1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
60 * http_include.c: Handles the server-parsed HTML documents
62 * Original by Rob McCool; substantial fixups by David Robinson;
63 * incorporated into the Apache module framework by rst.
68 #include "apr_strings.h"
69 #include "apr_thread_proc.h"
73 #include "apr_optional.h"
75 #define APR_WANT_STRFUNC
76 #define APR_WANT_MEMFUNC
79 #include "ap_config.h"
80 #include "util_filter.h"
82 #include "http_config.h"
83 #include "http_core.h"
84 #include "http_request.h"
85 #include "http_core.h"
86 #include "http_protocol.h"
88 #include "http_main.h"
89 #include "util_script.h"
90 #include "http_core.h"
91 #include "mod_include.h"
93 /* helper for Latin1 <-> entity encoding */
94 #if APR_CHARSET_EBCDIC
95 #include "util_ebcdic.h"
96 #define RAW_ASCII_CHAR(ch) apr_xlate_conv_byte(ap_hdrs_from_ascii, \
98 #else /* APR_CHARSET_EBCDIC */
99 #define RAW_ASCII_CHAR(ch) (ch)
100 #endif /* !APR_CHARSET_EBCDIC */
104 * +-------------------------------------------------------+
106 * | Types and Structures
108 * +-------------------------------------------------------+
111 /* sll used for string expansion */
112 typedef struct result_item {
113 struct result_item *next;
118 /* conditional expression parser stuff */
144 typedef struct parse_node {
145 struct parse_node *parent;
146 struct parse_node *left;
147 struct parse_node *right;
163 const char *default_error_msg;
164 const char *default_time_fmt;
166 } include_dir_config;
169 const char *default_start_tag;
170 const char *default_end_tag;
171 const char *undefined_echo;
172 apr_size_t undefined_echo_len;
173 } include_server_config;
175 /* main parser states */
180 PARSE_DIRECTIVE_POSTNAME,
181 PARSE_DIRECTIVE_TAIL,
182 PARSE_DIRECTIVE_POSTTAIL,
197 typedef struct arg_item {
198 struct arg_item *next;
202 apr_size_t value_len;
205 #define MAX_NMATCH 10
211 regmatch_t match[MAX_NMATCH];
217 apr_size_t pattern_len;
220 struct ssi_internal_ctx {
224 char quote; /* quote character value (or \0) */
225 apr_size_t parse_pos; /* parse position of partial matches */
226 apr_size_t bytes_read;
228 apr_bucket_brigade *tmp_bb;
231 const char *start_seq;
232 bndm_t *start_seq_pat;
234 apr_size_t end_seq_len;
235 char *directive; /* name of the current directive */
236 apr_size_t directive_len; /* length of the current directive name */
238 arg_item_t *current_arg; /* currently parsed argument */
239 arg_item_t *argv; /* all arguments */
241 backref_t *re; /* NULL if there wasn't a regex yet */
246 apr_bucket_brigade *bb;
253 * +-------------------------------------------------------+
255 * | Debugging Utilities
257 * +-------------------------------------------------------+
262 #define TYPE_TOKEN(token, ttype) do { \
263 (token)->type = ttype; \
264 (token)->s = #ttype; \
267 #define CREATE_NODE(ctx, name) do { \
268 (name) = apr_palloc((ctx)->dpool, sizeof(*(name))); \
269 (name)->parent = (name)->left = (name)->right = NULL; \
271 (name)->dump_done = 0; \
274 static void debug_printf(include_ctx_t *ctx, const char *fmt, ...)
280 debug__str = apr_pvsprintf(ctx->pool, fmt, ap);
283 APR_BRIGADE_INSERT_TAIL(ctx->intern->debug.bb, apr_bucket_pool_create(
284 debug__str, strlen(debug__str), ctx->pool,
285 ctx->intern->debug.f->c->bucket_alloc));
288 #define DUMP__CHILD(ctx, is, node, child) if (1) { \
289 parse_node_t *d__c = node->child; \
291 if (!d__c->dump_done) { \
292 if (d__c->parent != node) { \
293 debug_printf(ctx, "!!! Parse tree is not consistent !!!\n"); \
294 if (!d__c->parent) { \
295 debug_printf(ctx, "Parent of " #child " child node is " \
299 debug_printf(ctx, "Parent of " #child " child node " \
300 "points to another node (of type %s)!\n", \
301 d__c->parent->token.s); \
310 debug_printf(ctx, "%s(missing)\n", is); \
314 static void debug_dump_tree(include_ctx_t *ctx, parse_node_t *root)
316 parse_node_t *current;
320 debug_printf(ctx, " -- Parse Tree empty --\n\n");
324 debug_printf(ctx, " ----- Parse Tree -----\n");
329 switch (current->token.type) {
332 debug_printf(ctx, "%s%s (%s)\n", is, current->token.s,
333 current->token.value);
334 current->dump_done = 1;
335 current = current->parent;
342 if (!current->dump_done) {
343 debug_printf(ctx, "%s%s\n", is, current->token.s);
344 is = apr_pstrcat(ctx->dpool, is, " ", NULL);
345 current->dump_done = 1;
348 DUMP__CHILD(ctx, is, current, right)
350 if (!current->right || current->right->dump_done) {
351 is = apr_pstrmemdup(ctx->dpool, is, strlen(is) - 4);
352 if (current->right) current->right->dump_done = 0;
353 current = current->parent;
358 if (!current->dump_done) {
359 debug_printf(ctx, "%s%s\n", is, current->token.s);
360 is = apr_pstrcat(ctx->dpool, is, " ", NULL);
361 current->dump_done = 1;
364 DUMP__CHILD(ctx, is, current, left)
365 DUMP__CHILD(ctx, is, current, right)
367 if ((!current->left || current->left->dump_done) &&
368 (!current->right || current->right->dump_done)) {
370 is = apr_pstrmemdup(ctx->dpool, is, strlen(is) - 4);
371 if (current->left) current->left->dump_done = 0;
372 if (current->right) current->right->dump_done = 0;
373 current = current->parent;
379 /* it is possible to call this function within the parser loop, to see
380 * how the tree is built. That way, we must cleanup after us to dump
381 * always the whole tree
384 if (root->left) root->left->dump_done = 0;
385 if (root->right) root->right->dump_done = 0;
387 debug_printf(ctx, " --- End Parse Tree ---\n\n");
392 #define DEBUG_INIT(ctx, filter, brigade) do { \
393 (ctx)->intern->debug.f = filter; \
394 (ctx)->intern->debug.bb = brigade; \
397 #define DEBUG_PRINTF(arg) debug_printf arg
399 #define DEBUG_DUMP_TOKEN(ctx, token) do { \
400 token_t *d__t = (token); \
402 if (d__t->type == TOKEN_STRING || d__t->type == TOKEN_RE) { \
403 DEBUG_PRINTF(((ctx), " Found: %s (%s)\n", d__t->s, d__t->value)); \
406 DEBUG_PRINTF((ctx, " Found: %s\n", d__t->s)); \
410 #define DEBUG_DUMP_EVAL(ctx, node) do { \
412 switch ((node)->token.type) { \
414 debug_printf((ctx), " Evaluate: %s (%s) -> %c\n", (node)->token.s,\
415 (node)->token.value, ((node)->value) ? '1':'0'); \
419 debug_printf((ctx), " Evaluate: %s (Left: %s; Right: %s) -> %c\n",\
421 (((node)->left->done) ? ((node)->left->value ?"1":"0") \
422 : "short circuited"), \
423 (((node)->right->done) ? ((node)->right->value?"1":"0") \
424 : "short circuited"), \
425 (node)->value ? '1' : '0'); \
433 if ((node)->right->token.type == TOKEN_RE) c = '/'; \
434 debug_printf((ctx), " Compare: %s (\"%s\" with %c%s%c) -> %c\n", \
436 (node)->left->token.value, \
437 c, (node)->right->token.value, c, \
438 (node)->value ? '1' : '0'); \
441 debug_printf((ctx), " Evaluate: %s -> %c\n", (node)->token.s, \
442 (node)->value ? '1' : '0'); \
447 #define DEBUG_DUMP_UNMATCHED(ctx, unmatched) do { \
449 DEBUG_PRINTF(((ctx), " Unmatched %c\n", (char)(unmatched))); \
453 #define DEBUG_DUMP_COND(ctx, text) \
454 DEBUG_PRINTF(((ctx), "**** %s cond status=\"%c\"\n", (text), \
455 ((ctx)->flags & SSI_FLAG_COND_TRUE) ? '1' : '0'))
457 #define DEBUG_DUMP_TREE(ctx, root) debug_dump_tree(ctx, root)
459 #else /* DEBUG_INCLUDE */
461 #define TYPE_TOKEN(token, ttype) (token)->type = ttype
463 #define CREATE_NODE(ctx, name) do { \
464 (name) = apr_palloc((ctx)->dpool, sizeof(*(name))); \
465 (name)->parent = (name)->left = (name)->right = NULL; \
469 #define DEBUG_INIT(ctx, f, bb)
470 #define DEBUG_PRINTF(arg)
471 #define DEBUG_DUMP_TOKEN(ctx, token)
472 #define DEBUG_DUMP_EVAL(ctx, node)
473 #define DEBUG_DUMP_UNMATCHED(ctx, unmatched)
474 #define DEBUG_DUMP_COND(ctx, text)
475 #define DEBUG_DUMP_TREE(ctx, root)
477 #endif /* !DEBUG_INCLUDE */
481 * +-------------------------------------------------------+
483 * | Static Module Data
485 * +-------------------------------------------------------+
488 /* global module structure */
489 module AP_MODULE_DECLARE_DATA include_module;
491 /* function handlers for include directives */
492 static apr_hash_t *include_handlers;
494 /* forward declaration of handler registry */
495 static APR_OPTIONAL_FN_TYPE(ap_register_include_handler) *ssi_pfn_register;
497 /* Sentinel value to store in subprocess_env for items that
498 * shouldn't be evaluated until/unless they're actually used
500 static const char lazy_eval_sentinel;
501 #define LAZY_VALUE (&lazy_eval_sentinel)
504 #define DEFAULT_START_SEQUENCE "<!--#"
505 #define DEFAULT_END_SEQUENCE "-->"
506 #define DEFAULT_ERROR_MSG "[an error occurred while processing this directive]"
507 #define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
508 #define DEFAULT_UNDEFINED_ECHO "(none)"
511 #define DEFAULT_XBITHACK XBITHACK_FULL
513 #define DEFAULT_XBITHACK XBITHACK_OFF
518 * +-------------------------------------------------------+
520 * | Environment/Expansion Functions
522 * +-------------------------------------------------------+
526 * decodes a string containing html entities or numeric character references.
527 * 's' is overwritten with the decoded string.
