1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
60 * http_include.c: Handles the server-parsed HTML documents
62 * Original by Rob McCool; substantial fixups by David Robinson;
63 * incorporated into the Apache module framework by rst.
67 * sub key may be anything a Perl*Handler can be:
68 * subroutine name, package name (defaults to package::handler),
69 * Class->method call or anoymous sub {}
71 * Child <!--#perl sub="sub {print $$}" --> accessed
72 * <!--#perl sub="sub {print ++$Access::Cnt }" --> times. <br>
74 * <!--#perl arg="one" sub="mymod::includer" -->
88 #include "modules/perl/mod_perl.h"
90 #include "ap_config.h"
92 #include "http_config.h"
93 #include "http_request.h"
94 #include "http_core.h"
95 #include "http_protocol.h"
97 #include "http_main.h"
98 #include "util_script.h"
99 #include "http_core.h"
105 #include "util_ebcdic.h"
107 #define STARTING_SEQUENCE "<!--#"
108 #define ENDING_SEQUENCE "-->"
109 #define DEFAULT_ERROR_MSG "[an error occurred while processing this directive]"
110 #define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
111 #define SIZEFMT_BYTES 0
112 #define SIZEFMT_KMG 1
113 #ifdef CHARSET_EBCDIC
114 #define RAW_ASCII_CHAR(ch) ap_xlate_conv_byte(ap_hdrs_from_ascii, (unsigned char)ch)
115 #else /*CHARSET_EBCDIC*/
116 #define RAW_ASCII_CHAR(ch) (ch)
117 #endif /*CHARSET_EBCDIC*/
119 module MODULE_VAR_EXPORT includes_module;
121 /* just need some arbitrary non-NULL pointer which can't also be a request_rec */
122 #define NESTED_INCLUDE_MAGIC (&includes_module)
124 /* TODO: changing directory should be handled by CreateProcess */
125 #define ap_chdir_file(x) do {} while(0)
127 /* ------------------------ Environment function -------------------------- */
129 /* XXX: could use ap_table_overlap here */
130 static void add_include_vars(request_rec *r, char *timefmt)
134 #endif /* ndef WIN32 */
135 ap_table_t *e = r->subprocess_env;
137 ap_time_t date = r->request_time;
139 ap_table_setn(e, "DATE_LOCAL", ap_ht_time(r->pool, date, timefmt, 0));
140 ap_table_setn(e, "DATE_GMT", ap_ht_time(r->pool, date, timefmt, 1));
141 ap_table_setn(e, "LAST_MODIFIED",
142 ap_ht_time(r->pool, r->finfo.mtime, timefmt, 0));
143 ap_table_setn(e, "DOCUMENT_URI", r->uri);
144 ap_table_setn(e, "DOCUMENT_PATH_INFO", r->path_info);
146 pw = getpwuid(r->finfo.user);
148 ap_table_setn(e, "USER_NAME", ap_pstrdup(r->pool, pw->pw_name));
151 ap_table_setn(e, "USER_NAME", ap_psprintf(r->pool, "user#%lu",
152 (unsigned long) r->finfo.user));
154 #endif /* ndef WIN32 */
156 if ((t = strrchr(r->filename, '/'))) {
157 ap_table_setn(e, "DOCUMENT_NAME", ++t);
160 ap_table_setn(e, "DOCUMENT_NAME", r->uri);
163 char *arg_copy = ap_pstrdup(r->pool, r->args);
165 ap_unescape_url(arg_copy);
166 ap_table_setn(e, "QUERY_STRING_UNESCAPED",
167 ap_escape_shell_cmd(r->pool, arg_copy));
173 /* --------------------------- Parser functions --------------------------- */
175 #define OUTBUFSIZE 4096
176 /* PUT_CHAR and FLUSH_BUF currently only work within the scope of
177 * find_string(); they are hacks to avoid calling rputc for each and
178 * every character output. A common set of buffering calls for this
179 * type of output SHOULD be implemented.
181 #define PUT_CHAR(c,r) \
183 outbuf[outind++] = c; \
184 if (outind == OUTBUFSIZE) { \
189 /* there SHOULD be some error checking on the return value of
190 * rwrite, however it is unclear what the API for rwrite returning
191 * errors is and little can really be done to help the error in
194 #define FLUSH_BUF(r) \
196 ap_rwrite(outbuf, outind, r); \
201 * f: file handle being read from
202 * c: character to read into
203 * ret: return value to use if input fails
204 * r: current request_rec
206 * This macro is redefined after find_string() for historical reasons
207 * to avoid too many code changes. This is one of the many things
208 * that should be fixed.
210 #define GET_CHAR(f,c,ret,r) \
212 ap_status_t status = ap_getc(&c, f); \
213 if (status != APR_SUCCESS) { /* either EOF or error -- needs error handling if latter */ \
214 if (status != APR_EOF) { \
215 ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, \
216 "encountered error in GET_CHAR macro, " \
225 static int find_string(ap_file_t *in, const char *str, request_rec *r, int printing)
227 int x, l = strlen(str), p;
228 char outbuf[OUTBUFSIZE];
234 GET_CHAR(in, c, 1, r);
243 for (x = 0; x < p; x++) {
256 #define GET_CHAR(f,c,r,p) \
258 ap_status_t status = ap_getc(&c, f); \
259 if (status != APR_SUCCESS) { /* either EOF or error -- needs error handling if latter */ \
260 if (status != APR_EOF) { \
261 ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, \
262 "encountered error in GET_CHAR macro, " \
271 * decodes a string containing html entities or numeric character references.
272 * 's' is overwritten with the decoded string.
273 * If 's' is syntatically incorrect, then the followed fixups will be made:
274 * unknown entities will be left undecoded;
275 * references to unused numeric characters will be deleted.
276 * In particular, � will not be decoded, but will be deleted.
