1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
60 * http_include.c: Handles the server-parsed HTML documents
62 * Original by Rob McCool; substantial fixups by David Robinson;
63 * incorporated into the Apache module framework by rst.
68 #include "apr_strings.h"
69 #include "apr_thread_proc.h"
75 #include "ap_config.h"
76 #include "util_filter.h"
78 #include "http_config.h"
79 #include "http_request.h"
80 #include "http_core.h"
81 #include "http_protocol.h"
83 #include "http_main.h"
84 #include "util_script.h"
85 #include "http_core.h"
86 #include "apr_optional.h"
87 #include "mod_include.h"
94 #include "util_ebcdic.h"
96 module AP_MODULE_DECLARE_DATA includes_module;
97 static apr_hash_t *include_hash;
98 static APR_OPTIONAL_FN_TYPE(ap_register_include_handler) *ssi_pfn_register;
101 /* ------------------------ Environment function -------------------------- */
103 /* XXX: could use ap_table_overlap here */
104 static void add_include_vars(request_rec *r, char *timefmt)
107 apr_table_t *e = r->subprocess_env;
109 apr_time_t date = r->request_time;
111 apr_table_setn(e, "DATE_LOCAL", ap_ht_time(r->pool, date, timefmt, 0));
112 apr_table_setn(e, "DATE_GMT", ap_ht_time(r->pool, date, timefmt, 1));
113 apr_table_setn(e, "LAST_MODIFIED",
114 ap_ht_time(r->pool, r->finfo.mtime, timefmt, 0));
115 apr_table_setn(e, "DOCUMENT_URI", r->uri);
116 apr_table_setn(e, "DOCUMENT_PATH_INFO", r->path_info);
117 if (apr_get_username(&pwname, r->finfo.user, r->pool) == APR_SUCCESS) {
118 apr_table_setn(e, "USER_NAME", pwname);
121 apr_table_setn(e, "USER_NAME", "<unknown>");
123 if ((t = strrchr(r->filename, '/'))) {
124 apr_table_setn(e, "DOCUMENT_NAME", ++t);
127 apr_table_setn(e, "DOCUMENT_NAME", r->uri);
130 char *arg_copy = apr_pstrdup(r->pool, r->args);
132 ap_unescape_url(arg_copy);
133 apr_table_setn(e, "QUERY_STRING_UNESCAPED",
134 ap_escape_shell_cmd(r->pool, arg_copy));
140 /* --------------------------- Parser functions --------------------------- */
142 /* This function returns either a pointer to the split bucket containing the
143 * first byte of the BEGINNING_SEQUENCE (after finding a complete match) or it
144 * returns NULL if no match found.
146 static apr_bucket *find_start_sequence(apr_bucket *dptr, include_ctx_t *ctx,
147 apr_bucket_brigade *bb, int *do_cleanup)
152 const char *str = STARTING_SEQUENCE;
157 if (APR_BUCKET_IS_EOS(dptr)) {
160 apr_bucket_read(dptr, &buf, &len, 0);
161 /* XXX handle retcodes */
162 if (len == 0) { /* end of pipe? */
166 while (c - buf != len) {
167 if (*c == str[ctx->parse_pos]) {
168 if (ctx->state == PRE_HEAD) {
169 ctx->state = PARSE_HEAD;
170 ctx->head_start_bucket = dptr;
171 ctx->head_start_index = c - buf;
176 if (str[ctx->parse_pos] == '\0') {
178 apr_size_t start_index;
180 /* We want to split the bucket at the '<'. */
181 ctx->state = PARSE_DIRECTIVE;
184 ctx->tag_start_bucket = dptr;
185 ctx->tag_start_index = c - buf;
186 if (ctx->head_start_index > 0) {
187 start_index = (c - buf) - ctx->head_start_index;
188 apr_bucket_split(ctx->head_start_bucket, ctx->head_start_index);
189 tmp_bkt = APR_BUCKET_NEXT(ctx->head_start_bucket);
190 if (dptr == ctx->head_start_bucket) {
191 ctx->tag_start_bucket = tmp_bkt;
192 ctx->tag_start_index = start_index;
194 ctx->head_start_bucket = tmp_bkt;
195 ctx->head_start_index = 0;
197 return ctx->head_start_bucket;
199 else if (ctx->parse_pos != 0) {
200 /* The reason for this, is that we need to make sure
201 * that we catch cases like <<!--#. This makes the
202 * second check after the original check fails.
203 * If parse_pos was already 0 then we already checked this.
208 ctx->state = PARSE_HEAD;
209 ctx->head_start_bucket = dptr;
210 ctx->head_start_index = c - buf;
214 ctx->state = PRE_HEAD;
215 ctx->head_start_bucket = NULL;
216 ctx->head_start_index = 0;
222 dptr = APR_BUCKET_NEXT(dptr);
223 } while (dptr != APR_BRIGADE_SENTINEL(bb));
227 static apr_bucket *find_end_sequence(apr_bucket *dptr, include_ctx_t *ctx, apr_bucket_brigade *bb)
232 const char *str = ENDING_SEQUENCE;
235 if (APR_BUCKET_IS_EOS(dptr)) {
238 apr_bucket_read(dptr, &buf, &len, 0);
239 /* XXX handle retcodes */
240 if (len == 0) { /* end of pipe? */
243 if (dptr == ctx->tag_start_bucket) {
244 c = buf + ctx->tag_start_index;
249 while (c - buf != len) {
250 if (*c == str[ctx->parse_pos]) {
251 if (ctx->state != PARSE_TAIL) {
252 ctx->state = PARSE_TAIL;
253 ctx->tail_start_bucket = dptr;
254 ctx->tail_start_index = c - buf;
259 if (ctx->state == PARSE_DIRECTIVE) {
260 if (ctx->tag_length == 0) {
261 if (!apr_isspace(*c)) {
262 ctx->tag_start_bucket = dptr;
263 ctx->tag_start_index = c - buf;
265 ctx->directive_length = 1;
269 if (!apr_isspace(*c)) {
270 ctx->directive_length++;
273 ctx->state = PARSE_TAG;
278 else if (ctx->state == PARSE_TAG) {
282 if (str[ctx->parse_pos] == '\0') {
283 apr_bucket *tmp_buck = dptr;
285 /* We want to split the bucket at the '>'. The
286 * end of the END_SEQUENCE is in the current bucket.
287 * The beginning might be in a previous bucket.
291 apr_bucket_split(dptr, c - buf);
292 tmp_buck = APR_BUCKET_NEXT(dptr);
296 else if (ctx->parse_pos != 0) {
297 /* The reason for this, is that we need to make sure
298 * that we catch cases like --->. This makes the
299 * second check after the original check fails.
300 * If parse_pos was already 0 then we already checked this.
302 ctx->tag_length += ctx->parse_pos;
305 ctx->state = PARSE_TAIL;
306 ctx->tail_start_bucket = dptr;
307 ctx->tail_start_index = c - buf;
308 ctx->tag_length += ctx->parse_pos;
312 if (ctx->tag_length > ctx->directive_length) {
313 ctx->state = PARSE_TAG;
316 ctx->state = PARSE_DIRECTIVE;
317 ctx->directive_length += ctx->parse_pos;
319 ctx->tail_start_bucket = NULL;
320 ctx->tail_start_index = 0;
321 ctx->tag_length += ctx->parse_pos;
329 dptr = APR_BUCKET_NEXT(dptr);
330 } while (dptr != APR_BRIGADE_SENTINEL(bb));
334 /* This function culls through the buckets that have been set aside in the
335 * ssi_tag_brigade and copies just the directive part of the SSI tag (none
336 * of the start and end delimiter bytes are copied).
338 static apr_status_t get_combined_directive (include_ctx_t *ctx,
340 apr_bucket_brigade *bb,
341 char *tmp_buf, int tmp_buf_size)
345 const char *tmp_from;
346 apr_size_t tmp_from_len;
348 /* If the tag length is longer than the tmp buffer, allocate space. */
349 if (ctx->tag_length > tmp_buf_size-1) {
350 if ((ctx->combined_tag = apr_pcalloc(r->pool, ctx->tag_length + 1)) == NULL) {
353 } /* Else, just use the temp buffer. */
355 ctx->combined_tag = tmp_buf;
358 /* Prime the pump. Start at the beginning of the tag... */
359 dptr = ctx->tag_start_bucket;
360 apr_bucket_read (dptr, &tmp_from, &tmp_from_len, 0); /* Read the bucket... */
362 /* Adjust the pointer to start at the tag within the bucket... */
363 if (dptr == ctx->tail_start_bucket) {
364 tmp_from_len -= (tmp_from_len - ctx->tail_start_index);
366 tmp_from = &tmp_from[ctx->tag_start_index];
367 tmp_from_len -= ctx->tag_start_index;
368 ctx->curr_tag_pos = ctx->combined_tag;
370 /* Loop through the buckets from the tag_start_bucket until before
371 * the tail_start_bucket copying the contents into the buffer.
