1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
60 * http_include.c: Handles the server-parsed HTML documents
62 * Original by Rob McCool; substantial fixups by David Robinson;
63 * incorporated into the Apache module framework by rst.
67 * sub key may be anything a Perl*Handler can be:
68 * subroutine name, package name (defaults to package::handler),
69 * Class->method call or anoymous sub {}
71 * Child <!--#perl sub="sub {print $$}" --> accessed
72 * <!--#perl sub="sub {print ++$Access::Cnt }" --> times. <br>
74 * <!--#perl arg="one" sub="mymod::includer" -->
88 #include "modules/perl/mod_perl.h"
90 #include "apr_strings.h"
91 #include "ap_config.h"
92 #include "util_filter.h"
94 #include "http_config.h"
95 #include "http_request.h"
96 #include "http_core.h"
97 #include "http_protocol.h"
99 #include "http_main.h"
100 #include "util_script.h"
101 #include "http_core.h"
106 #ifdef HAVE_STRINGS_H
113 #include "util_ebcdic.h"
115 #define STARTING_SEQUENCE "<!--#"
116 #define ENDING_SEQUENCE "-->"
118 #define DEFAULT_ERROR_MSG "[an error occurred while processing this directive]"
119 #define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
120 #define SIZEFMT_BYTES 0
121 #define SIZEFMT_KMG 1
122 #ifdef CHARSET_EBCDIC
123 #define RAW_ASCII_CHAR(ch) apr_xlate_conv_byte(ap_hdrs_from_ascii, (unsigned char)ch)
124 #else /*CHARSET_EBCDIC*/
125 #define RAW_ASCII_CHAR(ch) (ch)
126 #endif /*CHARSET_EBCDIC*/
128 module AP_MODULE_DECLARE_DATA includes_module;
130 /* just need some arbitrary non-NULL pointer which can't also be a request_rec */
131 #define NESTED_INCLUDE_MAGIC (&includes_module)
133 /* TODO: changing directory should be handled by CreateProcess */
134 #define ap_chdir_file(x) do {} while(0)
136 /* ------------------------ Environment function -------------------------- */
138 /* XXX: could use ap_table_overlap here */
139 static void add_include_vars(request_rec *r, char *timefmt)
143 #endif /* ndef WIN32 */
144 apr_table_t *e = r->subprocess_env;
146 apr_time_t date = r->request_time;
148 apr_table_setn(e, "DATE_LOCAL", ap_ht_time(r->pool, date, timefmt, 0));
149 apr_table_setn(e, "DATE_GMT", ap_ht_time(r->pool, date, timefmt, 1));
150 apr_table_setn(e, "LAST_MODIFIED",
151 ap_ht_time(r->pool, r->finfo.mtime, timefmt, 0));
152 apr_table_setn(e, "DOCUMENT_URI", r->uri);
153 apr_table_setn(e, "DOCUMENT_PATH_INFO", r->path_info);
155 pw = getpwuid(r->finfo.user);
157 apr_table_setn(e, "USER_NAME", apr_pstrdup(r->pool, pw->pw_name));
160 apr_table_setn(e, "USER_NAME", apr_psprintf(r->pool, "user#%lu",
161 (unsigned long) r->finfo.user));
163 #endif /* ndef WIN32 */
165 if ((t = strrchr(r->filename, '/'))) {
166 apr_table_setn(e, "DOCUMENT_NAME", ++t);
169 apr_table_setn(e, "DOCUMENT_NAME", r->uri);
172 char *arg_copy = apr_pstrdup(r->pool, r->args);
174 ap_unescape_url(arg_copy);
175 apr_table_setn(e, "QUERY_STRING_UNESCAPED",
176 ap_escape_shell_cmd(r->pool, arg_copy));
182 /* --------------------------- Parser functions --------------------------- */
184 #define OUTBUFSIZE 4096
186 static ap_bucket *find_string(ap_bucket *dptr, const char *str, ap_bucket *end)
194 if (AP_BUCKET_IS_EOS(dptr)) {
197 ap_bucket_read(dptr, &buf, &len, 0);
198 /* XXX handle retcodes */
199 if (len == 0) { /* end of pipe? */
203 while (c - buf != len) {
204 if (*c == str[state]) {
208 if (str[state] == '\0') {
209 /* We want to split the bucket at the '<' and '>'
210 * respectively. That means adjusting where we split based
211 * on what we are searching for.
214 ap_bucket_split(dptr, c - buf - strlen(str));
217 ap_bucket_split(dptr, c - buf);
219 return AP_BUCKET_NEXT(dptr);
223 /* The reason for this, is that we need to make sure
224 * that we catch cases like <<--#. This makes the
225 * second check after the original check fails.
227 if (*c == str[state]) {
234 dptr = AP_BUCKET_NEXT(dptr);
235 } while (AP_BUCKET_PREV(dptr) != end);
240 * decodes a string containing html entities or numeric character references.