281 /* maximum length of any ISO-LATIN-1 HTML entity name. */
282 #define MAXENTLEN (6)
284 /* The following is a shrinking transformation, therefore safe. */
286 static void decodehtml(char *s)
291 static const char * const entlist[MAXENTLEN + 1] =
295 "lt\074gt\076", /* 2 */
296 "amp\046ETH\320eth\360", /* 3 */
297 "quot\042Auml\304Euml\313Iuml\317Ouml\326Uuml\334auml\344euml\353\
298 iuml\357ouml\366uuml\374yuml\377", /* 4 */
299 "Acirc\302Aring\305AElig\306Ecirc\312Icirc\316Ocirc\324Ucirc\333\
300 THORN\336szlig\337acirc\342aring\345aelig\346ecirc\352icirc\356ocirc\364\
301 ucirc\373thorn\376", /* 5 */
302 "Agrave\300Aacute\301Atilde\303Ccedil\307Egrave\310Eacute\311\
303 Igrave\314Iacute\315Ntilde\321Ograve\322Oacute\323Otilde\325Oslash\330\
304 Ugrave\331Uacute\332Yacute\335agrave\340aacute\341atilde\343ccedil\347\
305 egrave\350eacute\351igrave\354iacute\355ntilde\361ograve\362oacute\363\
306 otilde\365oslash\370ugrave\371uacute\372yacute\375" /* 6 */
309 for (; *s != '\0'; s++, p++) {
314 /* find end of entity */
315 for (i = 1; s[i] != ';' && s[i] != '\0'; i++) {
319 if (s[i] == '\0') { /* treat as normal data */
324 /* is it numeric ? */
326 for (j = 2, val = 0; j < i && ap_isdigit(s[j]); j++) {
327 val = val * 10 + s[j] - '0';
330 if (j < i || val <= 8 || (val >= 11 && val <= 31) ||
331 (val >= 127 && val <= 160) || val >= 256) {
332 p--; /* no data to output */
335 *p = RAW_ASCII_CHAR(val);
340 if (j > MAXENTLEN || entlist[j] == NULL) {
343 continue; /* skip it */
345 for (ents = entlist[j]; *ents != '\0'; ents += i) {
346 if (strncmp(s + 1, ents, j) == 0) {
352 *p = '&'; /* unknown */
355 *p = RAW_ASCII_CHAR(((const unsigned char *) ents)[j]);
365 * extract the next tag name and value.
366 * if there are no more tags, set the tag name to 'done'
367 * the tag value is html decoded if dodecode is non-zero
370 static char *get_tag(ap_pool_t *p, ap_file_t *in, char *tag, int tagbuf_len, int dodecode)
372 char *t = tag, *tag_val, c, term;
374 /* makes code below a little less cluttered */
377 do { /* skip whitespace */
378 GET_CHAR(in, c, NULL, p);
379 } while (ap_isspace(c));
381 /* tags can't start with - */
383 GET_CHAR(in, c, NULL, p);
386 GET_CHAR(in, c, NULL, p);
387 } while (ap_isspace(c));
389 ap_cpystrn(tag, "done", tagbuf_len);
393 return NULL; /* failed */
396 /* find end of tag name */
398 if (t - tag == tagbuf_len) {
402 if (c == '=' || ap_isspace(c)) {
405 *(t++) = ap_tolower(c);
406 GET_CHAR(in, c, NULL, p);
412 while (ap_isspace(c)) {
413 GET_CHAR(in, c, NULL, p); /* space before = */
421 GET_CHAR(in, c, NULL, p); /* space after = */
422 } while (ap_isspace(c));
424 /* we should allow a 'name' as a value */
426 if (c != '"' && c != '\'') {
431 GET_CHAR(in, c, NULL, p);
432 if (t - tag == tagbuf_len) {
436 /* Want to accept \" as a valid character within a string. */
438 *(t++) = c; /* Add backslash */
439 GET_CHAR(in, c, NULL, p);
440 if (c == term) { /* Only if */
441 *(--t) = c; /* Replace backslash ONLY for terminator */
444 else if (c == term) {
453 return ap_pstrdup(p, tag_val);
456 static int get_directive(ap_file_t *in, char *dest, size_t len, ap_pool_t *p)
461 /* make room for nul terminator */
464 /* skip initial whitespace */
466 GET_CHAR(in, c, 1, p);
467 if (!ap_isspace(c)) {
471 /* now get directive */
473 if (d - dest == len) {
476 *d++ = ap_tolower(c);
477 GET_CHAR(in, c, 1, p);
487 * Do variable substitution on strings
489 static void parse_string(request_rec *r, const char *in, char *out,
490 size_t length, int leave_name)
496 /* leave room for nul terminator */
497 end_out = out + length - 1;
499 while ((ch = *in++) != '\0') {
502 if (next == end_out) {
516 char var[MAX_STRING_LEN];
517 const char *start_of_var_name;
518 const char *end_of_var_name; /* end of var name + 1 */
519 const char *expansion;
523 /* guess that the expansion won't happen */
527 start_of_var_name = in;
528 in = strchr(in, '}');
530 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
531 0, r, "Missing '}' on variable \"%s\"",
536 end_of_var_name = in;
540 start_of_var_name = in;
541 while (ap_isalnum(*in) || *in == '_') {
544 end_of_var_name = in;
546 /* what a pain, too bad there's no table_getn where you can
547 * pass a non-nul terminated string */
548 l = end_of_var_name - start_of_var_name;
550 l = (l > sizeof(var) - 1) ? (sizeof(var) - 1) : l;
551 memcpy(var, start_of_var_name, l);
554 val = ap_table_get(r->subprocess_env, var);
557 l = strlen(expansion);
559 else if (leave_name) {
563 break; /* no expansion to be done */
567 /* zero-length variable name causes just the $ to be copied */
570 l = (l > end_out - next) ? (end_out - next) : l;
571 memcpy(next, expansion, l);
576 if (next == end_out) {
589 /* --------------------------- Action handlers ---------------------------- */
591 static int include_cgi(char *s, request_rec *r)
593 request_rec *rr = ap_sub_req_lookup_uri(s, r);
596 if (rr->status != HTTP_OK) {
600 /* No hardwired path info or query allowed */
602 if ((rr->path_info && rr->path_info[0]) || rr->args) {
605 if (rr->finfo.protection == 0) {
609 /* Script gets parameters of the *document*, for back compatibility */
611 rr->path_info = r->path_info; /* hard to get right; see mod_cgi.c */
614 /* Force sub_req to be treated as a CGI request, even if ordinary
615 * typing rules would have called it something else.
618 rr->content_type = CGI_MAGIC_TYPE;
622 rr_status = ap_run_sub_req(rr);
623 if (ap_is_HTTP_REDIRECT(rr_status)) {
624 const char *location = ap_table_get(rr->headers_out, "Location");
625 location = ap_escape_html(rr->pool, location);
626 ap_rvputs(r, "<A HREF=\"", location, "\">", location, "</A>", NULL);
629 ap_destroy_sub_req(rr);
630 ap_chdir_file(r->filename);
635 /* ensure that path is relative, and does not contain ".." elements
636 * ensentially ensure that it does not match the regex:
637 * (^/|(^|/)\.\.(/|$))
638 * XXX: this needs os abstraction... consider c:..\foo in win32
640 static int is_only_below(const char *path)
642 #ifdef HAVE_DRIVE_LETTERS
646 if (path[0] == '/') {
649 if (path[0] == '.' && path[1] == '.'
650 && (path[2] == '\0' || path[2] == '/')) {
654 if (*path == '/' && path[1] == '.' && path[2] == '.'
