1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
60 * http_include.c: Handles the server-parsed HTML documents
62 * Original by Rob McCool; substantial fixups by David Robinson;
63 * incorporated into the Apache module framework by rst.
68 #include "apr_strings.h"
69 #include "apr_thread_proc.h"
73 #include "apr_optional.h"
75 #define APR_WANT_STRFUNC
76 #define APR_WANT_MEMFUNC
79 #include "ap_config.h"
80 #include "util_filter.h"
82 #include "http_config.h"
83 #include "http_core.h"
84 #include "http_request.h"
85 #include "http_core.h"
86 #include "http_protocol.h"
88 #include "http_main.h"
89 #include "util_script.h"
90 #include "http_core.h"
91 #include "mod_include.h"
93 /* helper for Latin1 <-> entity encoding */
94 #if APR_CHARSET_EBCDIC
95 #include "util_ebcdic.h"
96 #define RAW_ASCII_CHAR(ch) apr_xlate_conv_byte(ap_hdrs_from_ascii, \
98 #else /* APR_CHARSET_EBCDIC */
99 #define RAW_ASCII_CHAR(ch) (ch)
100 #endif /* !APR_CHARSET_EBCDIC */
104 * +-------------------------------------------------------+
108 * +-------------------------------------------------------+
113 #define MAX_DEBUG_SIZE MAX_STRING_LEN
115 #define LOG_COND_STATUS(ctx, f, bb, text) \
117 char *cond_txt = apr_pstrcat((ctx)->dpool, "**** ", (text), \
118 " conditional_status=\"", ((ctx)->flags & SSI_FLAG_COND_TRUE)?"1":"0", \
120 APR_BRIGADE_INSERT_TAIL((bb), apr_bucket_heap_create(cond_txt, \
121 strlen(cond_txt), NULL, (f)->c->bucket_alloc)); \
124 #define DUMP_PARSE_EXPR_DEBUG(buf, f, bb) \
126 APR_BRIGADE_INSERT_TAIL((bb), apr_bucket_heap_create((buf), \
127 strlen((buf)), NULL, (f)->c->bucket_alloc)); \
132 #define MAX_DEBUG_SIZE 10
133 #define LOG_COND_STATUS(ctx, f, bb, text)
134 #define DUMP_PARSE_EXPR_DEBUG(buf, f, bb)
140 * +-------------------------------------------------------+
142 * | Types and Structures
144 * +-------------------------------------------------------+
147 /* sll used for string expansion */
148 typedef struct result_item {
149 struct result_item *next;
163 apr_size_t pattern_len;
167 const char *default_error_msg;
168 const char *default_time_fmt;
170 } include_dir_config;
173 const char *default_start_tag;
174 const char *default_end_tag;
175 const char *undefined_echo;
176 apr_size_t undefined_echo_len;
177 } include_server_config;
179 /* main parser states */
184 PARSE_DIRECTIVE_POSTNAME,
185 PARSE_DIRECTIVE_TAIL,
186 PARSE_DIRECTIVE_POSTTAIL,
201 typedef struct arg_item {
202 struct arg_item *next;
206 apr_size_t value_len;
209 #define MAX_NMATCH 10
215 regmatch_t match[MAX_NMATCH];
218 struct ssi_internal_ctx {
222 char quote; /* quote character value (or \0) */
223 apr_size_t parse_pos; /* parse position of partial matches */
224 apr_size_t bytes_read;
226 apr_bucket_brigade *tmp_bb;
229 const char *start_seq;
230 bndm_t *start_seq_pat;
232 apr_size_t end_seq_len;
233 char *directive; /* name of the current directive */
234 apr_size_t directive_len; /* length of the current directive name */
236 arg_item_t *current_arg; /* currently parsed argument */
237 arg_item_t *argv; /* all arguments */
239 backref_t *re; /* NULL if there wasn't a regex yet */
244 * +-------------------------------------------------------+
246 * | Static Module Data
248 * +-------------------------------------------------------+
251 /* global module structure */
252 module AP_MODULE_DECLARE_DATA include_module;
254 /* function handlers for include directives */
255 static apr_hash_t *include_handlers;
257 /* forward declaration of handler registry */
258 static APR_OPTIONAL_FN_TYPE(ap_register_include_handler) *ssi_pfn_register;
260 /* Sentinel value to store in subprocess_env for items that
261 * shouldn't be evaluated until/unless they're actually used
263 static const char lazy_eval_sentinel;
264 #define LAZY_VALUE (&lazy_eval_sentinel)
267 #define DEFAULT_START_SEQUENCE "<!--#"
268 #define DEFAULT_END_SEQUENCE "-->"
269 #define DEFAULT_ERROR_MSG "[an error occurred while processing this directive]"
270 #define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
271 #define DEFAULT_UNDEFINED_ECHO "(none)"
274 #define DEFAULT_XBITHACK XBITHACK_FULL
276 #define DEFAULT_XBITHACK XBITHACK_OFF
281 * +-------------------------------------------------------+
283 * | Environment/Expansion Functions
285 * +-------------------------------------------------------+
289 * decodes a string containing html entities or numeric character references.
290 * 's' is overwritten with the decoded string.
291 * If 's' is syntatically incorrect, then the followed fixups will be made:
292 * unknown entities will be left undecoded;
293 * references to unused numeric characters will be deleted.
294 * In particular, � will not be decoded, but will be deleted.
297 /* maximum length of any ISO-LATIN-1 HTML entity name. */
298 #define MAXENTLEN (6)
300 /* The following is a shrinking transformation, therefore safe. */
302 static void decodehtml(char *s)
307 static const char * const entlist[MAXENTLEN + 1] =
311 "lt\074gt\076", /* 2 */
312 "amp\046ETH\320eth\360", /* 3 */
313 "quot\042Auml\304Euml\313Iuml\317Ouml\326Uuml\334auml\344euml\353\
314 iuml\357ouml\366uuml\374yuml\377", /* 4 */
315 "Acirc\302Aring\305AElig\306Ecirc\312Icirc\316Ocirc\324Ucirc\333\
316 THORN\336szlig\337acirc\342aring\345aelig\346ecirc\352icirc\356ocirc\364\
317 ucirc\373thorn\376", /* 5 */
318 "Agrave\300Aacute\301Atilde\303Ccedil\307Egrave\310Eacute\311\
319 Igrave\314Iacute\315Ntilde\321Ograve\322Oacute\323Otilde\325Oslash\330\
320 Ugrave\331Uacute\332Yacute\335agrave\340aacute\341atilde\343ccedil\347\
321 egrave\350eacute\351igrave\354iacute\355ntilde\361ograve\362oacute\363\
322 otilde\365oslash\370ugrave\371uacute\372yacute\375" /* 6 */
325 /* Do a fast scan through the string until we find anything
326 * that needs more complicated handling
328 for (; *s != '&'; s++) {
334 for (p = s; *s != '\0'; s++, p++) {
339 /* find end of entity */
340 for (i = 1; s[i] != ';' && s[i] != '\0'; i++) {
344 if (s[i] == '\0') { /* treat as normal data */
349 /* is it numeric ? */
351 for (j = 2, val = 0; j < i && apr_isdigit(s[j]); j++) {
352 val = val * 10 + s[j] - '0';
355 if (j < i || val <= 8 || (val >= 11 && val <= 31) ||
356 (val >= 127 && val <= 160) || val >= 256) {
357 p--; /* no data to output */
360 *p = RAW_ASCII_CHAR(val);
365 if (j > MAXENTLEN || entlist[j] == NULL) {
368 continue; /* skip it */
370 for (ents = entlist[j]; *ents != '\0'; ents += i) {
371 if (strncmp(s + 1, ents, j) == 0) {
377 *p = '&'; /* unknown */
380 *p = RAW_ASCII_CHAR(((const unsigned char *) ents)[j]);
389 static void add_include_vars(request_rec *r, const char *timefmt)
391 apr_table_t *e = r->subprocess_env;
394 apr_table_setn(e, "DATE_LOCAL", LAZY_VALUE);
395 apr_table_setn(e, "DATE_GMT", LAZY_VALUE);
396 apr_table_setn(e, "LAST_MODIFIED", LAZY_VALUE);
397 apr_table_setn(e, "DOCUMENT_URI", r->uri);
398 if (r->path_info && *r->path_info) {
399 apr_table_setn(e, "DOCUMENT_PATH_INFO", r->path_info);
401 apr_table_setn(e, "USER_NAME", LAZY_VALUE);
402 if ((t = strrchr(r->filename, '/'))) {
403 apr_table_setn(e, "DOCUMENT_NAME", ++t);
406 apr_table_setn(e, "DOCUMENT_NAME", r->uri);
409 char *arg_copy = apr_pstrdup(r->pool, r->args);
411 ap_unescape_url(arg_copy);
412 apr_table_setn(e, "QUERY_STRING_UNESCAPED",
413 ap_escape_shell_cmd(r->pool, arg_copy));
417 static const char *add_include_vars_lazy(request_rec *r, const char *var)
420 if (!strcasecmp(var, "DATE_LOCAL")) {
421 include_dir_config *conf =
422 (include_dir_config *)ap_get_module_config(r->per_dir_config,
424 val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 0);
426 else if (!strcasecmp(var, "DATE_GMT")) {
427 include_dir_config *conf =
428 (include_dir_config *)ap_get_module_config(r->per_dir_config,
430 val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 1);
432 else if (!strcasecmp(var, "LAST_MODIFIED")) {
433 include_dir_config *conf =
434 (include_dir_config *)ap_get_module_config(r->per_dir_config,
436 val = ap_ht_time(r->pool, r->finfo.mtime, conf->default_time_fmt, 0);
438 else if (!strcasecmp(var, "USER_NAME")) {
439 if (apr_get_username(&val, r->finfo.user, r->pool) != APR_SUCCESS) {
448 apr_table_setn(r->subprocess_env, var, val);
453 static const char *get_include_var(const char *var, include_ctx_t *ctx)
456 request_rec *r = ctx->intern->r;
458 if (apr_isdigit(*var) && !var[1]) {
459 int idx = *var - '0';
460 backref_t *re = ctx->intern->re;
462 /* Handle $0 .. $9 from the last regex evaluated.
463 * The choice of returning NULL strings on not-found,
464 * v.s. empty strings on an empty match is deliberate.