374 memcpy (ctx->curr_tag_pos, tmp_from, tmp_from_len);
375 ctx->curr_tag_pos += tmp_from_len;
377 if (dptr == ctx->tail_start_bucket) {
381 dptr = APR_BUCKET_NEXT (dptr);
382 apr_bucket_read (dptr, &tmp_from, &tmp_from_len, 0);
383 /* Adjust the count to stop at the beginning of the tail. */
384 if (dptr == ctx->tail_start_bucket) {
385 tmp_from_len -= (tmp_from_len - ctx->tail_start_index);
389 ((ctx->curr_tag_pos - ctx->combined_tag) < ctx->tag_length));
391 ctx->combined_tag[ctx->tag_length] = '\0';
392 ctx->curr_tag_pos = ctx->combined_tag;
394 return (APR_SUCCESS);
398 * decodes a string containing html entities or numeric character references.
399 * 's' is overwritten with the decoded string.
400 * If 's' is syntatically incorrect, then the followed fixups will be made:
401 * unknown entities will be left undecoded;
402 * references to unused numeric characters will be deleted.
403 * In particular, � will not be decoded, but will be deleted.
408 /* maximum length of any ISO-LATIN-1 HTML entity name. */
409 #define MAXENTLEN (6)
411 /* The following is a shrinking transformation, therefore safe. */
413 static void decodehtml(char *s)
418 static const char * const entlist[MAXENTLEN + 1] =
422 "lt\074gt\076", /* 2 */
423 "amp\046ETH\320eth\360", /* 3 */
424 "quot\042Auml\304Euml\313Iuml\317Ouml\326Uuml\334auml\344euml\353\
425 iuml\357ouml\366uuml\374yuml\377", /* 4 */
426 "Acirc\302Aring\305AElig\306Ecirc\312Icirc\316Ocirc\324Ucirc\333\
427 THORN\336szlig\337acirc\342aring\345aelig\346ecirc\352icirc\356ocirc\364\
428 ucirc\373thorn\376", /* 5 */
429 "Agrave\300Aacute\301Atilde\303Ccedil\307Egrave\310Eacute\311\
430 Igrave\314Iacute\315Ntilde\321Ograve\322Oacute\323Otilde\325Oslash\330\
431 Ugrave\331Uacute\332Yacute\335agrave\340aacute\341atilde\343ccedil\347\
432 egrave\350eacute\351igrave\354iacute\355ntilde\361ograve\362oacute\363\
433 otilde\365oslash\370ugrave\371uacute\372yacute\375" /* 6 */
436 for (; *s != '\0'; s++, p++) {
441 /* find end of entity */
442 for (i = 1; s[i] != ';' && s[i] != '\0'; i++) {
446 if (s[i] == '\0') { /* treat as normal data */
451 /* is it numeric ? */
453 for (j = 2, val = 0; j < i && apr_isdigit(s[j]); j++) {
454 val = val * 10 + s[j] - '0';
457 if (j < i || val <= 8 || (val >= 11 && val <= 31) ||
458 (val >= 127 && val <= 160) || val >= 256) {
459 p--; /* no data to output */
462 *p = RAW_ASCII_CHAR(val);
467 if (j > MAXENTLEN || entlist[j] == NULL) {
470 continue; /* skip it */
472 for (ents = entlist[j]; *ents != '\0'; ents += i) {
473 if (strncmp(s + 1, ents, j) == 0) {
479 *p = '&'; /* unknown */
482 *p = RAW_ASCII_CHAR(((const unsigned char *) ents)[j]);
492 * Extract the next tag name and value.
493 * If there are no more tags, set the tag name to NULL.
494 * The tag value is html decoded if dodecode is non-zero.
495 * The tag value may be NULL if there is no tag value..
497 * [WS]<Tag>[WS]=[WS]['|"]<Value>['|"|WS]
500 #define SKIP_TAG_WHITESPACE(ptr) while ((*ptr != '\0') && (apr_isspace (*ptr))) ptr++
502 static void ap_ssi_get_tag_and_value(include_ctx_t *ctx, char **tag,
503 char **tag_val, int dodecode)
505 char *c = ctx->curr_tag_pos;
510 SKIP_TAG_WHITESPACE(c);
511 *tag = c; /* First non-whitespace character (could be NULL). */
513 while ((*c != '\0') && (*c != '=') && (!apr_isspace(*c))) {
514 *c = apr_tolower(*c); /* find end of tag, lowercasing as we go... */
518 if ((*c == '\0') || (**tag == '=')) {
519 if ((**tag == '\0') || (**tag == '=')) {
522 ctx->curr_tag_pos = c;
523 return; /* We have found the end of the buffer. */
524 } /* We might have a tag, but definitely no value. */
527 *c++ = '\0'; /* Overwrite the '=' with a terminating byte after tag. */
529 else { /* Try skipping WS to find the '='. */
530 *c++ = '\0'; /* Terminate the tag... */
531 SKIP_TAG_WHITESPACE(c);
533 if (*c != '=') { /* There needs to be an equal sign if there's a value. */
534 ctx->curr_tag_pos = c;
535 return; /* There apparently was no value. */
538 c++; /* Skip the equals sign. */
542 SKIP_TAG_WHITESPACE(c);
543 if (*c == '"' || *c == '\'') { /* Allow quoted values for space inclusion. */
544 term = *c++; /* NOTE: This does not pass the quotes on return. */
548 while ((*c != '\0') &&
549 (((term != '\0') && (*c != term)) ||
550 ((term == '\0') && (!apr_isspace(*c))))) {
551 if (*c == '\\') { /* Accept \" and \' as valid char in string. */
553 if (*c == term) { /* Overwrite the "\" during the embedded */
554 shift_val++; /* escape sequence of '\"' or "\'". Shift */
555 } /* bytes from here to next delimiter. */
567 *c++ = '\0'; /* Overwrites delimiter (term or WS) with NULL. */
568 ctx->curr_tag_pos = c;
570 decodehtml(*tag_val);
578 * Do variable substitution on strings
580 static void ap_ssi_parse_string(request_rec *r, const char *in, char *out,
581 size_t length, int leave_name)
587 /* leave room for nul terminator */
588 end_out = out + length - 1;
590 while ((ch = *in++) != '\0') {
593 if (next == end_out) {
607 const char *start_of_var_name;
608 char *end_of_var_name; /* end of var name + 1 */
609 const char *expansion, *temp_end, *val;
613 /* guess that the expansion won't happen */
617 start_of_var_name = in;
618 in = ap_strchr_c(in, '}');
620 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
621 0, r, "Missing '}' on variable \"%s\"",
627 end_of_var_name = (char *)temp_end;
631 start_of_var_name = in;
632 while (apr_isalnum(*in) || *in == '_') {
636 end_of_var_name = (char *)temp_end;
638 /* what a pain, too bad there's no table_getn where you can
639 * pass a non-nul terminated string */
640 l = end_of_var_name - start_of_var_name;
642 tmp_store = *end_of_var_name;
643 *end_of_var_name = '\0';
644 val = apr_table_get(r->subprocess_env, start_of_var_name);
645 *end_of_var_name = tmp_store;
649 l = strlen(expansion);
651 else if (leave_name) {
655 break; /* no expansion to be done */
659 /* zero-length variable name causes just the $ to be copied */
662 l = ((int)l > end_out - next) ? (end_out - next) : l;
663 memcpy(next, expansion, l);
668 if (next == end_out) {
681 /* --------------------------- Action handlers ---------------------------- */
683 /* ensure that path is relative, and does not contain ".." elements
684 * ensentially ensure that it does not match the regex:
685 * (^/|(^|/)\.\.(/|$))
686 * XXX: Needs to become apr_is_path_relative() test
688 static int is_only_below(const char *path)
690 #ifdef HAVE_DRIVE_LETTERS
695 if (strchr(path, ':')
698 if (path[0] == '/') {
703 while (path[dots] == '.')
706 /* If the name is canonical this is redundant
707 * but in security, redundancy is worthwhile.
708 * Does OS2 belong here (accepts ... for ..)?
710 if (dots > 1 && (!path[dots] || path[dots] == '/'))
713 if (dots == 2 && (!path[dots] || path[dots] == '/'))
717 while (*path && *(path++) != '/')
723 static int handle_include(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
724 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
727 char *tag_val = NULL;
728 apr_bucket *tmp_buck;
729 char parsed_string[MAX_STRING_LEN];
731 *inserted_head = NULL;
732 if (ctx->flags & FLAG_PRINTING) {
734 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1);
735 if (tag_val == NULL) {
743 if (!strcmp(tag, "file") || !strcmp(tag, "virtual")) {
744 request_rec *rr = NULL;
745 char *error_fmt = NULL;
747 ap_ssi_parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
749 /* be safe; only files in this directory or below allowed */
750 if (!is_only_below(parsed_string)) {
751 error_fmt = "unable to include file \"%s\" "
755 rr = ap_sub_req_lookup_file(parsed_string, r, f->next);
759 rr = ap_sub_req_lookup_uri(parsed_string, r, f->next);
762 if (!error_fmt && rr->status != HTTP_OK) {
763 error_fmt = "unable to include \"%s\" in parsed file %s";
766 if (!error_fmt && (ctx->flags & FLAG_NO_EXEC) && rr->content_type
767 && (strncmp(rr->content_type, "text/", 5))) {
768 error_fmt = "unable to include potential exec \"%s\" "
771 if (error_fmt == NULL) {
772 /* try to avoid recursive includes. We do this by walking
773 * up the r->main list of subrequests, and at each level
774 * walking back through any internal redirects. At each
775 * step, we compare the filenames and the URIs.