655 && (path[3] == '\0' || path[3] == '/')) {
663 static int handle_include(ap_file_t *in, request_rec *r, const char *error, int noexec)
665 char tag[MAX_STRING_LEN];
666 char parsed_string[MAX_STRING_LEN];
670 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
673 if (!strcmp(tag, "file") || !strcmp(tag, "virtual")) {
674 request_rec *rr = NULL;
675 char *error_fmt = NULL;
677 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
679 /* be safe; only files in this directory or below allowed */
680 if (!is_only_below(parsed_string)) {
681 error_fmt = "unable to include file \"%s\" "
685 rr = ap_sub_req_lookup_file(parsed_string, r);
689 rr = ap_sub_req_lookup_uri(parsed_string, r);
692 if (!error_fmt && rr->status != HTTP_OK) {
693 error_fmt = "unable to include \"%s\" in parsed file %s";
696 if (!error_fmt && noexec && rr->content_type
697 && (strncmp(rr->content_type, "text/", 5))) {
698 error_fmt = "unable to include potential exec \"%s\" "
701 if (error_fmt == NULL) {
702 /* try to avoid recursive includes. We do this by walking
703 * up the r->main list of subrequests, and at each level
704 * walking back through any internal redirects. At each
705 * step, we compare the filenames and the URIs.
707 * The filename comparison catches a recursive include
708 * with an ever-changing URL, eg.
709 * <!--#include virtual=
710 * "$REQUEST_URI/$QUERY_STRING?$QUERY_STRING/x"-->
711 * which, although they would eventually be caught because
712 * we have a limit on the length of files, etc., can
713 * recurse for a while.
715 * The URI comparison catches the case where the filename
716 * is changed while processing the request, so the
717 * current name is never the same as any previous one.
718 * This can happen with "DocumentRoot /foo" when you
719 * request "/" on the server and it includes "/".
720 * This only applies to modules such as mod_dir that
721 * (somewhat improperly) mess with r->filename outside
722 * of a filename translation phase.
726 for (p = r; p != NULL && !founddupe; p = p->main) {
728 for (q = p; q != NULL; q = q->prev) {
729 if ( (strcmp(q->filename, rr->filename) == 0) ||
730 (strcmp(q->uri, rr->uri) == 0) ){
738 error_fmt = "Recursive include of \"%s\" "
743 /* see the Kludge in send_parsed_file for why */
745 ap_set_module_config(rr->request_config, &includes_module, r);
747 if (!error_fmt && ap_run_sub_req(rr)) {
748 error_fmt = "unable to include \"%s\" in parsed file %s";
750 ap_chdir_file(r->filename);
752 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
753 0, r, error_fmt, tag_val, r->filename);
757 /* destroy the sub request if it's not a nested include */
759 && ap_get_module_config(rr->request_config, &includes_module)
760 != NESTED_INCLUDE_MAGIC) {
761 ap_destroy_sub_req(rr);
764 else if (!strcmp(tag, "done")) {
768 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
769 "unknown parameter \"%s\" to tag include in %s",
786 static ap_status_t build_argv_list(char ***argv, request_rec *r, ap_pool_t *p)
788 int numwords, x, idx;
790 const char *args = r->args;
792 if (!args || !args[0] || strchr(args, '=')) {
796 /* count the number of keywords */
797 for (x = 0, numwords = 1; args[x]; x++) {
798 if (args[x] == '+') {
803 /* Everything is - 1 to account for the first parameter which is the
804 * program name. We didn't used to have to do this, but APR wants it.
806 if (numwords > APACHE_ARG_MAX - 1) {
807 numwords = APACHE_ARG_MAX - 1; /* Truncate args to prevent overrun */
809 *argv = (char **) ap_palloc(p, (numwords + 2) * sizeof(char *));
811 for (x = 1, idx = 1; x < numwords; x++) {
812 w = ap_getword_nulls(p, &args, '+');
814 (*argv)[idx++] = ap_escape_shell_cmd(p, w);
823 static int include_cmd(char *s, request_rec *r)
827 ap_procattr_t *procattr;
830 ap_table_t *env = r->subprocess_env;
832 ap_file_t *file = NULL;
834 #if defined(RLIMIT_CPU) || defined(RLIMIT_NPROC) || \
835 defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined (RLIMIT_AS)
836 core_dir_config *conf;
837 conf = (core_dir_config *) ap_get_module_config(r->per_dir_config,
844 arg.t.filename = r->filename;
845 arg.t.subprocess_env = r->subprocess_env;
846 arg.t.prog_type = FORK_FILE;
849 if (r->path_info && r->path_info[0] != '\0') {
852 ap_table_setn(env, "PATH_INFO", ap_escape_shell_cmd(r->pool, r->path_info));
854 pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r);
855 if (pa_req->filename) {
856 ap_table_setn(env, "PATH_TRANSLATED",
857 ap_pstrcat(r->pool, pa_req->filename, pa_req->path_info,
863 char *arg_copy = ap_pstrdup(r->pool, r->args);
865 ap_table_setn(env, "QUERY_STRING", r->args);
866 ap_unescape_url(arg_copy);
867 ap_table_setn(env, "QUERY_STRING_UNESCAPED",
868 ap_escape_shell_cmd(r->pool, arg_copy));
871 if ((ap_createprocattr_init(&procattr, r->pool) != APR_SUCCESS) ||
872 (ap_setprocattr_io(procattr, APR_NO_PIPE,
873 APR_FULL_BLOCK, APR_NO_PIPE) != APR_SUCCESS) ||
874 (ap_setprocattr_dir(procattr, ap_make_dirstr_parent(r->pool, r->filename)) != APR_SUCCESS) ||
876 ((rc = ap_setprocattr_limit(procattr, APR_LIMIT_CPU, conf->limit_cpu)) != APR_SUCCESS) ||
878 #if defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_AS)
879 ((rc = ap_setprocattr_limit(procattr, APR_LIMIT_MEM, conf->limit_mem)) != APR_SUCCESS) ||
882 ((rc = ap_setprocattr_limit(procattr, APR_LIMIT_NPROC, conf->limit_nproc)) != APR_SUCCESS) ||
884 (ap_setprocattr_cmdtype(procattr, APR_SHELLCMD) != APR_SUCCESS)) {
885 /* Something bad happened, tell the world. */
886 ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
887 "couldn't initialize proc attributes: %s %s", r->filename, s);
891 build_argv_list(&argv, r, r->pool);
892 argv[0] = ap_pstrdup(r->pool, s);
893 rc = ap_create_process(&procnew, s, argv, ap_create_environment(r->pool, env), procattr, r->pool);
895 if (rc != APR_SUCCESS) {
896 /* Bad things happened. Everyone should have cleaned up. */
897 ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
898 "couldn't create child process: %d: %s", rc, s);
901 ap_note_subprocess(r->pool, &procnew, kill_after_timeout);
902 /* Fill in BUFF structure for parents pipe to child's stdout */
904 iol = ap_create_file_iol(file);
907 script_in = ap_bcreate(r->pool, B_RD);
908 ap_bpush_iol(script_in, iol);
909 ap_send_fb(script_in, r);
910 ap_bclose(script_in);
917 static int handle_exec(ap_file_t *in, request_rec *r, const char *error)
919 char tag[MAX_STRING_LEN];
921 char *file = r->filename;
922 char parsed_string[MAX_STRING_LEN];
925 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
928 if (!strcmp(tag, "cmd")) {
929 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 1);
930 if (include_cmd(parsed_string, r) == -1) {
931 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
932 "execution failure for parameter \"%s\" "
933 "to tag exec in file %s",
937 /* just in case some stooge changed directories */