467 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "regex capture $%d "
468 "refers to no regex in %s", idx, r->filename);
472 if (re->nsub < idx) {
473 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
474 "regex capture $%d is out of range (last regex "
475 "was: '%s') in %s", idx, re->rexp, r->filename);
479 if (re->match[idx].rm_so < 0 || re->match[idx].rm_eo < 0) {
483 val = apr_pstrmemdup(ctx->dpool, re->source + re->match[idx].rm_so,
484 re->match[idx].rm_eo - re->match[idx].rm_so);
488 val = apr_table_get(r->subprocess_env, var);
490 if (val == LAZY_VALUE) {
491 val = add_include_vars_lazy(r, var);
499 * Do variable substitution on strings
501 * (Note: If out==NULL, this function allocs a buffer for the resulting
502 * string from ctx->pool. The return value is always the parsed string)
504 static char *ap_ssi_parse_string(include_ctx_t *ctx, const char *in, char *out,
505 apr_size_t length, int leave_name)
507 request_rec *r = ctx->intern->r;
508 result_item_t *result = NULL, *current = NULL;
509 apr_size_t outlen = 0, inlen, span;
510 char *ret = NULL, *eout = NULL;
514 /* sanity check, out && !length is not supported */
515 ap_assert(out && length);
518 eout = out + length - 1;
521 span = strcspn(in, "\\$");
527 apr_cpystrn(out, in, length);
530 ret = apr_pstrmemdup(ctx->pool, in, (length && length <= inlen)
531 ? length - 1 : inlen);
537 /* well, actually something to do */
542 memcpy(out, in, (out+span <= eout) ? span : (eout-out));
547 current = result = apr_palloc(ctx->dpool, sizeof(*result));
548 current->next = NULL;
549 current->string = in;
554 /* loop for specials */
556 if ((out && out >= eout) || (length && outlen >= length)) {
560 /* prepare next entry */
561 if (!out && current->len) {
562 current->next = apr_palloc(ctx->dpool, sizeof(*current->next));
563 current = current->next;
564 current->next = NULL;
573 *out++ = (p[1] == '$') ? *++p : *p;
578 current->string = (p[1] == '$') ? ++p : p;
587 else { /* *p == '$' */
588 const char *newp = NULL, *ep, *key = NULL;
591 ep = ap_strchr_c(++p, '}');
593 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Missing '}' on "
594 "variable \"%s\" in %s", p, r->filename);
599 key = apr_pstrmemdup(ctx->dpool, p, ep - p);
606 while (*ep == '_' || apr_isalnum(*ep)) {
611 key = apr_pstrmemdup(ctx->dpool, p, ep - p);
617 /* empty name results in a copy of '$' in the output string */
624 current->string = p++;
629 const char *val = get_include_var(key, ctx);
635 else if (leave_name) {
642 memcpy(out, val, (out+len <= eout) ? len : (eout-out));
647 current->string = val;
656 if ((out && out >= eout) || (length && outlen >= length)) {
660 /* check the remainder */
661 if (*p && (span = strcspn(p, "\\$")) > 0) {
662 if (!out && current->len) {
663 current->next = apr_palloc(ctx->dpool, sizeof(*current->next));
664 current = current->next;
665 current->next = NULL;
669 memcpy(out, p, (out+span <= eout) ? span : (eout-out));
680 } while (p < in+inlen);
682 /* assemble result */
694 if (length && outlen > length) {
698 ret = out = apr_palloc(ctx->pool, outlen + 1);
703 memcpy(out, result->string, (out+result->len <= ep)
704 ? result->len : (ep-out));
707 result = result->next;
708 } while (result && out < ep);
718 * +-------------------------------------------------------+
720 * | Conditional Expression Parser
722 * +-------------------------------------------------------+
725 static APR_INLINE int re_check(include_ctx_t *ctx, char *string, char *rexp)
728 backref_t *re = ctx->intern->re;
731 compiled = ap_pregcomp(ctx->dpool, rexp, REG_EXTENDED);
733 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->intern->r, "unable to "
734 "compile pattern \"%s\"", rexp);
739 re = ctx->intern->re = apr_palloc(ctx->pool, sizeof(*re));
744 re->nsub = compiled->re_nsub;
745 rc = !ap_regexec(compiled, string, MAX_NMATCH, re->match, 0);
747 ap_pregfree(ctx->dpool, compiled);
752 token_string, token_re,
753 token_and, token_or, token_not, token_eq, token_ne,
754 token_rbrace, token_lbrace, token_group,
755 token_ge, token_le, token_gt, token_lt
758 enum token_type type;
762 static const char *get_ptoken(request_rec *r, const char *string,
763 struct token *token, int *unmatched)
772 /* Skip leading white space */
773 if (string == (char *) NULL) {
774 return (char *) NULL;
776 while ((ch = *string++)) {
777 if (!apr_isspace(ch)) {
782 return (char *) NULL;
785 token->type = token_string; /* the default type */
788 token->type = token_lbrace;
791 token->type = token_rbrace;
794 token->type = token_eq;
797 if (*string == '=') {
798 token->type = token_ne;
802 token->type = token_not;
806 /* already token->type == token_string */
810 token->type = token_re;
814 if (*string == '|') {
815 token->type = token_or;
820 if (*string == '&') {
821 token->type = token_and;
826 if (*string == '=') {
827 token->type = token_ge;
831 token->type = token_gt;
835 if (*string == '=') {
836 token->type = token_le;
840 token->type = token_lt;
844 /* already token->type == token_string */
847 /* We should only be here if we are in a string */
848 token->value = apr_palloc(r->pool, strlen(string) + 2); /* 2 for ch plus
851 token->value[next++] = ch;
855 * I used the ++string throughout this section so that string
856 * ends up pointing to the next token and I can just return it
858 for (ch = *string; ((ch != '\0') && (!tkn_fnd)); ch = *++string) {
860 if ((ch = *++string) == '\0') {
864 token->value[next++] = ch;
869 if (apr_isspace(ch)) {
883 if (*(string + 1) == '|') {
888 if (*(string + 1) == '&') {
894 token->value[next++] = ch;
905 token->value[next++] = ch;
914 /* If qs is still set, we have an unmatched quote */
919 token->value[next] = '\0';
925 /* there is an implicit assumption here that expr is at most MAX_STRING_LEN-1
928 static int parse_expr(request_rec *r, include_ctx_t *ctx, const char *expr,
929 int *was_error, int *was_unmatched, char *debug)
932 struct parse_node *left, *right, *parent;
935 } *root, *current, *new;
939 apr_size_t debug_pos = 0;
941 debug[debug_pos] = '\0';
944 if ((parse = expr) == (char *) NULL) {
947 root = current = (struct parse_node *) NULL;
949 /* Create Parse Tree */
951 new = (struct parse_node *) apr_palloc(r->pool,
952 sizeof(struct parse_node));
953 new->parent = new->left = new->right = (struct parse_node *) NULL;
955 if ((parse = get_ptoken(r, parse, &new->token, was_unmatched)) ==
959 switch (new->token.type) {
963 debug_pos += sprintf (&debug[debug_pos],
964 " Token: string (%s)\n",
967 if (current == (struct parse_node *) NULL) {
968 root = current = new;
971 switch (current->token.type) {
973 current->token.value = apr_pstrcat(r->pool,
974 current->token.value,
975 current->token.value[0] ? " " : "",
990 new->parent = current;
991 current = current->right = new;
994 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
995 "Invalid expression \"%s\" in file %s",
1003 #ifdef DEBUG_INCLUDE
1004 debug_pos += sprintf (&debug[debug_pos],
1005 " Token: regex (%s)\n",
1008 if (current == (struct parse_node *) NULL) {
1009 root = current = new;
1012 switch (current->token.type) {
1019 new->parent = current;
1020 current = current->right = new;
1023 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1024 "Invalid expression \"%s\" in file %s",
1033 #ifdef DEBUG_INCLUDE
1034 memcpy (&debug[debug_pos], " Token: and/or\n",
1035 sizeof (" Token: and/or\n"));
1036 debug_pos += sizeof (" Token: and/or\n");
1038 if (current == (struct parse_node *) NULL) {
1039 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1040 "Invalid expression \"%s\" in file %s",
1045 /* Percolate upwards */
1046 while (current != (struct parse_node *) NULL) {
1047 switch (current->token.type) {
1060 current = current->parent;
1065 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1066 "Invalid expression \"%s\" in file %s",
1073 if (current == (struct parse_node *) NULL) {
1075 new->left->parent = new;
1076 new->parent = (struct parse_node *) NULL;
1080 new->left = current->right;
1081 current->right = new;
1082 new->parent = current;
1088 #ifdef DEBUG_INCLUDE
1089 memcpy(&debug[debug_pos], " Token: not\n",
1090 sizeof(" Token: not\n"));
1091 debug_pos += sizeof(" Token: not\n");
1093 if (current == (struct parse_node *) NULL) {
1094 root = current = new;
1097 /* Percolate upwards */
1098 if (current != (struct parse_node *) NULL) {
1099 switch (current->token.type) {
1112 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1113 "Invalid expression \"%s\" in file %s",
1119 if (current == (struct parse_node *) NULL) {
1121 new->left->parent = new;
1122 new->parent = (struct parse_node *) NULL;
1126 new->left = current->right;
1127 current->right = new;
1128 new->parent = current;
1139 #ifdef DEBUG_INCLUDE
1140 memcpy(&debug[debug_pos], " Token: eq/ne/ge/gt/le/lt\n",
1141 sizeof(" Token: eq/ne/ge/gt/le/lt\n"));
1142 debug_pos += sizeof(" Token: eq/ne/ge/gt/le/lt\n");
1144 if (current == (struct parse_node *) NULL) {
1145 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1146 "Invalid expression \"%s\" in file %s",
1151 /* Percolate upwards */
1152 while (current != (struct parse_node *) NULL) {
1153 switch (current->token.type) {
1157 current = current->parent;
1171 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1172 "Invalid expression \"%s\" in file %s",
1179 if (current == (struct parse_node *) NULL) {
1181 new->left->parent = new;
1182 new->parent = (struct parse_node *) NULL;
1186 new->left = current->right;
1187 current->right = new;
1188 new->parent = current;
1194 #ifdef DEBUG_INCLUDE
1195 memcpy (&debug[debug_pos], " Token: rbrace\n",
1196 sizeof (" Token: rbrace\n"));
1197 debug_pos += sizeof (" Token: rbrace\n");
1199 while (current != (struct parse_node *) NULL) {
1200 if (current->token.type == token_lbrace) {
1201 current->token.type = token_group;
1204 current = current->parent;
1206 if (current == (struct parse_node *) NULL) {
1207 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1208 "Unmatched ')' in \"%s\" in file %s",
1216 #ifdef DEBUG_INCLUDE
1217 memcpy (&debug[debug_pos], " Token: lbrace\n",
1218 sizeof (" Token: lbrace\n"));
1219 debug_pos += sizeof (" Token: lbrace\n");
1221 if (current == (struct parse_node *) NULL) {
1222 root = current = new;
1225 /* Percolate upwards */
1226 if (current != (struct parse_node *) NULL) {
1227 switch (current->token.type) {
1243 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1244 "Invalid expression \"%s\" in file %s",
1250 if (current == (struct parse_node *) NULL) {
1252 new->left->parent = new;
1253 new->parent = (struct parse_node *) NULL;
1257 new->left = current->right;
1258 current->right = new;
1259 new->parent = current;
1268 /* Evaluate Parse Tree */
1270 while (current != (struct parse_node *) NULL) {
1271 switch (current->token.type) {
1273 #ifdef DEBUG_INCLUDE
1274 memcpy (&debug[debug_pos], " Evaluate string\n",
1275 sizeof (" Evaluate string\n"));
1276 debug_pos += sizeof (" Evaluate string\n");
1278 buffer = ap_ssi_parse_string(ctx, current->token.value, NULL,
1280 current->token.value = buffer;
1281 current->value = (current->token.value[0] != '\0');
1283 current = current->parent;
1287 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1288 "No operator before regex of expr \"%s\" in file %s",