777 * The filename comparison catches a recursive include
778 * with an ever-changing URL, eg.
779 * <!--#include virtual=
780 * "$REQUEST_URI/$QUERY_STRING?$QUERY_STRING/x"-->
781 * which, although they would eventually be caught because
782 * we have a limit on the length of files, etc., can
783 * recurse for a while.
785 * The URI comparison catches the case where the filename
786 * is changed while processing the request, so the
787 * current name is never the same as any previous one.
788 * This can happen with "DocumentRoot /foo" when you
789 * request "/" on the server and it includes "/".
790 * This only applies to modules such as mod_dir that
791 * (somewhat improperly) mess with r->filename outside
792 * of a filename translation phase.
796 for (p = r; p != NULL && !founddupe; p = p->main) {
798 for (q = p; q != NULL; q = q->prev) {
799 if ( (strcmp(q->filename, rr->filename) == 0) ||
800 (strcmp(q->uri, rr->uri) == 0) ){
808 error_fmt = "Recursive include of \"%s\" "
813 /* See the Kludge in send_parsed_file for why */
814 /* Basically, it puts a bread crumb in here, then looks */
815 /* for the crumb later to see if its been here. */
817 ap_set_module_config(rr->request_config, &includes_module, r);
820 SPLIT_AND_PASS_PRETAG_BUCKETS(*bb, ctx, f->next);
822 if (ap_run_sub_req(rr)) {
823 error_fmt = "unable to include \"%s\" in parsed file %s";
827 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
828 0, r, error_fmt, tag_val, r->filename);
829 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
832 /* destroy the sub request if it's not a nested include (crumb) */
834 && ap_get_module_config(rr->request_config, &includes_module)
835 != NESTED_INCLUDE_MAGIC) {
836 ap_destroy_sub_req(rr);
840 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
841 "unknown parameter \"%s\" to tag include in %s",
843 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
851 static int handle_echo(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
852 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
855 char *tag_val = NULL;
856 const char *echo_text = NULL;
857 apr_bucket *tmp_buck;
858 apr_size_t e_len, e_wrt;
859 enum {E_NONE, E_URL, E_ENTITY} encode;
863 *inserted_head = NULL;
864 if (ctx->flags & FLAG_PRINTING) {
866 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1);
867 if (tag_val == NULL) {
875 if (!strcmp(tag, "var")) {
876 const char *val = apr_table_get(r->subprocess_env, tag_val);
881 case E_NONE: echo_text = val; b_copy = 1; break;
882 case E_URL: echo_text = ap_escape_uri(r->pool, val); break;
883 case E_ENTITY: echo_text = ap_escape_html(r->pool, val); break;
886 e_len = strlen(echo_text);
887 tmp_buck = apr_bucket_heap_create(echo_text, e_len, 1, &e_wrt);
890 tmp_buck = apr_bucket_immortal_create("(none)", sizeof("none"));
892 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
893 if (*inserted_head == NULL) {
894 *inserted_head = tmp_buck;
897 else if (!strcmp(tag, "encoding")) {
898 if (!strcasecmp(tag_val, "none")) encode = E_NONE;
899 else if (!strcasecmp(tag_val, "url")) encode = E_URL;
900 else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY;
902 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
903 "unknown value \"%s\" to parameter \"encoding\" of "
904 "tag echo in %s", tag_val, r->filename);
905 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
909 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
910 "unknown parameter \"%s\" in tag echo of %s",
912 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
920 /* error and tf must point to a string with room for at
921 * least MAX_STRING_LEN characters
923 static int handle_config(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
924 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
927 char *tag_val = NULL;
928 char parsed_string[MAX_STRING_LEN];
929 apr_table_t *env = r->subprocess_env;
931 *inserted_head = NULL;
932 if (ctx->flags & FLAG_PRINTING) {
934 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 0);
935 if (tag_val == NULL) {
937 return 0; /* Reached the end of the string. */
940 return 1; /* tags must have values. */
943 if (!strcmp(tag, "errmsg")) {
944 ap_ssi_parse_string(r, tag_val, ctx->error_str, MAX_STRING_LEN, 0);
945 ctx->error_length = strlen(ctx->error_str);
947 else if (!strcmp(tag, "timefmt")) {
948 apr_time_t date = r->request_time;
950 ap_ssi_parse_string(r, tag_val, ctx->time_str, MAX_STRING_LEN, 0);
951 apr_table_setn(env, "DATE_LOCAL", ap_ht_time(r->pool, date, ctx->time_str, 0));
952 apr_table_setn(env, "DATE_GMT", ap_ht_time(r->pool, date, ctx->time_str, 1));
953 apr_table_setn(env, "LAST_MODIFIED",
954 ap_ht_time(r->pool, r->finfo.mtime, ctx->time_str, 0));
956 else if (!strcmp(tag, "sizefmt")) {
957 ap_ssi_parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
958 decodehtml(parsed_string);
959 if (!strcmp(parsed_string, "bytes")) {
960 ctx->flags |= FLAG_SIZE_IN_BYTES;
962 else if (!strcmp(parsed_string, "abbrev")) {
963 ctx->flags &= FLAG_SIZE_ABBREV;
967 apr_bucket *tmp_buck;
969 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
970 "unknown parameter \"%s\" to tag config in %s",
972 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
980 static int find_file(request_rec *r, const char *directive, const char *tag,
981 char *tag_val, apr_finfo_t *finfo)
983 char *to_send = tag_val;
984 request_rec *rr = NULL;
986 char *error_fmt = NULL;
987 apr_status_t rv = APR_SUCCESS;
989 if (!strcmp(tag, "file")) {
990 /* be safe; only files in this directory or below allowed */
991 if (!is_only_below(tag_val)) {
992 error_fmt = "unable to access file \"%s\" "
996 ap_getparents(tag_val); /* get rid of any nasties */
998 /* note: it is okay to pass NULL for the "next filter" since
999 we never attempt to "run" this sub request. */
1000 rr = ap_sub_req_lookup_file(tag_val, r, NULL);
1002 if (rr->status == HTTP_OK && rr->finfo.filetype != 0) {
1003 to_send = rr->filename;
1004 if ((rv = apr_stat(finfo, to_send, APR_FINFO_GPROT
1005 | APR_FINFO_MIN, rr->pool)) != APR_SUCCESS
1006 && rv != APR_INCOMPLETE) {
1007 error_fmt = "unable to get information about \"%s\" "
1008 "in parsed file %s";
1012 error_fmt = "unable to lookup information about \"%s\" "
1013 "in parsed file %s";
1019 ap_log_rerror(APLOG_MARK, APLOG_ERR | (rv ? 0 : APLOG_NOERRNO),
1020 rv, r, error_fmt, to_send, r->filename);
1023 if (rr) ap_destroy_sub_req(rr);
1027 else if (!strcmp(tag, "virtual")) {
1028 /* note: it is okay to pass NULL for the "next filter" since
1029 we never attempt to "run" this sub request. */
1030 rr = ap_sub_req_lookup_uri(tag_val, r, NULL);
1032 if (rr->status == HTTP_OK && rr->finfo.filetype != 0) {
1033 memcpy((char *) finfo, (const char *) &rr->finfo,
1035 ap_destroy_sub_req(rr);
1039 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1040 "unable to get information about \"%s\" "
1041 "in parsed file %s",
1042 tag_val, r->filename);
1043 ap_destroy_sub_req(rr);
1048 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1049 "unknown parameter \"%s\" to tag %s in %s",
1050 tag, directive, r->filename);
1055 #define NEG_SIGN " -"
1056 #define ZERO_K " 0k"
1059 static void generate_size(apr_ssize_t size, char *buff, apr_size_t buff_size)
1061 /* XXX: this -1 thing is a gross hack */
1062 if (size == (apr_ssize_t)-1) {
1063 memcpy (buff, NEG_SIGN, sizeof(NEG_SIGN)+1);
1066 memcpy (buff, ZERO_K, sizeof(ZERO_K)+1);
1068 else if (size < 1024) {
1069 memcpy (buff, ONE_K, sizeof(ONE_K)+1);
1071 else if (size < 1048576) {
1072 apr_snprintf(buff, buff_size, "%4" APR_SSIZE_T_FMT "k", (size + 512) / 1024);
1074 else if (size < 103809024) {
1075 apr_snprintf(buff, buff_size, "%4.1fM", size / 1048576.0);
1078 apr_snprintf(buff, buff_size, "%4" APR_SSIZE_T_FMT "M", (size + 524288) / 1048576);
1082 static int handle_fsize(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
1083 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
1086 char *tag_val = NULL;
1088 apr_size_t s_len, s_wrt;
1089 apr_bucket *tmp_buck;
1090 char parsed_string[MAX_STRING_LEN];
1092 *inserted_head = NULL;
1093 if (ctx->flags & FLAG_PRINTING) {
1095 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1);
1096 if (tag_val == NULL) {
1105 ap_ssi_parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1106 if (!find_file(r, "fsize", tag, parsed_string, &finfo)) {
1109 if (!(ctx->flags & FLAG_SIZE_IN_BYTES)) {
1110 generate_size(finfo.size, buff, sizeof(buff));
1111 s_len = strlen (buff);
1117 apr_snprintf(tmp_buff, sizeof(tmp_buff), "%" APR_OFF_T_FMT, finfo.size);
1118 l = strlen(tmp_buff); /* grrr */
1119 for (x = 0; x < l; x++) {
1120 if (x && (!((l - x) % 3))) {
1123 buff[pos++] = tmp_buff[x];
1129 tmp_buck = apr_bucket_heap_create(buff, s_len, 1, &s_wrt);
1130 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
1131 if (*inserted_head == NULL) {
1132 *inserted_head = tmp_buck;
1136 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
1144 static int handle_flastmod(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
1145 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
1148 char *tag_val = NULL;
1150 apr_size_t t_len, t_wrt;
1151 apr_bucket *tmp_buck;
1152 char parsed_string[MAX_STRING_LEN];
1154 *inserted_head = NULL;
1155 if (ctx->flags & FLAG_PRINTING) {
1157 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1);
1158 if (tag_val == NULL) {
1167 ap_ssi_parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1168 if (!find_file(r, "flastmod", tag, parsed_string, &finfo)) {
1171 t_val = ap_ht_time(r->pool, finfo.mtime, ctx->time_str, 0);
1172 t_len = strlen(t_val);
1174 tmp_buck = apr_bucket_heap_create(t_val, t_len, 1, &t_wrt);
1175 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
1176 if (*inserted_head == NULL) {
1177 *inserted_head = tmp_buck;
1181 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
1189 static int re_check(request_rec *r, char *string, char *rexp)
1194 compiled = ap_pregcomp(r->pool, rexp, REG_EXTENDED | REG_NOSUB);
1195 if (compiled == NULL) {
1196 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1197 "unable to compile pattern \"%s\"", rexp);
1200 regex_error = ap_regexec(compiled, string, 0, (regmatch_t *) NULL, 0);
1201 ap_pregfree(r->pool, compiled);
1202 return (!regex_error);
1207 token_and, token_or, token_not, token_eq, token_ne,
1208 token_rbrace, token_lbrace, token_group,
1209 token_ge, token_le, token_gt, token_lt
1212 enum token_type type;
1213 char value[MAX_STRING_LEN];
1216 /* there is an implicit assumption here that string is at most MAX_STRING_LEN-1
1217 * characters long...