938 ap_chdir_file(r->filename);
940 else if (!strcmp(tag, "cgi")) {
941 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
942 if (include_cgi(parsed_string, r) == -1) {
943 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
944 "invalid CGI ref \"%s\" in %s", tag_val, file);
947 ap_chdir_file(r->filename);
949 else if (!strcmp(tag, "done")) {
953 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
954 "unknown parameter \"%s\" to tag exec in %s",
962 static int handle_echo(ap_file_t *in, request_rec *r, const char *error)
964 char tag[MAX_STRING_LEN];
966 enum {E_NONE, E_URL, E_ENTITY} encode;
971 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
974 if (!strcmp(tag, "var")) {
975 const char *val = ap_table_get(r->subprocess_env, tag_val);
978 if (encode == E_NONE) {
981 else if (encode == E_URL) {
982 ap_rputs(ap_escape_uri(r->pool, val), r);
984 else if (encode == E_ENTITY) {
985 ap_rputs(ap_escape_html(r->pool, val), r);
989 ap_rputs("(none)", r);
992 else if (!strcmp(tag, "done")) {
995 else if (!strcmp(tag, "encoding")) {
996 if (!strcasecmp(tag_val, "none")) encode = E_NONE;
997 else if (!strcasecmp(tag_val, "url")) encode = E_URL;
998 else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY;
1000 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1001 "unknown value \"%s\" to parameter \"encoding\" of "
1003 tag_val, r->filename);
1009 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1010 "unknown parameter \"%s\" to tag echo in %s",
1018 static int handle_perl(ap_file_t *in, request_rec *r, const char *error)
1020 char tag[MAX_STRING_LEN];
1021 char parsed_string[MAX_STRING_LEN];
1026 if (ap_allow_options(r) & OPT_INCNOEXEC) {
1027 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1028 "#perl SSI disallowed by IncludesNoExec in %s",
1033 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
1036 if (strnEQ(tag, "sub", 3)) {
1037 sub = newSVpv(tag_val, 0);
1039 else if (strnEQ(tag, "arg", 3)) {
1040 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1041 av_push(av, newSVpv(parsed_string, 0));
1043 else if (strnEQ(tag, "done", 4)) {
1047 perl_stdout2client(r);
1049 perl_call_handler(sub, r, av);
1054 /* error and tf must point to a string with room for at
1055 * least MAX_STRING_LEN characters
1057 static int handle_config(ap_file_t *in, request_rec *r, char *error, char *tf,
1060 char tag[MAX_STRING_LEN];
1062 char parsed_string[MAX_STRING_LEN];
1063 ap_table_t *env = r->subprocess_env;
1066 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 0))) {
1069 if (!strcmp(tag, "errmsg")) {
1070 parse_string(r, tag_val, error, MAX_STRING_LEN, 0);
1072 else if (!strcmp(tag, "timefmt")) {
1073 ap_time_t date = r->request_time;
1075 parse_string(r, tag_val, tf, MAX_STRING_LEN, 0);
1076 ap_table_setn(env, "DATE_LOCAL", ap_ht_time(r->pool, date, tf, 0));
1077 ap_table_setn(env, "DATE_GMT", ap_ht_time(r->pool, date, tf, 1));
1078 ap_table_setn(env, "LAST_MODIFIED",
1079 ap_ht_time(r->pool, r->finfo.mtime, tf, 0));
1081 else if (!strcmp(tag, "sizefmt")) {
1082 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1083 decodehtml(parsed_string);
1084 if (!strcmp(parsed_string, "bytes")) {
1085 *sizefmt = SIZEFMT_BYTES;
1087 else if (!strcmp(parsed_string, "abbrev")) {
1088 *sizefmt = SIZEFMT_KMG;
1091 else if (!strcmp(tag, "done")) {
1095 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1096 "unknown parameter \"%s\" to tag config in %s",
1104 static int find_file(request_rec *r, const char *directive, const char *tag,
1105 char *tag_val, ap_finfo_t *finfo, const char *error)
1107 char *to_send = tag_val;
1108 request_rec *rr = NULL;
1110 char *error_fmt = NULL;
1112 if (!strcmp(tag, "file")) {
1113 /* be safe; only files in this directory or below allowed */
1114 if (!is_only_below(tag_val)) {
1115 error_fmt = "unable to access file \"%s\" "
1116 "in parsed file %s";
1119 ap_getparents(tag_val); /* get rid of any nasties */
1120 rr = ap_sub_req_lookup_file(tag_val, r);
1122 if (rr->status == HTTP_OK && rr->finfo.protection != 0) {
1123 to_send = rr->filename;
1124 if (ap_stat(finfo, to_send, rr->pool) != APR_SUCCESS) {
1125 error_fmt = "unable to get information about \"%s\" "
1126 "in parsed file %s";
1130 error_fmt = "unable to lookup information about \"%s\" "
1131 "in parsed file %s";
1137 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, error_fmt, to_send, r->filename);
1141 if (rr) ap_destroy_sub_req(rr);
1145 else if (!strcmp(tag, "virtual")) {
1146 rr = ap_sub_req_lookup_uri(tag_val, r);
1148 if (rr->status == HTTP_OK && rr->finfo.protection != 0) {
1149 memcpy((char *) finfo, (const char *) &rr->finfo,
1151 ap_destroy_sub_req(rr);
1155 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1156 "unable to get information about \"%s\" "
1157 "in parsed file %s",
1158 tag_val, r->filename);
1160 ap_destroy_sub_req(rr);
1165 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1166 "unknown parameter \"%s\" to tag %s in %s",
1167 tag, directive, r->filename);
1174 static int handle_fsize(ap_file_t *in, request_rec *r, const char *error, int sizefmt)
1176 char tag[MAX_STRING_LEN];
1179 char parsed_string[MAX_STRING_LEN];
1182 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
1185 else if (!strcmp(tag, "done")) {
1189 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1190 if (!find_file(r, "fsize", tag, parsed_string, &finfo, error)) {
1191 if (sizefmt == SIZEFMT_KMG) {
1192 ap_send_size(finfo.size, r);
1196 ap_snprintf(tag, sizeof(tag), "%" APR_OFF_T_FMT, finfo.size);
1197 l = strlen(tag); /* grrr */
1198 for (x = 0; x < l; x++) {
1199 if (x && (!((l - x) % 3))) {
1202 ap_rputc(tag[x], r);
1210 static int handle_flastmod(ap_file_t *in, request_rec *r, const char *error, const char *tf)
1212 char tag[MAX_STRING_LEN];
1215 char parsed_string[MAX_STRING_LEN];
1218 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
1221 else if (!strcmp(tag, "done")) {
1225 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1226 if (!find_file(r, "flastmod", tag, parsed_string, &finfo, error)) {
1227 ap_rputs(ap_ht_time(r->pool, finfo.mtime, tf, 0), r);
1233 static int re_check(request_rec *r, char *string, char *rexp)
1238 compiled = ap_pregcomp(r->pool, rexp, REG_EXTENDED | REG_NOSUB);
1239 if (compiled == NULL) {
1240 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1241 "unable to compile pattern \"%s\"", rexp);
1244 regex_error = ap_regexec(compiled, string, 0, (regmatch_t *) NULL, 0);
1245 ap_pregfree(r->pool, compiled);
1246 return (!regex_error);
1251 token_and, token_or, token_not, token_eq, token_ne,
1252 token_rbrace, token_lbrace, token_group,
1253 token_ge, token_le, token_gt, token_lt
1256 enum token_type type;
1257 char value[MAX_STRING_LEN];
1260 /* there is an implicit assumption here that string is at most MAX_STRING_LEN-1
1261 * characters long...