528 * If 's' is syntatically incorrect, then the followed fixups will be made:
529 * unknown entities will be left undecoded;
530 * references to unused numeric characters will be deleted.
531 * In particular, � will not be decoded, but will be deleted.
534 /* maximum length of any ISO-LATIN-1 HTML entity name. */
535 #define MAXENTLEN (6)
537 /* The following is a shrinking transformation, therefore safe. */
539 static void decodehtml(char *s)
544 static const char * const entlist[MAXENTLEN + 1] =
548 "lt\074gt\076", /* 2 */
549 "amp\046ETH\320eth\360", /* 3 */
550 "quot\042Auml\304Euml\313Iuml\317Ouml\326Uuml\334auml\344euml"
551 "\353iuml\357ouml\366uuml\374yuml\377", /* 4 */
553 "Acirc\302Aring\305AElig\306Ecirc\312Icirc\316Ocirc\324Ucirc"
554 "\333THORN\336szlig\337acirc\342aring\345aelig\346ecirc\352"
555 "icirc\356ocirc\364ucirc\373thorn\376", /* 5 */
557 "Agrave\300Aacute\301Atilde\303Ccedil\307Egrave\310Eacute\311"
558 "Igrave\314Iacute\315Ntilde\321Ograve\322Oacute\323Otilde"
559 "\325Oslash\330Ugrave\331Uacute\332Yacute\335agrave\340"
560 "aacute\341atilde\343ccedil\347egrave\350eacute\351igrave"
561 "\354iacute\355ntilde\361ograve\362oacute\363otilde\365"
562 "oslash\370ugrave\371uacute\372yacute\375" /* 6 */
565 /* Do a fast scan through the string until we find anything
566 * that needs more complicated handling
568 for (; *s != '&'; s++) {
574 for (p = s; *s != '\0'; s++, p++) {
579 /* find end of entity */
580 for (i = 1; s[i] != ';' && s[i] != '\0'; i++) {
584 if (s[i] == '\0') { /* treat as normal data */
589 /* is it numeric ? */
591 for (j = 2, val = 0; j < i && apr_isdigit(s[j]); j++) {
592 val = val * 10 + s[j] - '0';
595 if (j < i || val <= 8 || (val >= 11 && val <= 31) ||
596 (val >= 127 && val <= 160) || val >= 256) {
597 p--; /* no data to output */
600 *p = RAW_ASCII_CHAR(val);
605 if (j > MAXENTLEN || entlist[j] == NULL) {
608 continue; /* skip it */
610 for (ents = entlist[j]; *ents != '\0'; ents += i) {
611 if (strncmp(s + 1, ents, j) == 0) {
617 *p = '&'; /* unknown */
620 *p = RAW_ASCII_CHAR(((const unsigned char *) ents)[j]);
629 static void add_include_vars(request_rec *r, const char *timefmt)
631 apr_table_t *e = r->subprocess_env;
634 apr_table_setn(e, "DATE_LOCAL", LAZY_VALUE);
635 apr_table_setn(e, "DATE_GMT", LAZY_VALUE);
636 apr_table_setn(e, "LAST_MODIFIED", LAZY_VALUE);
637 apr_table_setn(e, "DOCUMENT_URI", r->uri);
638 if (r->path_info && *r->path_info) {
639 apr_table_setn(e, "DOCUMENT_PATH_INFO", r->path_info);
641 apr_table_setn(e, "USER_NAME", LAZY_VALUE);
642 if ((t = strrchr(r->filename, '/'))) {
643 apr_table_setn(e, "DOCUMENT_NAME", ++t);
646 apr_table_setn(e, "DOCUMENT_NAME", r->uri);
649 char *arg_copy = apr_pstrdup(r->pool, r->args);
651 ap_unescape_url(arg_copy);
652 apr_table_setn(e, "QUERY_STRING_UNESCAPED",
653 ap_escape_shell_cmd(r->pool, arg_copy));
657 static const char *add_include_vars_lazy(request_rec *r, const char *var)
660 if (!strcasecmp(var, "DATE_LOCAL")) {
661 include_dir_config *conf =
662 (include_dir_config *)ap_get_module_config(r->per_dir_config,
664 val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 0);
666 else if (!strcasecmp(var, "DATE_GMT")) {
667 include_dir_config *conf =
668 (include_dir_config *)ap_get_module_config(r->per_dir_config,
670 val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 1);
672 else if (!strcasecmp(var, "LAST_MODIFIED")) {
673 include_dir_config *conf =
674 (include_dir_config *)ap_get_module_config(r->per_dir_config,
676 val = ap_ht_time(r->pool, r->finfo.mtime, conf->default_time_fmt, 0);
678 else if (!strcasecmp(var, "USER_NAME")) {
679 if (apr_get_username(&val, r->finfo.user, r->pool) != APR_SUCCESS) {
688 apr_table_setn(r->subprocess_env, var, val);
693 static const char *get_include_var(const char *var, include_ctx_t *ctx)
696 request_rec *r = ctx->intern->r;
698 if (apr_isdigit(*var) && !var[1]) {
699 apr_size_t idx = *var - '0';
700 backref_t *re = ctx->intern->re;
702 /* Handle $0 .. $9 from the last regex evaluated.
703 * The choice of returning NULL strings on not-found,
704 * v.s. empty strings on an empty match is deliberate.
707 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "regex capture $%d "
708 "refers to no regex in %s", idx, r->filename);
712 if (re->nsub < idx) {
713 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
714 "regex capture $%d is out of range (last regex "
715 "was: '%s') in %s", idx, re->rexp, r->filename);
719 if (re->match[idx].rm_so < 0 || re->match[idx].rm_eo < 0) {
723 val = apr_pstrmemdup(ctx->dpool, re->source + re->match[idx].rm_so,
724 re->match[idx].rm_eo - re->match[idx].rm_so);
728 val = apr_table_get(r->subprocess_env, var);
730 if (val == LAZY_VALUE) {
731 val = add_include_vars_lazy(r, var);
739 * Do variable substitution on strings
741 * (Note: If out==NULL, this function allocs a buffer for the resulting
742 * string from ctx->pool. The return value is always the parsed string)
744 static char *ap_ssi_parse_string(include_ctx_t *ctx, const char *in, char *out,
745 apr_size_t length, int leave_name)
747 request_rec *r = ctx->intern->r;
748 result_item_t *result = NULL, *current = NULL;
749 apr_size_t outlen = 0, inlen, span;
750 char *ret = NULL, *eout = NULL;
754 /* sanity check, out && !length is not supported */
755 ap_assert(out && length);
758 eout = out + length - 1;
761 span = strcspn(in, "\\$");
767 apr_cpystrn(out, in, length);
770 ret = apr_pstrmemdup(ctx->pool, in, (length && length <= inlen)
771 ? length - 1 : inlen);
777 /* well, actually something to do */
782 memcpy(out, in, (out+span <= eout) ? span : (eout-out));
787 current = result = apr_palloc(ctx->dpool, sizeof(*result));
788 current->next = NULL;
789 current->string = in;
794 /* loop for specials */
796 if ((out && out >= eout) || (length && outlen >= length)) {
800 /* prepare next entry */
801 if (!out && current->len) {
802 current->next = apr_palloc(ctx->dpool, sizeof(*current->next));
803 current = current->next;
804 current->next = NULL;
813 *out++ = (p[1] == '$') ? *++p : *p;
818 current->string = (p[1] == '$') ? ++p : p;
827 else { /* *p == '$' */
828 const char *newp = NULL, *ep, *key = NULL;
831 ep = ap_strchr_c(++p, '}');
833 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Missing '}' on "
834 "variable \"%s\" in %s", p, r->filename);
839 key = apr_pstrmemdup(ctx->dpool, p, ep - p);
846 while (*ep == '_' || apr_isalnum(*ep)) {
851 key = apr_pstrmemdup(ctx->dpool, p, ep - p);
857 /* empty name results in a copy of '$' in the output string */
864 current->string = p++;
869 const char *val = get_include_var(key, ctx);
875 else if (leave_name) {
882 memcpy(out, val, (out+len <= eout) ? len : (eout-out));
887 current->string = val;
896 if ((out && out >= eout) || (length && outlen >= length)) {
900 /* check the remainder */
901 if (*p && (span = strcspn(p, "\\$")) > 0) {
902 if (!out && current->len) {
903 current->next = apr_palloc(ctx->dpool, sizeof(*current->next));
904 current = current->next;
905 current->next = NULL;
909 memcpy(out, p, (out+span <= eout) ? span : (eout-out));
920 } while (p < in+inlen);
922 /* assemble result */
934 if (length && outlen > length) {
938 ret = out = apr_palloc(ctx->pool, outlen + 1);
943 memcpy(out, result->string, (out+result->len <= ep)
944 ? result->len : (ep-out));
947 result = result->next;
948 } while (result && out < ep);
958 * +-------------------------------------------------------+
960 * | Conditional Expression Parser
962 * +-------------------------------------------------------+
965 static APR_INLINE int re_check(include_ctx_t *ctx, const char *string,
969 backref_t *re = ctx->intern->re;
972 compiled = ap_pregcomp(ctx->dpool, rexp, REG_EXTENDED);
974 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->intern->r, "unable to "
975 "compile pattern \"%s\"", rexp);
980 re = ctx->intern->re = apr_palloc(ctx->pool, sizeof(*re));
983 re->source = apr_pstrdup(ctx->pool, string);
984 re->rexp = apr_pstrdup(ctx->pool, rexp);
985 re->nsub = compiled->re_nsub;
986 rc = !ap_regexec(compiled, string, MAX_NMATCH, re->match, 0);
988 ap_pregfree(ctx->dpool, compiled);
992 static int get_ptoken(apr_pool_t *pool, const char **parse, token_t *token)
1004 /* Skip leading white space */
1005 while (apr_isspace(**parse)) {
1014 TYPE_TOKEN(token, TOKEN_STRING); /* the default type */
1018 switch (*(*parse)++) {
1020 TYPE_TOKEN(token, TOKEN_LBRACE);
1023 TYPE_TOKEN(token, TOKEN_RBRACE);
1026 TYPE_TOKEN(token, TOKEN_EQ);
1029 if (**parse == '=') {
1030 TYPE_TOKEN(token, TOKEN_NE);
1034 TYPE_TOKEN(token, TOKEN_NOT);
1040 TYPE_TOKEN(token, TOKEN_RE);
1044 if (**parse == '|') {
1045 TYPE_TOKEN(token, TOKEN_OR);
1051 if (**parse == '&') {
1052 TYPE_TOKEN(token, TOKEN_AND);
1058 if (**parse == '=') {
1059 TYPE_TOKEN(token, TOKEN_GE);
1063 TYPE_TOKEN(token, TOKEN_GT);
1066 if (**parse == '=') {
1067 TYPE_TOKEN(token, TOKEN_LE);
1071 TYPE_TOKEN(token, TOKEN_LT);
1075 /* It's a string or regex token
1076 * Now search for the next token, which finishes this string
1079 p = *parse = token->value = unmatched ? *parse : p;
1081 for (; **parse; p = ++*parse) {
1082 if (**parse == '\\') {
1092 if (**parse == unmatched) {
1097 } else if (apr_isspace(**parse)) {
1115 if ((*parse)[1] == **parse) {
1129 token->value = apr_pstrdup(pool, "");
1132 apr_size_t len = p - token->value - shift;
1133 char *c = apr_palloc(pool, len + 1);
1139 const char *e = ap_strchr_c(p, '\\');
1157 static int parse_expr(include_ctx_t *ctx, const char *expr, int *was_error)
1159 parse_node_t *new, *root = NULL, *current = NULL;
1160 request_rec *r = ctx->intern->r;
1161 const char *buffer, *error = "Invalid expression \"%s\" in file %s";
1162 const char *parse = expr;
1163 int was_unmatched = 0;
1172 /* Create Parse Tree */
1174 /* uncomment this to see how the tree a built:
1176 * DEBUG_DUMP_TREE(ctx, root);
1178 CREATE_NODE(ctx, new);
1180 was_unmatched = get_ptoken(ctx->dpool, &parse, &new->token);
1185 DEBUG_DUMP_UNMATCHED(ctx, was_unmatched);
1186 DEBUG_DUMP_TOKEN(ctx, &new->token);
1189 switch (new->token.type) {
1193 root = current = new;
1197 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, error, expr,