1219 static const char *get_ptoken(request_rec *r, const char *string, struct token *token,
1227 /* Skip leading white space */
1228 if (string == (char *) NULL) {
1229 return (char *) NULL;
1231 while ((ch = *string++)) {
1232 if (!apr_isspace(ch)) {
1237 return (char *) NULL;
1240 token->type = token_string; /* the default type */
1243 token->type = token_lbrace;
1246 token->type = token_rbrace;
1249 token->type = token_eq;
1252 if (*string == '=') {
1253 token->type = token_ne;
1254 return (string + 1);
1257 token->type = token_not;
1261 token->type = token_string;
1265 if (*string == '|') {
1266 token->type = token_or;
1267 return (string + 1);
1271 if (*string == '&') {
1272 token->type = token_and;
1273 return (string + 1);
1277 if (*string == '=') {
1278 token->type = token_ge;
1279 return (string + 1);
1282 token->type = token_gt;
1286 if (*string == '=') {
1287 token->type = token_le;
1288 return (string + 1);
1291 token->type = token_lt;
1295 token->type = token_string;
1298 /* We should only be here if we are in a string */
1300 token->value[next++] = ch;
1304 * Yes I know that goto's are BAD. But, c doesn't allow me to
1305 * exit a loop from a switch statement. Yes, I could use a flag,
1306 * but that is (IMHO) even less readable/maintainable than the goto.
1309 * I used the ++string throughout this section so that string
1310 * ends up pointing to the next token and I can just return it
1312 for (ch = *string; ((ch != '\0') && (!tkn_fnd)); ch = *++string) {
1314 if ((ch = *++string) == '\0') {
1318 token->value[next++] = ch;
1323 if (apr_isspace(ch)) {
1337 if (*(string + 1) == '|') {
1342 if (*(string + 1) == '&') {
1348 token->value[next++] = ch;
1359 token->value[next++] = ch;
1365 /* If qs is still set, I have an unmatched ' */
1370 token->value[next] = '\0';
1376 * Hey I still know that goto's are BAD. I don't think that I've ever
1377 * used two in the same project, let alone the same file before. But,
1378 * I absolutely want to make sure that I clean up the memory in all
1379 * cases. And, without rewriting this completely, the easiest way
1380 * is to just branch to the return code which cleans it up.
1382 /* there is an implicit assumption here that expr is at most MAX_STRING_LEN-1
1383 * characters long...
1385 static int parse_expr(request_rec *r, const char *expr, int *was_error,
1386 int *was_unmatched, char *debug)
1389 struct parse_node *left, *right, *parent;
1392 } *root, *current, *new;
1394 char buffer[MAX_STRING_LEN];
1395 apr_pool_t *expr_pool;
1397 apr_size_t debug_pos = 0;
1399 debug[debug_pos] = '\0';
1402 if ((parse = expr) == (char *) NULL) {
1405 root = current = (struct parse_node *) NULL;
1406 if (apr_pool_create(&expr_pool, r->pool) != APR_SUCCESS)
1409 /* Create Parse Tree */
1411 new = (struct parse_node *) apr_palloc(expr_pool,
1412 sizeof(struct parse_node));
1413 new->parent = new->left = new->right = (struct parse_node *) NULL;
1415 if ((parse = get_ptoken(r, parse, &new->token, was_unmatched)) == (char *) NULL) {
1418 switch (new->token.type) {
1421 #ifdef DEBUG_INCLUDE
1422 debug_pos += sprintf (&debug[debug_pos], " Token: string (%s)\n",
1425 if (current == (struct parse_node *) NULL) {
1426 root = current = new;
1429 switch (current->token.type) {
1431 if (current->token.value[0] != '\0') {
1432 strncat(current->token.value, " ",
1433 sizeof(current->token.value)
1434 - strlen(current->token.value) - 1);
1436 strncat(current->token.value, new->token.value,
1437 sizeof(current->token.value)
1438 - strlen(current->token.value) - 1);
1439 current->token.value[sizeof(current->token.value) - 1] = '\0';
1451 new->parent = current;
1452 current = current->right = new;
1455 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1456 "Invalid expression \"%s\" in file %s",
1465 #ifdef DEBUG_INCLUDE
1466 memcpy (&debug[debug_pos], " Token: and/or\n",
1467 sizeof (" Token: and/or\n"));
1468 debug_pos += sizeof (" Token: and/or\n");
1470 if (current == (struct parse_node *) NULL) {
1471 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1472 "Invalid expression \"%s\" in file %s",
1477 /* Percolate upwards */
1478 while (current != (struct parse_node *) NULL) {
1479 switch (current->token.type) {
1491 current = current->parent;
1496 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1497 "Invalid expression \"%s\" in file %s",
1504 if (current == (struct parse_node *) NULL) {
1506 new->left->parent = new;
1507 new->parent = (struct parse_node *) NULL;
1511 new->left = current->right;
1512 current->right = new;
1513 new->parent = current;
1519 #ifdef DEBUG_INCLUDE
1520 memcpy (&debug[debug_pos], " Token: not\n",
1521 sizeof (" Token: not\n"));
1522 debug_pos += sizeof (" Token: not\n");
1524 if (current == (struct parse_node *) NULL) {
1525 root = current = new;
1528 /* Percolate upwards */
1529 while (current != (struct parse_node *) NULL) {
1530 switch (current->token.type) {
1543 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1544 "Invalid expression \"%s\" in file %s",
1551 if (current == (struct parse_node *) NULL) {
1553 new->left->parent = new;
1554 new->parent = (struct parse_node *) NULL;
1558 new->left = current->right;
1559 current->right = new;
1560 new->parent = current;
1571 #ifdef DEBUG_INCLUDE
1572 memcpy (&debug[debug_pos], " Token: eq/ne/ge/gt/le/lt\n",
1573 sizeof (" Token: eq/ne/ge/gt/le/lt\n"));
1574 debug_pos += sizeof (" Token: eq/ne/ge/gt/le/lt\n");
1576 if (current == (struct parse_node *) NULL) {
1577 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1578 "Invalid expression \"%s\" in file %s",
1583 /* Percolate upwards */
1584 while (current != (struct parse_node *) NULL) {
1585 switch (current->token.type) {
1588 current = current->parent;
1602 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1603 "Invalid expression \"%s\" in file %s",
1610 if (current == (struct parse_node *) NULL) {
1612 new->left->parent = new;
1613 new->parent = (struct parse_node *) NULL;
1617 new->left = current->right;
1618 current->right = new;
1619 new->parent = current;
1625 #ifdef DEBUG_INCLUDE
1626 memcpy (&debug[debug_pos], " Token: rbrace\n",
1627 sizeof (" Token: rbrace\n"));
1628 debug_pos += sizeof (" Token: rbrace\n");
1630 while (current != (struct parse_node *) NULL) {
1631 if (current->token.type == token_lbrace) {
1632 current->token.type = token_group;
1635 current = current->parent;
1637 if (current == (struct parse_node *) NULL) {
1638 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1639 "Unmatched ')' in \"%s\" in file %s",
1647 #ifdef DEBUG_INCLUDE
1648 memcpy (&debug[debug_pos], " Token: lbrace\n",
1649 sizeof (" Token: lbrace\n"));
1650 debug_pos += sizeof (" Token: lbrace\n");
1652 if (current == (struct parse_node *) NULL) {
1653 root = current = new;
1656 /* Percolate upwards */
1657 while (current != (struct parse_node *) NULL) {
1658 switch (current->token.type) {
1673 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1674 "Invalid expression \"%s\" in file %s",
1681 if (current == (struct parse_node *) NULL) {
1683 new->left->parent = new;
1684 new->parent = (struct parse_node *) NULL;
1688 new->left = current->right;
1689 current->right = new;
1690 new->parent = current;
1699 /* Evaluate Parse Tree */
1701 while (current != (struct parse_node *) NULL) {
1702 switch (current->token.type) {
1704 #ifdef DEBUG_INCLUDE
1705 memcpy (&debug[debug_pos], " Evaluate string\n",
1706 sizeof (" Evaluate string\n"));
1707 debug_pos += sizeof (" Evaluate string\n");
1709 ap_ssi_parse_string(r, current->token.value, buffer, sizeof(buffer), 0);
1710 apr_cpystrn(current->token.value, buffer, sizeof(current->token.value));
1711 current->value = (current->token.value[0] != '\0');
1713 current = current->parent;
1718 #ifdef DEBUG_INCLUDE
1719 memcpy (&debug[debug_pos], " Evaluate and/or\n",
1720 sizeof (" Evaluate and/or\n"));
1721 debug_pos += sizeof (" Evaluate and/or\n");
1723 if (current->left == (struct parse_node *) NULL ||
1724 current->right == (struct parse_node *) NULL) {
