tazweb rev 176
New way to handle bookmarks (more secure and integrated cmdline functions
| author | Christophe Lincoln <pankso@slitaz.org> |
|---|---|
| date | Fri Mar 10 11:53:18 2017 +0100 (2017-03-10) |
| parents | f9c2b5aeacbd |
| children | 1603951a52b8 |
| files | .hgignore Makefile data/bookmarks.cgi src/main.c tazweb-helper |
line diff
1.1 --- a/.hgignore Sun Feb 19 18:34:15 2017 +0000 1.2 +++ b/.hgignore Fri Mar 10 11:53:18 2017 +0100 1.3 @@ -1,1 +1,2 @@ 1.4 -tazweb 1.5 +tazweb$ 1.6 +po/mo
2.1 --- a/Makefile Sun Feb 19 18:34:15 2017 +0000 2.2 +++ b/Makefile Fri Mar 10 11:53:18 2017 +0100 2.3 @@ -49,11 +49,11 @@ 2.4 $(DESTDIR)$(PREFIX)/share/icons/hicolor/32x32/apps \ 2.5 $(DESTDIR)$(PREFIX)/share/applications 2.6 install -m 0755 $(PACKAGE) $(DESTDIR)$(PREFIX)/bin 2.7 + install -m 0755 $(PACKAGE)-helper $(DESTDIR)$(PREFIX)/bin 2.8 cp -d doc/* $(DESTDIR)$(DOCDIR)/$(PACKAGE) 2.9 install -m 0644 data/tazweb.png $(DESTDIR)$(PREFIX)/share/icons/hicolor/32x32/apps 2.10 install -m 0644 data/tazweb.desktop $(DESTDIR)$(PREFIX)/share/applications 2.11 install -m 0644 data/bookmarks.txt $(DESTDIR)$(PREFIX)/share/tazweb 2.12 - install -m 0755 data/bookmarks.cgi $(DESTDIR)/var/www/cgi-bin 2.13 mkdir -p $(DESTDIR)$(PREFIX)/share/locale 2.14 cp -a po/mo/* $(DESTDIR)$(PREFIX)/share/locale 2.15
3.1 --- a/data/bookmarks.cgi Sun Feb 19 18:34:15 2017 +0000 3.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 3.3 @@ -1,126 +0,0 @@ 3.4 -#!/bin/sh 3.5 -# 3.6 -# TazWeb Bookmarks CGI handler 3.7 -# Copyright (C) 2014 SliTaz GNU/Linux - BSD License 3.8 -# 3.9 -. /usr/lib/slitaz/httphelper.sh 3.10 - 3.11 -script="$SCRIPT_NAME" 3.12 -home="$(GET home)" 3.13 -user="$(basename $home)" 3.14 -config="/home/$user/.config/tazweb" 3.15 -bookmarks="$config/bookmarks.txt" 3.16 - 3.17 -# Security check 3.18 -case $REMOTE_ADDR in 3.19 - 127.0.0.1|\[::ffff:127.0.0.1\]) ;; 3.20 - *) header; echo "Security exit! Your IP: $REMOTE_ADDR"; exit 1 3.21 -esac 3.22 - 3.23 -# HTML 5 header with built-in minimal CSS 3.24 -html_header() { 3.25 - cat << EOT 3.26 -<!DOCTYPE html> 3.27 -<html lang="en"> 3.28 -<head> 3.29 - <meta charset="utf-8" /> 3.30 - <title>TazWeb - Bookmarks</title> 3.31 - <style type="text/css"> 3.32 - body { margin: 2% 10%; } .rm { color: #666; } ul { padding: 0; } 3.33 - .rm:hover { text-decoration: none; color: #B70000; } 3.34 - h1 { color: #666; border-bottom: 4px solid #666; } 3.35 - a { text-decoration: none; } a:hover { text-decoration: underline; } 3.36 - li { list-style-type: none; color: #666; line-height: 1.4em; padding: 0; } 3.37 - footer { font-size: 80%; border-top: 2px solid #666; padding: 5px 0; } 3.38 - textarea { width: 100%; height: 240px; font-size: 98%; } 3.39 - </style> 3.40 -</head> 3.41 -<body> 3.42 -<section id="content"> 3.43 - 3.44 -EOT 3.45 -} 3.46 - 3.47 -# HTML 5 footer 3.48 -html_footer() { 