1295 #ifdef DEBUG_INCLUDE
1296 memcpy(&debug[debug_pos], " Evaluate and/or\n",
1297 sizeof(" Evaluate and/or\n"));
1298 debug_pos += sizeof(" Evaluate and/or\n");
1300 if (current->left == (struct parse_node *) NULL ||
1301 current->right == (struct parse_node *) NULL) {
1302 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1303 "Invalid expression \"%s\" in file %s",
1308 if (!current->left->done) {
1309 switch (current->left->token.type) {
1311 buffer = ap_ssi_parse_string(ctx, current->left->token.value,
1312 NULL, MAX_STRING_LEN, 0);
1313 current->left->token.value = buffer;
1314 current->left->value =
1315 (current->left->token.value[0] != '\0');
1316 current->left->done = 1;
1319 current = current->left;
1323 if (!current->right->done) {
1324 switch (current->right->token.type) {
1326 buffer = ap_ssi_parse_string(ctx, current->right->token.value,
1327 NULL, MAX_STRING_LEN, 0);
1328 current->right->token.value = buffer;
1329 current->right->value =
1330 (current->right->token.value[0] != '\0');
1331 current->right->done = 1;
1334 current = current->right;
1338 #ifdef DEBUG_INCLUDE
1339 debug_pos += sprintf (&debug[debug_pos], " Left: %c\n",
1340 current->left->value ? '1' : '0');
1341 debug_pos += sprintf (&debug[debug_pos], " Right: %c\n",
1342 current->right->value ? '1' : '0');
1344 if (current->token.type == token_and) {
1345 current->value = current->left->value && current->right->value;
1348 current->value = current->left->value || current->right->value;
1350 #ifdef DEBUG_INCLUDE
1351 debug_pos += sprintf (&debug[debug_pos], " Returning %c\n",
1352 current->value ? '1' : '0');
1355 current = current->parent;
1360 #ifdef DEBUG_INCLUDE
1361 memcpy (&debug[debug_pos], " Evaluate eq/ne\n",
1362 sizeof (" Evaluate eq/ne\n"));
1363 debug_pos += sizeof (" Evaluate eq/ne\n");
1365 if ((current->left == (struct parse_node *) NULL) ||
1366 (current->right == (struct parse_node *) NULL) ||
1367 (current->left->token.type != token_string) ||
1368 ((current->right->token.type != token_string) &&
1369 (current->right->token.type != token_re))) {
1370 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1371 "Invalid expression \"%s\" in file %s",
1376 buffer = ap_ssi_parse_string(ctx, current->left->token.value,
1377 NULL, MAX_STRING_LEN, 0);
1378 current->left->token.value = buffer;
1379 buffer = ap_ssi_parse_string(ctx, current->right->token.value,
1380 NULL, MAX_STRING_LEN, 0);
1381 current->right->token.value = buffer;
1382 if (current->right->token.type == token_re) {
1383 #ifdef DEBUG_INCLUDE
1384 debug_pos += sprintf (&debug[debug_pos],
1385 " Re Compare (%s) with /%s/\n",
1386 current->left->token.value,
1387 current->right->token.value);
1390 re_check(ctx, current->left->token.value,
1391 current->right->token.value);
1394 #ifdef DEBUG_INCLUDE
1395 debug_pos += sprintf (&debug[debug_pos],
1396 " Compare (%s) with (%s)\n",
1397 current->left->token.value,
1398 current->right->token.value);
1401 (strcmp(current->left->token.value,
1402 current->right->token.value) == 0);
1404 if (current->token.type == token_ne) {
1405 current->value = !current->value;
1407 #ifdef DEBUG_INCLUDE
1408 debug_pos += sprintf (&debug[debug_pos], " Returning %c\n",
1409 current->value ? '1' : '0');
1412 current = current->parent;
1418 #ifdef DEBUG_INCLUDE
1419 memcpy (&debug[debug_pos], " Evaluate ge/gt/le/lt\n",
1420 sizeof (" Evaluate ge/gt/le/lt\n"));
1421 debug_pos += sizeof (" Evaluate ge/gt/le/lt\n");
1423 if ((current->left == (struct parse_node *) NULL) ||
1424 (current->right == (struct parse_node *) NULL) ||
1425 (current->left->token.type != token_string) ||
1426 (current->right->token.type != token_string)) {
1427 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1428 "Invalid expression \"%s\" in file %s",
1433 buffer = ap_ssi_parse_string(ctx, current->left->token.value, NULL,
1435 current->left->token.value = buffer;
1436 buffer = ap_ssi_parse_string(ctx, current->right->token.value, NULL,
1438 current->right->token.value = buffer;
1439 #ifdef DEBUG_INCLUDE
1440 debug_pos += sprintf (&debug[debug_pos],
1441 " Compare (%s) with (%s)\n",
1442 current->left->token.value,
1443 current->right->token.value);
1446 strcmp(current->left->token.value,
1447 current->right->token.value);
1448 if (current->token.type == token_ge) {
1449 current->value = current->value >= 0;
1451 else if (current->token.type == token_gt) {
1452 current->value = current->value > 0;
1454 else if (current->token.type == token_le) {
1455 current->value = current->value <= 0;
1457 else if (current->token.type == token_lt) {
1458 current->value = current->value < 0;
1461 current->value = 0; /* Don't return -1 if unknown token */
1463 #ifdef DEBUG_INCLUDE
1464 debug_pos += sprintf (&debug[debug_pos], " Returning %c\n",
1465 current->value ? '1' : '0');
1468 current = current->parent;
1472 if (current->right != (struct parse_node *) NULL) {
1473 if (!current->right->done) {
1474 current = current->right;
1477 current->value = !current->right->value;
1482 #ifdef DEBUG_INCLUDE
1483 debug_pos += sprintf (&debug[debug_pos], " Evaluate !: %c\n",
1484 current->value ? '1' : '0');
1487 current = current->parent;
1491 if (current->right != (struct parse_node *) NULL) {
1492 if (!current->right->done) {
1493 current = current->right;
1496 current->value = current->right->value;
1501 #ifdef DEBUG_INCLUDE
1502 debug_pos += sprintf (&debug[debug_pos], " Evaluate (): %c\n",
1503 current->value ? '1' : '0');
1506 current = current->parent;
1510 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1511 "Unmatched '(' in \"%s\" in file %s",
1517 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1518 "Unmatched ')' in \"%s\" in file %s",
1524 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1531 retval = (root == (struct parse_node *) NULL) ? 0 : root->value;
1537 * +-------------------------------------------------------+
1541 * +-------------------------------------------------------+
1545 * Extract the next tag name and value.
1546 * If there are no more tags, set the tag name to NULL.
1547 * The tag value is html decoded if dodecode is non-zero.
1548 * The tag value may be NULL if there is no tag value..
1550 static void ap_ssi_get_tag_and_value(include_ctx_t *ctx, char **tag,
1551 char **tag_val, int dodecode)
1553 if (!ctx->intern->argv) {
1560 *tag_val = ctx->intern->argv->value;
1561 *tag = ctx->intern->argv->name;
1563 ctx->intern->argv = ctx->intern->argv->next;
1565 if (dodecode && *tag_val) {
1566 decodehtml(*tag_val);
1572 /* ensure that path is relative, and does not contain ".." elements
1573 * ensentially ensure that it does not match the regex:
1574 * (^/|(^|/)\.\.(/|$))
1575 * XXX: Simply replace with apr_filepath_merge
1577 static int is_only_below(const char *path)
1579 #ifdef HAVE_DRIVE_LETTERS
1584 if (ap_strchr_c(path, ':'))
1587 if (path[0] == '/') {
1592 while (path[dots] == '.')
1595 /* If the name is canonical this is redundant
1596 * but in security, redundancy is worthwhile.
1597 * Does OS2 belong here (accepts ... for ..)?
1599 if (dots > 1 && (!path[dots] || path[dots] == '/'))
1602 if (dots == 2 && (!path[dots] || path[dots] == '/'))
1606 /* Advance to either the null byte at the end of the
1607 * string or the character right after the next slash,
1608 * whichever comes first
1610 while (*path && (*path++ != '/')) {
1617 static int find_file(request_rec *r, const char *directive, const char *tag,
1618 char *tag_val, apr_finfo_t *finfo)
1620 char *to_send = tag_val;
1621 request_rec *rr = NULL;
1623 char *error_fmt = NULL;
1624 apr_status_t rv = APR_SUCCESS;
1626 if (!strcmp(tag, "file")) {
1627 /* XXX: Port to apr_filepath_merge
1628 * be safe; only files in this directory or below allowed
1630 if (!is_only_below(tag_val)) {
1631 error_fmt = "unable to access file \"%s\" "
1632 "in parsed file %s";
1635 ap_getparents(tag_val); /* get rid of any nasties */
1637 /* note: it is okay to pass NULL for the "next filter" since
1638 we never attempt to "run" this sub request. */
1639 rr = ap_sub_req_lookup_file(tag_val, r, NULL);
1641 if (rr->status == HTTP_OK && rr->finfo.filetype != 0) {
1642 to_send = rr->filename;
1643 if ((rv = apr_stat(finfo, to_send,
1644 APR_FINFO_GPROT | APR_FINFO_MIN, rr->pool)) != APR_SUCCESS
1645 && rv != APR_INCOMPLETE) {
1646 error_fmt = "unable to get information about \"%s\" "
1647 "in parsed file %s";
1651 error_fmt = "unable to lookup information about \"%s\" "
1652 "in parsed file %s";
1658 ap_log_rerror(APLOG_MARK, APLOG_ERR,
1659 rv, r, error_fmt, to_send, r->filename);
1662 if (rr) ap_destroy_sub_req(rr);
1666 else if (!strcmp(tag, "virtual")) {
1667 /* note: it is okay to pass NULL for the "next filter" since
1668 we never attempt to "run" this sub request. */
1669 rr = ap_sub_req_lookup_uri(tag_val, r, NULL);
1671 if (rr->status == HTTP_OK && rr->finfo.filetype != 0) {
1672 memcpy((char *) finfo, (const char *) &rr->finfo,
1674 ap_destroy_sub_req(rr);
1678 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1679 "unable to get information about \"%s\" "
1680 "in parsed file %s",
1681 tag_val, r->filename);
1682 ap_destroy_sub_req(rr);
1687 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1688 "unknown parameter \"%s\" to tag %s in %s",
1689 tag, directive, r->filename);
1695 * <!--#include virtual|file="..." [virtual|file="..."] ... -->
1697 static apr_status_t handle_include(include_ctx_t *ctx, ap_filter_t *f,
1698 apr_bucket_brigade *bb)
1700 request_rec *r = f->r;
1703 ap_log_rerror(APLOG_MARK,
1704 (ctx->flags & SSI_FLAG_PRINTING)
1705 ? APLOG_ERR : APLOG_WARNING,
1706 0, r, "missing argument for include element in %s",
1710 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
1715 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1721 char *tag_val = NULL;
1722 request_rec *rr = NULL;
1723 char *error_fmt = NULL;
1724 char *parsed_string;
1726 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
1727 if (!tag || !tag_val) {
1731 if (strcmp(tag, "virtual") && strcmp(tag, "file")) {
1732 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter "
1733 "\"%s\" to tag include in %s", tag, r->filename);
1734 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1738 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL, MAX_STRING_LEN,
1739 SSI_EXPAND_DROP_NAME);
1740 if (tag[0] == 'f') {
1741 /* XXX: Port to apr_filepath_merge
1742 * be safe; only files in this directory or below allowed
1744 if (!is_only_below(parsed_string)) {
1745 error_fmt = "unable to include file \"%s\" in parsed file %s";
1748 rr = ap_sub_req_lookup_uri(parsed_string, r, f->next);
1752 rr = ap_sub_req_lookup_uri(parsed_string, r, f->next);
1755 if (!error_fmt && rr->status != HTTP_OK) {
1756 error_fmt = "unable to include \"%s\" in parsed file %s";
1759 if (!error_fmt && (ctx->flags & SSI_FLAG_NO_EXEC) &&
1760 rr->content_type && strncmp(rr->content_type, "text/", 5)) {
1762 error_fmt = "unable to include potential exec \"%s\" in parsed "
1770 /* try to avoid recursive includes. We do this by walking
1771 * up the r->main list of subrequests, and at each level
1772 * walking back through any internal redirects. At each
1773 * step, we compare the filenames and the URIs.