1263 static const char *get_ptoken(request_rec *r, const char *string, struct token *token)
1269 /* Skip leading white space */
1270 if (string == (char *) NULL) {
1271 return (char *) NULL;
1273 while ((ch = *string++)) {
1274 if (!ap_isspace(ch)) {
1279 return (char *) NULL;
1282 token->type = token_string; /* the default type */
1285 token->type = token_lbrace;
1288 token->type = token_rbrace;
1291 token->type = token_eq;
1294 if (*string == '=') {
1295 token->type = token_ne;
1296 return (string + 1);
1299 token->type = token_not;
1303 token->type = token_string;
1307 if (*string == '|') {
1308 token->type = token_or;
1309 return (string + 1);
1313 if (*string == '&') {
1314 token->type = token_and;
1315 return (string + 1);
1319 if (*string == '=') {
1320 token->type = token_ge;
1321 return (string + 1);
1324 token->type = token_gt;
1328 if (*string == '=') {
1329 token->type = token_le;
1330 return (string + 1);
1333 token->type = token_lt;
1337 token->type = token_string;
1340 /* We should only be here if we are in a string */
1342 token->value[next++] = ch;
1346 * Yes I know that goto's are BAD. But, c doesn't allow me to
1347 * exit a loop from a switch statement. Yes, I could use a flag,
1348 * but that is (IMHO) even less readable/maintainable than the goto.
1351 * I used the ++string throughout this section so that string
1352 * ends up pointing to the next token and I can just return it
1354 for (ch = *string; ch != '\0'; ch = *++string) {
1356 if ((ch = *++string) == '\0') {
1359 token->value[next++] = ch;
1363 if (ap_isspace(ch)) {
1376 if (*(string + 1) == '|') {
1381 if (*(string + 1) == '&') {
1390 token->value[next++] = ch;
1398 token->value[next++] = ch;
1402 /* If qs is still set, I have an unmatched ' */
1404 ap_rputs("\nUnmatched '\n", r);
1407 token->value[next] = '\0';
1413 * Hey I still know that goto's are BAD. I don't think that I've ever
1414 * used two in the same project, let alone the same file before. But,
1415 * I absolutely want to make sure that I clean up the memory in all
1416 * cases. And, without rewriting this completely, the easiest way
1417 * is to just branch to the return code which cleans it up.
1419 /* there is an implicit assumption here that expr is at most MAX_STRING_LEN-1
1420 * characters long...
1422 static int parse_expr(request_rec *r, const char *expr, const char *error)
1425 struct parse_node *left, *right, *parent;
1428 } *root, *current, *new;
1430 char buffer[MAX_STRING_LEN];
1431 ap_pool_t *expr_pool;
1434 if ((parse = expr) == (char *) NULL) {
1437 root = current = (struct parse_node *) NULL;
1438 if (ap_create_pool(&expr_pool, r->pool) != APR_SUCCESS)
1441 /* Create Parse Tree */
1443 new = (struct parse_node *) ap_palloc(expr_pool,
1444 sizeof(struct parse_node));
1445 new->parent = new->left = new->right = (struct parse_node *) NULL;
1447 if ((parse = get_ptoken(r, parse, &new->token)) == (char *) NULL) {
1450 switch (new->token.type) {
1453 #ifdef DEBUG_INCLUDE
1454 ap_rvputs(r, " Token: string (", new->token.value, ")\n", NULL);
1456 if (current == (struct parse_node *) NULL) {
1457 root = current = new;
1460 switch (current->token.type) {
1462 if (current->token.value[0] != '\0') {
1463 strncat(current->token.value, " ",
1464 sizeof(current->token.value)
1465 - strlen(current->token.value) - 1);
1467 strncat(current->token.value, new->token.value,
1468 sizeof(current->token.value)
1469 - strlen(current->token.value) - 1);
1470 current->token.value[sizeof(current->token.value) - 1] = '\0';
1482 new->parent = current;
1483 current = current->right = new;
1486 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1487 "Invalid expression \"%s\" in file %s",
1496 #ifdef DEBUG_INCLUDE
1497 ap_rputs(" Token: and/or\n", r);
1499 if (current == (struct parse_node *) NULL) {
1500 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1501 "Invalid expression \"%s\" in file %s",
1506 /* Percolate upwards */
1507 while (current != (struct parse_node *) NULL) {
1508 switch (current->token.type) {
1520 current = current->parent;
1525 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1526 "Invalid expression \"%s\" in file %s",
1533 if (current == (struct parse_node *) NULL) {
1535 new->left->parent = new;
1536 new->parent = (struct parse_node *) NULL;
1540 new->left = current->right;
1541 current->right = new;
1542 new->parent = current;
1548 #ifdef DEBUG_INCLUDE
1549 ap_rputs(" Token: not\n", r);
1551 if (current == (struct parse_node *) NULL) {
1552 root = current = new;
1555 /* Percolate upwards */
1556 while (current != (struct parse_node *) NULL) {
1557 switch (current->token.type) {
1570 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1571 "Invalid expression \"%s\" in file %s",
1578 if (current == (struct parse_node *) NULL) {
1580 new->left->parent = new;
1581 new->parent = (struct parse_node *) NULL;
1585 new->left = current->right;
1586 current->right = new;
1587 new->parent = current;
1598 #ifdef DEBUG_INCLUDE
1599 ap_rputs(" Token: eq/ne/ge/gt/le/lt\n", r);
1601 if (current == (struct parse_node *) NULL) {
1602 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1603 "Invalid expression \"%s\" in file %s",
1608 /* Percolate upwards */
1609 while (current != (struct parse_node *) NULL) {
1610 switch (current->token.type) {
1613 current = current->parent;
1627 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1628 "Invalid expression \"%s\" in file %s",
1635 if (current == (struct parse_node *) NULL) {
1637 new->left->parent = new;
1638 new->parent = (struct parse_node *) NULL;
1642 new->left = current->right;
1643 current->right = new;
1644 new->parent = current;
1650 #ifdef DEBUG_INCLUDE
1651 ap_rputs(" Token: rbrace\n", r);
1653 while (current != (struct parse_node *) NULL) {
1654 if (current->token.type == token_lbrace) {
1655 current->token.type = token_group;
1658 current = current->parent;
1660 if (current == (struct parse_node *) NULL) {
1661 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1662 "Unmatched ')' in \"%s\" in file %s",
1670 #ifdef DEBUG_INCLUDE
1671 ap_rputs(" Token: lbrace\n", r);
1673 if (current == (struct parse_node *) NULL) {
1674 root = current = new;
1677 /* Percolate upwards */
1678 while (current != (struct parse_node *) NULL) {
1679 switch (current->token.type) {
1694 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1695 "Invalid expression \"%s\" in file %s",
1702 if (current == (struct parse_node *) NULL) {
1704 new->left->parent = new;
1705 new->parent = (struct parse_node *) NULL;
1709 new->left = current->right;
1710 current->right = new;
1711 new->parent = current;
1720 /* Evaluate Parse Tree */