3.49 - cat << EOT 3.50 - 3.51 -</section> 3.52 - 3.53 -<footer> 3.54 - <a href="$script?home=$home">Bookmarks</a> 3.55 - - <a href="$script?raw&home=$home">Raw</a> 3.56 - - <a href="$script?edit&home=$home">Edit</a> 3.57 -</footer> 3.58 - 3.59 -</body> 3.60 -</html> 3.61 -EOT 3.62 -} 3.63 - 3.64 -# Handle GET actions: continue or exit 3.65 - 3.66 -case " $(GET) " in 3.67 - 3.68 - *\ edit\ *) 3.69 - header 3.70 - html_header 3.71 - cat << EOT 3.72 -<h1>Bookmarks Edit</h1> 3.73 -<form method="get" action="$script" name="edit"> 3.74 - <input type="hidden" name="save" /> 3.75 - <input type="hidden" name="home" value="$home" /> 3.76 - <textarea name="content">$(cat "$bookmarks")</textarea> 3.77 - <p><input type="submit" value="$(gettext "Save bookmarks")" /></p> 3.78 -</form> 3.79 -EOT 3.80 - html_footer && exit 0 ;; 3.81 - 3.82 - *\ save\ *) 3.83 - sed "s/$(echo -en '\r') /\n/g" > ${bookmarks} << EOT 3.84 -$(GET content) 3.85 -EOT 3.86 - ;; 3.87 - 3.88 - *\ raw\ *) 3.89 - # View bookmarks file 3.90 - header 3.91 - html_header 3.92 - echo '<h1>Raw Bookmarks</h1>' 3.93 - echo "<pre>" 3.94 - IFS="|" 3.95 - cat ${bookmarks} | cat ${bookmarks} | while read title url null 3.96 - do 3.97 - echo "$title | <a href='$url'>$url</a>" 3.98 - done 3.99 - unset IFS 3.100 - echo "</pre>" 3.101 - html_footer && exit 0 ;; 3.102 - 3.103 - *\ rm\ *) 3.104 - # Remove a bookmark item and continue 3.105 - url=$(GET rm) 3.106 - [ "$url" ] || continue 3.107 - sed -i s"#.*${url}.*##" ${bookmarks} 3.108 - sed -i "/^$/"d ${bookmarks} ;; 3.109 - 3.110 -esac 3.111 - 3.112 -# Show all bookmarks 3.113 -header 3.114 -html_header 3.115 -echo '<h1>TazWeb Bookmarks</h1>' 3.116 -echo '<ul>' 3.117 -IFS="|" 3.118 -cat ${bookmarks} | while read title url null 3.119 -do 3.120 - cat << EOT 3.121 - <li><a class="rm" href="?rm=$url&home=$home">⊗<a/> 3.122 - <a href="${url}">${title}<a/></li> 3.123 -EOT 3.124 -done 3.125 -unset IFS 3.126 -echo '</ul>' 3.127 -html_footer 3.128 - 3.129 -exit 0
4.1 --- a/src/main.c Sun Feb 19 18:34:15 2017 +0000 4.2 +++ b/src/main.c Fri Mar 10 11:53:18 2017 +0100 4.3 @@ -19,7 +19,7 @@ 4.4 #define HOME g_get_home_dir() 4.5 #define CONFIG g_strdup_printf("%s/.config/tazweb", HOME) 4.6 #define BMTXT g_strdup_printf("%s/bookmarks.txt", CONFIG) 4.7 -#define BMURL "http://localhost/cgi-bin/bookmarks.cgi" 4.8 +#define BMURL g_strdup_printf("%s/bookmarks.html", CONFIG) 4.9 #define WEBHOME "file:///usr/share/webhome/index.html" 4.10 #define SEARCH "http://duckduckgo.com/?q=%s&t=slitaz" 4.11 4.12 @@ -154,7 +154,8 @@ 4.13 static void 4.14 go_bookmarks_cb(GtkWidget* widget, WebKitWebView* webview) 4.15 { 4.16 - uri = g_strdup_printf("%s?home=%s", BMURL, HOME); 4.17 + system("tazweb-helper html_bookmarks"); 4.18 + uri = g_strdup_printf("file://%s", BMURL); 4.19 g_assert(uri); 4.20 webkit_web_view_load_uri(webview, uri); 