1775 * The filename comparison catches a recursive include
1776 * with an ever-changing URL, eg.
1777 * <!--#include virtual=
1778 * "$REQUEST_URI/$QUERY_STRING?$QUERY_STRING/x" -->
1779 * which, although they would eventually be caught because
1780 * we have a limit on the length of files, etc., can
1781 * recurse for a while.
1783 * The URI comparison catches the case where the filename
1784 * is changed while processing the request, so the
1785 * current name is never the same as any previous one.
1786 * This can happen with "DocumentRoot /foo" when you
1787 * request "/" on the server and it includes "/".
1788 * This only applies to modules such as mod_dir that
1789 * (somewhat improperly) mess with r->filename outside
1790 * of a filename translation phase.
1792 for (p = r; p && !founddupe; p = p->main) {
1793 for (q = p; q; q = q->prev) {
1794 if ((q->filename && rr->filename &&
1795 (strcmp(q->filename, rr->filename) == 0)) ||
1796 ((*q->uri == '/') &&
1797 (strcmp(q->uri, rr->uri) == 0))) {
1806 error_fmt = "Recursive include of \"%s\" in parsed file %s";
1810 /* See the Kludge in includes_filter for why.
1811 * Basically, it puts a bread crumb in here, then looks
1812 * for the crumb later to see if its been here.
1815 ap_set_module_config(rr->request_config, &include_module, r);
1818 if (!error_fmt && ap_run_sub_req(rr)) {
1819 error_fmt = "unable to include \"%s\" in parsed file %s";
1823 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, error_fmt, tag_val,
1825 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1828 /* destroy the sub request */
1830 ap_destroy_sub_req(rr);
1842 * <!--#echo [encoding="..."] var="..." [encoding="..."] var="..." ... -->
1844 static apr_status_t handle_echo(include_ctx_t *ctx, ap_filter_t *f,
1845 apr_bucket_brigade *bb)
1847 enum {E_NONE, E_URL, E_ENTITY} encode;
1848 request_rec *r = f->r;
1851 ap_log_rerror(APLOG_MARK,
1852 (ctx->flags & SSI_FLAG_PRINTING)
1853 ? APLOG_ERR : APLOG_WARNING,
1854 0, r, "missing argument for echo element in %s",
1858 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
1863 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1871 char *tag_val = NULL;
1873 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
1874 if (!tag || !tag_val) {
1878 if (!strcmp(tag, "var")) {
1880 const char *echo_text = NULL;
1883 val = get_include_var(ap_ssi_parse_string(ctx, tag_val, NULL,
1885 SSI_EXPAND_DROP_NAME),
1894 echo_text = ap_escape_uri(ctx->dpool, val);
1897 echo_text = ap_escape_html(ctx->dpool, val);
1901 e_len = strlen(echo_text);
1904 include_server_config *sconf;
1906 sconf = ap_get_module_config(r->server->module_config,
1908 echo_text = sconf->undefined_echo;
1909 e_len = sconf->undefined_echo_len;
1912 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(
1913 apr_pstrmemdup(ctx->pool, echo_text, e_len),
1914 e_len, ctx->pool, f->c->bucket_alloc));
1916 else if (!strcmp(tag, "encoding")) {
1917 if (!strcasecmp(tag_val, "none")) {
1920 else if (!strcasecmp(tag_val, "url")) {
1923 else if (!strcasecmp(tag_val, "entity")) {
1927 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown value "
1928 "\"%s\" to parameter \"encoding\" of tag echo in "
1929 "%s", tag_val, r->filename);
1930 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1935 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter "
1936 "\"%s\" in tag echo of %s", tag, r->filename);
1937 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1946 * <!--#config [timefmt="..."] [sizefmt="..."] [errmsg="..."] -->
1948 static apr_status_t handle_config(include_ctx_t *ctx, ap_filter_t *f,
1949 apr_bucket_brigade *bb)
1951 request_rec *r = f->r;
1952 apr_table_t *env = r->subprocess_env;
1955 ap_log_rerror(APLOG_MARK,
1956 (ctx->flags & SSI_FLAG_PRINTING)
1957 ? APLOG_ERR : APLOG_WARNING,
1958 0, r, "missing argument for config element in %s",
1962 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
1967 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1973 char *tag_val = NULL;
1974 char *parsed_string;
1976 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_RAW);
1977 if (!tag || !tag_val) {
1981 if (!strcmp(tag, "errmsg")) {
1982 ctx->error_str = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
1983 SSI_EXPAND_DROP_NAME);
1985 else if (!strcmp(tag, "timefmt")) {
1986 apr_time_t date = r->request_time;
1988 ctx->time_str = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
1989 SSI_EXPAND_DROP_NAME);
1991 apr_table_setn(env, "DATE_LOCAL", ap_ht_time(r->pool, date,
1993 apr_table_setn(env, "DATE_GMT", ap_ht_time(r->pool, date,
1995 apr_table_setn(env, "LAST_MODIFIED",
1996 ap_ht_time(r->pool, r->finfo.mtime,
1999 else if (!strcmp(tag, "sizefmt")) {
2000 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL,
2002 SSI_EXPAND_DROP_NAME);
2003 if (!strcmp(parsed_string, "bytes")) {
2004 ctx->flags |= SSI_FLAG_SIZE_IN_BYTES;
2006 else if (!strcmp(parsed_string, "abbrev")) {
2007 ctx->flags &= SSI_FLAG_SIZE_ABBREV;
2010 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown value "
2011 "\"%s\" to parameter \"sizefmt\" of tag config "
2012 "in %s", parsed_string, r->filename);
2013 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2018 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter "
2019 "\"%s\" to tag config in %s", tag, r->filename);
2020 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2029 * <!--#fsize virtual|file="..." [virtual|file="..."] ... -->
2031 static apr_status_t handle_fsize(include_ctx_t *ctx, ap_filter_t *f,
2032 apr_bucket_brigade *bb)
2034 request_rec *r = f->r;
2037 ap_log_rerror(APLOG_MARK,
2038 (ctx->flags & SSI_FLAG_PRINTING)
2039 ? APLOG_ERR : APLOG_WARNING,
2040 0, r, "missing argument for fsize element in %s",
2044 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2049 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2055 char *tag_val = NULL;
2057 char *parsed_string;
2059 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
2060 if (!tag || !tag_val) {
2064 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL, MAX_STRING_LEN,
2065 SSI_EXPAND_DROP_NAME);
2067 if (!find_file(r, "fsize", tag, parsed_string, &finfo)) {
2071 if (!(ctx->flags & SSI_FLAG_SIZE_IN_BYTES)) {
2072 buf = apr_strfsize(finfo.size, apr_palloc(ctx->pool, 5));
2073 len = 4; /* omit the \0 terminator */
2076 apr_size_t l, x, pos;
2079 tmp = apr_psprintf(ctx->dpool, "%" APR_OFF_T_FMT, finfo.size);
2080 len = l = strlen(tmp);
2082 for (x = 0; x < l; ++x) {
2083 if (x && !((l - x) % 3)) {
2089 buf = apr_pstrmemdup(ctx->pool, tmp, len);
2092 buf = apr_palloc(ctx->pool, len);
2094 for (pos = x = 0; x < l; ++x) {
2095 if (x && !((l - x) % 3)) {
2098 buf[pos++] = tmp[x];
2103 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(buf, len,
2104 ctx->pool, f->c->bucket_alloc));
2107 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2116 * <!--#flastmod virtual|file="..." [virtual|file="..."] ... -->
2118 static apr_status_t handle_flastmod(include_ctx_t *ctx, ap_filter_t *f,
2119 apr_bucket_brigade *bb)
2121 request_rec *r = f->r;
2124 ap_log_rerror(APLOG_MARK,
2125 (ctx->flags & SSI_FLAG_PRINTING)
2126 ? APLOG_ERR : APLOG_WARNING,
2127 0, r, "missing argument for flastmod element in %s",
2131 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2136 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2142 char *tag_val = NULL;
2144 char *parsed_string;
2146 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
2147 if (!tag || !tag_val) {
2151 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL, MAX_STRING_LEN,
2152 SSI_EXPAND_DROP_NAME);
2154 if (!find_file(r, "flastmod", tag, parsed_string, &finfo)) {
2158 t_val = ap_ht_time(ctx->pool, finfo.mtime, ctx->time_str, 0);
2159 t_len = strlen(t_val);
2161 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(t_val, t_len,
2162 ctx->pool, f->c->bucket_alloc));
2165 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2174 * <!--#if expr="..." -->
2176 static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
2177 apr_bucket_brigade *bb)
2181 char debug_buf[MAX_DEBUG_SIZE];
2182 request_rec *r = f->r;
2183 int expr_ret, was_error, was_unmatched;
2185 if (ctx->argc != 1) {
2186 ap_log_rerror(APLOG_MARK,
2187 (ctx->flags & SSI_FLAG_PRINTING)
2188 ? APLOG_ERR : APLOG_WARNING,
2190 ? "too many arguments for if element in %s"
2191 : "missing expr argument for if element in %s",
2195 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2196 ++(ctx->if_nesting_level);
2200 if (ctx->argc != 1) {
2201 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2205 ap_ssi_get_tag_and_value(ctx, &tag, &expr, SSI_VALUE_RAW);
2207 if (strcmp(tag, "expr")) {
2208 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" "
2209 "to tag if in %s", tag, r->filename);
2210 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2215 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "missing expr value for if "
2216 "element in %s", r->filename);
2217 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2220 #ifdef DEBUG_INCLUDE
2222 apr_size_t d_len = 0;
2223 d_len = sprintf(debug_buf, "**** if expr=\"%s\"\n", expr);
2224 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_heap_create(debug_buf, d_len,
2225 NULL, f->c->bucket_alloc));
2230 expr_ret = parse_expr(r, ctx, expr, &was_error, &was_unmatched, debug_buf);
2233 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2237 if (was_unmatched) {
2238 DUMP_PARSE_EXPR_DEBUG("\nUnmatched '\n", f, bb);
2240 DUMP_PARSE_EXPR_DEBUG(debug_buf, f, bb);
2243 ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
2246 ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
2249 LOG_COND_STATUS(ctx, f, bb, " if");
2250 ctx->if_nesting_level = 0;
2256 * <!--#elif expr="..." -->