1722 while (current != (struct parse_node *) NULL) {
1723 switch (current->token.type) {
1725 #ifdef DEBUG_INCLUDE
1726 ap_rputs(" Evaluate string\n", r);
1728 parse_string(r, current->token.value, buffer, sizeof(buffer), 0);
1729 ap_cpystrn(current->token.value, buffer, sizeof(current->token.value));
1730 current->value = (current->token.value[0] != '\0');
1732 current = current->parent;
1737 #ifdef DEBUG_INCLUDE
1738 ap_rputs(" Evaluate and/or\n", r);
1740 if (current->left == (struct parse_node *) NULL ||
1741 current->right == (struct parse_node *) NULL) {
1742 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1743 "Invalid expression \"%s\" in file %s",
1748 if (!current->left->done) {
1749 switch (current->left->token.type) {
1751 parse_string(r, current->left->token.value,
1752 buffer, sizeof(buffer), 0);
1753 ap_cpystrn(current->left->token.value, buffer,
1754 sizeof(current->left->token.value));
1755 current->left->value = (current->left->token.value[0] != '\0');
1756 current->left->done = 1;
1759 current = current->left;
1763 if (!current->right->done) {
1764 switch (current->right->token.type) {
1766 parse_string(r, current->right->token.value,
1767 buffer, sizeof(buffer), 0);
1768 ap_cpystrn(current->right->token.value, buffer,
1769 sizeof(current->right->token.value));
1770 current->right->value = (current->right->token.value[0] != '\0');
1771 current->right->done = 1;
1774 current = current->right;
1778 #ifdef DEBUG_INCLUDE
1779 ap_rvputs(r, " Left: ", current->left->value ? "1" : "0",
1781 ap_rvputs(r, " Right: ", current->right->value ? "1" : "0",
1784 if (current->token.type == token_and) {
1785 current->value = current->left->value && current->right->value;
1788 current->value = current->left->value || current->right->value;
1790 #ifdef DEBUG_INCLUDE
1791 ap_rvputs(r, " Returning ", current->value ? "1" : "0",
1795 current = current->parent;
1800 #ifdef DEBUG_INCLUDE
1801 ap_rputs(" Evaluate eq/ne\n", r);
1803 if ((current->left == (struct parse_node *) NULL) ||
1804 (current->right == (struct parse_node *) NULL) ||
1805 (current->left->token.type != token_string) ||
1806 (current->right->token.type != token_string)) {
1807 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1808 "Invalid expression \"%s\" in file %s",
1813 parse_string(r, current->left->token.value,
1814 buffer, sizeof(buffer), 0);
1815 ap_cpystrn(current->left->token.value, buffer,
1816 sizeof(current->left->token.value));
1817 parse_string(r, current->right->token.value,
1818 buffer, sizeof(buffer), 0);
1819 ap_cpystrn(current->right->token.value, buffer,
1820 sizeof(current->right->token.value));
1821 if (current->right->token.value[0] == '/') {
1823 len = strlen(current->right->token.value);
1824 if (current->right->token.value[len - 1] == '/') {
1825 current->right->token.value[len - 1] = '\0';
1828 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1829 "Invalid rexp \"%s\" in file %s",
1830 current->right->token.value, r->filename);
1834 #ifdef DEBUG_INCLUDE
1835 ap_rvputs(r, " Re Compare (", current->left->token.value,
1836 ") with /", ¤t->right->token.value[1], "/\n", NULL);
1839 re_check(r, current->left->token.value,
1840 ¤t->right->token.value[1]);
1843 #ifdef DEBUG_INCLUDE
1844 ap_rvputs(r, " Compare (", current->left->token.value,
1845 ") with (", current->right->token.value, ")\n", NULL);
1848 (strcmp(current->left->token.value,
1849 current->right->token.value) == 0);
1851 if (current->token.type == token_ne) {
1852 current->value = !current->value;
1854 #ifdef DEBUG_INCLUDE
1855 ap_rvputs(r, " Returning ", current->value ? "1" : "0",
1859 current = current->parent;
1865 #ifdef DEBUG_INCLUDE
1866 ap_rputs(" Evaluate ge/gt/le/lt\n", r);
1868 if ((current->left == (struct parse_node *) NULL) ||
1869 (current->right == (struct parse_node *) NULL) ||
1870 (current->left->token.type != token_string) ||
1871 (current->right->token.type != token_string)) {
1872 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1873 "Invalid expression \"%s\" in file %s",
1878 parse_string(r, current->left->token.value,
1879 buffer, sizeof(buffer), 0);
1880 ap_cpystrn(current->left->token.value, buffer,
1881 sizeof(current->left->token.value));
1882 parse_string(r, current->right->token.value,
1883 buffer, sizeof(buffer), 0);
1884 ap_cpystrn(current->right->token.value, buffer,
1885 sizeof(current->right->token.value));
1886 #ifdef DEBUG_INCLUDE
1887 ap_rvputs(r, " Compare (", current->left->token.value,
1888 ") with (", current->right->token.value, ")\n", NULL);
1891 strcmp(current->left->token.value,
1892 current->right->token.value);
1893 if (current->token.type == token_ge) {
1894 current->value = current->value >= 0;
1896 else if (current->token.type == token_gt) {
1897 current->value = current->value > 0;
1899 else if (current->token.type == token_le) {
1900 current->value = current->value <= 0;
1902 else if (current->token.type == token_lt) {
1903 current->value = current->value < 0;
1906 current->value = 0; /* Don't return -1 if unknown token */
1908 #ifdef DEBUG_INCLUDE
1909 ap_rvputs(r, " Returning ", current->value ? "1" : "0",
1913 current = current->parent;
1917 if (current->right != (struct parse_node *) NULL) {
1918 if (!current->right->done) {
1919 current = current->right;
1922 current->value = !current->right->value;
1927 #ifdef DEBUG_INCLUDE
1928 ap_rvputs(r, " Evaluate !: ", current->value ? "1" : "0",
1932 current = current->parent;
1936 if (current->right != (struct parse_node *) NULL) {
1937 if (!current->right->done) {
1938 current = current->right;
1941 current->value = current->right->value;
1946 #ifdef DEBUG_INCLUDE
1947 ap_rvputs(r, " Evaluate (): ", current->value ? "1" : "0",
1951 current = current->parent;
1955 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1956 "Unmatched '(' in \"%s\" in file %s",
1962 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1963 "Unmatched ')' in \"%s\" in file %s",
1969 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1976 retval = (root == (struct parse_node *) NULL) ? 0 : root->value;
1978 ap_destroy_pool(expr_pool);
1982 static int handle_if(ap_file_t *in, request_rec *r, const char *error,
1983 int *conditional_status, int *printing)
1985 char tag[MAX_STRING_LEN];
1991 tag_val = get_tag(r->pool, in, tag, sizeof(tag), 0);
1995 else if (!strcmp(tag, "done")) {
1997 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1998 "missing expr in if statement: %s",
2003 *printing = *conditional_status = parse_expr(r, expr, error);
2004 #ifdef DEBUG_INCLUDE
2005 ap_rvputs(r, "**** if conditional_status=\"",