1204 switch (new->token.type) {
1206 switch (current->token.type) {
1208 current->token.value =
1209 apr_pstrcat(ctx->dpool, current->token.value,
1210 *current->token.value ? " " : "",
1211 new->token.value, NULL);
1220 new->parent = current;
1221 current = current->right = new;
1227 switch (current->token.type) {
1230 new->parent = current;
1231 current = current->right = new;
1242 /* Percolate upwards */
1244 switch (current->token.type) {
1249 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, error, expr,
1255 current = current->parent;
1263 new->left->parent = new;
1268 new->left = current->right;
1269 new->left->parent = new;
1270 current->right = new;
1271 new->parent = current;
1282 if (current->token.type == TOKEN_STRING) {
1283 current = current->parent;
1288 current = root = new;
1292 switch (current->token.type) {
1296 new->left = current->right;
1297 new->left->parent = new;
1298 new->parent = current;
1299 current = current->right = new;
1309 while (current && current->token.type != TOKEN_LBRACE) {
1310 current = current->parent;
1314 TYPE_TOKEN(¤t->token, TOKEN_GROUP);
1318 error = "Unmatched ')' in \"%s\" in file %s";
1323 switch (current->token.type) {
1331 current->right = new;
1332 new->parent = current;
1342 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, error, expr, r->filename);
1347 DEBUG_DUMP_TREE(ctx, root);
1349 /* Evaluate Parse Tree */
1353 switch (current->token.type) {
1355 buffer = ap_ssi_parse_string(ctx, current->token.value, NULL, 0,
1356 SSI_EXPAND_DROP_NAME);
1358 current->token.value = buffer;
1359 current->value = !!*current->token.value;
1364 if (!current->left || !current->right) {
1365 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1366 "Invalid expression \"%s\" in file %s",
1372 if (!current->right->done) {
1373 switch (current->right->token.type) {
1375 buffer = ap_ssi_parse_string(ctx,
1376 current->right->token.value,
1377 NULL, 0, SSI_EXPAND_DROP_NAME);
1379 current->right->token.value = buffer;
1380 current->right->value = !!*current->right->token.value;
1381 DEBUG_DUMP_EVAL(ctx, current->right);
1382 current->right->done = 1;
1386 current = current->right;
1391 /* short circuit evaluation */
1392 if (!current->left->done && !regex &&
1393 ((current->token.type == TOKEN_AND && !current->right->value) ||
1394 (current->token.type == TOKEN_OR && current->right->value))) {
1395 current->value = current->right->value;
1398 if (!current->left->done) {
1399 switch (current->left->token.type) {
1401 buffer = ap_ssi_parse_string(ctx,
1402 current->left->token.value,
1404 SSI_EXPAND_DROP_NAME);
1406 current->left->token.value = buffer;
1407 current->left->value = !!*current->left->token.value;
1408 DEBUG_DUMP_EVAL(ctx, current->left);
1409 current->left->done = 1;
1413 current = current->left;
1418 if (current->token.type == TOKEN_AND) {
1419 current->value = current->left->value &&
1420 current->right->value;
1423 current->value = current->left->value ||
1424 current->right->value;
1431 if (!current->left || !current->right ||
1432 current->left->token.type != TOKEN_STRING ||
1433 (current->right->token.type != TOKEN_STRING &&
1434 current->right->token.type != TOKEN_RE)) {
1435 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1436 "Invalid expression \"%s\" in file %s",
1441 buffer = ap_ssi_parse_string(ctx, current->left->token.value,
1442 NULL, 0, SSI_EXPAND_DROP_NAME);
1444 current->left->token.value = buffer;
1445 buffer = ap_ssi_parse_string(ctx, current->right->token.value,
1446 NULL, 0, SSI_EXPAND_DROP_NAME);
1448 current->right->token.value = buffer;
1450 if (current->right->token.type == TOKEN_RE) {
1451 current->value = re_check(ctx, current->left->token.value,
1452 current->right->token.value);
1456 current->value = !strcmp(current->left->token.value,
1457 current->right->token.value);
1460 if (current->token.type == TOKEN_NE) {
1461 current->value = !current->value;
1469 if (!current->left || !current->right ||
1470 current->left->token.type != TOKEN_STRING ||
1471 current->right->token.type != TOKEN_STRING) {
1472 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
1473 "Invalid expression \"%s\" in file %s",
1478 buffer = ap_ssi_parse_string(ctx, current->left->token.value, NULL,
1479 0, SSI_EXPAND_DROP_NAME);
1481 current->left->token.value = buffer;
1482 buffer = ap_ssi_parse_string(ctx, current->right->token.value, NULL,
1483 0, SSI_EXPAND_DROP_NAME);
1484 current->right->token.value = buffer;
1486 current->value = strcmp(current->left->token.value,
1487 current->right->token.value);
1489 switch (current->token.type) {
1490 case TOKEN_GE: current->value = current->value >= 0; break;
1491 case TOKEN_GT: current->value = current->value > 0; break;
1492 case TOKEN_LE: current->value = current->value <= 0; break;
1493 case TOKEN_LT: current->value = current->value < 0; break;
1494 default: current->value = 0; break; /* should not happen */
1500 if (current->right) {
1501 if (!current->right->done) {
1502 current = current->right;
1505 current->value = current->right->value;
1511 if (current->token.type == TOKEN_NOT) {
1512 current->value = !current->value;
1518 error = "No operator before regex in expr \"%s\" in file %s";
1522 error = "Unmatched '(' in \"%s\" in file %s";
1526 error = "internal parser error in \"%s\" in file %s";
1529 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, error, expr,r->filename);
1534 DEBUG_DUMP_EVAL(ctx, current);
1536 current = current->parent;
1539 return (root ? root->value : 0);
1544 * +-------------------------------------------------------+
1548 * +-------------------------------------------------------+
1552 * Extract the next tag name and value.
1553 * If there are no more tags, set the tag name to NULL.
1554 * The tag value is html decoded if dodecode is non-zero.
1555 * The tag value may be NULL if there is no tag value..
1557 static void ap_ssi_get_tag_and_value(include_ctx_t *ctx, char **tag,
1558 char **tag_val, int dodecode)
1560 if (!ctx->intern->argv) {
1567 *tag_val = ctx->intern->argv->value;
1568 *tag = ctx->intern->argv->name;
1570 ctx->intern->argv = ctx->intern->argv->next;
1572 if (dodecode && *tag_val) {
1573 decodehtml(*tag_val);
1579 static int find_file(request_rec *r, const char *directive, const char *tag,
1580 char *tag_val, apr_finfo_t *finfo)
1582 char *to_send = tag_val;
1583 request_rec *rr = NULL;
1585 char *error_fmt = NULL;
1586 apr_status_t rv = APR_SUCCESS;
1588 if (!strcmp(tag, "file")) {
1591 /* be safe; only files in this directory or below allowed */
1592 rv = apr_filepath_merge(&newpath, NULL, tag_val,
1593 APR_FILEPATH_NOTABOVEROOT |
1594 APR_FILEPATH_SECUREROOTTEST |
1595 APR_FILEPATH_NOTABSOLUTE, r->pool);
1597 if (!APR_STATUS_IS_SUCCESS(rv)) {
1598 error_fmt = "unable to access file \"%s\" "
1599 "in parsed file %s";
1602 /* note: it is okay to pass NULL for the "next filter" since
1603 we never attempt to "run" this sub request. */
1604 rr = ap_sub_req_lookup_file(newpath, r, NULL);
1606 if (rr->status == HTTP_OK && rr->finfo.filetype != 0) {
1607 to_send = rr->filename;
1608 if ((rv = apr_stat(finfo, to_send,
1609 APR_FINFO_GPROT | APR_FINFO_MIN, rr->pool)) != APR_SUCCESS
1610 && rv != APR_INCOMPLETE) {
1611 error_fmt = "unable to get information about \"%s\" "
1612 "in parsed file %s";
1616 error_fmt = "unable to lookup information about \"%s\" "
1617 "in parsed file %s";
1623 ap_log_rerror(APLOG_MARK, APLOG_ERR,
1624 rv, r, error_fmt, to_send, r->filename);
1627 if (rr) ap_destroy_sub_req(rr);
1631 else if (!strcmp(tag, "virtual")) {
1632 /* note: it is okay to pass NULL for the "next filter" since
1633 we never attempt to "run" this sub request. */
1634 rr = ap_sub_req_lookup_uri(tag_val, r, NULL);
1636 if (rr->status == HTTP_OK && rr->finfo.filetype != 0) {
1637 memcpy((char *) finfo, (const char *) &rr->finfo,
1639 ap_destroy_sub_req(rr);
1643 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unable to get "
1644 "information about \"%s\" in parsed file %s",
1645 tag_val, r->filename);
1646 ap_destroy_sub_req(rr);
1651 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" "
1652 "to tag %s in %s", tag, directive, r->filename);
1658 * <!--#include virtual|file="..." [virtual|file="..."] ... -->
1660 static apr_status_t handle_include(include_ctx_t *ctx, ap_filter_t *f,
1661 apr_bucket_brigade *bb)
1663 request_rec *r = f->r;
1666 ap_log_rerror(APLOG_MARK,
1667 (ctx->flags & SSI_FLAG_PRINTING)
1668 ? APLOG_ERR : APLOG_WARNING,
1669 0, r, "missing argument for include element in %s",
1673 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
1678 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1684 char *tag_val = NULL;
1685 request_rec *rr = NULL;
1686 char *error_fmt = NULL;
1687 char *parsed_string;
1689 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
1690 if (!tag || !tag_val) {
1694 if (strcmp(tag, "virtual") && strcmp(tag, "file")) {
1695 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter "
1696 "\"%s\" to tag include in %s", tag, r->filename);
1697 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1701 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
1702 SSI_EXPAND_DROP_NAME);
1703 if (tag[0] == 'f') {
1707 /* be safe; only files in this directory or below allowed */
1708 rv = apr_filepath_merge(&newpath, NULL, tag_val,
1709 APR_FILEPATH_NOTABOVEROOT |
1710 APR_FILEPATH_SECUREROOTTEST |
1711 APR_FILEPATH_NOTABSOLUTE, ctx->dpool);
1713 if (!APR_STATUS_IS_SUCCESS(rv)) {
1714 error_fmt = "unable to include file \"%s\" in parsed file %s";
1717 rr = ap_sub_req_lookup_file(newpath, r, f->next);
1721 rr = ap_sub_req_lookup_uri(parsed_string, r, f->next);
1724 if (!error_fmt && rr->status != HTTP_OK) {
1725 error_fmt = "unable to include \"%s\" in parsed file %s";
1728 if (!error_fmt && (ctx->flags & SSI_FLAG_NO_EXEC) &&
1729 rr->content_type && strncmp(rr->content_type, "text/", 5)) {
1731 error_fmt = "unable to include potential exec \"%s\" in parsed "
1739 /* try to avoid recursive includes. We do this by walking
1740 * up the r->main list of subrequests, and at each level
1741 * walking back through any internal redirects. At each
1742 * step, we compare the filenames and the URIs.