2258 static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
2259 apr_bucket_brigade *bb)
2263 request_rec *r = f->r;
2264 char debug_buf[MAX_DEBUG_SIZE];
2265 int expr_ret, was_error, was_unmatched;
2267 if (ctx->argc != 1) {
2268 ap_log_rerror(APLOG_MARK,
2269 (!(ctx->if_nesting_level)) ? APLOG_ERR : APLOG_WARNING,
2271 ? "too many arguments for if element in %s"
2272 : "missing expr argument for if element in %s",
2276 if (ctx->if_nesting_level) {
2280 if (ctx->argc != 1) {
2281 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2285 ap_ssi_get_tag_and_value(ctx, &tag, &expr, SSI_VALUE_RAW);
2287 if (strcmp(tag, "expr")) {
2288 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" "
2289 "to tag if in %s", tag, r->filename);
2290 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2295 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "missing expr in elif "
2296 "statement: %s", r->filename);
2297 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2300 #ifdef DEBUG_INCLUDE
2302 apr_size_t d_len = 0;
2303 d_len = sprintf(debug_buf, "**** elif expr=\"%s\"\n", expr);
2304 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_heap_create(debug_buf, d_len,
2305 NULL, f->c->bucket_alloc));
2309 LOG_COND_STATUS(ctx, f, bb, " elif");
2311 if (ctx->flags & SSI_FLAG_COND_TRUE) {
2312 ctx->flags &= SSI_FLAG_CLEAR_PRINTING;
2316 expr_ret = parse_expr(r, ctx, expr, &was_error, &was_unmatched, debug_buf);
2319 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2323 if (was_unmatched) {
2324 DUMP_PARSE_EXPR_DEBUG("\nUnmatched '\n", f, bb);
2326 DUMP_PARSE_EXPR_DEBUG(debug_buf, f, bb);
2329 ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
2332 ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
2335 LOG_COND_STATUS(ctx, f, bb, " elif");
2343 static apr_status_t handle_else(include_ctx_t *ctx, ap_filter_t *f,
2344 apr_bucket_brigade *bb)
2346 request_rec *r = f->r;
2349 ap_log_rerror(APLOG_MARK,
2350 (!(ctx->if_nesting_level)) ? APLOG_ERR : APLOG_WARNING,
2351 0, r, "else directive does not take tags in %s",
2355 if (ctx->if_nesting_level) {
2360 if (ctx->flags & SSI_FLAG_PRINTING) {
2361 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2367 LOG_COND_STATUS(ctx, f, bb, " else");
2369 if (ctx->flags & SSI_FLAG_COND_TRUE) {
2370 ctx->flags &= SSI_FLAG_CLEAR_PRINTING;
2373 ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
2382 static apr_status_t handle_endif(include_ctx_t *ctx, ap_filter_t *f,
2383 apr_bucket_brigade *bb)
2385 request_rec *r = f->r;
2388 ap_log_rerror(APLOG_MARK,
2389 (!(ctx->if_nesting_level)) ? APLOG_ERR : APLOG_WARNING,
2390 0, r, "endif directive does not take tags in %s",
2394 if (ctx->if_nesting_level) {
2395 --(ctx->if_nesting_level);
2400 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2404 LOG_COND_STATUS(ctx, f, bb, "endif");
2405 ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
2411 * <!--#set var="..." value="..." ... -->
2413 static apr_status_t handle_set(include_ctx_t *ctx, ap_filter_t *f,
2414 apr_bucket_brigade *bb)
2417 request_rec *r = f->r;
2418 request_rec *sub = r->main;
2419 apr_pool_t *p = r->pool;
2421 if (ctx->argc < 2) {
2422 ap_log_rerror(APLOG_MARK,
2423 (ctx->flags & SSI_FLAG_PRINTING)
2424 ? APLOG_ERR : APLOG_WARNING,
2425 0, r, "missing argument for set element in %s",
2429 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2433 if (ctx->argc < 2) {
2434 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2438 /* we need to use the 'main' request pool to set notes as that is
2448 char *tag_val = NULL;
2450 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
2452 if (!tag || !tag_val) {
2456 if (!strcmp(tag, "var")) {
2457 var = ap_ssi_parse_string(ctx, tag_val, NULL, MAX_STRING_LEN,
2458 SSI_EXPAND_DROP_NAME);
2460 else if (!strcmp(tag, "value")) {
2461 char *parsed_string;
2464 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "variable must "
2465 "precede value in set directive in %s",
2467 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2471 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL,
2473 SSI_EXPAND_DROP_NAME);
2474 apr_table_setn(r->subprocess_env, apr_pstrdup(p, var),
2475 apr_pstrdup(p, parsed_string));
2478 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid tag for set "
2479 "directive in %s", r->filename);
2480 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2491 static apr_status_t handle_printenv(include_ctx_t *ctx, ap_filter_t *f,
2492 apr_bucket_brigade *bb)
2494 request_rec *r = f->r;
2495 const apr_array_header_t *arr;
2496 const apr_table_entry_t *elts;
2500 ap_log_rerror(APLOG_MARK,
2501 (ctx->flags & SSI_FLAG_PRINTING)
2502 ? APLOG_ERR : APLOG_WARNING,
2503 0, r, "printenv directive does not take tags in %s",
2507 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2512 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2516 arr = apr_table_elts(r->subprocess_env);
2517 elts = (apr_table_entry_t *)arr->elts;
2519 for (i = 0; i < arr->nelts; ++i) {
2520 const char *key_text, *val_text;
2521 char *key_val, *next;
2522 apr_size_t k_len, v_len, kv_length;
2525 key_text = ap_escape_html(ctx->dpool, elts[i].key);
2526 k_len = strlen(key_text);
2529 val_text = elts[i].val;
2530 if (val_text == LAZY_VALUE) {
2531 val_text = add_include_vars_lazy(r, elts[i].key);
2533 val_text = ap_escape_html(ctx->dpool, elts[i].val);
2534 v_len = strlen(val_text);
2536 /* assemble result */
2537 kv_length = k_len + v_len + sizeof("=\n");
2538 key_val = apr_palloc(ctx->pool, kv_length);
2541 memcpy(next, key_text, k_len);
2544 memcpy(next, val_text, v_len);
2549 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(key_val, kv_length-1,
2550 ctx->pool, f->c->bucket_alloc));
2559 * +-------------------------------------------------------+
2561 * | Main Includes-Filter Engine
2563 * +-------------------------------------------------------+
2566 /* This is an implementation of the BNDM search algorithm.
2568 * Fast and Flexible String Matching by Combining Bit-parallelism and
2569 * Suffix Automata (2001)
2570 * Gonzalo Navarro, Mathieu Raffinot
2572 * http://www-igm.univ-mlv.fr/~raffinot/ftp/jea2001.ps.gz
2574 * Initial code submitted by Sascha Schumann.
2577 /* Precompile the bndm_t data structure. */
2578 static bndm_t *bndm_compile(apr_pool_t *pool, const char *n, apr_size_t nl)
2581 const char *ne = n + nl;
2582 bndm_t *t = apr_palloc(pool, sizeof(*t));
2584 memset(t->T, 0, sizeof(unsigned int) * 256);
2585 t->pattern_len = nl;
2587 for (x = 1; n < ne; x <<= 1) {
2588 t->T[(unsigned char) *n++] |= x;
2596 /* Implements the BNDM search algorithm (as described above).
2598 * h - the string to look in
2599 * hl - length of the string to look for
2600 * t - precompiled bndm structure against the pattern
2602 * Returns the count of character that is the first match or hl if no
2605 static apr_size_t bndm(bndm_t *t, const char *h, apr_size_t hl)
2608 const char *he, *p, *pi;
2609 unsigned int *T, x, d;
2616 nl = t->pattern_len;
2618 pi = h - 1; /* pi: p initial */
2619 p = pi + nl; /* compare window right to left. point to the first char */
2625 d &= T[(unsigned char) *p--];
2648 * returns the index position of the first byte of start_seq (or the len of
2649 * the buffer as non-match)
2651 static apr_size_t find_start_sequence(include_ctx_t *ctx, const char *data,
2654 struct ssi_internal_ctx *intern = ctx->intern;
2655 apr_size_t slen = intern->start_seq_pat->pattern_len;
2660 p = data; /* try partial match at the end of the buffer (below) */
2663 /* try fast bndm search over the buffer
2664 * (hopefully the whole start sequence can be found in this buffer)
2666 index = bndm(intern->start_seq_pat, data, len);
2668 /* wow, found it. ready. */
2670 intern->state = PARSE_DIRECTIVE;
2674 /* ok, the pattern can't be found as whole in the buffer,
2675 * check the end for a partial match
2677 p = data + len - slen + 1;
2683 while (p < ep && *p != *intern->start_seq) {
2689 /* found a possible start_seq start */
2694 while (p < ep && *p == intern->start_seq[pos]) {
2699 /* partial match found. Store the info for the next round */
2701 intern->state = PARSE_HEAD;
2702 intern->parse_pos = pos;
2707 /* we must try all combinations; consider (e.g.) SSIStartTag "--->"
2708 * and a string data of "--.-" and the end of the buffer
2710 p = data + index + 1;
2718 * returns the first byte *after* the partial (or final) match.
2720 * If we had to trick with the start_seq start, 'release' returns the
2721 * number of chars of the start_seq which appeared not to be part of a
2722 * full tag and may have to be passed down the filter chain.
2724 static apr_size_t find_partial_start_sequence(include_ctx_t *ctx,
2727 apr_size_t *release)
2729 struct ssi_internal_ctx *intern = ctx->intern;
2730 apr_size_t pos, spos = 0;
2731 apr_size_t slen = intern->start_seq_pat->pattern_len;
2734 pos = intern->parse_pos;
2741 while (p < ep && pos < slen && *p == intern->start_seq[pos]) {
2748 intern->state = PARSE_DIRECTIVE;
2752 /* the whole buffer is a partial match */
2754 intern->parse_pos = pos;
2758 /* No match so far, but again:
2759 * We must try all combinations, since the start_seq is a random
2760 * user supplied string
2762 * So: look if the first char of start_seq appears somewhere within
2763 * the current partial match. If it does, try to start a match that
2764 * begins with this offset. (This can happen, if a strange
2765 * start_seq like "---->" spans buffers)
2767 if (spos < intern->parse_pos) {
2771 p = intern->start_seq + spos;
2772 pos = intern->parse_pos - spos;
2774 while (pos && *p != *intern->start_seq) {
2781 /* if a matching beginning char was found, try to match the
2782 * remainder of the old buffer.
