shithub: werc

Download patch

ref: 64e62d3b3040a78b5ef187f3d9ad41ff6ac6278f
parent: 4b8ea49899363f37f7da2ff77506f4089dce46fb
author: uriel <uriel@vm41.cat-v.org>
date: Sat Jun 6 12:20:02 EDT 2009 

Move shared .tpl files to tpl/ from lib/, this fixes a DoS vulneravility where master_template.tpl could be accessed as a standalone .tpl file that recursively called itself.

diff: cannot open a/lib/_users//null: file does not exist: 'a/lib/_users//null' diff: cannot open b/tpl/_users//null: file does not exist: 'b/tpl/_users//null' diff: cannot open b/tpl//null: file does not exist: 'b/tpl//null' 
--- a/bin/corehandlers.rc
+++ b/bin/corehandlers.rc
@@ -92,7 +92,7 @@
     if not if(test -f $local_path.html)
         handler_body_main=(html_handler $local_path.html)
     # Global tpl (eg sitemap.tpl), should take precedence over txt handler!
-    if not if(test -f lib^$req_path^.tpl)
+    if not if(test -f tpl^$req_path^.tpl)
         handler_body_main=(tpl_handler lib^$req_path^.tpl)
     if not if(test -f $local_path.txt)
         handler_body_main=(txt_handler $local_path.txt)
--- a/lib/_debug.tpl
+++ /dev/null
@@ -1,29 +1,0 @@
-% if(! ~ $#debug_shell 0) {
-<form method="POST" name="prompt">
-<input size="80" type="text" name="command" value="%($"post_arg_command%)" />
-<input type="submit" Value="Run" />
-</form>
-<script language="javascript"><!--
-document.prompt.command.focus()
-//--></script>
-
-%{
-fn evl {
-    # Buffering is probably messing this up:
-    #rc -c 'flag x +;{'^$post_arg_command'} |[2] awk ''{print ">> "$0}'''
-    rc -c 'flag s +; flag x +;'^$post_arg_command
-}
-    if(! ~ $#post_arg_command 0 && ! ~ $#post_arg_command '') {
-        echo '<hr /><pre>'
-        evl | escape_html |[2] awk '{print "<b>"$0"</b>"}' 
-        echo '</pre>'
-    }
-%}
-% }
-
-<hr /><pre>
-% env | escape_html
-</pre><hr />
-
-% umask
-
--- a/lib/_users/login.tpl
+++ /dev/null
@@ -1,18 +1,0 @@
-<h1>User login</h1>
-<br />
-% if(check_user) {
-    You are logged in as: <b>%($logged_user%)</b>
-% }
-% if not {
-%    if (~ $REQUEST_METHOD POST)
-%        echo '<div class="notify_errors">Login failed!</div>'
-<form method="post" action="" style="text-align: right; float: left;">
-<fieldset>
-    <label>User name: <input type="text" name="user_name" value="%($"post_arg_user_name%)"/></label><br />
-    <label>User password: <input type="password" name="user_password" /></label><br />
-    <input name="s" type="submit" value="Login" />
-</fieldset>
-</form>
-% }
-
-<br style="clear:left" />
--- a/lib/sitemap.tpl
+++ /dev/null
@@ -1,65 +1,0 @@
-<h1>Site map</h1>
-
-%{
-tmpfile=/tmp/werc_sitemap_$pid.txt
-saveddf=$dirfilter
-
-fn get_md_title {
-    sed 's/^(................................................................[^ ]*).*$/\1/g; 1q' < $1 
-}
-
-fn get_html_title {
-    # H1 is not reliable because htmlroff doesn't use it :(
-    #desc=`{cat $1 | sed 32q | grep '<[Hh]1>' | sed 's/<[Hh]1>(.*)(<\/[Hh]1>|$)/\1/;s/<[^>]*>//g;1q'}
-    # Pick the first line of body  instead
-    desc=`{sed -n '/<[Bb][Oo][Dd][Yy]/,/./s/(<[^>]*>|$)//gp' < $1}
-    if(~ $#desc 0)
-        desc=`{sed 's/<[^>]*>//g; 1q' < $1}
-}
-
-fn get_file_title {
-        
-    if(~ $1 */) {
-        if(test -f $1/index.md)
-            get_md_title $1/index.md
-        if not if(test -f $1/index.html)
-            get_html_title $1/index.html
-    }
-    if not if(~ $1 *.md)
-        get_md_title $1
-    if not if(~ $1 *.html)
-        get_html_title $1
-    if not
-        echo ''
-}
-
-fn listDir {
-    d=$1
-    dirfilter=$saveddf
-    if(test -f $d/_werc/config)
-        . ./$d/_werc/config
-
-    if(~ $#perm_redir_to 0) {
-        echo '<ul class="sitemap-list">'
-
-        for(i in `{ls -dF $d^*/ $d^*.md $d^*.html $d^*.txt >[2]/dev/null | sed $dirfilter}) {
-            desc=`{get_file_title $i}