1725 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1726 "Invalid expression \"%s\" in file %s",
1731 if (!current->left->done) {
1732 switch (current->left->token.type) {
1734 ap_ssi_parse_string(r, current->left->token.value,
1735 buffer, sizeof(buffer), 0);
1736 apr_cpystrn(current->left->token.value, buffer,
1737 sizeof(current->left->token.value));
1738 current->left->value = (current->left->token.value[0] != '\0');
1739 current->left->done = 1;
1742 current = current->left;
1746 if (!current->right->done) {
1747 switch (current->right->token.type) {
1749 ap_ssi_parse_string(r, current->right->token.value,
1750 buffer, sizeof(buffer), 0);
1751 apr_cpystrn(current->right->token.value, buffer,
1752 sizeof(current->right->token.value));
1753 current->right->value = (current->right->token.value[0] != '\0');
1754 current->right->done = 1;
1757 current = current->right;
1761 #ifdef DEBUG_INCLUDE
1762 debug_pos += sprintf (&debug[debug_pos], " Left: %c\n",
1763 current->left->value ? '1' : '0');
1764 debug_pos += sprintf (&debug[debug_pos], " Right: %c\n",
1765 current->right->value ? '1' : '0');
1767 if (current->token.type == token_and) {
1768 current->value = current->left->value && current->right->value;
1771 current->value = current->left->value || current->right->value;
1773 #ifdef DEBUG_INCLUDE
1774 debug_pos += sprintf (&debug[debug_pos], " Returning %c\n",
1775 current->value ? '1' : '0');
1778 current = current->parent;
1783 #ifdef DEBUG_INCLUDE
1784 memcpy (&debug[debug_pos], " Evaluate eq/ne\n",
1785 sizeof (" Evaluate eq/ne\n"));
1786 debug_pos += sizeof (" Evaluate eq/ne\n");
1788 if ((current->left == (struct parse_node *) NULL) ||
1789 (current->right == (struct parse_node *) NULL) ||
1790 (current->left->token.type != token_string) ||
1791 (current->right->token.type != token_string)) {
1792 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1793 "Invalid expression \"%s\" in file %s",
1798 ap_ssi_parse_string(r, current->left->token.value,
1799 buffer, sizeof(buffer), 0);
1800 apr_cpystrn(current->left->token.value, buffer,
1801 sizeof(current->left->token.value));
1802 ap_ssi_parse_string(r, current->right->token.value,
1803 buffer, sizeof(buffer), 0);
1804 apr_cpystrn(current->right->token.value, buffer,
1805 sizeof(current->right->token.value));
1806 if (current->right->token.value[0] == '/') {
1808 len = strlen(current->right->token.value);
1809 if (current->right->token.value[len - 1] == '/') {
1810 current->right->token.value[len - 1] = '\0';
1813 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1814 "Invalid rexp \"%s\" in file %s",
1815 current->right->token.value, r->filename);
1819 #ifdef DEBUG_INCLUDE
1820 debug_pos += sprintf (&debug[debug_pos],
1821 " Re Compare (%s) with /%s/\n",
1822 current->left->token.value,
1823 ¤t->right->token.value[1]);
1826 re_check(r, current->left->token.value,
1827 ¤t->right->token.value[1]);
1830 #ifdef DEBUG_INCLUDE
1831 debug_pos += sprintf (&debug[debug_pos],
1832 " Compare (%s) with (%s)\n",
1833 current->left->token.value,
1834 current->right->token.value);
1837 (strcmp(current->left->token.value,
1838 current->right->token.value) == 0);
1840 if (current->token.type == token_ne) {
1841 current->value = !current->value;
1843 #ifdef DEBUG_INCLUDE
1844 debug_pos += sprintf (&debug[debug_pos], " Returning %c\n",
1845 current->value ? '1' : '0');
1848 current = current->parent;
1854 #ifdef DEBUG_INCLUDE
1855 memcpy (&debug[debug_pos], " Evaluate ge/gt/le/lt\n",
1856 sizeof (" Evaluate ge/gt/le/lt\n"));
1857 debug_pos += sizeof (" Evaluate ge/gt/le/lt\n");
1859 if ((current->left == (struct parse_node *) NULL) ||
1860 (current->right == (struct parse_node *) NULL) ||
1861 (current->left->token.type != token_string) ||
1862 (current->right->token.type != token_string)) {
1863 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1864 "Invalid expression \"%s\" in file %s",
1869 ap_ssi_parse_string(r, current->left->token.value,
1870 buffer, sizeof(buffer), 0);
1871 apr_cpystrn(current->left->token.value, buffer,
1872 sizeof(current->left->token.value));
1873 ap_ssi_parse_string(r, current->right->token.value,
1874 buffer, sizeof(buffer), 0);
1875 apr_cpystrn(current->right->token.value, buffer,
1876 sizeof(current->right->token.value));
1877 #ifdef DEBUG_INCLUDE
1878 debug_pos += sprintf (&debug[debug_pos],
1879 " Compare (%s) with (%s)\n",
1880 current->left->token.value,
1881 current->right->token.value);
1884 strcmp(current->left->token.value,
1885 current->right->token.value);
1886 if (current->token.type == token_ge) {
1887 current->value = current->value >= 0;
1889 else if (current->token.type == token_gt) {
1890 current->value = current->value > 0;
1892 else if (current->token.type == token_le) {
1893 current->value = current->value <= 0;
1895 else if (current->token.type == token_lt) {
1896 current->value = current->value < 0;
1899 current->value = 0; /* Don't return -1 if unknown token */
1901 #ifdef DEBUG_INCLUDE
1902 debug_pos += sprintf (&debug[debug_pos], " Returning %c\n",
1903 current->value ? '1' : '0');
1906 current = current->parent;
1910 if (current->right != (struct parse_node *) NULL) {
1911 if (!current->right->done) {
1912 current = current->right;
1915 current->value = !current->right->value;
1920 #ifdef DEBUG_INCLUDE
1921 debug_pos += sprintf (&debug[debug_pos], " Evaluate !: %c\n",
1922 current->value ? '1' : '0');
1925 current = current->parent;
1929 if (current->right != (struct parse_node *) NULL) {
1930 if (!current->right->done) {
1931 current = current->right;
1934 current->value = current->right->value;
1939 #ifdef DEBUG_INCLUDE
1940 debug_pos += sprintf (&debug[debug_pos], " Evaluate (): %c\n",
1941 current->value ? '1' : '0');
1944 current = current->parent;
1948 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1949 "Unmatched '(' in \"%s\" in file %s",
1955 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1956 "Unmatched ')' in \"%s\" in file %s",
1962 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1969 retval = (root == (struct parse_node *) NULL) ? 0 : root->value;
1971 apr_pool_destroy(expr_pool);
1975 /*-------------------------------------------------------------------------*/
1976 #ifdef DEBUG_INCLUDE
1978 /* XXX overlaying the static string pointed to by cond_txt isn't cool */
1980 #define MAX_DEBUG_SIZE MAX_STRING_LEN
1981 #define LOG_COND_STATUS(cntx, t_buck, h_ptr, ins_head, tag_text) \
1983 char *cond_txt = "**** X conditional_status=\"0\"\n"; \
1986 if (cntx->flags & FLAG_COND_TRUE) { \
1987 cond_txt[31] = '1'; \
1989 memcpy(&cond_txt[5], tag_text, sizeof(tag_text)); \
1990 t_buck = apr_bucket_heap_create(cond_txt, sizeof(cond_txt), 1, &c_wrt); \
1991 APR_BUCKET_INSERT_BEFORE(h_ptr, t_buck); \
1993 if (ins_head == NULL) { \
1994 ins_head = t_buck; \
1997 #define DUMP_PARSE_EXPR_DEBUG(t_buck, h_ptr, d_buf, ins_head) \
2000 if (d_buf[0] != '\0') { \
2001 t_buck = apr_bucket_heap_create(d_buf, strlen(d_buf), 1, &b_wrt); \
2002 APR_BUCKET_INSERT_BEFORE(h_ptr, t_buck); \
2004 if (ins_head == NULL) { \
2005 ins_head = t_buck; \
2011 #define MAX_DEBUG_SIZE 10
2012 #define LOG_COND_STATUS(cntx, t_buck, h_ptr, ins_head, tag_text)
2013 #define DUMP_PARSE_EXPR_DEBUG(t_buck, h_ptr, d_buf, ins_head)
2016 /*-------------------------------------------------------------------------*/
2018 /* pjr - These seem to allow expr="fred" expr="joe" where joe overwrites fred. */
2019 static int handle_if(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
2020 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
2023 char *tag_val = NULL;
2025 int expr_ret, was_error, was_unmatched;
2026 apr_bucket *tmp_buck;
2027 char debug_buf[MAX_DEBUG_SIZE];
2029 *inserted_head = NULL;
2030 if (!ctx->flags & FLAG_PRINTING) {
2031 ctx->if_nesting_level++;
2035 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 0);
2038 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2039 "missing expr in if statement: %s", r->filename);