1744 * The filename comparison catches a recursive include
1745 * with an ever-changing URL, eg.
1746 * <!--#include virtual=
1747 * "$REQUEST_URI/$QUERY_STRING?$QUERY_STRING/x" -->
1748 * which, although they would eventually be caught because
1749 * we have a limit on the length of files, etc., can
1750 * recurse for a while.
1752 * The URI comparison catches the case where the filename
1753 * is changed while processing the request, so the
1754 * current name is never the same as any previous one.
1755 * This can happen with "DocumentRoot /foo" when you
1756 * request "/" on the server and it includes "/".
1757 * This only applies to modules such as mod_dir that
1758 * (somewhat improperly) mess with r->filename outside
1759 * of a filename translation phase.
1761 for (p = r; p && !founddupe; p = p->main) {
1762 for (q = p; q; q = q->prev) {
1763 if ((q->filename && rr->filename &&
1764 (strcmp(q->filename, rr->filename) == 0)) ||
1765 ((*q->uri == '/') &&
1766 (strcmp(q->uri, rr->uri) == 0))) {
1775 error_fmt = "Recursive include of \"%s\" in parsed file %s";
1779 /* See the Kludge in includes_filter for why.
1780 * Basically, it puts a bread crumb in here, then looks
1781 * for the crumb later to see if its been here.
1784 ap_set_module_config(rr->request_config, &include_module, r);
1787 if (!error_fmt && ap_run_sub_req(rr)) {
1788 error_fmt = "unable to include \"%s\" in parsed file %s";
1792 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, error_fmt, tag_val,
1794 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1797 /* destroy the sub request */
1799 ap_destroy_sub_req(rr);
1811 * <!--#echo [encoding="..."] var="..." [encoding="..."] var="..." ... -->
1813 static apr_status_t handle_echo(include_ctx_t *ctx, ap_filter_t *f,
1814 apr_bucket_brigade *bb)
1816 enum {E_NONE, E_URL, E_ENTITY} encode;
1817 request_rec *r = f->r;
1820 ap_log_rerror(APLOG_MARK,
1821 (ctx->flags & SSI_FLAG_PRINTING)
1822 ? APLOG_ERR : APLOG_WARNING,
1823 0, r, "missing argument for echo element in %s",
1827 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
1832 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1840 char *tag_val = NULL;
1842 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
1843 if (!tag || !tag_val) {
1847 if (!strcmp(tag, "var")) {
1849 const char *echo_text = NULL;
1852 val = get_include_var(ap_ssi_parse_string(ctx, tag_val, NULL,
1853 0, SSI_EXPAND_DROP_NAME),
1862 echo_text = ap_escape_uri(ctx->dpool, val);
1865 echo_text = ap_escape_html(ctx->dpool, val);
1869 e_len = strlen(echo_text);
1872 include_server_config *sconf;
1874 sconf = ap_get_module_config(r->server->module_config,
1876 echo_text = sconf->undefined_echo;
1877 e_len = sconf->undefined_echo_len;
1880 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(
1881 apr_pstrmemdup(ctx->pool, echo_text, e_len),
1882 e_len, ctx->pool, f->c->bucket_alloc));
1884 else if (!strcmp(tag, "encoding")) {
1885 if (!strcasecmp(tag_val, "none")) {
1888 else if (!strcasecmp(tag_val, "url")) {
1891 else if (!strcasecmp(tag_val, "entity")) {
1895 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown value "
1896 "\"%s\" to parameter \"encoding\" of tag echo in "
1897 "%s", tag_val, r->filename);
1898 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1903 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter "
1904 "\"%s\" in tag echo of %s", tag, r->filename);
1905 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1914 * <!--#config [timefmt="..."] [sizefmt="..."] [errmsg="..."] -->
1916 static apr_status_t handle_config(include_ctx_t *ctx, ap_filter_t *f,
1917 apr_bucket_brigade *bb)
1919 request_rec *r = f->r;
1920 apr_table_t *env = r->subprocess_env;
1923 ap_log_rerror(APLOG_MARK,
1924 (ctx->flags & SSI_FLAG_PRINTING)
1925 ? APLOG_ERR : APLOG_WARNING,
1926 0, r, "missing argument for config element in %s",
1930 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
1935 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1941 char *tag_val = NULL;
1942 char *parsed_string;
1944 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_RAW);
1945 if (!tag || !tag_val) {
1949 if (!strcmp(tag, "errmsg")) {
1950 ctx->error_str = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
1951 SSI_EXPAND_DROP_NAME);
1953 else if (!strcmp(tag, "timefmt")) {
1954 apr_time_t date = r->request_time;
1956 ctx->time_str = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
1957 SSI_EXPAND_DROP_NAME);
1959 apr_table_setn(env, "DATE_LOCAL", ap_ht_time(r->pool, date,
1961 apr_table_setn(env, "DATE_GMT", ap_ht_time(r->pool, date,
1963 apr_table_setn(env, "LAST_MODIFIED",
1964 ap_ht_time(r->pool, r->finfo.mtime,
1967 else if (!strcmp(tag, "sizefmt")) {
1968 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
1969 SSI_EXPAND_DROP_NAME);
1970 if (!strcmp(parsed_string, "bytes")) {
1971 ctx->flags |= SSI_FLAG_SIZE_IN_BYTES;
1973 else if (!strcmp(parsed_string, "abbrev")) {
1974 ctx->flags &= SSI_FLAG_SIZE_ABBREV;
1977 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown value "
1978 "\"%s\" to parameter \"sizefmt\" of tag config "
1979 "in %s", parsed_string, r->filename);
1980 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1985 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter "
1986 "\"%s\" to tag config in %s", tag, r->filename);
1987 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
1996 * <!--#fsize virtual|file="..." [virtual|file="..."] ... -->
1998 static apr_status_t handle_fsize(include_ctx_t *ctx, ap_filter_t *f,
1999 apr_bucket_brigade *bb)
2001 request_rec *r = f->r;
2004 ap_log_rerror(APLOG_MARK,
2005 (ctx->flags & SSI_FLAG_PRINTING)
2006 ? APLOG_ERR : APLOG_WARNING,
2007 0, r, "missing argument for fsize element in %s",
2011 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2016 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2022 char *tag_val = NULL;
2024 char *parsed_string;
2026 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
2027 if (!tag || !tag_val) {
2031 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
2032 SSI_EXPAND_DROP_NAME);
2034 if (!find_file(r, "fsize", tag, parsed_string, &finfo)) {
2038 if (!(ctx->flags & SSI_FLAG_SIZE_IN_BYTES)) {
2039 buf = apr_strfsize(finfo.size, apr_palloc(ctx->pool, 5));
2040 len = 4; /* omit the \0 terminator */
2043 apr_size_t l, x, pos;
2046 tmp = apr_psprintf(ctx->dpool, "%" APR_OFF_T_FMT, finfo.size);
2047 len = l = strlen(tmp);
2049 for (x = 0; x < l; ++x) {
2050 if (x && !((l - x) % 3)) {
2056 buf = apr_pstrmemdup(ctx->pool, tmp, len);
2059 buf = apr_palloc(ctx->pool, len);
2061 for (pos = x = 0; x < l; ++x) {
2062 if (x && !((l - x) % 3)) {
2065 buf[pos++] = tmp[x];
2070 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(buf, len,
2071 ctx->pool, f->c->bucket_alloc));
2074 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2083 * <!--#flastmod virtual|file="..." [virtual|file="..."] ... -->
2085 static apr_status_t handle_flastmod(include_ctx_t *ctx, ap_filter_t *f,
2086 apr_bucket_brigade *bb)
2088 request_rec *r = f->r;
2091 ap_log_rerror(APLOG_MARK,
2092 (ctx->flags & SSI_FLAG_PRINTING)
2093 ? APLOG_ERR : APLOG_WARNING,
2094 0, r, "missing argument for flastmod element in %s",
2098 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2103 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2109 char *tag_val = NULL;
2111 char *parsed_string;
2113 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
2114 if (!tag || !tag_val) {
2118 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
2119 SSI_EXPAND_DROP_NAME);
2121 if (!find_file(r, "flastmod", tag, parsed_string, &finfo)) {
2125 t_val = ap_ht_time(ctx->pool, finfo.mtime, ctx->time_str, 0);
2126 t_len = strlen(t_val);
2128 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(t_val, t_len,
2129 ctx->pool, f->c->bucket_alloc));
2132 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2141 * <!--#if expr="..." -->
2143 static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
2144 apr_bucket_brigade *bb)
2148 request_rec *r = f->r;
2149 int expr_ret, was_error;
2151 if (ctx->argc != 1) {
2152 ap_log_rerror(APLOG_MARK,
2153 (ctx->flags & SSI_FLAG_PRINTING)
2154 ? APLOG_ERR : APLOG_WARNING,
2156 ? "too many arguments for if element in %s"
2157 : "missing expr argument for if element in %s",
2161 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2162 ++(ctx->if_nesting_level);
2166 if (ctx->argc != 1) {
2167 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2171 ap_ssi_get_tag_and_value(ctx, &tag, &expr, SSI_VALUE_RAW);
2173 if (strcmp(tag, "expr")) {
2174 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" "
2175 "to tag if in %s", tag, r->filename);
2176 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2181 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "missing expr value for if "
2182 "element in %s", r->filename);
2183 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2187 DEBUG_PRINTF((ctx, "**** if expr=\"%s\"\n", expr));
2189 expr_ret = parse_expr(ctx, expr, &was_error);
2192 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2197 ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
2200 ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
2203 DEBUG_DUMP_COND(ctx, " if");
2205 ctx->if_nesting_level = 0;
2211 * <!--#elif expr="..." -->
