wok-current: busybox/stuff/httpd

wok-current annotate busybox/stuff/httpd_helper.sh @ rev 25725

Patch openssh CVE-2024-6387

author	Stanislas Leduc <shann@slitaz.org>
date	Mon Jul 01 15:09:44 2024 +0000 (4 months ago)
parents	f564323fc5a4
children

rev	line source
pascal@5685	1 #!/bin/sh
pascal@5685	2 #
pascal@9597	3 # busybox/httpd helper for shell cgi scripts, providing:
pascal@5685	4 #
pascal@9597	5 # GET [var [index]] \| POST [var [index]] \| COOKIE [var [index]]
pascal@9597	6 # FILE [var {name\|tmpname\|size\|type}]
pascal@9597	7 # header [strings]... \| urlencode string \| htmlentities string \| httpinfo
pascal@9597	8 #
pascal@5685	9
pascal@5685	10 alias urlencode='httpd -e'
pascal@5685	11
pascal@9514	12 # Send headers, example :
pascal@9514	13 # header "Content-type: text/html" "Set-Cookie: name=value; HttpOnly"
pascal@5685	14 header()
pascal@5685	15 {
pascal@9599	16 local i
pascal@9514	17 [ -z "$1" ] && set -- "Content-type: text/html"
pascal@9514	18 for i in "$@" "" ; do echo -e "$i\r"; done
pascal@5685	19 }
pascal@5685	20
pascal@5685	21 htmlentities()
pascal@5685	22 {
pascal@9454	23 echo $1 \| sed 's\|&\|\&\|g;s\|<\|\<\|g;s\|>\|\>\|g;s\|"\|\"\|g'
pascal@5685	24 }
pascal@5685	25
pascal@9597	26 _ARRAY()
pascal@5685	27 {
pascal@9597	28 [ -z "$2" ] && eval echo \$${1}__NAMES \|\|
pascal@9597	29 [ -n "$(eval echo \$${1}__NAMES)" ] && eval echo \$${1}_${2}_${3:-1}
pascal@5685	30 }
pascal@5685	31
pascal@9597	32 GET() { _ARRAY GET "$1" $2; }
pascal@9597	33 POST() { _ARRAY POST "$1" $2; }
pascal@9597	34 FILE() { _ARRAY FILE "$1" $2; }
pascal@9597	35 COOKIE() { _ARRAY COOKIE "$1" $2; }
pascal@5685	36
pascal@5685	37 httpinfo()
pascal@5685	38 {
pascal@5685	39 local i
pascal@9598	40 local j
pascal@5685	41 local x
pascal@5685	42 for i in SERVER_PROTOCOL SERVER_SOFTWARE SERVER_NAME SERVER_PORT AUTH_TYPE \
pascal@5773	43 GATEWAY_INTERFACE REMOTE_HOST REMOTE_ADDR REMOTE_PORT \
pascal@5773	44 HTTP_REFERER HTTP_HOST HTTP_USER_AGENT HTTP_ACCEPT \
pascal@5773	45 HTTP_ACCEPT_LANGUAGE HTTP_COOKIE AUTH_TYPE REMOTE_USER REMOTE_IDENT \
pascal@5685	46 REQUEST_METHOD REQUEST_URI QUERY_STRING CONTENT_LENGTH CONTENT_TYPE \
pascal@5773	47 SCRIPT_NAME SCRIPT_FILENAME PATH_INFO PATH_TRANSLATED \
pascal@5773	48 USER HOME LOGNAME SHELL PWD ; do
pascal@5685	49 eval x=\$$i
pascal@5685	50 [ -n "$x" ] && echo "$i='$x'"
pascal@5685	51 done
pascal@9598	52 for x in GET POST COOKIE ; do
pascal@9598	53 for i in $($x) ; do
pascal@9598	54 if [ $($x $i count) -gt 1 ]; then
pascal@9598	55 for j in $(seq 1 $($x $i count)); do
pascal@9598	56 echo "$x($i,$j)='$($x $i $j)'"
pascal@9597	57 done
pascal@9597	58 else
pascal@9598	59 echo "$x($i)='$($x $i)'"
pascal@9597	60 fi
pascal@9597	61 done
pascal@5685	62 done
pascal@9597	63 for i in $(FILE) ; do
pascal@5685	64 for j in name size type tmpname ; do
pascal@9597	65 echo "FILE($i,$j)='$(FILE $i $j)'"
pascal@5685	66 done
pascal@5685	67 done
pascal@5685	68 }
pascal@5685	69
pascal@5685	70 read_query_string()
pascal@5685	71 {
pascal@5685	72 local i
pascal@5685	73 local names
pascal@9596	74 local cnt
pascal@5685	75 names=""
pascal@5685	76 IFS="&"
pascal@9597	77 for i in $2 ; do
pascal@10847	78 var=${i%%[^A-Za-z_0-9]*}
pascal@9596	79 case " $names " in
pascal@9597	80 \ $var\ ) eval cnt=\$${1}_${var}_count ;;
pascal@9597	81 *) cnt=0
pascal@9597	82 names="$names $var" ;;
pascal@9596	83 esac
pascal@9596	84 eval ${1}_${var}_count=$((++cnt))
pascal@9596	85 eval ${1}_${var}_$cnt=\'$(httpd -d "${i#*=}" \| sed "s/'/\'\\\\\'\'/g")\'
pascal@5685	86 done
pascal@5685	87 unset IFS
pascal@5685	88 eval ${1}__NAMES=\'${names# }\'
pascal@5685	89 }
pascal@5685	90
pascal@9597	91 [ -z "$GET__NAMES" ] && read_query_string GET "$QUERY_STRING"
pascal@9597	92 [ -z "$COOKIE_NAMES" ] &&