2040 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2043 expr_ret = parse_expr(r, expr, &was_error, &was_unmatched, debug_buf);
2045 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2048 if (was_unmatched) {
2049 DUMP_PARSE_EXPR_DEBUG(tmp_buck, head_ptr, "\nUnmatched '\n",
2052 DUMP_PARSE_EXPR_DEBUG(tmp_buck, head_ptr, debug_buf, *inserted_head);
2055 ctx->flags |= (FLAG_PRINTING | FLAG_COND_TRUE);
2058 ctx->flags &= FLAG_CLEAR_PRINT_COND;
2060 LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, " if");
2061 ctx->if_nesting_level = 0;
2064 else if (!strcmp(tag, "expr")) {
2066 #ifdef DEBUG_INCLUDE
2068 apr_size_t d_len = 0, d_wrt = 0;
2069 d_len = sprintf(debug_buf, "**** if expr=\"%s\"\n", expr);
2070 tmp_buck = apr_bucket_heap_create(debug_buf, d_len, 1, &d_wrt);
2071 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
2073 if (*inserted_head == NULL) {
2074 *inserted_head = tmp_buck;
2080 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2081 "unknown parameter \"%s\" to tag if in %s", tag, r->filename);
2082 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2090 static int handle_elif(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
2091 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
2094 char *tag_val = NULL;
2096 int expr_ret, was_error, was_unmatched;
2097 apr_bucket *tmp_buck;
2098 char debug_buf[MAX_DEBUG_SIZE];
2100 *inserted_head = NULL;
2101 if (!ctx->if_nesting_level) {
2103 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 0);
2105 LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, " elif");
2107 if (ctx->flags & FLAG_COND_TRUE) {
2108 ctx->flags &= FLAG_CLEAR_PRINTING;
2112 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2113 "missing expr in elif statement: %s", r->filename);
2114 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2117 expr_ret = parse_expr(r, expr, &was_error, &was_unmatched, debug_buf);
2119 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2122 if (was_unmatched) {
2123 DUMP_PARSE_EXPR_DEBUG(tmp_buck, head_ptr, "\nUnmatched '\n",
2126 DUMP_PARSE_EXPR_DEBUG(tmp_buck, head_ptr, debug_buf, *inserted_head);
2129 ctx->flags |= (FLAG_PRINTING | FLAG_COND_TRUE);
2132 ctx->flags &= FLAG_CLEAR_PRINT_COND;
2134 LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, " elif");
2137 else if (!strcmp(tag, "expr")) {
2139 #ifdef DEBUG_INCLUDE
2141 apr_size_t d_len = 0, d_wrt = 0;
2142 d_len = sprintf(debug_buf, "**** elif expr=\"%s\"\n", expr);
2143 tmp_buck = apr_bucket_heap_create(debug_buf, d_len, 1, &d_wrt);
2144 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
2146 if (*inserted_head == NULL) {
2147 *inserted_head = tmp_buck;
2153 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2154 "unknown parameter \"%s\" to tag if in %s", tag, r->filename);
2155 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2162 static int handle_else(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
2163 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
2166 char *tag_val = NULL;
2167 apr_bucket *tmp_buck;
2169 *inserted_head = NULL;
2170 if (!ctx->if_nesting_level) {
2171 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1);
2172 if ((tag != NULL) || (tag_val != NULL)) {
2173 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2174 "else directive does not take tags in %s", r->filename);
2175 if (ctx->flags & FLAG_PRINTING) {
2176 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2181 LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, " else");
2183 if (ctx->flags & FLAG_COND_TRUE) {
2184 ctx->flags &= FLAG_CLEAR_PRINTING;
2187 ctx->flags |= (FLAG_PRINTING | FLAG_COND_TRUE);
2195 static int handle_endif(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
2196 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
2199 char *tag_val = NULL;
2200 apr_bucket *tmp_buck;
2202 *inserted_head = NULL;
2203 if (!ctx->if_nesting_level) {
2204 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1);
2205 if ((tag != NULL) || (tag_val != NULL)) {
2206 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2207 "endif directive does not take tags in %s", r->filename);
2208 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2212 LOG_COND_STATUS(ctx, tmp_buck, head_ptr, *inserted_head, "endif");
2213 ctx->flags |= (FLAG_PRINTING | FLAG_COND_TRUE);
2218 ctx->if_nesting_level--;
2223 static int handle_set(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
2224 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
2227 char *tag_val = NULL;
2229 apr_bucket *tmp_buck;
2230 char parsed_string[MAX_STRING_LEN];
2232 *inserted_head = NULL;
2233 if (ctx->flags & FLAG_PRINTING) {
2235 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1);
2236 if ((tag == NULL) && (tag_val == NULL)) {
2239 else if (tag_val == NULL) {
2242 else if (!strcmp(tag, "var")) {
2245 else if (!strcmp(tag, "value")) {
2246 if (var == (char *) NULL) {
2247 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2248 "variable must precede value in set directive in %s",
2250 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2253 ap_ssi_parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
2254 apr_table_setn(r->subprocess_env, apr_pstrdup(r->pool, var),
2255 apr_pstrdup(r->pool, parsed_string));
2258 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2259 "Invalid tag for set directive in %s", r->filename);
2260 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2268 static int handle_printenv(include_ctx_t *ctx, apr_bucket_brigade **bb, request_rec *r,
2269 ap_filter_t *f, apr_bucket *head_ptr, apr_bucket **inserted_head)
2272 char *tag_val = NULL;
2273 apr_bucket *tmp_buck;
2275 if (ctx->flags & FLAG_PRINTING) {
2276 ap_ssi_get_tag_and_value(ctx, &tag, &tag_val, 1);
2277 if ((tag == NULL) && (tag_val == NULL)) {
2278 apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
2279 apr_table_entry_t *elts = (apr_table_entry_t *)arr->elts;
2281 char *key_text, *val_text;
2282 apr_size_t k_len, v_len, t_wrt;
2284 *inserted_head = NULL;
2285 for (i = 0; i < arr->nelts; ++i) {
2286 key_text = ap_escape_html(r->pool, elts[i].key);
2287 val_text = ap_escape_html(r->pool, elts[i].val);
2288 k_len = strlen(key_text);
2289 v_len = strlen(val_text);
2292 tmp_buck = apr_bucket_heap_create(key_text, k_len, 1, &t_wrt);
2293 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
2294 if (*inserted_head == NULL) {
2295 *inserted_head = tmp_buck;
2298 tmp_buck = apr_bucket_immortal_create("=", 1);
2299 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
2301 tmp_buck = apr_bucket_heap_create(val_text, v_len, 1, &t_wrt);
2302 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
2304 tmp_buck = apr_bucket_immortal_create("\n", 1);
2305 APR_BUCKET_INSERT_BEFORE(head_ptr, tmp_buck);
2310 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2311 "printenv directive does not take tags in %s", r->filename);
2312 CREATE_ERROR_BUCKET(ctx, tmp_buck, head_ptr, *inserted_head);
2320 /* -------------------------- The main function --------------------------- */
2322 static void send_parsed_content(apr_bucket_brigade **bb, request_rec *r,
2325 include_ctx_t *ctx = f->ctx;
2326 apr_bucket *dptr = APR_BRIGADE_FIRST(*bb);
2327 apr_bucket *tmp_dptr;
2328 apr_bucket_brigade *tag_and_after;
2331 if (r->args) { /* add QUERY stuff to env cause it ain't yet */
2332 char *arg_copy = apr_pstrdup(r->pool, r->args);
2334 apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
2335 ap_unescape_url(arg_copy);
2336 apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
2337 ap_escape_shell_cmd(r->pool, arg_copy));
2340 while (dptr != APR_BRIGADE_SENTINEL(*bb)) {
2341 /* State to check for the STARTING_SEQUENCE. */
2342 if ((ctx->state == PRE_HEAD) || (ctx->state == PARSE_HEAD)) {
2344 apr_size_t cleanup_bytes = ctx->parse_pos;
2346 tmp_dptr = find_start_sequence(dptr, ctx, *bb, &do_cleanup);
2348 /* The few bytes stored in the ssi_tag_brigade turned out not to
2349 * be a tag after all. This can only happen if the starting
2350 * tag actually spans brigades. This should be very rare.