2213 static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
2214 apr_bucket_brigade *bb)
2218 request_rec *r = f->r;
2219 int expr_ret, was_error;
2221 if (ctx->argc != 1) {
2222 ap_log_rerror(APLOG_MARK,
2223 (!(ctx->if_nesting_level)) ? APLOG_ERR : APLOG_WARNING,
2225 ? "too many arguments for if element in %s"
2226 : "missing expr argument for if element in %s",
2230 if (ctx->if_nesting_level) {
2234 if (ctx->argc != 1) {
2235 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2239 ap_ssi_get_tag_and_value(ctx, &tag, &expr, SSI_VALUE_RAW);
2241 if (strcmp(tag, "expr")) {
2242 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "unknown parameter \"%s\" "
2243 "to tag if in %s", tag, r->filename);
2244 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2249 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "missing expr in elif "
2250 "statement: %s", r->filename);
2251 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2255 DEBUG_PRINTF((ctx, "**** elif expr=\"%s\"\n", expr));
2256 DEBUG_DUMP_COND(ctx, " elif");
2258 if (ctx->flags & SSI_FLAG_COND_TRUE) {
2259 ctx->flags &= SSI_FLAG_CLEAR_PRINTING;
2263 expr_ret = parse_expr(ctx, expr, &was_error);
2266 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2271 ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
2274 ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
2277 DEBUG_DUMP_COND(ctx, " elif");
2285 static apr_status_t handle_else(include_ctx_t *ctx, ap_filter_t *f,
2286 apr_bucket_brigade *bb)
2288 request_rec *r = f->r;
2291 ap_log_rerror(APLOG_MARK,
2292 (!(ctx->if_nesting_level)) ? APLOG_ERR : APLOG_WARNING,
2293 0, r, "else directive does not take tags in %s",
2297 if (ctx->if_nesting_level) {
2302 if (ctx->flags & SSI_FLAG_PRINTING) {
2303 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2309 DEBUG_DUMP_COND(ctx, " else");
2311 if (ctx->flags & SSI_FLAG_COND_TRUE) {
2312 ctx->flags &= SSI_FLAG_CLEAR_PRINTING;
2315 ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
2324 static apr_status_t handle_endif(include_ctx_t *ctx, ap_filter_t *f,
2325 apr_bucket_brigade *bb)
2327 request_rec *r = f->r;
2330 ap_log_rerror(APLOG_MARK,
2331 (!(ctx->if_nesting_level)) ? APLOG_ERR : APLOG_WARNING,
2332 0, r, "endif directive does not take tags in %s",
2336 if (ctx->if_nesting_level) {
2337 --(ctx->if_nesting_level);
2342 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2346 DEBUG_DUMP_COND(ctx, "endif");
2348 ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
2354 * <!--#set var="..." value="..." ... -->
2356 static apr_status_t handle_set(include_ctx_t *ctx, ap_filter_t *f,
2357 apr_bucket_brigade *bb)
2360 request_rec *r = f->r;
2361 request_rec *sub = r->main;
2362 apr_pool_t *p = r->pool;
2364 if (ctx->argc < 2) {
2365 ap_log_rerror(APLOG_MARK,
2366 (ctx->flags & SSI_FLAG_PRINTING)
2367 ? APLOG_ERR : APLOG_WARNING,
2368 0, r, "missing argument for set element in %s",
2372 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2376 if (ctx->argc < 2) {
2377 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2381 /* we need to use the 'main' request pool to set notes as that is
2391 char *tag_val = NULL;
2393 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, SSI_VALUE_DECODED);
2395 if (!tag || !tag_val) {
2399 if (!strcmp(tag, "var")) {
2400 var = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
2401 SSI_EXPAND_DROP_NAME);
2403 else if (!strcmp(tag, "value")) {
2404 char *parsed_string;
2407 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "variable must "
2408 "precede value in set directive in %s",
2410 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2414 parsed_string = ap_ssi_parse_string(ctx, tag_val, NULL, 0,
2415 SSI_EXPAND_DROP_NAME);
2416 apr_table_setn(r->subprocess_env, apr_pstrdup(p, var),
2417 apr_pstrdup(p, parsed_string));
2420 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid tag for set "
2421 "directive in %s", r->filename);
2422 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2433 static apr_status_t handle_printenv(include_ctx_t *ctx, ap_filter_t *f,
2434 apr_bucket_brigade *bb)
2436 request_rec *r = f->r;
2437 const apr_array_header_t *arr;
2438 const apr_table_entry_t *elts;
2442 ap_log_rerror(APLOG_MARK,
2443 (ctx->flags & SSI_FLAG_PRINTING)
2444 ? APLOG_ERR : APLOG_WARNING,
2445 0, r, "printenv directive does not take tags in %s",
2449 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
2454 SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
2458 arr = apr_table_elts(r->subprocess_env);
2459 elts = (apr_table_entry_t *)arr->elts;
2461 for (i = 0; i < arr->nelts; ++i) {
2462 const char *key_text, *val_text;
2463 char *key_val, *next;
2464 apr_size_t k_len, v_len, kv_length;
2467 key_text = ap_escape_html(ctx->dpool, elts[i].key);
2468 k_len = strlen(key_text);
2471 val_text = elts[i].val;
2472 if (val_text == LAZY_VALUE) {
2473 val_text = add_include_vars_lazy(r, elts[i].key);
2475 val_text = ap_escape_html(ctx->dpool, elts[i].val);
2476 v_len = strlen(val_text);
2478 /* assemble result */
2479 kv_length = k_len + v_len + sizeof("=\n");
2480 key_val = apr_palloc(ctx->pool, kv_length);
2483 memcpy(next, key_text, k_len);
2486 memcpy(next, val_text, v_len);
2491 APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pool_create(key_val, kv_length-1,
2492 ctx->pool, f->c->bucket_alloc));
2501 * +-------------------------------------------------------+
2503 * | Main Includes-Filter Engine
2505 * +-------------------------------------------------------+
2508 /* This is an implementation of the BNDM search algorithm.
2510 * Fast and Flexible String Matching by Combining Bit-parallelism and
2511 * Suffix Automata (2001)
2512 * Gonzalo Navarro, Mathieu Raffinot
2514 * http://www-igm.univ-mlv.fr/~raffinot/ftp/jea2001.ps.gz
2516 * Initial code submitted by Sascha Schumann.
2519 /* Precompile the bndm_t data structure. */
2520 static bndm_t *bndm_compile(apr_pool_t *pool, const char *n, apr_size_t nl)
2523 const char *ne = n + nl;
2524 bndm_t *t = apr_palloc(pool, sizeof(*t));
2526 memset(t->T, 0, sizeof(unsigned int) * 256);
2527 t->pattern_len = nl;
2529 for (x = 1; n < ne; x <<= 1) {
2530 t->T[(unsigned char) *n++] |= x;
2538 /* Implements the BNDM search algorithm (as described above).
2540 * h - the string to look in
2541 * hl - length of the string to look for
2542 * t - precompiled bndm structure against the pattern
2544 * Returns the count of character that is the first match or hl if no
2547 static apr_size_t bndm(bndm_t *t, const char *h, apr_size_t hl)
2550 const char *he, *p, *pi;
2551 unsigned int *T, x, d;
2558 nl = t->pattern_len;
2560 pi = h - 1; /* pi: p initial */
2561 p = pi + nl; /* compare window right to left. point to the first char */
2567 d &= T[(unsigned char) *p--];
2590 * returns the index position of the first byte of start_seq (or the len of
2591 * the buffer as non-match)
2593 static apr_size_t find_start_sequence(include_ctx_t *ctx, const char *data,
2596 struct ssi_internal_ctx *intern = ctx->intern;
2597 apr_size_t slen = intern->start_seq_pat->pattern_len;
2602 p = data; /* try partial match at the end of the buffer (below) */
2605 /* try fast bndm search over the buffer
2606 * (hopefully the whole start sequence can be found in this buffer)
2608 index = bndm(intern->start_seq_pat, data, len);
2610 /* wow, found it. ready. */
2612 intern->state = PARSE_DIRECTIVE;
2616 /* ok, the pattern can't be found as whole in the buffer,
2617 * check the end for a partial match
2619 p = data + len - slen + 1;
2625 while (p < ep && *p != *intern->start_seq) {
2631 /* found a possible start_seq start */
2636 while (p < ep && *p == intern->start_seq[pos]) {
2641 /* partial match found. Store the info for the next round */
2643 intern->state = PARSE_HEAD;
2644 intern->parse_pos = pos;
2649 /* we must try all combinations; consider (e.g.) SSIStartTag "--->"
2650 * and a string data of "--.-" and the end of the buffer
2652 p = data + index + 1;
2660 * returns the first byte *after* the partial (or final) match.
2662 * If we had to trick with the start_seq start, 'release' returns the
2663 * number of chars of the start_seq which appeared not to be part of a
2664 * full tag and may have to be passed down the filter chain.
2666 static apr_size_t find_partial_start_sequence(include_ctx_t *ctx,
2669 apr_size_t *release)
2671 struct ssi_internal_ctx *intern = ctx->intern;
2672 apr_size_t pos, spos = 0;
2673 apr_size_t slen = intern->start_seq_pat->pattern_len;
2676 pos = intern->parse_pos;
2683 while (p < ep && pos < slen && *p == intern->start_seq[pos]) {
2690 intern->state = PARSE_DIRECTIVE;
2694 /* the whole buffer is a partial match */
2696 intern->parse_pos = pos;
2700 /* No match so far, but again:
2701 * We must try all combinations, since the start_seq is a random
2702 * user supplied string
2704 * So: look if the first char of start_seq appears somewhere within
2705 * the current partial match. If it does, try to start a match that
2706 * begins with this offset. (This can happen, if a strange
2707 * start_seq like "---->" spans buffers)
2709 if (spos < intern->parse_pos) {
2713 p = intern->start_seq + spos;
2714 pos = intern->parse_pos - spos;
2716 while (pos && *p != *intern->start_seq) {
2723 /* if a matching beginning char was found, try to match the
2724 * remainder of the old buffer.