4.21 } 4.22 @@ -523,8 +524,8 @@ 4.23 4.24 /* Get a default bookmarks.txt if missing */ 4.25 if (! g_file_test(BMTXT, G_FILE_TEST_EXISTS)) { 4.26 - system("install -m 0777 -d $HOME/.config/tazweb"); 4.27 - system("install -m 0666 /usr/share/tazweb/bookmarks.txt \ 4.28 + system("install -m 0700 -d $HOME/.config/tazweb"); 4.29 + system("install -m 0600 /usr/share/tazweb/bookmarks.txt \ 4.30 $HOME/.config/tazweb/bookmarks.txt"); 4.31 } 4.32
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/tazweb-helper Fri Mar 10 11:53:18 2017 +0100 5.3 @@ -0,0 +1,92 @@ 5.4 +#!/bin/sh 5.5 +# 5.6 +# TazWeb Helper - Handle bookmarks (no libtaz, usable on any Linux distro) 5.7 +# 5.8 + 5.9 +tazweb="$(pwd)/tazweb" 5.10 +config="$HOME/.config/tazweb" 5.11 +bm_txt="$config/bookmarks.txt" 5.12 +bm_html="$config/bookmarks.html" 5.13 + 5.14 +help() { 5.15 + cat << EOT 5.16 + 5.17 +$(gettext "Usage:") $(basename $0) [bookmarks] --option 5.18 + 5.19 +$(gettext "Options:") 5.20 + --raw Show raw bookmarks.txt 5.21 + 5.22 +EOT 5.23 +} 5.24 + 5.25 +# HTML 5 header with built-in minimal CSS 5.26 +html_header() { 5.27 + cat << EOT 5.28 +<!DOCTYPE html> 5.29 +<html lang="en"> 5.30 +<head> 5.31 + <meta charset="utf-8" /> 5.32 + <title>TazWeb - Bookmarks</title> 5.33 + <style type="text/css"> 5.34 + body { margin: 2% 10%; font-size: 94%; } ul { padding: 0; } 5.35 + h1 { color: #888; border-bottom: 4px solid #888; } 5.36 + ul a { text-decoration: none; } ul a:hover { text-decoration: underline; } 5.37 + li { list-style-type: none; color: #666; line-height: 1.4em; padding: 0; } 5.38 + footer { font-size: 80%; border-top: 1px solid #888; padding: 5px 0; } 5.39 + textarea { width: 100%; height: 240px; font-size: 98%; } 5.40 + </style> 5.41 +</head> 5.42 +<body> 5.43 +<section id="content"> 5.44 +<h1>TazWeb Bookmarks</h1> 5.45 +<ul> 5.46 +EOT 5.47 +} 5.48 + 5.49 +# HTML 5 footer 5.50 +html_footer() { 5.51 + cat << EOT 5.52 +</ul> 5.53 +</section> 5.54 +<footer> 5.55 + $(cat $bm_txt | wc -l) $(gettext "bookmarks") 5.56 +</footer> 5.57 +</body> 5.58 +</html> 5.59 +EOT 5.60 +} 5.61 + 5.62 +# Generate bookmarks.html 5.63 +html_bookmarks() { 5.64 + html_header > ${bm_html} 5.65 + IFS="|" 5.66 + cat ${bm_txt} | while read title url null 5.67 + do 5.68 + cat >> ${bm_html} << EOT 5.69 + <li><a href="${url}">${title}</a></li> 5.70 +EOT 5.71 + done 5.72 + unset IFS 5.73 + html_footer >> ${bm_html} 5.74 + # Security fix from old cgi-bin bookmarks.cgi 5.75 + chmod 0600 ${USER}.${USER} ${bm_txt} 5.76 +} 5.77 + 5.78 +# 5.79 +# Commands 5.80 +# 5.81 +case "$1" in 5.82 + 5.83 + -b|bookmarks) 5.84 + if [ "$raw" ]; then 5.85 + ${tazweb} file:///${config}/bookmarks.txt & 5.86 + else 5.87 + html_bookmarks 5.88 + ${tazweb} file:///${config}/bookmarks.html & 5.89 + fi ;; 5.90 + 5.91 + *_*) ${1} ;; 5.92 + 5.93 + *|-h|help) help ;; 5.94 + 5.95 +esac; exit 0