2788 while (t < pos && *p == intern->start_seq[t]) {
2794 /* yeah, another partial match found in the *old*
2795 * buffer, now test the *current* buffer for
2809 } while (1); /* work hard to find a match ;-) */
2811 /* no match at all, release all (wrongly) matched chars so far */
2812 *release = intern->parse_pos;
2813 intern->state = PARSE_PRE_HEAD;
2818 * returns the position after the directive
2820 static apr_size_t find_directive(include_ctx_t *ctx, const char *data,
2821 apr_size_t len, char ***store,
2822 apr_size_t **store_len)
2824 struct ssi_internal_ctx *intern = ctx->intern;
2825 const char *p = data;
2826 const char *ep = data + len;
2829 switch (intern->state) {
2830 case PARSE_DIRECTIVE:
2831 while (p < ep && !apr_isspace(*p)) {
2832 /* we have to consider the case of missing space between directive
2833 * and end_seq (be somewhat lenient), e.g. <!--#printenv-->
2835 if (*p == *intern->end_seq) {
2836 intern->state = PARSE_DIRECTIVE_TAIL;
2837 intern->parse_pos = 1;
2844 if (p < ep) { /* found delimiter whitespace */
2845 intern->state = PARSE_DIRECTIVE_POSTNAME;
2846 *store = &intern->directive;
2847 *store_len = &intern->directive_len;
2852 case PARSE_DIRECTIVE_TAIL:
2853 pos = intern->parse_pos;
2855 while (p < ep && pos < intern->end_seq_len &&
2856 *p == intern->end_seq[pos]) {
2861 /* full match, we're done */
2862 if (pos == intern->end_seq_len) {
2863 intern->state = PARSE_DIRECTIVE_POSTTAIL;
2864 *store = &intern->directive;
2865 *store_len = &intern->directive_len;
2869 /* partial match, the buffer is too small to match fully */
2871 intern->parse_pos = pos;
2875 /* no match. continue normal parsing */
2876 intern->state = PARSE_DIRECTIVE;
2879 case PARSE_DIRECTIVE_POSTTAIL:
2880 intern->state = PARSE_EXECUTE;
2881 intern->directive_len -= intern->end_seq_len;
2882 /* continue immediately with the next state */
2884 case PARSE_DIRECTIVE_POSTNAME:
2885 if (PARSE_DIRECTIVE_POSTNAME == intern->state) {
2886 intern->state = PARSE_PRE_ARG;
2889 intern->argv = NULL;
2891 if (!intern->directive_len) {
2893 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, intern->r, "missing "
2894 "directive name in parsed document %s",
2895 intern->r->filename);
2898 char *sp = intern->directive;
2899 char *sep = intern->directive + intern->directive_len;
2901 /* normalize directive name */
2902 for (; sp < sep; ++sp) {
2903 *sp = apr_tolower(*sp);
2910 /* get a rid of a gcc warning about unhandled enumerations */
2918 * find out whether the next token is (a possible) end_seq or an argument
2920 static apr_size_t find_arg_or_tail(include_ctx_t *ctx, const char *data,
2923 struct ssi_internal_ctx *intern = ctx->intern;
2924 const char *p = data;
2925 const char *ep = data + len;
2927 /* skip leading WS */
2928 while (p < ep && apr_isspace(*p)) {
2932 /* buffer doesn't consist of whitespaces only */
2934 intern->state = (*p == *intern->end_seq) ? PARSE_TAIL : PARSE_ARG;
2941 * test the stream for end_seq. If it doesn't match at all, it must be an
2944 static apr_size_t find_tail(include_ctx_t *ctx, const char *data,
2947 struct ssi_internal_ctx *intern = ctx->intern;
2948 const char *p = data;
2949 const char *ep = data + len;
2950 apr_size_t pos = intern->parse_pos;
2952 if (PARSE_TAIL == intern->state) {
2953 intern->state = PARSE_TAIL_SEQ;
2954 pos = intern->parse_pos = 0;
2957 while (p < ep && pos < intern->end_seq_len && *p == intern->end_seq[pos]) {
2962 /* bingo, full match */
2963 if (pos == intern->end_seq_len) {
2964 intern->state = PARSE_EXECUTE;
2968 /* partial match, the buffer is too small to match fully */
2970 intern->parse_pos = pos;
2974 /* no match. It must be an argument string then
2975 * The caller should cleanup and rewind to the reparse point
2977 intern->state = PARSE_ARG;
2982 * extract name=value from the buffer
2983 * A pcre-pattern could look (similar to):
2984 * name\s*(?:=\s*(["'`]?)value\1(?>\s*))?
2986 static apr_size_t find_argument(include_ctx_t *ctx, const char *data,
2987 apr_size_t len, char ***store,
2988 apr_size_t **store_len)
2990 struct ssi_internal_ctx *intern = ctx->intern;
2991 const char *p = data;
2992 const char *ep = data + len;
2994 switch (intern->state) {
2997 * create argument structure and append it to the current list
2999 intern->current_arg = apr_palloc(ctx->dpool,
3000 sizeof(*intern->current_arg));
3001 intern->current_arg->next = NULL;
3004 if (!intern->argv) {
3005 intern->argv = intern->current_arg;
3008 arg_item_t *newarg = intern->argv;
3010 while (newarg->next) {
3011 newarg = newarg->next;
3013 newarg->next = intern->current_arg;
3016 /* check whether it's a valid one. If it begins with a quote, we
3017 * can safely assume, someone forgot the name of the argument
3020 case '"': case '\'': case '`':
3023 intern->state = PARSE_ARG_VAL;
3024 intern->quote = *p++;
3025 intern->current_arg->name = NULL;
3026 intern->current_arg->name_len = 0;
3029 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, intern->r, "missing "
3030 "argument name for value to tag %s in %s",
3031 apr_pstrmemdup(intern->r->pool, intern->directive,
3032 intern->directive_len),
3033 intern->r->filename);
3038 intern->state = PARSE_ARG_NAME;
3040 /* continue immediately with next state */
3042 case PARSE_ARG_NAME:
3043 while (p < ep && !apr_isspace(*p) && *p != '=') {
3048 intern->state = PARSE_ARG_POSTNAME;
3049 *store = &intern->current_arg->name;
3050 *store_len = &intern->current_arg->name_len;
3055 case PARSE_ARG_POSTNAME:
3056 intern->current_arg->name = apr_pstrmemdup(ctx->dpool,
3057 intern->current_arg->name,
3058 intern->current_arg->name_len);
3059 if (!intern->current_arg->name_len) {
3061 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, intern->r, "missing "
3062 "argument name for value to tag %s in %s",
3063 apr_pstrmemdup(intern->r->pool, intern->directive,
3064 intern->directive_len),
3065 intern->r->filename);
3068 char *sp = intern->current_arg->name;
3070 /* normalize the name */
3072 *sp = apr_tolower(*sp);
3077 intern->state = PARSE_ARG_EQ;
3078 /* continue with next state immediately */
3083 while (p < ep && apr_isspace(*p)) {
3089 intern->state = PARSE_ARG_PREVAL;
3092 else { /* no value */
3093 intern->current_arg->value = NULL;
3094 intern->state = PARSE_PRE_ARG;
3101 case PARSE_ARG_PREVAL:
3104 while (p < ep && apr_isspace(*p)) {
3108 /* buffer doesn't consist of whitespaces only */
3110 intern->state = PARSE_ARG_VAL;
3112 case '"': case '\'': case '`':
3113 intern->quote = *p++;
3116 intern->quote = '\0';
3124 case PARSE_ARG_VAL_ESC:
3125 if (*p == intern->quote) {
3128 intern->state = PARSE_ARG_VAL;
3129 /* continue with next state immediately */
3132 for (; p < ep; ++p) {
3133 if (intern->quote && *p == '\\') {
3136 intern->state = PARSE_ARG_VAL_ESC;
3140 if (*p != intern->quote) {
3144 else if (intern->quote && *p == intern->quote) {
3146 *store = &intern->current_arg->value;
3147 *store_len = &intern->current_arg->value_len;
3148 intern->state = PARSE_ARG_POSTVAL;
3151 else if (!intern->quote && apr_isspace(*p)) {
3153 *store = &intern->current_arg->value;
3154 *store_len = &intern->current_arg->value_len;
3155 intern->state = PARSE_ARG_POSTVAL;
3162 case PARSE_ARG_POSTVAL:
3164 * The value is still the raw input string. Finally clean it up.
3166 --(intern->current_arg->value_len);
3167 intern->current_arg->value[intern->current_arg->value_len] = '\0';
3169 /* strip quote escaping \ from the string */
3170 if (intern->quote) {
3171 apr_size_t shift = 0;
3174 sp = intern->current_arg->value;
3175 ep = intern->current_arg->value + intern->current_arg->value_len;
3176 while (sp < ep && *sp != '\\') {
3179 for (; sp < ep; ++sp) {
3180 if (*sp == '\\' && sp[1] == intern->quote) {
3189 intern->current_arg->value_len -= shift;
3192 intern->current_arg->value[intern->current_arg->value_len] = '\0';
3193 intern->state = PARSE_PRE_ARG;
3198 /* get a rid of a gcc warning about unhandled enumerations */
3202 return len; /* partial match of something */
3206 * This is the main loop over the current bucket brigade.
3208 static apr_status_t send_parsed_content(ap_filter_t *f, apr_bucket_brigade *bb)
3210 include_ctx_t *ctx = f->ctx;
3211 struct ssi_internal_ctx *intern = ctx->intern;
3212 request_rec *r = f->r;
3213 apr_bucket *b = APR_BRIGADE_FIRST(bb);
3214 apr_bucket_brigade *pass_bb;
3215 apr_status_t rv = APR_SUCCESS;
3216 char *magic; /* magic pointer for sentinel use */
3219 if (APR_BRIGADE_EMPTY(bb)) {
3223 /* we may crash, since already cleaned up; hand over the responsibility
3224 * to the next filter;-)
3226 if (intern->seen_eos) {
3227 return ap_pass_brigade(f->next, bb);
3230 /* All stuff passed along has to be put into that brigade */
3231 pass_bb = apr_brigade_create(ctx->pool, f->c->bucket_alloc);
3233 /* initialization for this loop */
3234 intern->bytes_read = 0;
3239 /* loop over the current bucket brigade */
3240 while (b != APR_BRIGADE_SENTINEL(bb)) {
3241 const char *data = NULL;
3242 apr_size_t len, index, release;
3243 apr_bucket *newb = NULL;
3244 char **store = &magic;
3245 apr_size_t *store_len;
3247 /* handle meta buckets before reading any data */
3248 if (APR_BUCKET_IS_METADATA(b)) {
3249 newb = APR_BUCKET_NEXT(b);
3251 APR_BUCKET_REMOVE(b);
3253 if (APR_BUCKET_IS_EOS(b)) {
3254 intern->seen_eos = 1;
3256 /* Hit end of stream, time for cleanup ... But wait!