241 * 's' is overwritten with the decoded string.
242 * If 's' is syntatically incorrect, then the followed fixups will be made:
243 * unknown entities will be left undecoded;
244 * references to unused numeric characters will be deleted.
245 * In particular, � will not be decoded, but will be deleted.
250 /* maximum length of any ISO-LATIN-1 HTML entity name. */
251 #define MAXENTLEN (6)
253 /* The following is a shrinking transformation, therefore safe. */
255 static void decodehtml(char *s)
260 static const char * const entlist[MAXENTLEN + 1] =
264 "lt\074gt\076", /* 2 */
265 "amp\046ETH\320eth\360", /* 3 */
266 "quot\042Auml\304Euml\313Iuml\317Ouml\326Uuml\334auml\344euml\353\
267 iuml\357ouml\366uuml\374yuml\377", /* 4 */
268 "Acirc\302Aring\305AElig\306Ecirc\312Icirc\316Ocirc\324Ucirc\333\
269 THORN\336szlig\337acirc\342aring\345aelig\346ecirc\352icirc\356ocirc\364\
270 ucirc\373thorn\376", /* 5 */
271 "Agrave\300Aacute\301Atilde\303Ccedil\307Egrave\310Eacute\311\
272 Igrave\314Iacute\315Ntilde\321Ograve\322Oacute\323Otilde\325Oslash\330\
273 Ugrave\331Uacute\332Yacute\335agrave\340aacute\341atilde\343ccedil\347\
274 egrave\350eacute\351igrave\354iacute\355ntilde\361ograve\362oacute\363\
275 otilde\365oslash\370ugrave\371uacute\372yacute\375" /* 6 */
278 for (; *s != '\0'; s++, p++) {
283 /* find end of entity */
284 for (i = 1; s[i] != ';' && s[i] != '\0'; i++) {
288 if (s[i] == '\0') { /* treat as normal data */
293 /* is it numeric ? */
295 for (j = 2, val = 0; j < i && apr_isdigit(s[j]); j++) {
296 val = val * 10 + s[j] - '0';
299 if (j < i || val <= 8 || (val >= 11 && val <= 31) ||
300 (val >= 127 && val <= 160) || val >= 256) {
301 p--; /* no data to output */
304 *p = RAW_ASCII_CHAR(val);
309 if (j > MAXENTLEN || entlist[j] == NULL) {
312 continue; /* skip it */
314 for (ents = entlist[j]; *ents != '\0'; ents += i) {
315 if (strncmp(s + 1, ents, j) == 0) {
321 *p = '&'; /* unknown */
324 *p = RAW_ASCII_CHAR(((const unsigned char *) ents)[j]);
334 * extract the next tag name and value.
335 * if there are no more tags, set the tag name to 'done'
336 * the tag value is html decoded if dodecode is non-zero
339 static char *get_tag(apr_pool_t *p, ap_bucket *in, char *tag, int tagbuf_len, int dodecode, apr_off_t *offset)
341 ap_bucket *dptr = in;
345 char *t = tag, *tag_val, term;
347 /* makes code below a little less cluttered */
350 /* Remove all whitespace */
352 ap_bucket_read(dptr, &str, &length, 0);
355 while (c - str < length) {
356 if (!apr_isspace(*c)) {
361 if (!apr_isspace(*c)) {
364 dptr = AP_BUCKET_NEXT(dptr);
367 /* tags can't start with - */
371 ap_bucket_read(dptr, &str, &length, 0);
378 ap_bucket_read(dptr, &str, &length, 0);
381 } while (apr_isspace(*c));
383 apr_cpystrn(tag, "done", tagbuf_len);
388 return NULL; /* failed */
391 /* find end of tag name */
393 if (t - tag == tagbuf_len) {
397 if (*c == '=' || apr_isspace(*c)) {
400 *(t++) = apr_tolower(*c);
403 ap_bucket_read(dptr, &str, &length, 0);
411 while (apr_isspace(*c)) {
414 ap_bucket_read(dptr, &str, &length, 0);
419 /* XXX may need to ungetc() here (see pre-bucketized code) */
426 ap_bucket_read(dptr, &str, &length, 0);
429 } while (apr_isspace(*c));
431 /* we should allow a 'name' as a value */
433 if (*c != '"' && *c != '\'') {
440 ap_bucket_read(dptr, &str, &length, 0);
443 if (t - tag == tagbuf_len) {
447 /* Want to accept \" as a valid character within a string. */
449 *(t++) = *c; /* Add backslash */
452 ap_bucket_read(dptr, &str, &length, 0);
455 if (*c == term) { /* Only if */
456 *(--t) = *c; /* Replace backslash ONLY for terminator */
459 else if (*c == term) {
468 *offset = c - str + 1;
469 return apr_pstrdup(p, tag_val);
472 static int get_directive(ap_bucket *in, char *dest, size_t len, apr_pool_t *p)
474 ap_bucket *dptr = in;
480 /* make room for nul terminator */
484 ap_bucket_read(dptr, &str, &length, 0);
485 /* need to start past the <!--#
487 c = str + strlen(STARTING_SEQUENCE);
488 while (c - str < length) {