-            u=`{echo $i|sed 's!'$sitedir'!!; '$dirclean's!/index$!/!; '}
-            if(! ~ $#desc 0 && ! ~ $desc '')
-                desc=' - '$"desc
-            n=`{echo /$u|sed 's/_/ /g; s,.*/([^/]+)/?$,\1,'}
-            echo '<li><a href="'$base_url$u'">'^$"n^'</a>' $"desc '</li>' 
-            echo $base_url^$u >> $tmpfile
-            if(test -d $i)
-                @{ listDir $i }
-        }
-        echo '</ul>'
-    }
-}
-
-fltr_cache listDir $sitedir/
-
-if(test -s $tmpfile)
-    mv $tmpfile $sitedir/sitemap.txt &
-
-%}
--- /dev/null
+++ b/tpl/_debug.tpl
@@ -1,0 +1,29 @@
+% if(! ~ $#debug_shell 0) {
+<form method="POST" name="prompt">
+<input size="80" type="text" name="command" value="%($"post_arg_command%)" />
+<input type="submit" Value="Run" />
+</form>
+<script language="javascript"><!--
+document.prompt.command.focus()
+//--></script>
+
+%{
+fn evl {
+    # Buffering is probably messing this up:
+    #rc -c 'flag x +;{'^$post_arg_command'} |[2] awk ''{print ">> "$0}'''
+    rc -c 'flag s +; flag x +;'^$post_arg_command
+}
+    if(! ~ $#post_arg_command 0 && ! ~ $#post_arg_command '') {
+        echo '<hr /><pre>'
+        evl | escape_html |[2] awk '{print "<b>"$0"</b>"}' 
+        echo '</pre>'
+    }
+%}
+% }
+
+<hr /><pre>
+% env | escape_html
+</pre><hr />
+
+% umask
+
--- /dev/null
+++ b/tpl/_users/login.tpl
@@ -1,0 +1,18 @@
+<h1>User login</h1>
+<br />
+% if(check_user) {
+    You are logged in as: <b>%($logged_user%)</b>
+% }
+% if not {
+%    if (~ $REQUEST_METHOD POST)
+%        echo '<div class="notify_errors">Login failed!</div>'
+<form method="post" action="" style="text-align: right; float: left;">
+<fieldset>
+    <label>User name: <input type="text" name="user_name" value="%($"post_arg_user_name%)"/></label><br />
+    <label>User password: <input type="password" name="user_password" /></label><br />
+    <input name="s" type="submit" value="Login" />
+</fieldset>
+</form>
+% }
+
+<br style="clear:left" />
--- /dev/null
+++ b/tpl/sitemap.tpl
@@ -1,0 +1,65 @@
+<h1>Site map</h1>
+
+%{
+tmpfile=/tmp/werc_sitemap_$pid.txt
+saveddf=$dirfilter
+
+fn get_md_title {
+    sed 's/^(................................................................[^ ]*).*$/\1/g; 1q' < $1 
+}
+
+fn get_html_title {
+    # H1 is not reliable because htmlroff doesn't use it :(
+    #desc=`{cat $1 | sed 32q | grep '<[Hh]1>' | sed 's/<[Hh]1>(.*)(<\/[Hh]1>|$)/\1/;s/<[^>]*>//g;1q'}
+    # Pick the first line of body  instead
+    desc=`{sed -n '/<[Bb][Oo][Dd][Yy]/,/./s/(<[^>]*>|$)//gp' < $1}
+    if(~ $#desc 0)
+        desc=`{sed 's/<[^>]*>//g; 1q' < $1}
+}
+
+fn get_file_title {
+        
+    if(~ $1 */) {
+        if(test -f $1/index.md)
+            get_md_title $1/index.md
+        if not if(test -f $1/index.html)
+            get_html_title $1/index.html
+    }
+    if not if(~ $1 *.md)
+        get_md_title $1
+    if not if(~ $1 *.html)
+        get_html_title $1
+    if not
+        echo ''
+}
+
+fn listDir {
+    d=$1
+    dirfilter=$saveddf
+    if(test -f $d/_werc/config)
+        . ./$d/_werc/config
+
+    if(~ $#perm_redir_to 0) {
+        echo '<ul class="sitemap-list">'
+
+        for(i in `{ls -dF $d^*/ $d^*.md $d^*.html $d^*.txt >[2]/dev/null | sed $dirfilter}) {
+            desc=`{get_file_title $i}
+            u=`{echo $i|sed 's!'$sitedir'!!; '$dirclean's!/index$!/!; '}
+            if(! ~ $#desc 0 && ! ~ $desc '')
+                desc=' - '$"desc
+            n=`{echo /$u|sed 's/_/ /g; s,.*/([^/]+)/?$,\1,'}
+            echo '<li><a href="'$base_url$u'">'^$"n^'</a>' $"desc '</li>' 
+            echo $base_url^$u >> $tmpfile
+            if(test -d $i)
+                @{ listDir $i }
+        }
+        echo '</ul>'
+    }
+}
+
+fltr_cache listDir $sitedir/
+
+if(test -s $tmpfile)
+    mv $tmpfile $sitedir/sitemap.txt &
+
+%}