2006 *conditional_status ? "1" : "0", "\"\n", NULL);
2010 else if (!strcmp(tag, "expr")) {
2012 #ifdef DEBUG_INCLUDE
2013 ap_rvputs(r, "**** if expr=\"", expr, "\"\n", NULL);
2017 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2018 "unknown parameter \"%s\" to tag if in %s",
2025 static int handle_elif(ap_file_t *in, request_rec *r, const char *error,
2026 int *conditional_status, int *printing)
2028 char tag[MAX_STRING_LEN];
2034 tag_val = get_tag(r->pool, in, tag, sizeof(tag), 0);
2038 else if (!strcmp(tag, "done")) {
2039 #ifdef DEBUG_INCLUDE
2040 ap_rvputs(r, "**** elif conditional_status=\"",
2041 *conditional_status ? "1" : "0", "\"\n", NULL);
2043 if (*conditional_status) {
2048 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2049 "missing expr in elif statement: %s",
2054 *printing = *conditional_status = parse_expr(r, expr, error);
2055 #ifdef DEBUG_INCLUDE
2056 ap_rvputs(r, "**** elif conditional_status=\"",
2057 *conditional_status ? "1" : "0", "\"\n", NULL);
2061 else if (!strcmp(tag, "expr")) {
2063 #ifdef DEBUG_INCLUDE
2064 ap_rvputs(r, "**** if expr=\"", expr, "\"\n", NULL);
2068 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2069 "unknown parameter \"%s\" to tag if in %s",
2076 static int handle_else(ap_file_t *in, request_rec *r, const char *error,
2077 int *conditional_status, int *printing)
2079 char tag[MAX_STRING_LEN];
2081 if (!get_tag(r->pool, in, tag, sizeof(tag), 1)) {
2084 else if (!strcmp(tag, "done")) {
2085 #ifdef DEBUG_INCLUDE
2086 ap_rvputs(r, "**** else conditional_status=\"",
2087 *conditional_status ? "1" : "0", "\"\n", NULL);
2089 *printing = !(*conditional_status);
2090 *conditional_status = 1;
2094 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2095 "else directive does not take tags in %s",
2104 static int handle_endif(ap_file_t *in, request_rec *r, const char *error,
2105 int *conditional_status, int *printing)
2107 char tag[MAX_STRING_LEN];
2109 if (!get_tag(r->pool, in, tag, sizeof(tag), 1)) {
2112 else if (!strcmp(tag, "done")) {
2113 #ifdef DEBUG_INCLUDE
2114 ap_rvputs(r, "**** endif conditional_status=\"",
2115 *conditional_status ? "1" : "0", "\"\n", NULL);
2118 *conditional_status = 1;
2122 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2123 "endif directive does not take tags in %s",
2130 static int handle_set(ap_file_t *in, request_rec *r, const char *error)
2132 char tag[MAX_STRING_LEN];
2133 char parsed_string[MAX_STRING_LEN];
2137 var = (char *) NULL;
2139 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
2142 else if (!strcmp(tag, "done")) {
2145 else if (!strcmp(tag, "var")) {
2148 else if (!strcmp(tag, "value")) {
2149 if (var == (char *) NULL) {
2150 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2151 "variable must precede value in set directive in %s",
2156 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
2157 ap_table_setn(r->subprocess_env, var, ap_pstrdup(r->pool, parsed_string));
2160 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2161 "Invalid tag for set directive in %s", r->filename);
2168 static int handle_printenv(ap_file_t *in, request_rec *r, const char *error)
2170 char tag[MAX_STRING_LEN];
2172 ap_array_header_t *arr = ap_table_elts(r->subprocess_env);
2173 ap_table_entry_t *elts = (ap_table_entry_t *)arr->elts;
2176 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
2179 else if (!strcmp(tag, "done")) {
2180 for (i = 0; i < arr->nelts; ++i) {
2181 ap_rvputs(r, ap_escape_html(r->pool, elts[i].key), "=",
2182 ap_escape_html(r->pool, elts[i].val), "\n", NULL);
2187 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2188 "printenv directive does not take tags in %s",
2197 /* -------------------------- The main function --------------------------- */
2199 /* This is a stub which parses a file descriptor. */
2201 static void send_parsed_content(ap_file_t *f, request_rec *r)
2203 char directive[MAX_STRING_LEN], error[MAX_STRING_LEN];
2204 char timefmt[MAX_STRING_LEN];
2205 int noexec = ap_allow_options(r) & OPT_INCNOEXEC;
2209 int conditional_status;
2211 ap_cpystrn(error, DEFAULT_ERROR_MSG, sizeof(error));
2212 ap_cpystrn(timefmt, DEFAULT_TIME_FORMAT, sizeof(timefmt));
2213 sizefmt = SIZEFMT_KMG;
2215 /* Turn printing on */
2216 printing = conditional_status = 1;
2219 ap_chdir_file(r->filename);
2220 if (r->args) { /* add QUERY stuff to env cause it ain't yet */
2221 char *arg_copy = ap_pstrdup(r->pool, r->args);
2223 ap_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
2224 ap_unescape_url(arg_copy);
2225 ap_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
2226 ap_escape_shell_cmd(r->pool, arg_copy));
2230 if (!find_string(f, STARTING_SEQUENCE, r, printing)) {
2231 if (get_directive(f, directive, sizeof(directive), r->pool)) {
2232 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2233 "mod_include: error reading directive in %s",
2238 if (!strcmp(directive, "if")) {
2243 ret = handle_if(f, r, error, &conditional_status,
2249 else if (!strcmp(directive, "else")) {
2251 ret = handle_else(f, r, error, &conditional_status,
2256 else if (!strcmp(directive, "elif")) {
2258 ret = handle_elif(f, r, error, &conditional_status,
2263 else if (!strcmp(directive, "endif")) {
2265 ret = handle_endif(f, r, error, &conditional_status,
2276 if (!strcmp(directive, "exec")) {
2278 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2279 "exec used but not allowed in %s",
2284 ret = find_string(f, ENDING_SEQUENCE, r, 0);
2287 ret = handle_exec(f, r, error);
2290 else if (!strcmp(directive, "config")) {
2291 ret = handle_config(f, r, error, timefmt, &sizefmt);
2293 else if (!strcmp(directive, "set")) {
2294 ret = handle_set(f, r, error);
2296 else if (!strcmp(directive, "include")) {
2297 ret = handle_include(f, r, error, noexec);
2299 else if (!strcmp(directive, "echo")) {
2300 ret = handle_echo(f, r, error);
2302 else if (!strcmp(directive, "fsize")) {
2303 ret = handle_fsize(f, r, error, sizefmt);
2305 else if (!strcmp(directive, "flastmod")) {
2306 ret = handle_flastmod(f, r, error, timefmt);
2308 else if (!strcmp(directive, "printenv")) {
2309 ret = handle_printenv(f, r, error);
2312 else if (!strcmp(directive, "perl")) {
2313 ret = handle_perl(f, r, error);
2317 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2318 "unknown directive \"%s\" "
2320 directive, r->filename);
2324 ret = find_string(f, ENDING_SEQUENCE, r, 0);
2327 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2328 "premature EOF in parsed file %s",
2339 /*****************************************************************
2341 * XBITHACK. Sigh... NB it's configurable per-directory; the compile-time
2342 * option only changes the default.