2730 while (t < pos && *p == intern->start_seq[t]) {
2736 /* yeah, another partial match found in the *old*
2737 * buffer, now test the *current* buffer for
2751 } while (1); /* work hard to find a match ;-) */
2753 /* no match at all, release all (wrongly) matched chars so far */
2754 *release = intern->parse_pos;
2755 intern->state = PARSE_PRE_HEAD;
2760 * returns the position after the directive
2762 static apr_size_t find_directive(include_ctx_t *ctx, const char *data,
2763 apr_size_t len, char ***store,
2764 apr_size_t **store_len)
2766 struct ssi_internal_ctx *intern = ctx->intern;
2767 const char *p = data;
2768 const char *ep = data + len;
2771 switch (intern->state) {
2772 case PARSE_DIRECTIVE:
2773 while (p < ep && !apr_isspace(*p)) {
2774 /* we have to consider the case of missing space between directive
2775 * and end_seq (be somewhat lenient), e.g. <!--#printenv-->
2777 if (*p == *intern->end_seq) {
2778 intern->state = PARSE_DIRECTIVE_TAIL;
2779 intern->parse_pos = 1;
2786 if (p < ep) { /* found delimiter whitespace */
2787 intern->state = PARSE_DIRECTIVE_POSTNAME;
2788 *store = &intern->directive;
2789 *store_len = &intern->directive_len;
2794 case PARSE_DIRECTIVE_TAIL:
2795 pos = intern->parse_pos;
2797 while (p < ep && pos < intern->end_seq_len &&
2798 *p == intern->end_seq[pos]) {
2803 /* full match, we're done */
2804 if (pos == intern->end_seq_len) {
2805 intern->state = PARSE_DIRECTIVE_POSTTAIL;
2806 *store = &intern->directive;
2807 *store_len = &intern->directive_len;
2811 /* partial match, the buffer is too small to match fully */
2813 intern->parse_pos = pos;
2817 /* no match. continue normal parsing */
2818 intern->state = PARSE_DIRECTIVE;
2821 case PARSE_DIRECTIVE_POSTTAIL:
2822 intern->state = PARSE_EXECUTE;
2823 intern->directive_len -= intern->end_seq_len;
2824 /* continue immediately with the next state */
2826 case PARSE_DIRECTIVE_POSTNAME:
2827 if (PARSE_DIRECTIVE_POSTNAME == intern->state) {
2828 intern->state = PARSE_PRE_ARG;
2831 intern->argv = NULL;
2833 if (!intern->directive_len) {
2835 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, intern->r, "missing "
2836 "directive name in parsed document %s",
2837 intern->r->filename);
2840 char *sp = intern->directive;
2841 char *sep = intern->directive + intern->directive_len;
2843 /* normalize directive name */
2844 for (; sp < sep; ++sp) {
2845 *sp = apr_tolower(*sp);
2852 /* get a rid of a gcc warning about unhandled enumerations */
2860 * find out whether the next token is (a possible) end_seq or an argument
2862 static apr_size_t find_arg_or_tail(include_ctx_t *ctx, const char *data,
2865 struct ssi_internal_ctx *intern = ctx->intern;
2866 const char *p = data;
2867 const char *ep = data + len;
2869 /* skip leading WS */
2870 while (p < ep && apr_isspace(*p)) {
2874 /* buffer doesn't consist of whitespaces only */
2876 intern->state = (*p == *intern->end_seq) ? PARSE_TAIL : PARSE_ARG;
2883 * test the stream for end_seq. If it doesn't match at all, it must be an
2886 static apr_size_t find_tail(include_ctx_t *ctx, const char *data,
2889 struct ssi_internal_ctx *intern = ctx->intern;
2890 const char *p = data;
2891 const char *ep = data + len;
2892 apr_size_t pos = intern->parse_pos;
2894 if (PARSE_TAIL == intern->state) {
2895 intern->state = PARSE_TAIL_SEQ;
2896 pos = intern->parse_pos = 0;
2899 while (p < ep && pos < intern->end_seq_len && *p == intern->end_seq[pos]) {
2904 /* bingo, full match */
2905 if (pos == intern->end_seq_len) {
2906 intern->state = PARSE_EXECUTE;
2910 /* partial match, the buffer is too small to match fully */
2912 intern->parse_pos = pos;
2916 /* no match. It must be an argument string then
2917 * The caller should cleanup and rewind to the reparse point
2919 intern->state = PARSE_ARG;
2924 * extract name=value from the buffer
2925 * A pcre-pattern could look (similar to):
2926 * name\s*(?:=\s*(["'`]?)value\1(?>\s*))?
2928 static apr_size_t find_argument(include_ctx_t *ctx, const char *data,
2929 apr_size_t len, char ***store,
2930 apr_size_t **store_len)
2932 struct ssi_internal_ctx *intern = ctx->intern;
2933 const char *p = data;
2934 const char *ep = data + len;
2936 switch (intern->state) {
2939 * create argument structure and append it to the current list
2941 intern->current_arg = apr_palloc(ctx->dpool,
2942 sizeof(*intern->current_arg));
2943 intern->current_arg->next = NULL;
2946 if (!intern->argv) {
2947 intern->argv = intern->current_arg;
2950 arg_item_t *newarg = intern->argv;
2952 while (newarg->next) {
2953 newarg = newarg->next;
2955 newarg->next = intern->current_arg;
2958 /* check whether it's a valid one. If it begins with a quote, we
2959 * can safely assume, someone forgot the name of the argument
2962 case '"': case '\'': case '`':
2965 intern->state = PARSE_ARG_VAL;
2966 intern->quote = *p++;
2967 intern->current_arg->name = NULL;
2968 intern->current_arg->name_len = 0;
2971 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, intern->r, "missing "
2972 "argument name for value to tag %s in %s",
2973 apr_pstrmemdup(intern->r->pool, intern->directive,
2974 intern->directive_len),
2975 intern->r->filename);
2980 intern->state = PARSE_ARG_NAME;
2982 /* continue immediately with next state */
2984 case PARSE_ARG_NAME:
2985 while (p < ep && !apr_isspace(*p) && *p != '=') {
2990 intern->state = PARSE_ARG_POSTNAME;
2991 *store = &intern->current_arg->name;
2992 *store_len = &intern->current_arg->name_len;
2997 case PARSE_ARG_POSTNAME:
2998 intern->current_arg->name = apr_pstrmemdup(ctx->dpool,
2999 intern->current_arg->name,
3000 intern->current_arg->name_len);
3001 if (!intern->current_arg->name_len) {
3003 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, intern->r, "missing "
3004 "argument name for value to tag %s in %s",
3005 apr_pstrmemdup(intern->r->pool, intern->directive,
3006 intern->directive_len),
3007 intern->r->filename);
3010 char *sp = intern->current_arg->name;
3012 /* normalize the name */
3014 *sp = apr_tolower(*sp);
3019 intern->state = PARSE_ARG_EQ;
3020 /* continue with next state immediately */
3025 while (p < ep && apr_isspace(*p)) {
3031 intern->state = PARSE_ARG_PREVAL;
3034 else { /* no value */
3035 intern->current_arg->value = NULL;
3036 intern->state = PARSE_PRE_ARG;
3043 case PARSE_ARG_PREVAL:
3046 while (p < ep && apr_isspace(*p)) {
3050 /* buffer doesn't consist of whitespaces only */
3052 intern->state = PARSE_ARG_VAL;
3054 case '"': case '\'': case '`':
3055 intern->quote = *p++;
3058 intern->quote = '\0';
3066 case PARSE_ARG_VAL_ESC:
3067 if (*p == intern->quote) {
3070 intern->state = PARSE_ARG_VAL;
3071 /* continue with next state immediately */
3074 for (; p < ep; ++p) {
3075 if (intern->quote && *p == '\\') {
3078 intern->state = PARSE_ARG_VAL_ESC;
3082 if (*p != intern->quote) {
3086 else if (intern->quote && *p == intern->quote) {
3088 *store = &intern->current_arg->value;
3089 *store_len = &intern->current_arg->value_len;
3090 intern->state = PARSE_ARG_POSTVAL;
3093 else if (!intern->quote && apr_isspace(*p)) {
3095 *store = &intern->current_arg->value;
3096 *store_len = &intern->current_arg->value_len;
3097 intern->state = PARSE_ARG_POSTVAL;
3104 case PARSE_ARG_POSTVAL:
3106 * The value is still the raw input string. Finally clean it up.
3108 --(intern->current_arg->value_len);
3109 intern->current_arg->value[intern->current_arg->value_len] = '\0';
3111 /* strip quote escaping \ from the string */
3112 if (intern->quote) {
3113 apr_size_t shift = 0;
3116 sp = intern->current_arg->value;
3117 ep = intern->current_arg->value + intern->current_arg->value_len;
3118 while (sp < ep && *sp != '\\') {
3121 for (; sp < ep; ++sp) {
3122 if (*sp == '\\' && sp[1] == intern->quote) {
3131 intern->current_arg->value_len -= shift;
3134 intern->current_arg->value[intern->current_arg->value_len] = '\0';
3135 intern->state = PARSE_PRE_ARG;
3140 /* get a rid of a gcc warning about unhandled enumerations */
3144 return len; /* partial match of something */
3148 * This is the main loop over the current bucket brigade.
3150 static apr_status_t send_parsed_content(ap_filter_t *f, apr_bucket_brigade *bb)
3152 include_ctx_t *ctx = f->ctx;
3153 struct ssi_internal_ctx *intern = ctx->intern;
3154 request_rec *r = f->r;
3155 apr_bucket *b = APR_BRIGADE_FIRST(bb);
3156 apr_bucket_brigade *pass_bb;
3157 apr_status_t rv = APR_SUCCESS;
3158 char *magic; /* magic pointer for sentinel use */
3161 if (APR_BRIGADE_EMPTY(bb)) {
3165 /* we may crash, since already cleaned up; hand over the responsibility
3166 * to the next filter;-)
3168 if (intern->seen_eos) {
3169 return ap_pass_brigade(f->next, bb);
3172 /* All stuff passed along has to be put into that brigade */
3173 pass_bb = apr_brigade_create(ctx->pool, f->c->bucket_alloc);
3175 /* initialization for this loop */
3176 intern->bytes_read = 0;
3181 /* loop over the current bucket brigade */
3182 while (b != APR_BRIGADE_SENTINEL(bb)) {
3183 const char *data = NULL;
3184 apr_size_t len, index, release;
3185 apr_bucket *newb = NULL;
3186 char **store = &magic;
3187 apr_size_t *store_len;
3189 /* handle meta buckets before reading any data */
3190 if (APR_BUCKET_IS_METADATA(b)) {
3191 newb = APR_BUCKET_NEXT(b);
3193 APR_BUCKET_REMOVE(b);
3195 if (APR_BUCKET_IS_EOS(b)) {
3196 intern->seen_eos = 1;
3198 /* Hit end of stream, time for cleanup ... But wait!
3199 * Perhaps we're not ready yet. We may have to loop one or
3200 * two times again to finish our work. In that case, we
3201 * just re-insert the EOS bucket to allow for an extra loop.