2352 if ((do_cleanup) && (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade))) {
2353 apr_bucket *tmp_bkt;
2355 tmp_bkt = apr_bucket_immortal_create(STARTING_SEQUENCE, cleanup_bytes);
2356 APR_BRIGADE_INSERT_HEAD(*bb, tmp_bkt);
2358 while (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2359 tmp_bkt = APR_BRIGADE_FIRST(ctx->ssi_tag_brigade);
2360 APR_BUCKET_REMOVE(tmp_bkt);
2361 apr_bucket_destroy(tmp_bkt);
2365 /* If I am inside a conditional (if, elif, else) that is false
2366 * then I need to throw away anything contained in it.
2368 if ((!(ctx->flags & FLAG_PRINTING)) && (tmp_dptr != NULL) &&
2369 (dptr != APR_BRIGADE_SENTINEL(*bb))) {
2370 while ((dptr != APR_BRIGADE_SENTINEL(*bb)) &&
2371 (dptr != tmp_dptr)) {
2372 apr_bucket *free_bucket = dptr;
2374 dptr = APR_BUCKET_NEXT (dptr);
2375 APR_BUCKET_REMOVE(free_bucket);
2376 apr_bucket_destroy(free_bucket);
2380 /* Adjust the current bucket position based on what was found... */
2381 if ((tmp_dptr != NULL) && (ctx->state == PARSE_DIRECTIVE)) {
2382 if (ctx->tag_start_bucket != NULL) {
2383 dptr = ctx->tag_start_bucket;
2386 dptr = APR_BRIGADE_SENTINEL(*bb);
2389 else if (tmp_dptr == NULL) { /* There was no possible SSI tag in the */
2390 dptr = APR_BRIGADE_SENTINEL(*bb); /* remainder of this brigade... */
2394 /* State to check for the ENDING_SEQUENCE. */
2395 if (((ctx->state == PARSE_DIRECTIVE) ||
2396 (ctx->state == PARSE_TAG) ||
2397 (ctx->state == PARSE_TAIL)) &&
2398 (dptr != APR_BRIGADE_SENTINEL(*bb))) {
2399 tmp_dptr = find_end_sequence(dptr, ctx, *bb);
2401 if (tmp_dptr != NULL) {
2402 dptr = tmp_dptr; /* Adjust bucket pos... */
2404 /* If some of the tag has already been set aside then set
2405 * aside remainder of tag. Now the full tag is in ssi_tag_brigade.
2406 * If none has yet been set aside, then leave it all where it is.
2407 * In any event after this the entire set of tag buckets will be
2408 * in one place or another.
2410 if (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2411 tag_and_after = apr_brigade_split(*bb, dptr);
2412 APR_BRIGADE_CONCAT(ctx->ssi_tag_brigade, *bb);
2413 *bb = tag_and_after;
2417 dptr = APR_BRIGADE_SENTINEL(*bb); /* remainder of this brigade... */
2421 /* State to processed the directive... */
2422 if (ctx->state == PARSED) {
2423 apr_bucket *content_head = NULL, *tmp_bkt;
2425 char tmp_buf[TMP_BUF_SIZE];
2426 int (*handle_func)(include_ctx_t *, apr_bucket_brigade **, request_rec *,
2427 ap_filter_t *, apr_bucket *, apr_bucket **);
2429 /* By now the full tag (all buckets) should either be set aside into
2430 * ssi_tag_brigade or contained within the current bb. All tag
2431 * processing from here on can assume that.
2434 /* At this point, everything between ctx->head_start_bucket and
2435 * ctx->tail_start_bucket is an SSI
2436 * directive, we just have to deal with it now.
2438 if (get_combined_directive(ctx, r, *bb, tmp_buf,
2439 TMP_BUF_SIZE) != APR_SUCCESS) {
2440 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2441 "mod_include: error copying directive in %s",
2443 CREATE_ERROR_BUCKET(ctx, tmp_bkt, dptr, content_head);
2445 /* DO CLEANUP HERE!!!!! */
2446 tmp_dptr = ctx->head_start_bucket;
2447 if (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2448 while (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2449 tmp_bkt = APR_BRIGADE_FIRST(ctx->ssi_tag_brigade);
2450 APR_BUCKET_REMOVE(tmp_bkt);
2451 apr_bucket_destroy(tmp_bkt);
2457 tmp_dptr = APR_BUCKET_NEXT (tmp_dptr);
2458 APR_BUCKET_REMOVE(tmp_bkt);
2459 apr_bucket_destroy(tmp_bkt);
2460 } while ((tmp_dptr != dptr) &&
2461 (tmp_dptr != APR_BRIGADE_SENTINEL(*bb)));
2467 /* Even if I don't generate any content, I know at this point that
2468 * I will at least remove the discovered SSI tag, thereby making
2469 * the content shorter than it was. This is the safest point I can
2470 * find to unset this field.
2472 apr_table_unset(f->r->headers_out, "Content-Length");
2474 /* Can't destroy the tag buckets until I'm done processing
2475 * because the combined_tag might just be pointing to
2476 * the contents of a single bucket!
2479 /* Retrieve the handler function to be called for this directive from the
2480 * functions registered in the hash table.
2481 * Need to lower case the directive for proper matching. Also need to have
2482 * it NULL terminated (and include the NULL in the length) for proper
2485 for (tmp_i = 0; tmp_i < ctx->directive_length; tmp_i++) {
2486 ctx->combined_tag[tmp_i] = apr_tolower(ctx->combined_tag[tmp_i]);
2488 ctx->combined_tag[ctx->directive_length] = '\0';
2489 ctx->curr_tag_pos = &ctx->combined_tag[ctx->directive_length+1];
2492 (int (*)(include_ctx_t *, apr_bucket_brigade **, request_rec *,
2493 ap_filter_t *, apr_bucket *, apr_bucket **))
2494 apr_hash_get(include_hash, ctx->combined_tag, ctx->directive_length+1);
2495 if (handle_func != NULL) {
2496 ret = (*handle_func)(ctx, bb, r, f, dptr, &content_head);
2499 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2500 "unknown directive \"%s\" in parsed doc %s",
2501 ctx->combined_tag, r->filename);
2502 CREATE_ERROR_BUCKET(ctx, tmp_bkt, dptr, content_head);
2505 /* This chunk of code starts at the first bucket in the chain
2506 * of tag buckets (assuming that by this point the bucket for
2507 * the STARTING_SEQUENCE has been split) and loops through to
2508 * the end of the tag buckets freeing them all.
2510 * Remember that some part of this may have been set aside
2511 * into the ssi_tag_brigade and the remainder (possibly as
2512 * little as one byte) will be in the current brigade.
2514 * The value of dptr should have been set during the
2515 * PARSE_TAIL state to the first bucket after the
2518 * The value of content_head may have been set during processing
2519 * of the directive. If so, the content was inserted in front
2520 * of the dptr bucket. The inserted buckets should not be thrown
2521 * away here, but they should also not be parsed later.
2523 if (content_head == NULL) {
2524 content_head = dptr;
2526 tmp_dptr = ctx->head_start_bucket;
2527 if (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2528 while (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2529 tmp_bkt = APR_BRIGADE_FIRST(ctx->ssi_tag_brigade);
2530 APR_BUCKET_REMOVE(tmp_bkt);
2531 apr_bucket_destroy(tmp_bkt);
2537 tmp_dptr = APR_BUCKET_NEXT (tmp_dptr);
2538 APR_BUCKET_REMOVE(tmp_bkt);
2539 apr_bucket_destroy(tmp_bkt);
2540 } while ((tmp_dptr != content_head) &&
2541 (tmp_dptr != APR_BRIGADE_SENTINEL(*bb)));
2543 if (ctx->combined_tag == tmp_buf) {
2544 memset (ctx->combined_tag, '\0', ctx->tag_length);
2545 ctx->combined_tag = NULL;
2548 /* Don't reset the flags or the nesting level!!! */
2550 ctx->head_start_bucket = NULL;
2551 ctx->head_start_index = 0;
2552 ctx->tag_start_bucket = NULL;
2553 ctx->tag_start_index = 0;
2554 ctx->tail_start_bucket = NULL;
2555 ctx->tail_start_index = 0;
2556 ctx->curr_tag_pos = NULL;
2557 ctx->tag_length = 0;
2558 ctx->directive_length = 0;
2560 if (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2561 while (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2562 tmp_bkt = APR_BRIGADE_FIRST(ctx->ssi_tag_brigade);
2563 APR_BUCKET_REMOVE(tmp_bkt);
2564 apr_bucket_destroy(tmp_bkt);
2568 ctx->state = PRE_HEAD;
2572 /* If I am in the middle of parsing an SSI tag then I need to set aside
2573 * the pertinent trailing buckets and pass on the initial part of the
2574 * brigade. The pertinent parts of the next brigades will be added to
2575 * these set aside buckets to form the whole tag and will be processed
2576 * once the whole tag has been found.