3257 * Perhaps we're not ready yet. We may have to loop one or
3258 * two times again to finish our work. In that case, we
3259 * just re-insert the EOS bucket to allow for an extra loop.
3261 * PARSE_EXECUTE means, we've hit a directive just before the
3262 * EOS, which is now waiting for execution.
3264 * PARSE_DIRECTIVE_POSTTAIL means, we've hit a directive with
3265 * no argument and no space between directive and end_seq
3266 * just before the EOS. (consider <!--#printenv--> as last
3267 * or only string within the stream). This state, however,
3268 * just cleans up and turns itself to PARSE_EXECUTE, which
3269 * will be passed through within the next (and actually
3272 if (PARSE_EXECUTE == intern->state ||
3273 PARSE_DIRECTIVE_POSTTAIL == intern->state) {
3274 APR_BUCKET_INSERT_BEFORE(newb, b);
3277 break; /* END OF STREAM */
3281 APR_BRIGADE_INSERT_TAIL(pass_bb, b);
3283 if (APR_BUCKET_IS_FLUSH(b)) {
3292 /* enough is enough ... */
3293 if (ctx->flush_now ||
3294 intern->bytes_read > AP_MIN_BYTES_TO_WRITE) {
3296 if (!APR_BRIGADE_EMPTY(pass_bb)) {
3297 rv = ap_pass_brigade(f->next, pass_bb);
3298 if (!APR_STATUS_IS_SUCCESS(rv)) {
3299 apr_brigade_destroy(pass_bb);
3305 intern->bytes_read = 0;
3308 /* read the current bucket data */
3310 if (!intern->seen_eos) {
3311 if (intern->bytes_read > 0) {
3312 rv = apr_bucket_read(b, &data, &len, APR_NONBLOCK_READ);
3313 if (APR_STATUS_IS_EAGAIN(rv)) {
3319 if (!len || !APR_STATUS_IS_SUCCESS(rv)) {
3320 rv = apr_bucket_read(b, &data, &len, APR_BLOCK_READ);
3323 if (!APR_STATUS_IS_SUCCESS(rv)) {
3324 apr_brigade_destroy(pass_bb);
3328 intern->bytes_read += len;
3331 /* zero length bucket, fetch next one */
3332 if (!len && !intern->seen_eos) {
3333 b = APR_BUCKET_NEXT(b);
3338 * it's actually a data containing bucket, start/continue parsing
3341 switch (intern->state) {
3342 /* no current tag; search for start sequence */
3343 case PARSE_PRE_HEAD:
3344 index = find_start_sequence(ctx, data, len);
3347 apr_bucket_split(b, index);
3350 newb = APR_BUCKET_NEXT(b);
3351 if (ctx->flags & SSI_FLAG_PRINTING) {
3352 APR_BUCKET_REMOVE(b);
3353 APR_BRIGADE_INSERT_TAIL(pass_bb, b);
3356 apr_bucket_delete(b);
3360 /* now delete the start_seq stuff from the remaining bucket */
3361 if (PARSE_DIRECTIVE == intern->state) { /* full match */
3362 apr_bucket_split(newb, intern->start_seq_pat->pattern_len);
3363 ctx->flush_now = 1; /* pass pre-tag stuff */
3366 b = APR_BUCKET_NEXT(newb);
3367 apr_bucket_delete(newb);
3375 /* we're currently looking for the end of the start sequence */
3377 index = find_partial_start_sequence(ctx, data, len, &release);
3379 /* check if we mismatched earlier and have to release some chars */
3380 if (release && (ctx->flags & SSI_FLAG_PRINTING)) {
3381 char *to_release = apr_palloc(ctx->pool, release);
3383 memcpy(to_release, intern->start_seq, release);
3384 newb = apr_bucket_pool_create(to_release, release, ctx->pool,
3385 f->c->bucket_alloc);
3386 APR_BRIGADE_INSERT_TAIL(pass_bb, newb);
3389 if (index) { /* any match */
3390 /* now delete the start_seq stuff from the remaining bucket */
3391 if (PARSE_DIRECTIVE == intern->state) { /* final match */
3392 apr_bucket_split(b, index);
3393 ctx->flush_now = 1; /* pass pre-tag stuff */
3395 newb = APR_BUCKET_NEXT(b);
3396 apr_bucket_delete(b);
3402 /* we're currently grabbing the directive name */
3403 case PARSE_DIRECTIVE:
3404 case PARSE_DIRECTIVE_POSTNAME:
3405 case PARSE_DIRECTIVE_TAIL:
3406 case PARSE_DIRECTIVE_POSTTAIL:
3407 index = find_directive(ctx, data, len, &store, &store_len);
3410 apr_bucket_split(b, index);
3411 newb = APR_BUCKET_NEXT(b);
3416 APR_BUCKET_REMOVE(b);
3417 APR_BRIGADE_INSERT_TAIL(intern->tmp_bb, b);
3421 /* time for cleanup? */
3422 if (store != &magic) {
3423 apr_brigade_pflatten(intern->tmp_bb, store, store_len,
3425 apr_brigade_cleanup(intern->tmp_bb);
3429 apr_bucket_delete(b);
3435 /* skip WS and find out what comes next (arg or end_seq) */
3437 index = find_arg_or_tail(ctx, data, len);
3439 if (index) { /* skipped whitespaces */
3441 apr_bucket_split(b, index);
3443 newb = APR_BUCKET_NEXT(b);
3444 apr_bucket_delete(b);
3450 /* currently parsing name[=val] */
3452 case PARSE_ARG_NAME:
3453 case PARSE_ARG_POSTNAME:
3455 case PARSE_ARG_PREVAL:
3457 case PARSE_ARG_VAL_ESC:
3458 case PARSE_ARG_POSTVAL:
3459 index = find_argument(ctx, data, len, &store, &store_len);
3462 apr_bucket_split(b, index);
3463 newb = APR_BUCKET_NEXT(b);
3468 APR_BUCKET_REMOVE(b);
3469 APR_BRIGADE_INSERT_TAIL(intern->tmp_bb, b);
3473 /* time for cleanup? */
3474 if (store != &magic) {
3475 apr_brigade_pflatten(intern->tmp_bb, store, store_len,
3477 apr_brigade_cleanup(intern->tmp_bb);
3481 apr_bucket_delete(b);
3487 /* try to match end_seq at current pos. */
3489 case PARSE_TAIL_SEQ:
3490 index = find_tail(ctx, data, len);
3492 switch (intern->state) {
3493 case PARSE_EXECUTE: /* full match */
3494 apr_bucket_split(b, index);
3495 newb = APR_BUCKET_NEXT(b);
3496 apr_bucket_delete(b);
3500 case PARSE_ARG: /* no match */
3501 /* PARSE_ARG must reparse at the beginning */
3502 APR_BRIGADE_PREPEND(bb, intern->tmp_bb);
3503 b = APR_BRIGADE_FIRST(bb);
3506 default: /* partial match */
3507 newb = APR_BUCKET_NEXT(b);
3508 APR_BUCKET_REMOVE(b);
3509 APR_BRIGADE_INSERT_TAIL(intern->tmp_bb, b);
3516 /* now execute the parsed directive, cleanup the space and
3517 * start again with PARSE_PRE_HEAD
3520 /* if there was an error, it was already logged; just stop here */
3521 if (intern->error) {
3522 if (ctx->flags & SSI_FLAG_PRINTING) {
3523 SSI_CREATE_ERROR_BUCKET(ctx, f, pass_bb);
3528 include_handler_fn_t *handle_func;
3530 handle_func = apr_hash_get(include_handlers, intern->directive,
3531 intern->directive_len);
3534 rv = handle_func(ctx, f, pass_bb);
3535 if (!APR_STATUS_IS_SUCCESS(rv)) {
3536 apr_brigade_destroy(pass_bb);
3541 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
3542 "unknown directive \"%s\" in parsed doc %s",
3543 apr_pstrmemdup(r->pool, intern->directive,
3544 intern->directive_len),
3546 if (ctx->flags & SSI_FLAG_PRINTING) {
3547 SSI_CREATE_ERROR_BUCKET(ctx, f, pass_bb);
3553 apr_pool_clear(ctx->dpool);
3554 apr_brigade_cleanup(intern->tmp_bb);
3556 /* Oooof. Done here, start next round */
3557 intern->state = PARSE_PRE_HEAD;
3560 } /* switch(ctx->state) */
3562 } /* while(brigade) */
3564 /* End of stream. Final cleanup */
3565 if (intern->seen_eos) {
3566 if (PARSE_HEAD == intern->state) {
3567 if (ctx->flags & SSI_FLAG_PRINTING) {
3568 char *to_release = apr_palloc(ctx->pool, intern->parse_pos);
3570 memcpy(to_release, intern->start_seq, intern->parse_pos);
3571 APR_BRIGADE_INSERT_TAIL(pass_bb,
3572 apr_bucket_pool_create(to_release,
3573 intern->parse_pos, ctx->pool,
3574 f->c->bucket_alloc));
3577 else if (PARSE_PRE_HEAD != intern->state) {
3578 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
3579 "SSI directive was not properly finished at the end "
3580 "of parsed document %s", r->filename);
3581 if (ctx->flags & SSI_FLAG_PRINTING) {
3582 SSI_CREATE_ERROR_BUCKET(ctx, f, pass_bb);
3586 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
3587 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
3588 "missing closing endif directive in parsed document"
3589 " %s", r->filename);
3592 /* cleanup our temporary memory */
3593 apr_brigade_destroy(intern->tmp_bb);
3594 apr_pool_destroy(ctx->dpool);
3596 /* don't forget to finally insert the EOS bucket */
3597 APR_BRIGADE_INSERT_TAIL(pass_bb, b);
3600 /* if something's left over, pass it along */
3601 if (!APR_BRIGADE_EMPTY(pass_bb)) {
3602 rv = ap_pass_brigade(f->next, pass_bb);
3608 apr_brigade_destroy(pass_bb);
3614 * +-------------------------------------------------------+
3618 * +-------------------------------------------------------+
3621 static int includes_setup(ap_filter_t *f)
3623 include_dir_config *conf = ap_get_module_config(f->r->per_dir_config,
3626 /* When our xbithack value isn't set to full or our platform isn't
3627 * providing group-level protection bits or our group-level bits do not
3628 * have group-execite on, we will set the no_local_copy value to 1 so
3629 * that we will not send 304s.