2345 module includes_module;
2347 xbithack_off, xbithack_on, xbithack_full
2351 #define DEFAULT_XBITHACK xbithack_full
2353 #define DEFAULT_XBITHACK xbithack_off
2356 static void *create_includes_dir_config(ap_pool_t *p, char *dummy)
2358 enum xbithack *result = (enum xbithack *) ap_palloc(p, sizeof(enum xbithack));
2359 *result = DEFAULT_XBITHACK;
2363 static const char *set_xbithack(cmd_parms *cmd, void *xbp, char *arg)
2365 enum xbithack *state = (enum xbithack *) xbp;
2367 if (!strcasecmp(arg, "off")) {
2368 *state = xbithack_off;
2370 else if (!strcasecmp(arg, "on")) {
2371 *state = xbithack_on;
2373 else if (!strcasecmp(arg, "full")) {
2374 *state = xbithack_full;
2377 return "XBitHack must be set to Off, On, or Full";
2383 static int send_parsed_file(request_rec *r)
2385 ap_file_t *f = NULL;
2386 enum xbithack *state =
2387 (enum xbithack *) ap_get_module_config(r->per_dir_config, &includes_module);
2389 request_rec *parent;
2391 if (!(ap_allow_options(r) & OPT_INCLUDES)) {
2394 r->allowed |= (1 << M_GET);
2395 if (r->method_number != M_GET) {
2398 if (r->finfo.protection == 0) {
2399 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2400 "File does not exist: %s",
2402 ? ap_pstrcat(r->pool, r->filename, r->path_info, NULL)
2404 return HTTP_NOT_FOUND;
2407 errstatus = ap_open(&f, r->filename, APR_READ|APR_BUFFERED, 0, r->pool);
2409 if (errstatus != APR_SUCCESS) {
2410 ap_log_rerror(APLOG_MARK, APLOG_ERR, errstatus, r,
2411 "file permissions deny server access: %s", r->filename);
2412 return HTTP_FORBIDDEN;
2415 if ((*state == xbithack_full)
2416 #if !defined(OS2) && !defined(WIN32)
2417 /* OS/2 dosen't support Groups. */
2418 && (r->finfo.protection & S_IXGRP)
2421 ap_update_mtime(r, r->finfo.mtime);
2422 ap_set_last_modified(r);
2424 if ((errstatus = ap_meets_conditions(r)) != OK) {
2428 ap_send_http_header(r);
2430 if (r->header_only) {
2435 if ((parent = ap_get_module_config(r->request_config, &includes_module))) {
2436 /* Kludge --- for nested includes, we want to keep the subprocess
2437 * environment of the base document (for compatibility); that means
2438 * torquing our own last_modified date as well so that the
2439 * LAST_MODIFIED variable gets reset to the proper value if the
2440 * nested document resets <!--#config timefmt-->.
2441 * We also insist that the memory for this subrequest not be
2442 * destroyed, that's dealt with in handle_include().
2444 r->subprocess_env = parent->subprocess_env;
2445 ap_pool_join(parent->pool, r->pool);
2446 r->finfo.mtime = parent->finfo.mtime;
2449 /* we're not a nested include, so we create an initial
2451 ap_add_common_vars(r);
2453 add_include_vars(r, DEFAULT_TIME_FORMAT);
2455 /* XXX: this is bogus, at some point we're going to do a subrequest,
2456 * and when we do it we're going to be subjecting code that doesn't
2457 * expect to be signal-ready to SIGALRM. There is no clean way to
2458 * fix this, except to put alarm support into BUFF. -djg
2460 #ifdef CHARSET_EBCDIC
2461 /* XXX:@@@ Is the generated/included output ALWAYS in text/ebcdic format? */
2462 ap_bsetopt(r->connection->client, BO_WXLATE, &ap_hdrs_to_ascii);
2465 send_parsed_content(f, r);
2468 /* signify that the sub request should not be killed */
2469 ap_set_module_config(r->request_config, &includes_module,
2470 NESTED_INCLUDE_MAGIC);
2476 static int send_shtml_file(request_rec *r)
2478 r->content_type = "text/html";
2479 return send_parsed_file(r);
2482 static int xbithack_handler(request_rec *r)
2484 #if defined(OS2) || defined(WIN32)
2485 /* OS/2 dosen't currently support the xbithack. This is being worked on. */
2488 enum xbithack *state;
2490 if (!(r->finfo.protection & S_IXUSR)) {
2494 state = (enum xbithack *) ap_get_module_config(r->per_dir_config,
2497 if (*state == xbithack_off) {
2500 return send_parsed_file(r);
2504 static const command_rec includes_cmds[] =
2506 {"XBitHack", set_xbithack, NULL, OR_OPTIONS, TAKE1, "Off, On, or Full"},
2510 static const handler_rec includes_handlers[] =
2512 {INCLUDES_MAGIC_TYPE, send_shtml_file},
2513 {INCLUDES_MAGIC_TYPE3, send_shtml_file},
2514 {"server-parsed", send_parsed_file},
2515 {"text/html", xbithack_handler},
2519 module MODULE_VAR_EXPORT includes_module =
2521 STANDARD20_MODULE_STUFF,
2522 create_includes_dir_config, /* dir config creater */
2523 NULL, /* dir merger --- default is to override */
2524 NULL, /* server config */
2525 NULL, /* merge server config */
2526 includes_cmds, /* command ap_table_t */
2527 includes_handlers, /* handlers */
2528 NULL /* register hooks */