2578 if (ctx->state == PRE_HEAD) {
2579 /* Inside a false conditional (if, elif, else), so toss it all... */
2580 if ((dptr != APR_BRIGADE_SENTINEL(*bb)) &&
2581 (!(ctx->flags & FLAG_PRINTING))) {
2582 apr_bucket *free_bucket;
2585 dptr = APR_BUCKET_NEXT (dptr);
2586 APR_BUCKET_REMOVE(free_bucket);
2587 apr_bucket_destroy(free_bucket);
2588 } while (dptr != APR_BRIGADE_SENTINEL(*bb));
2590 else { /* Otherwise pass it along... */
2591 ap_pass_brigade(f->next, *bb); /* No SSI tags in this brigade... */
2594 else if (ctx->state == PARSED) { /* Invalid internal condition... */
2595 apr_bucket *content_head = NULL, *tmp_bkt;
2596 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2597 "Invalid mod_include state during file %s", r->filename);
2598 CREATE_ERROR_BUCKET(ctx, tmp_bkt, APR_BRIGADE_FIRST(*bb), content_head);
2600 else { /* Entire brigade is middle chunk of SSI tag... */
2601 if (!APR_BRIGADE_EMPTY(ctx->ssi_tag_brigade)) {
2602 APR_BRIGADE_CONCAT(ctx->ssi_tag_brigade, *bb);
2604 else { /* End of brigade contains part of SSI tag... */
2605 if (ctx->head_start_index > 0) {
2606 apr_bucket_split(ctx->head_start_bucket, ctx->head_start_index);
2607 ctx->head_start_bucket = APR_BUCKET_NEXT(ctx->head_start_bucket);
2608 ctx->head_start_index = 0;
2610 /* Set aside tag, pass pre-tag... */
2611 tag_and_after = apr_brigade_split(*bb, ctx->head_start_bucket);
2612 ap_save_brigade(f, &ctx->ssi_tag_brigade, &tag_and_after);
2613 ap_pass_brigade(f->next, *bb);
2618 /*****************************************************************
2620 * XBITHACK. Sigh... NB it's configurable per-directory; the compile-time
2621 * option only changes the default.
2624 module includes_module;
2626 xbithack_off, xbithack_on, xbithack_full
2630 #define DEFAULT_XBITHACK xbithack_full
2632 #define DEFAULT_XBITHACK xbithack_off
2635 static void *create_includes_dir_config(apr_pool_t *p, char *dummy)
2637 enum xbithack *result = (enum xbithack *) apr_palloc(p, sizeof(enum xbithack));
2638 *result = DEFAULT_XBITHACK;
2642 static const char *set_xbithack(cmd_parms *cmd, void *xbp, const char *arg)
2644 enum xbithack *state = (enum xbithack *) xbp;
2646 if (!strcasecmp(arg, "off")) {
2647 *state = xbithack_off;
2649 else if (!strcasecmp(arg, "on")) {
2650 *state = xbithack_on;
2652 else if (!strcasecmp(arg, "full")) {
2653 *state = xbithack_full;
2656 return "XBitHack must be set to Off, On, or Full";
2662 static int includes_filter(ap_filter_t *f, apr_bucket_brigade *b)
2664 request_rec *r = f->r;
2665 include_ctx_t *ctx = f->ctx;
2666 enum xbithack *state =
2667 (enum xbithack *) ap_get_module_config(r->per_dir_config, &includes_module);
2668 request_rec *parent;
2670 if (!(ap_allow_options(r) & OPT_INCLUDES)) {
2671 return ap_pass_brigade(f->next, b);
2673 r->allowed |= (1 << M_GET);
2674 if (r->method_number != M_GET) {
2675 return ap_pass_brigade(f->next, b);
2679 f->ctx = ctx = apr_pcalloc(f->c->pool, sizeof(*ctx));
2681 ctx->state = PRE_HEAD;
2682 ctx->flags = (FLAG_PRINTING | FLAG_COND_TRUE);
2683 if (ap_allow_options(r) & OPT_INCNOEXEC) {
2684 ctx->flags |= FLAG_NO_EXEC;
2686 ctx->ssi_tag_brigade = apr_brigade_create(f->c->pool);
2688 apr_cpystrn(ctx->error_str, DEFAULT_ERROR_MSG, sizeof(ctx->error_str));
2689 apr_cpystrn(ctx->time_str, DEFAULT_TIME_FORMAT, sizeof(ctx->time_str));
2690 ctx->error_length = strlen(ctx->error_str);
2693 ap_pass_brigade(f->next, b);
2698 /* Assure the platform supports Group protections */
2699 if ((*state == xbithack_full)
2700 && (r->finfo.valid & APR_FINFO_GPROT)
2701 && (r->finfo.protection & APR_GEXECUTE)) {
2702 ap_update_mtime(r, r->finfo.mtime);
2703 ap_set_last_modified(r);
2706 if ((parent = ap_get_module_config(r->request_config, &includes_module))) {
2707 /* Kludge --- for nested includes, we want to keep the subprocess
2708 * environment of the base document (for compatibility); that means
2709 * torquing our own last_modified date as well so that the
2710 * LAST_MODIFIED variable gets reset to the proper value if the
2711 * nested document resets <!--#config timefmt-->.
2712 * We also insist that the memory for this subrequest not be
2713 * destroyed, that's dealt with in handle_include().
2715 r->subprocess_env = r->main->subprocess_env;
2716 apr_pool_join(r->main->pool, r->pool);
2717 r->finfo.mtime = r->main->finfo.mtime;
2720 /* we're not a nested include, so we create an initial
2722 ap_add_common_vars(r);
2724 add_include_vars(r, DEFAULT_TIME_FORMAT);
2726 /* XXX: this is bogus, at some point we're going to do a subrequest,
2727 * and when we do it we're going to be subjecting code that doesn't
2728 * expect to be signal-ready to SIGALRM. There is no clean way to
2729 * fix this, except to put alarm support into BUFF. -djg
2733 send_parsed_content(&b, r, f);
2736 /* signify that the sub request should not be killed */
2737 ap_set_module_config(r->request_config, &includes_module,
2738 NESTED_INCLUDE_MAGIC);
2744 static void ap_register_include_handler(char *tag, include_handler func)
2746 apr_hash_set(include_hash, tag, strlen(tag) + 1, (const void *)func);
2749 static void include_post_config(apr_pool_t *p, apr_pool_t *plog,
2750 apr_pool_t *ptemp, server_rec *s)
2752 include_hash = apr_hash_make(p);
2754 ssi_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_include_handler);
2756 if(ssi_pfn_register) {
2757 ssi_pfn_register("if", handle_if);
2758 ssi_pfn_register("set", handle_set);
2759 ssi_pfn_register("else", handle_else);
2760 ssi_pfn_register("elif", handle_elif);
2761 ssi_pfn_register("echo", handle_echo);
2762 ssi_pfn_register("endif", handle_endif);
2763 ssi_pfn_register("fsize", handle_fsize);
2764 ssi_pfn_register("config", handle_config);
2765 ssi_pfn_register("include", handle_include);
2766 ssi_pfn_register("flastmod", handle_flastmod);
2767 ssi_pfn_register("printenv", handle_printenv);
2772 * Module definition and configuration data structs...
2774 static const command_rec includes_cmds[] =
2776 AP_INIT_TAKE1("XBitHack", set_xbithack, NULL, OR_OPTIONS,
2777 "Off, On, or Full"),
2781 static void register_hooks(apr_pool_t *p)
2783 APR_REGISTER_OPTIONAL_FN(ap_ssi_get_tag_and_value);
2784 APR_REGISTER_OPTIONAL_FN(ap_ssi_parse_string);
2785 APR_REGISTER_OPTIONAL_FN(ap_register_include_handler);
2786 ap_hook_post_config(include_post_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
2787 ap_register_output_filter("INCLUDES", includes_filter, AP_FTYPE_CONTENT);
2790 module AP_MODULE_DECLARE_DATA includes_module =
2792 STANDARD20_MODULE_STUFF,
2793 create_includes_dir_config, /* dir config creater */
2794 NULL, /* dir merger --- default is to override */
2795 NULL, /* server config */
2796 NULL, /* merge server config */
2797 includes_cmds, /* command apr_table_t */
2798 register_hooks /* register hooks */