3203 * PARSE_EXECUTE means, we've hit a directive just before the
3204 * EOS, which is now waiting for execution.
3206 * PARSE_DIRECTIVE_POSTTAIL means, we've hit a directive with
3207 * no argument and no space between directive and end_seq
3208 * just before the EOS. (consider <!--#printenv--> as last
3209 * or only string within the stream). This state, however,
3210 * just cleans up and turns itself to PARSE_EXECUTE, which
3211 * will be passed through within the next (and actually
3214 if (PARSE_EXECUTE == intern->state ||
3215 PARSE_DIRECTIVE_POSTTAIL == intern->state) {
3216 APR_BUCKET_INSERT_BEFORE(newb, b);
3219 break; /* END OF STREAM */
3223 APR_BRIGADE_INSERT_TAIL(pass_bb, b);
3225 if (APR_BUCKET_IS_FLUSH(b)) {
3234 /* enough is enough ... */
3235 if (ctx->flush_now ||
3236 intern->bytes_read > AP_MIN_BYTES_TO_WRITE) {
3238 if (!APR_BRIGADE_EMPTY(pass_bb)) {
3239 rv = ap_pass_brigade(f->next, pass_bb);
3240 if (!APR_STATUS_IS_SUCCESS(rv)) {
3241 apr_brigade_destroy(pass_bb);
3247 intern->bytes_read = 0;
3250 /* read the current bucket data */
3252 if (!intern->seen_eos) {
3253 if (intern->bytes_read > 0) {
3254 rv = apr_bucket_read(b, &data, &len, APR_NONBLOCK_READ);
3255 if (APR_STATUS_IS_EAGAIN(rv)) {
3261 if (!len || !APR_STATUS_IS_SUCCESS(rv)) {
3262 rv = apr_bucket_read(b, &data, &len, APR_BLOCK_READ);
3265 if (!APR_STATUS_IS_SUCCESS(rv)) {
3266 apr_brigade_destroy(pass_bb);
3270 intern->bytes_read += len;
3273 /* zero length bucket, fetch next one */
3274 if (!len && !intern->seen_eos) {
3275 b = APR_BUCKET_NEXT(b);
3280 * it's actually a data containing bucket, start/continue parsing
3283 switch (intern->state) {
3284 /* no current tag; search for start sequence */
3285 case PARSE_PRE_HEAD:
3286 index = find_start_sequence(ctx, data, len);
3289 apr_bucket_split(b, index);
3292 newb = APR_BUCKET_NEXT(b);
3293 if (ctx->flags & SSI_FLAG_PRINTING) {
3294 APR_BUCKET_REMOVE(b);
3295 APR_BRIGADE_INSERT_TAIL(pass_bb, b);
3298 apr_bucket_delete(b);
3302 /* now delete the start_seq stuff from the remaining bucket */
3303 if (PARSE_DIRECTIVE == intern->state) { /* full match */
3304 apr_bucket_split(newb, intern->start_seq_pat->pattern_len);
3305 ctx->flush_now = 1; /* pass pre-tag stuff */
3308 b = APR_BUCKET_NEXT(newb);
3309 apr_bucket_delete(newb);
3317 /* we're currently looking for the end of the start sequence */
3319 index = find_partial_start_sequence(ctx, data, len, &release);
3321 /* check if we mismatched earlier and have to release some chars */
3322 if (release && (ctx->flags & SSI_FLAG_PRINTING)) {
3323 char *to_release = apr_palloc(ctx->pool, release);
3325 memcpy(to_release, intern->start_seq, release);
3326 newb = apr_bucket_pool_create(to_release, release, ctx->pool,
3327 f->c->bucket_alloc);
3328 APR_BRIGADE_INSERT_TAIL(pass_bb, newb);
3331 if (index) { /* any match */
3332 /* now delete the start_seq stuff from the remaining bucket */
3333 if (PARSE_DIRECTIVE == intern->state) { /* final match */
3334 apr_bucket_split(b, index);
3335 ctx->flush_now = 1; /* pass pre-tag stuff */
3337 newb = APR_BUCKET_NEXT(b);
3338 apr_bucket_delete(b);
3344 /* we're currently grabbing the directive name */
3345 case PARSE_DIRECTIVE:
3346 case PARSE_DIRECTIVE_POSTNAME:
3347 case PARSE_DIRECTIVE_TAIL:
3348 case PARSE_DIRECTIVE_POSTTAIL:
3349 index = find_directive(ctx, data, len, &store, &store_len);
3352 apr_bucket_split(b, index);
3353 newb = APR_BUCKET_NEXT(b);
3358 APR_BUCKET_REMOVE(b);
3359 APR_BRIGADE_INSERT_TAIL(intern->tmp_bb, b);
3363 /* time for cleanup? */
3364 if (store != &magic) {
3365 apr_brigade_pflatten(intern->tmp_bb, store, store_len,
3367 apr_brigade_cleanup(intern->tmp_bb);
3371 apr_bucket_delete(b);
3377 /* skip WS and find out what comes next (arg or end_seq) */
3379 index = find_arg_or_tail(ctx, data, len);
3381 if (index) { /* skipped whitespaces */
3383 apr_bucket_split(b, index);
3385 newb = APR_BUCKET_NEXT(b);
3386 apr_bucket_delete(b);
3392 /* currently parsing name[=val] */
3394 case PARSE_ARG_NAME:
3395 case PARSE_ARG_POSTNAME:
3397 case PARSE_ARG_PREVAL:
3399 case PARSE_ARG_VAL_ESC:
3400 case PARSE_ARG_POSTVAL:
3401 index = find_argument(ctx, data, len, &store, &store_len);
3404 apr_bucket_split(b, index);
3405 newb = APR_BUCKET_NEXT(b);
3410 APR_BUCKET_REMOVE(b);
3411 APR_BRIGADE_INSERT_TAIL(intern->tmp_bb, b);
3415 /* time for cleanup? */
3416 if (store != &magic) {
3417 apr_brigade_pflatten(intern->tmp_bb, store, store_len,
3419 apr_brigade_cleanup(intern->tmp_bb);
3423 apr_bucket_delete(b);
3429 /* try to match end_seq at current pos. */
3431 case PARSE_TAIL_SEQ:
3432 index = find_tail(ctx, data, len);
3434 switch (intern->state) {
3435 case PARSE_EXECUTE: /* full match */
3436 apr_bucket_split(b, index);
3437 newb = APR_BUCKET_NEXT(b);
3438 apr_bucket_delete(b);
3442 case PARSE_ARG: /* no match */
3443 /* PARSE_ARG must reparse at the beginning */
3444 APR_BRIGADE_PREPEND(bb, intern->tmp_bb);
3445 b = APR_BRIGADE_FIRST(bb);
3448 default: /* partial match */
3449 newb = APR_BUCKET_NEXT(b);
3450 APR_BUCKET_REMOVE(b);
3451 APR_BRIGADE_INSERT_TAIL(intern->tmp_bb, b);
3458 /* now execute the parsed directive, cleanup the space and
3459 * start again with PARSE_PRE_HEAD
3462 /* if there was an error, it was already logged; just stop here */
3463 if (intern->error) {
3464 if (ctx->flags & SSI_FLAG_PRINTING) {
3465 SSI_CREATE_ERROR_BUCKET(ctx, f, pass_bb);
3470 include_handler_fn_t *handle_func;
3472 handle_func = apr_hash_get(include_handlers, intern->directive,
3473 intern->directive_len);
3476 DEBUG_INIT(ctx, f, pass_bb);
3477 rv = handle_func(ctx, f, pass_bb);
3478 if (!APR_STATUS_IS_SUCCESS(rv)) {
3479 apr_brigade_destroy(pass_bb);
3484 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
3485 "unknown directive \"%s\" in parsed doc %s",
3486 apr_pstrmemdup(r->pool, intern->directive,
3487 intern->directive_len),
3489 if (ctx->flags & SSI_FLAG_PRINTING) {
3490 SSI_CREATE_ERROR_BUCKET(ctx, f, pass_bb);
3496 apr_pool_clear(ctx->dpool);
3497 apr_brigade_cleanup(intern->tmp_bb);
3499 /* Oooof. Done here, start next round */
3500 intern->state = PARSE_PRE_HEAD;
3503 } /* switch(ctx->state) */
3505 } /* while(brigade) */
3507 /* End of stream. Final cleanup */
3508 if (intern->seen_eos) {
3509 if (PARSE_HEAD == intern->state) {
3510 if (ctx->flags & SSI_FLAG_PRINTING) {
3511 char *to_release = apr_palloc(ctx->pool, intern->parse_pos);
3513 memcpy(to_release, intern->start_seq, intern->parse_pos);
3514 APR_BRIGADE_INSERT_TAIL(pass_bb,
3515 apr_bucket_pool_create(to_release,
3516 intern->parse_pos, ctx->pool,
3517 f->c->bucket_alloc));
3520 else if (PARSE_PRE_HEAD != intern->state) {
3521 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
3522 "SSI directive was not properly finished at the end "
3523 "of parsed document %s", r->filename);
3524 if (ctx->flags & SSI_FLAG_PRINTING) {
3525 SSI_CREATE_ERROR_BUCKET(ctx, f, pass_bb);
3529 if (!(ctx->flags & SSI_FLAG_PRINTING)) {
3530 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
3531 "missing closing endif directive in parsed document"
3532 " %s", r->filename);
3535 /* cleanup our temporary memory */
3536 apr_brigade_destroy(intern->tmp_bb);
3537 apr_pool_destroy(ctx->dpool);
3539 /* don't forget to finally insert the EOS bucket */
3540 APR_BRIGADE_INSERT_TAIL(pass_bb, b);
3543 /* if something's left over, pass it along */
3544 if (!APR_BRIGADE_EMPTY(pass_bb)) {
3545 rv = ap_pass_brigade(f->next, pass_bb);
3551 apr_brigade_destroy(pass_bb);
3557 * +-------------------------------------------------------+
3561 * +-------------------------------------------------------+
3564 static int includes_setup(ap_filter_t *f)
3566 include_dir_config *conf = ap_get_module_config(f->r->per_dir_config,
3569 /* When our xbithack value isn't set to full or our platform isn't
3570 * providing group-level protection bits or our group-level bits do not
3571 * have group-execite on, we will set the no_local_copy value to 1 so
3572 * that we will not send 304s.