3631 if ((conf->xbithack != XBITHACK_FULL)
3632 || !(f->r->finfo.valid & APR_FINFO_GPROT)
3633 || !(f->r->finfo.protection & APR_GEXECUTE)) {
3634 f->r->no_local_copy = 1;
3640 static apr_status_t includes_filter(ap_filter_t *f, apr_bucket_brigade *b)
3642 request_rec *r = f->r;
3643 include_ctx_t *ctx = f->ctx;
3644 request_rec *parent;
3645 include_dir_config *conf = ap_get_module_config(r->per_dir_config,
3648 include_server_config *sconf= ap_get_module_config(r->server->module_config,
3651 if (!(ap_allow_options(r) & OPT_INCLUDES)) {
3652 return ap_pass_brigade(f->next, b);
3656 struct ssi_internal_ctx *intern;
3658 /* create context for this filter */
3659 f->ctx = ctx = apr_palloc(r->pool, sizeof(*ctx));
3660 ctx->intern = intern = apr_palloc(r->pool, sizeof(*ctx->intern));
3661 ctx->pool = r->pool;
3662 apr_pool_create(&ctx->dpool, ctx->pool);
3665 intern->tmp_bb = apr_brigade_create(ctx->pool, f->c->bucket_alloc);
3666 intern->seen_eos = 0;
3667 intern->state = PARSE_PRE_HEAD;
3668 ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
3669 if (ap_allow_options(r) & OPT_INCNOEXEC) {
3670 ctx->flags |= SSI_FLAG_NO_EXEC;
3673 ctx->if_nesting_level = 0;
3676 ctx->error_str = conf->default_error_msg;
3677 ctx->time_str = conf->default_time_fmt;
3678 intern->start_seq = sconf->default_start_tag;
3679 intern->start_seq_pat = bndm_compile(ctx->pool, intern->start_seq,
3680 strlen(intern->start_seq));
3681 intern->end_seq = sconf->default_end_tag;
3682 intern->end_seq_len = strlen(intern->end_seq);
3685 if ((parent = ap_get_module_config(r->request_config, &include_module))) {
3686 /* Kludge --- for nested includes, we want to keep the subprocess
3687 * environment of the base document (for compatibility); that means
3688 * torquing our own last_modified date as well so that the
3689 * LAST_MODIFIED variable gets reset to the proper value if the
3690 * nested document resets <!--#config timefmt -->.
3692 r->subprocess_env = r->main->subprocess_env;
3693 apr_pool_join(r->main->pool, r->pool);
3694 r->finfo.mtime = r->main->finfo.mtime;
3697 /* we're not a nested include, so we create an initial
3699 ap_add_common_vars(r);
3701 add_include_vars(r, conf->default_time_fmt);
3703 /* Always unset the content-length. There is no way to know if
3704 * the content will be modified at some point by send_parsed_content.
3705 * It is very possible for us to not find any content in the first
3706 * 9k of the file, but still have to modify the content of the file.
3707 * If we are going to pass the file through send_parsed_content, then
3708 * the content-length should just be unset.
3710 apr_table_unset(f->r->headers_out, "Content-Length");
3712 /* Always unset the ETag/Last-Modified fields - see RFC2616 - 13.3.4.
3713 * We don't know if we are going to be including a file or executing
3714 * a program which may change the Last-Modified header or make the
3715 * content completely dynamic. Therefore, we can't support these
3717 * Exception: XBitHack full means we *should* set the Last-Modified field.
3719 apr_table_unset(f->r->headers_out, "ETag");
3721 /* Assure the platform supports Group protections */
3722 if ((conf->xbithack == XBITHACK_FULL)
3723 && (r->finfo.valid & APR_FINFO_GPROT)
3724 && (r->finfo.protection & APR_GEXECUTE)) {
3725 ap_update_mtime(r, r->finfo.mtime);
3726 ap_set_last_modified(r);
3729 apr_table_unset(f->r->headers_out, "Last-Modified");
3732 /* add QUERY stuff to env cause it ain't yet */
3734 char *arg_copy = apr_pstrdup(r->pool, r->args);
3736 apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
3737 ap_unescape_url(arg_copy);
3738 apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
3739 ap_escape_shell_cmd(r->pool, arg_copy));
3742 return send_parsed_content(f, b);
3745 static int include_fixup(request_rec *r)
3747 include_dir_config *conf;
3749 conf = ap_get_module_config(r->per_dir_config, &include_module);
3751 if (r->handler && (strcmp(r->handler, "server-parsed") == 0))
3753 if (!r->content_type || !*r->content_type) {
3754 ap_set_content_type(r, "text/html");
3756 r->handler = "default-handler";
3759 #if defined(OS2) || defined(WIN32) || defined(NETWARE)
3760 /* These OS's don't support xbithack. This is being worked on. */
3766 if (conf->xbithack == XBITHACK_OFF) {
3770 if (!(r->finfo.protection & APR_UEXECUTE)) {
3774 if (!r->content_type || strcmp(r->content_type, "text/html")) {
3780 /* We always return declined, because the default handler actually
3781 * serves the file. All we have to do is add the filter.
3783 ap_add_output_filter("INCLUDES", NULL, r, r->connection);
3789 * +-------------------------------------------------------+
3791 * | Configuration Handling
3793 * +-------------------------------------------------------+
3796 static void *create_includes_dir_config(apr_pool_t *p, char *dummy)
3798 include_dir_config *result = apr_palloc(p, sizeof(include_dir_config));
3800 result->default_error_msg = DEFAULT_ERROR_MSG;
3801 result->default_time_fmt = DEFAULT_TIME_FORMAT;
3802 result->xbithack = DEFAULT_XBITHACK;
3807 static void *create_includes_server_config(apr_pool_t *p, server_rec *server)
3809 include_server_config *result;
3811 result = apr_palloc(p, sizeof(include_server_config));
3812 result->default_end_tag = DEFAULT_END_SEQUENCE;
3813 result->default_start_tag = DEFAULT_START_SEQUENCE;
3814 result->undefined_echo = DEFAULT_UNDEFINED_ECHO;
3815 result->undefined_echo_len = sizeof(DEFAULT_UNDEFINED_ECHO) - 1;
3820 static const char *set_xbithack(cmd_parms *cmd, void *mconfig, const char *arg)
3822 include_dir_config *conf = mconfig;
3824 if (!strcasecmp(arg, "off")) {
3825 conf->xbithack = XBITHACK_OFF;
3827 else if (!strcasecmp(arg, "on")) {
3828 conf->xbithack = XBITHACK_ON;
3830 else if (!strcasecmp(arg, "full")) {
3831 conf->xbithack = XBITHACK_FULL;
3834 return "XBitHack must be set to Off, On, or Full";
3840 static const char *set_default_start_tag(cmd_parms *cmd, void *mconfig,
3843 include_server_config *conf;
3844 const char *p = tag;
3846 /* be consistent. (See below in set_default_end_tag) */
3848 if (apr_isspace(*p)) {
3849 return "SSIStartTag may not contain any whitespaces";
3854 conf= ap_get_module_config(cmd->server->module_config , &include_module);
3855 conf->default_start_tag = tag;
3860 static const char *set_default_end_tag(cmd_parms *cmd, void *mconfig,
3863 include_server_config *conf;
3864 const char *p = tag;
3866 /* sanity check. The parser may fail otherwise */
3868 if (apr_isspace(*p)) {
3869 return "SSIEndTag may not contain any whitespaces";
3874 conf= ap_get_module_config(cmd->server->module_config , &include_module);
3875 conf->default_end_tag = tag;
3880 static const char *set_undefined_echo(cmd_parms *cmd, void *mconfig,
3883 include_server_config *conf;
3885 conf = ap_get_module_config(cmd->server->module_config, &include_module);
3886 conf->undefined_echo = msg;
3887 conf->undefined_echo_len = strlen(msg);
3892 static const char *set_default_error_msg(cmd_parms *cmd, void *mconfig,
3895 include_dir_config *conf = mconfig;
3896 conf->default_error_msg = msg;
3901 static const char *set_default_time_fmt(cmd_parms *cmd, void *mconfig,
3904 include_dir_config *conf = mconfig;
3905 conf->default_time_fmt = fmt;
3912 * +-------------------------------------------------------+
3914 * | Module Initialization and Configuration
3916 * +-------------------------------------------------------+
3919 static int include_post_config(apr_pool_t *p, apr_pool_t *plog,
3920 apr_pool_t *ptemp, server_rec *s)
3922 include_handlers = apr_hash_make(p);
3924 ssi_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_include_handler);
3926 if(ssi_pfn_register) {
3927 ssi_pfn_register("if", handle_if);
3928 ssi_pfn_register("set", handle_set);
3929 ssi_pfn_register("else", handle_else);
3930 ssi_pfn_register("elif", handle_elif);
3931 ssi_pfn_register("echo", handle_echo);
3932 ssi_pfn_register("endif", handle_endif);
3933 ssi_pfn_register("fsize", handle_fsize);
3934 ssi_pfn_register("config", handle_config);
3935 ssi_pfn_register("include", handle_include);
3936 ssi_pfn_register("flastmod", handle_flastmod);
3937 ssi_pfn_register("printenv", handle_printenv);
3943 static const command_rec includes_cmds[] =
3945 AP_INIT_TAKE1("XBitHack", set_xbithack, NULL, OR_OPTIONS,
3946 "Off, On, or Full"),
3947 AP_INIT_TAKE1("SSIErrorMsg", set_default_error_msg, NULL, OR_ALL,
3949 AP_INIT_TAKE1("SSITimeFormat", set_default_time_fmt, NULL, OR_ALL,
3950 "a strftime(3) formatted string"),
3951 AP_INIT_TAKE1("SSIStartTag", set_default_start_tag, NULL, RSRC_CONF,
3952 "SSI Start String Tag"),
3953 AP_INIT_TAKE1("SSIEndTag", set_default_end_tag, NULL, RSRC_CONF,
3954 "SSI End String Tag"),
3955 AP_INIT_TAKE1("SSIUndefinedEcho", set_undefined_echo, NULL, RSRC_CONF,
3956 "String to be displayed if an echoed variable is undefined"),
3960 static void ap_register_include_handler(char *tag, include_handler_fn_t *func)
3962 apr_hash_set(include_handlers, tag, strlen(tag), (const void *)func);
3965 static void register_hooks(apr_pool_t *p)
3967 APR_REGISTER_OPTIONAL_FN(ap_ssi_get_tag_and_value);
3968 APR_REGISTER_OPTIONAL_FN(ap_ssi_parse_string);
3969 APR_REGISTER_OPTIONAL_FN(ap_register_include_handler);
3970 ap_hook_post_config(include_post_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
3971 ap_hook_fixups(include_fixup, NULL, NULL, APR_HOOK_LAST);
3972 ap_register_output_filter("INCLUDES", includes_filter, includes_setup,
3976 module AP_MODULE_DECLARE_DATA include_module =
3978 STANDARD20_MODULE_STUFF,
3979 create_includes_dir_config, /* dir config creater */
3980 NULL, /* dir merger --- default is to override */
3981 create_includes_server_config,/* server config */
3982 NULL, /* merge server config */
3983 includes_cmds, /* command apr_table_t */
3984 register_hooks /* register hooks */