pascal@9597	93 read_query_string COOKIE "$(echo "$HTTP_COOKIE" \| sed 's/; /\&/g')"
pascal@5685	94
pascal@5685	95 ddcut()
pascal@5685	96 {
pascal@5685	97 page=4096
pascal@5685	98 skip=$1
pascal@5685	99 count=$(($2 - $1 -2))
pascal@5685	100 tmp=$(($skip / $page))
pascal@5685	101 [ $tmp -ne 0 ] && dd bs=$page skip=$tmp count=0
pascal@5685	102 skip=$(($skip - ($tmp * $page) ))
pascal@5685	103 dd bs=1 skip=$skip count=0
pascal@5685	104 tmp=$(( ($page - $skip) % $page ))
pascal@5685	105 if [ $tmp -ne 0 -a $tmp -le $count ]; then
pascal@5685	106 dd bs=1 count=$tmp
pascal@5685	107 count=$(($count - $tmp))
pascal@5685	108 fi
pascal@5685	109 tmp=$(($count / $page))
pascal@5685	110 [ $tmp -ne 0 ] && dd bs=$page count=$tmp
pascal@5685	111 dd bs=1 count=$(($count - ($tmp * $page) ))
pascal@5685	112 }
pascal@5685	113
pascal@20892	114 if [ "$REQUEST_METHOD$POST__NAMES" = "POST" ]; then
pascal@5685	115 prefix=/tmp/httpd_post
pascal@5685	116 mkdir $prefix$$
pascal@5685	117 now=$(stat -c %Y $prefix$$)
pascal@5685	118 for i in $prefix* ; do
pascal@5685	119 [ $(stat -c %Y $i) -lt $(($now - 3600)) ] && rm -rf $i
pascal@5685	120 done
pascal@5685	121 post=$prefix$$/post
pascal@5685	122 n=1
pascal@5685	123 cat > ${post}0
pascal@5685	124 read delim < ${post}0
pascal@10848	125 delim=${delim%?}
pascal@5685	126 case "$delim" in
pascal@10848	127 -*) awk "/$delim/ { o+=index(\$0,\"$delim\")-1; print o }
pascal@5685	128 { o+=1+length() }" < ${post}0 \| while read offset; do
pascal@5685	129 if [ $offset -ne 0 ]; then
pascal@5685	130 ddcut $last $offset < ${post}0 > $post$n 2> /dev/null
pascal@5685	131 n=$(($n+1))
pascal@5685	132 fi
pascal@5685	133 last=$offset
pascal@5685	134 done
pascal@5685	135 rm -f ${post}0
pascal@5685	136 CR=`printf '\r'`
pascal@5685	137 for i in $post* ; do
pascal@5685	138 head -n 2 $i \| grep -q filename= \|\| echo '' >> $i
pascal@5685	139 filename=
pascal@5685	140 while read line; do
pascal@5685	141 case "$line" in
pascal@5685	142 Content-Disposition)
pascal@5685	143 name=$(echo $line \| sed 's/.* name="$[^"]$".$/\1/')
pascal@10847	144 name=${name%%[^A-Za-z_0-9]*}
pascal@5685	145 case "$line" in
pascal@5685	146 filename=) filename=$(echo $line \| sed 's/.* filename="$[^"]$".$/\1/') ;;
pascal@5685	147 esac ;;
pascal@5685	148 Content-Type)
pascal@5685	149 type=$(echo $line \| sed 's/.-Type: $.$.$/\1/') ;;
pascal@5685	150 $CR)
pascal@5685	151 if [ -n "$filename" ]; then
pascal@5685	152 tmp=$(mktemp $prefix$$/uploadXXXXXX)
pascal@5685	153 cat > $tmp
pascal@5685	154 FILE__NAMES="$FILE__NAMES $name"
pascal@5685	155 FILE__NAMES="${FILE__NAMES# }"
pascal@5685	156 eval FILE_${name}_tmpname=$tmp
pascal@5685	157 eval FILE_${name}_name=$filename
pascal@5685	158 eval FILE_${name}_size=$(stat -c %s $tmp)
pascal@5685	159 eval FILE_${name}_type=$type
pascal@5685	160 elif [ -n "$name" ]; then
pascal@10847	161 eval cnt=\$POST_${name}_count
pascal@10847	162 cnt=$(($cnt + 1))
pascal@10847	163 eval var=\$POST_${name}_$cnt
pascal@5685	164 while read line; do
pascal@5685	165 [ -n "$var" ] && var="$var
pascal@5685	166 "
pascal@10847	167 var="$var$line"
pascal@5685	168 done
pascal@10847	169 eval POST_${name}_$cnt="\$var"
pascal@10847	170 eval POST_${name}_count=$cnt
pascal@5685	171 case " $POST__NAMES " in
pascal@5685	172 \ $name\ ) ;;
pascal@5685	173 *) POST__NAMES="$POST__NAMES $name"
pascal@5685	174 POST__NAMES="${POST__NAMES# }" ;;
pascal@5685	175 esac
pascal@5685	176 fi
pascal@5685	177 break ;;
pascal@5685	178 *)
pascal@5685	179 esac
pascal@5685	180 done < $i
pascal@5685	181 rm -f $i
pascal@5685	182 done
pascal@5685	183 rmdir $(dirname $post) ;;
pascal@9597	184 *) rm -rf $(dirname $post)
pascal@9597	185 read_query_string POST "$delim" ;;
pascal@5685	186 esac
pascal@5685	187 fi

SliTaz Repositories

wok-current annotate busybox/stuff/httpd_helper.sh @ rev 25725