_pool_t *p, char *dummy) { include_dir_config *result = (include_dir_config *)apr_palloc(p, sizeof(include_dir_config)); enum xbithack *xbh = (enum xbithack *) apr_palloc(p, sizeof(enum xbithack)); *xbh = DEFAULT_XBITHACK; result->default_error_msg = DEFAULT_ERROR_MSG; result->default_time_fmt = DEFAULT_TIME_FORMAT; result->xbithack = xbh; return result; } static void *create_includes_server_config(apr_pool_t*p, server_rec *server) { include_server_config *result = (include_server_config *)apr_palloc(p, sizeof(include_server_config)); result->default_end_tag = ENDING_SEQUENCE; result->default_start_tag =STARTING_SEQUENCE; result->start_tag_len = sizeof(STARTING_SEQUENCE)-1; /* compile the pattern used by find_start_sequence */ bndm_compile(&result->start_seq_pat, result->default_start_tag, result->start_tag_len); result->undefinedEcho = apr_pstrdup(p,"(none)"); result->undefinedEchoLen = strlen( result->undefinedEcho); return result; } static const char *set_xbithack(cmd_parms *cmd, void *xbp, const char *arg) { include_dir_config *conf = (include_dir_config *)xbp; if (!strcasecmp(arg, "off")) { *conf->xbithack = xbithack_off; } else if (!strcasecmp(arg, "on")) { *conf->xbithack = xbithack_on; } else if (!strcasecmp(arg, "full")) { *conf->xbithack = xbithack_full; } else { return "XBitHack must be set to Off, On, or Full"; } return NULL; } static int includes_setup(ap_filter_t *f) { include_dir_config *conf = (include_dir_config *)ap_get_module_config(f->r->per_dir_config, &include_module); /* When our xbithack value isn't set to full or our platform isn't * providing group-level protection bits or our group-level bits do not * have group-execite on, we will set the no_local_copy value to 1 so * that we will not send 304s. */ if ((*conf->xbithack != xbithack_full) || !(f->r->finfo.valid & APR_FINFO_GPROT) || !(f->r->finfo.protection & APR_GEXECUTE)) { f->r->no_local_copy = 1; } /* Don't allow ETag headers to be generated - see RFC2616 - 13.3.4. * We don't know if we are going to be including a file or executing * a program - in either case a strong ETag header will likely be invalid. */ apr_table_setn(f->r->notes, "no-etag", ""); return OK; } static apr_status_t includes_filter(ap_filter_t *f, apr_bucket_brigade *b) { request_rec *r = f->r; ssi_ctx_t *ctx = f->ctx; request_rec *parent; include_dir_config *conf = (include_dir_config *)ap_get_module_config(r->per_dir_config, &include_module); include_server_config *sconf= ap_get_module_config(r->server->module_config, &include_module); if (!(ap_allow_options(r) & OPT_INCLUDES)) { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "mod_include: Options +Includes (or IncludesNoExec) " "wasn't set, INCLUDES filter removed"); ap_remove_output_filter(f); return ap_pass_brigade(f->next, b); } if (!f->ctx) { /* create context for this filter */ f->ctx = ctx = apr_palloc(f->c->pool, sizeof(*ctx)); ctx->ctx = apr_pcalloc(f->c->pool, sizeof(*ctx->ctx)); ctx->ctx->pool = f->r->pool; apr_pool_create(&ctx->dpool, ctx->ctx->pool); /* configuration data */ ctx->end_seq_len = strlen(sconf->default_end_tag); ctx->r = f->r; /* runtime data */ ctx->tmp_bb = apr_brigade_create(ctx->ctx->pool, f->c->bucket_alloc); ctx->seen_eos = 0; ctx->state = PARSE_PRE_HEAD; ctx->ctx->flags = (FLAG_PRINTING | FLAG_COND_TRUE); if (ap_allow_options(f->r) & OPT_INCNOEXEC) { ctx->ctx->flags |= FLAG_NO_EXEC; } ctx->ctx->if_nesting_level = 0; ctx->ctx->re_string = NULL; ctx->ctx->error_str_override = NULL; ctx->ctx->time_str_override = NULL; ctx->ctx->error_str = conf->default_error_msg; ctx->ctx->time_str = conf->default_time_fmt; ctx->ctx->start_seq_pat = &sconf->start_seq_pat; ctx->ctx->start_seq = sconf->default_start_tag; ctx->ctx->start_seq_len = sconf->start_tag_len; ctx->ctx->end_seq = sconf->default_end_tag; /* legacy compat stuff */ ctx->ctx->state = PARSED; /* dummy */ ctx->ctx->ssi_tag_brigade = apr_brigade_create(f->c->pool, f->c->bucket_alloc); ctx->ctx->status = APR_SUCCESS; ctx->ctx->head_start_index = 0; ctx->ctx->tag_start_index = 0; ctx->ctx->tail_start_index = 0; } else { ctx->ctx->bytes_parsed = 0; } if ((parent = ap_get_module_config(r->request_config, &include_module))) { /* Kludge --- for nested includes, we want to keep the subprocess * environment of the base document (for compatibility); that means * torquing our own last_modified date as well so that the * LAST_MODIFIED variable gets reset to the proper value if the * nested document resets . */ r->subprocess_env = r->main->subprocess_env; apr_pool_join(r->main->pool, r->pool); r->finfo.mtime = r->main->finfo.mtime; } else { /* we're not a nested include, so we create an initial * environment */ ap_add_common_vars(r); ap_add_cgi_vars(r); add_include_vars(r, conf->default_time_fmt); } /* Always unset the content-length. There is no way to know if * the content will be modified at some point by send_parsed_content. * It is very possible for us to not find any content in the first * 9k of the file, but still have to modify the content of the file. * If we are going to pass the file through send_parsed_content, then * the content-length should just be unset. */ apr_table_unset(f->r->headers_out, "Content-Length"); /* Always unset the Last-Modified field - see RFC2616 - 13.3.4. * We don't know if we are going to be including a file or executing * a program which may change the Last-Modified header or make the * content completely dynamic. Therefore, we can't support these * headers. * Exception: XBitHack full means we *should* set the Last-Modified field. */ /* Assure the platform supports Group protections */ if ((*conf->xbithack == xbithack_full) && (r->finfo.valid & APR_FINFO_GPROT) && (r->finfo.protection & APR_GEXECUTE)) { ap_update_mtime(r, r->finfo.mtime); ap_set_last_modified(r); } else { apr_table_unset(f->r->headers_out, "Last-Modified"); } /* add QUERY stuff to env cause it ain't yet */ if (r->args) { char *arg_copy = apr_pstrdup(r->pool, r->args); apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args); ap_unescape_url(arg_copy); apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED", ap_escape_shell_cmd(r->pool, arg_copy)); } return send_parsed_content(f, b); } static void ap_register_include_handler(char *tag, include_handler_fn_t *func) { apr_hash_set(include_hash, tag, strlen(tag), (const void *)func); } static int include_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { include_hash = apr_hash_make(p); ssi_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_include_handler); if(ssi_pfn_register) { ssi_pfn_register("if", handle_if); ssi_pfn_register("set", handle_set); ssi_pfn_register("else", handle_else); ssi_pfn_register("elif", handle_elif); ssi_pfn_register("echo", handle_echo); ssi_pfn_register("endif", handle_endif); ssi_pfn_register("fsize", handle_fsize); ssi_pfn_register("config", handle_config); ssi_pfn_register("include", handle_include); ssi_pfn_register("flastmod", handle_flastmod); ssi_pfn_register("printenv", handle_printenv); } return OK; } static const char *set_default_error_msg(cmd_parms *cmd, void *mconfig, const char *msg) { include_dir_config *conf = (include_dir_config *)mconfig; conf->default_error_msg = apr_pstrdup(cmd->pool, msg); return NULL; } static const char *set_default_start_tag(cmd_parms *cmd, void *mconfig, const char *msg) { include_server_config *conf; conf= ap_get_module_config(cmd->server->module_config , &include_module); conf->default_start_tag = apr_pstrdup(cmd->pool, msg); conf->start_tag_len = strlen(conf->default_start_tag ); bndm_compile(&conf->start_seq_pat, conf->default_start_tag, conf->start_tag_len); return NULL; } static const char *set_undefined_echo(cmd_parms *cmd, void *mconfig, const char *msg) { include_server_config *conf; conf = ap_get_module_config(cmd->server->module_config, &include_module); conf->undefinedEcho = apr_pstrdup(cmd->pool, msg); conf->undefinedEchoLen = strlen(msg); return NULL; } static const char *set_default_end_tag(cmd_parms *cmd, void *mconfig, const char *msg) { include_server_config *conf; conf= ap_get_module_config(cmd->server->module_config , &include_module); conf->default_end_tag = apr_pstrdup(cmd->pool, msg); return NULL; } static const char *set_default_time_fmt(cmd_parms *cmd, void *mconfig, const char *fmt) { include_dir_config *conf = (include_dir_config *)mconfig; conf->default_time_fmt = apr_pstrdup(cmd->pool, fmt); return NULL; } /* * Module definition and configuration data structs... */ static const command_rec includes_cmds[] = { AP_INIT_TAKE1("XBitHack", set_xbithack, NULL, OR_OPTIONS, "Off, On, or Full"), AP_INIT_TAKE1("SSIErrorMsg", set_default_error_msg, NULL, OR_ALL, "a string"), AP_INIT_TAKE1("SSITimeFormat", set_default_time_fmt, NULL, OR_ALL, "a strftime(3) formatted string"), AP_INIT_TAKE1("SSIStartTag", set_default_start_tag, NULL, RSRC_CONF, "SSI Start String Tag"), AP_INIT_TAKE1("SSIEndTag", set_default_end_tag, NULL, RSRC_CONF, "SSI End String Tag"), AP_INIT_TAKE1("SSIUndefinedEcho", set_undefined_echo, NULL, RSRC_CONF, "SSI Start String Tag"), {NULL} }; static int include_fixup(request_rec *r) { include_dir_config *conf; conf = (include_dir_config *) ap_get_module_config(r->per_dir_config, &include_module); if (r->handler && (strcmp(r->handler, "server-parsed") == 0)) { if (!r->content_type || !*r->content_type) { ap_set_content_type(r, "text/html"); } r->handler = "default-handler"; } else #if defined(OS2) || defined(WIN32) || defined(NETWARE) /* These OS's don't support xbithack. This is being worked on. */ { return DECLINED; } #else { if (*conf->xbithack == xbithack_off) { return DECLINED; } if (!(r->finfo.protection & APR_UEXECUTE)) { return DECLINED; } if (!r->content_type || strcmp(r->content_type, "text/html")) { return DECLINED; } } #endif /* We always return declined, because the default handler actually * serves the file. All we have to do is add the filter. */ ap_add_output_filter("INCLUDES", NULL, r, r->connection); return DECLINED; } static void register_hooks(apr_pool_t *p) { APR_REGISTER_OPTIONAL_FN(ap_ssi_get_tag_and_value); APR_REGISTER_OPTIONAL_FN(ap_ssi_parse_string); APR_REGISTER_OPTIONAL_FN(ap_register_include_handler); ap_hook_post_config(include_post_config, NULL, NULL, APR_HOOK_REALLY_FIRST); ap_hook_fixups(include_fixup, NULL, NULL, APR_HOOK_LAST); ap_register_output_filter("INCLUDES", includes_filter, includes_setup, AP_FTYPE_RESOURCE); } module AP_MODULE_DECLARE_DATA include_module = { STANDARD20_MODULE_STUFF, create_includes_dir_config, /* dir config creater */ NULL, /* dir merger --- default is to override */ create_includes_server_config,/* server config */ NULL, /* merge server config */ includes_cmds, /* command apr_table_t */ register_hooks /* register hooks */ };