3574 if ((conf->xbithack != XBITHACK_FULL)
3575 || !(f->r->finfo.valid & APR_FINFO_GPROT)
3576 || !(f->r->finfo.protection & APR_GEXECUTE)) {
3577 f->r->no_local_copy = 1;
3583 static apr_status_t includes_filter(ap_filter_t *f, apr_bucket_brigade *b)
3585 request_rec *r = f->r;
3586 include_ctx_t *ctx = f->ctx;
3587 request_rec *parent;
3588 include_dir_config *conf = ap_get_module_config(r->per_dir_config,
3591 include_server_config *sconf= ap_get_module_config(r->server->module_config,
3594 if (!(ap_allow_options(r) & OPT_INCLUDES)) {
3595 return ap_pass_brigade(f->next, b);
3599 struct ssi_internal_ctx *intern;
3601 /* create context for this filter */
3602 f->ctx = ctx = apr_palloc(r->pool, sizeof(*ctx));
3603 ctx->intern = intern = apr_palloc(r->pool, sizeof(*ctx->intern));
3604 ctx->pool = r->pool;
3605 apr_pool_create(&ctx->dpool, ctx->pool);
3608 intern->tmp_bb = apr_brigade_create(ctx->pool, f->c->bucket_alloc);
3609 intern->seen_eos = 0;
3610 intern->state = PARSE_PRE_HEAD;
3611 ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
3612 if (ap_allow_options(r) & OPT_INCNOEXEC) {
3613 ctx->flags |= SSI_FLAG_NO_EXEC;
3616 ctx->if_nesting_level = 0;
3619 ctx->error_str = conf->default_error_msg;
3620 ctx->time_str = conf->default_time_fmt;
3621 intern->start_seq = sconf->default_start_tag;
3622 intern->start_seq_pat = bndm_compile(ctx->pool, intern->start_seq,
3623 strlen(intern->start_seq));
3624 intern->end_seq = sconf->default_end_tag;
3625 intern->end_seq_len = strlen(intern->end_seq);
3628 if ((parent = ap_get_module_config(r->request_config, &include_module))) {
3629 /* Kludge --- for nested includes, we want to keep the subprocess
3630 * environment of the base document (for compatibility); that means
3631 * torquing our own last_modified date as well so that the
3632 * LAST_MODIFIED variable gets reset to the proper value if the
3633 * nested document resets <!--#config timefmt -->.
3635 r->subprocess_env = r->main->subprocess_env;
3636 apr_pool_join(r->main->pool, r->pool);
3637 r->finfo.mtime = r->main->finfo.mtime;
3640 /* we're not a nested include, so we create an initial
3642 ap_add_common_vars(r);
3644 add_include_vars(r, conf->default_time_fmt);
3646 /* Always unset the content-length. There is no way to know if
3647 * the content will be modified at some point by send_parsed_content.
3648 * It is very possible for us to not find any content in the first
3649 * 9k of the file, but still have to modify the content of the file.
3650 * If we are going to pass the file through send_parsed_content, then
3651 * the content-length should just be unset.
3653 apr_table_unset(f->r->headers_out, "Content-Length");
3655 /* Always unset the ETag/Last-Modified fields - see RFC2616 - 13.3.4.
3656 * We don't know if we are going to be including a file or executing
3657 * a program which may change the Last-Modified header or make the
3658 * content completely dynamic. Therefore, we can't support these
3660 * Exception: XBitHack full means we *should* set the Last-Modified field.
3662 apr_table_unset(f->r->headers_out, "ETag");
3664 /* Assure the platform supports Group protections */
3665 if ((conf->xbithack == XBITHACK_FULL)
3666 && (r->finfo.valid & APR_FINFO_GPROT)
3667 && (r->finfo.protection & APR_GEXECUTE)) {
3668 ap_update_mtime(r, r->finfo.mtime);
3669 ap_set_last_modified(r);
3672 apr_table_unset(f->r->headers_out, "Last-Modified");
3675 /* add QUERY stuff to env cause it ain't yet */
3677 char *arg_copy = apr_pstrdup(r->pool, r->args);
3679 apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
3680 ap_unescape_url(arg_copy);
3681 apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
3682 ap_escape_shell_cmd(r->pool, arg_copy));
3685 return send_parsed_content(f, b);
3688 static int include_fixup(request_rec *r)
3690 include_dir_config *conf;
3692 conf = ap_get_module_config(r->per_dir_config, &include_module);
3694 if (r->handler && (strcmp(r->handler, "server-parsed") == 0))
3696 if (!r->content_type || !*r->content_type) {
3697 ap_set_content_type(r, "text/html");
3699 r->handler = "default-handler";
3702 #if defined(OS2) || defined(WIN32) || defined(NETWARE)
3703 /* These OS's don't support xbithack. This is being worked on. */
3709 if (conf->xbithack == XBITHACK_OFF) {
3713 if (!(r->finfo.protection & APR_UEXECUTE)) {
3717 if (!r->content_type || strcmp(r->content_type, "text/html")) {
3723 /* We always return declined, because the default handler actually
3724 * serves the file. All we have to do is add the filter.
3726 ap_add_output_filter("INCLUDES", NULL, r, r->connection);
3732 * +-------------------------------------------------------+
3734 * | Configuration Handling
3736 * +-------------------------------------------------------+
3739 static void *create_includes_dir_config(apr_pool_t *p, char *dummy)
3741 include_dir_config *result = apr_palloc(p, sizeof(include_dir_config));
3743 result->default_error_msg = DEFAULT_ERROR_MSG;
3744 result->default_time_fmt = DEFAULT_TIME_FORMAT;
3745 result->xbithack = DEFAULT_XBITHACK;
3750 static void *create_includes_server_config(apr_pool_t *p, server_rec *server)
3752 include_server_config *result;
3754 result = apr_palloc(p, sizeof(include_server_config));
3755 result->default_end_tag = DEFAULT_END_SEQUENCE;
3756 result->default_start_tag = DEFAULT_START_SEQUENCE;
3757 result->undefined_echo = DEFAULT_UNDEFINED_ECHO;
3758 result->undefined_echo_len = sizeof(DEFAULT_UNDEFINED_ECHO) - 1;
3763 static const char *set_xbithack(cmd_parms *cmd, void *mconfig, const char *arg)
3765 include_dir_config *conf = mconfig;
3767 if (!strcasecmp(arg, "off")) {
3768 conf->xbithack = XBITHACK_OFF;
3770 else if (!strcasecmp(arg, "on")) {
3771 conf->xbithack = XBITHACK_ON;
3773 else if (!strcasecmp(arg, "full")) {
3774 conf->xbithack = XBITHACK_FULL;
3777 return "XBitHack must be set to Off, On, or Full";
3783 static const char *set_default_start_tag(cmd_parms *cmd, void *mconfig,
3786 include_server_config *conf;
3787 const char *p = tag;
3789 /* be consistent. (See below in set_default_end_tag) */
3791 if (apr_isspace(*p)) {
3792 return "SSIStartTag may not contain any whitespaces";
3797 conf= ap_get_module_config(cmd->server->module_config , &include_module);
3798 conf->default_start_tag = tag;
3803 static const char *set_default_end_tag(cmd_parms *cmd, void *mconfig,
3806 include_server_config *conf;
3807 const char *p = tag;
3809 /* sanity check. The parser may fail otherwise */
3811 if (apr_isspace(*p)) {
3812 return "SSIEndTag may not contain any whitespaces";
3817 conf= ap_get_module_config(cmd->server->module_config , &include_module);
3818 conf->default_end_tag = tag;
3823 static const char *set_undefined_echo(cmd_parms *cmd, void *mconfig,
3826 include_server_config *conf;
3828 conf = ap_get_module_config(cmd->server->module_config, &include_module);
3829 conf->undefined_echo = msg;
3830 conf->undefined_echo_len = strlen(msg);
3835 static const char *set_default_error_msg(cmd_parms *cmd, void *mconfig,
3838 include_dir_config *conf = mconfig;
3839 conf->default_error_msg = msg;
3844 static const char *set_default_time_fmt(cmd_parms *cmd, void *mconfig,
3847 include_dir_config *conf = mconfig;
3848 conf->default_time_fmt = fmt;
3855 * +-------------------------------------------------------+
3857 * | Module Initialization and Configuration
3859 * +-------------------------------------------------------+
3862 static int include_post_config(apr_pool_t *p, apr_pool_t *plog,
3863 apr_pool_t *ptemp, server_rec *s)
3865 include_handlers = apr_hash_make(p);
3867 ssi_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_include_handler);
3869 if(ssi_pfn_register) {
3870 ssi_pfn_register("if", handle_if);
3871 ssi_pfn_register("set", handle_set);
3872 ssi_pfn_register("else", handle_else);
3873 ssi_pfn_register("elif", handle_elif);
3874 ssi_pfn_register("echo", handle_echo);
3875 ssi_pfn_register("endif", handle_endif);
3876 ssi_pfn_register("fsize", handle_fsize);
3877 ssi_pfn_register("config", handle_config);
3878 ssi_pfn_register("include", handle_include);
3879 ssi_pfn_register("flastmod", handle_flastmod);
3880 ssi_pfn_register("printenv", handle_printenv);
3886 static const command_rec includes_cmds[] =
3888 AP_INIT_TAKE1("XBitHack", set_xbithack, NULL, OR_OPTIONS,
3889 "Off, On, or Full"),
3890 AP_INIT_TAKE1("SSIErrorMsg", set_default_error_msg, NULL, OR_ALL,
3892 AP_INIT_TAKE1("SSITimeFormat", set_default_time_fmt, NULL, OR_ALL,
3893 "a strftime(3) formatted string"),
3894 AP_INIT_TAKE1("SSIStartTag", set_default_start_tag, NULL, RSRC_CONF,
3895 "SSI Start String Tag"),
3896 AP_INIT_TAKE1("SSIEndTag", set_default_end_tag, NULL, RSRC_CONF,
3897 "SSI End String Tag"),
3898 AP_INIT_TAKE1("SSIUndefinedEcho", set_undefined_echo, NULL, RSRC_CONF,
3899 "String to be displayed if an echoed variable is undefined"),
3903 static void ap_register_include_handler(char *tag, include_handler_fn_t *func)
3905 apr_hash_set(include_handlers, tag, strlen(tag), (const void *)func);
3908 static void register_hooks(apr_pool_t *p)
3910 APR_REGISTER_OPTIONAL_FN(ap_ssi_get_tag_and_value);
3911 APR_REGISTER_OPTIONAL_FN(ap_ssi_parse_string);
3912 APR_REGISTER_OPTIONAL_FN(ap_register_include_handler);
3913 ap_hook_post_config(include_post_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
3914 ap_hook_fixups(include_fixup, NULL, NULL, APR_HOOK_LAST);
3915 ap_register_output_filter("INCLUDES", includes_filter, includes_setup,
3919 module AP_MODULE_DECLARE_DATA include_module =
3921 STANDARD20_MODULE_STUFF,
3922 create_includes_dir_config, /* dir config creater */
3923 NULL, /* dir merger --- default is to override */
3924 create_includes_server_config,/* server config */
3925 NULL, /* merge server config */
3926 includes_cmds, /* command apr_table_t */
3927 register_hooks /* register hooks */