489 if (!apr_isspace(*c)) {
493 if (!apr_isspace(*c)) {
496 dptr = AP_BUCKET_NEXT(dptr);
499 /* now get directive */
501 if (c - str >= length) {
502 ap_bucket_read(dptr, &str, &length, 0);
504 while (c - str < length) {
505 if (d - dest == (int)len) {
508 *d++ = apr_tolower(*c);
510 if (apr_isspace(*c)) {
514 if (apr_isspace(*c)) {
517 dptr = AP_BUCKET_NEXT(dptr);
524 * Do variable substitution on strings
526 static void parse_string(request_rec *r, const char *in, char *out,
527 size_t length, int leave_name)
533 /* leave room for nul terminator */
534 end_out = out + length - 1;
536 while ((ch = *in++) != '\0') {
539 if (next == end_out) {
553 char var[MAX_STRING_LEN];
554 const char *start_of_var_name;
555 const char *end_of_var_name; /* end of var name + 1 */
556 const char *expansion;
560 /* guess that the expansion won't happen */
564 start_of_var_name = in;
565 in = ap_strchr_c(in, '}');
567 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
568 0, r, "Missing '}' on variable \"%s\"",
573 end_of_var_name = in;
577 start_of_var_name = in;
578 while (apr_isalnum(*in) || *in == '_') {
581 end_of_var_name = in;
583 /* what a pain, too bad there's no table_getn where you can
584 * pass a non-nul terminated string */
585 l = end_of_var_name - start_of_var_name;
587 l = (l > sizeof(var) - 1) ? (sizeof(var) - 1) : l;
588 memcpy(var, start_of_var_name, l);
591 val = apr_table_get(r->subprocess_env, var);
594 l = strlen(expansion);
596 else if (leave_name) {
600 break; /* no expansion to be done */
604 /* zero-length variable name causes just the $ to be copied */
607 l = ((int)l > end_out - next) ? (end_out - next) : l;
608 memcpy(next, expansion, l);
613 if (next == end_out) {
626 /* --------------------------- Action handlers ---------------------------- */
628 static int include_cgi(char *s, request_rec *r, ap_filter_t *next)
630 request_rec *rr = ap_sub_req_lookup_uri(s, r);
633 if (rr->status != HTTP_OK) {
637 /* No hardwired path info or query allowed */
639 if ((rr->path_info && rr->path_info[0]) || rr->args) {
642 if (rr->finfo.protection == 0) {
646 /* Script gets parameters of the *document*, for back compatibility */
648 rr->path_info = r->path_info; /* hard to get right; see mod_cgi.c */
651 /* Force sub_req to be treated as a CGI request, even if ordinary
652 * typing rules would have called it something else.
655 rr->content_type = CGI_MAGIC_TYPE;
657 /* The subrequest should inherit the remaining filters from this request. */
658 rr->output_filters = next;
662 rr_status = ap_run_sub_req(rr);
663 if (ap_is_HTTP_REDIRECT(rr_status)) {
664 const char *location = apr_table_get(rr->headers_out, "Location");
665 location = ap_escape_html(rr->pool, location);
666 ap_rvputs(r, "<A HREF=\"", location, "\">", location, "</A>", NULL);
669 ap_destroy_sub_req(rr);
670 ap_chdir_file(r->filename);
675 /* ensure that path is relative, and does not contain ".." elements
676 * ensentially ensure that it does not match the regex:
677 * (^/|(^|/)\.\.(/|$))
678 * XXX: Needs to become apr_is_path_relative() test
680 static int is_only_below(const char *path)
682 #ifdef HAVE_DRIVE_LETTERS
687 if (strchr(path, ':')
690 if (path[0] == '/') {
695 while (path[dots] == '.')
698 /* If the name is canonical this is redundant
699 * but in security, redundancy is worthwhile.
700 * Does OS2 belong here (accepts ... for ..)?
702 if (dots > 1 && (!path[dots] || path[dots] == '/'))
705 if (dots == 2 && (!path[dots] || path[dots] == '/'))
709 while (*path && *(path++) != '/')
715 static int handle_include(ap_bucket *in, request_rec *r, ap_filter_t *next,
716 const char *error, int noexec)
718 char tag[MAX_STRING_LEN];
719 char parsed_string[MAX_STRING_LEN];
721 apr_off_t offset = strlen("include ") + strlen(STARTING_SEQUENCE);
724 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1, &offset))) {
727 if (!strcmp(tag, "file") || !strcmp(tag, "virtual")) {
728 request_rec *rr = NULL;
729 char *error_fmt = NULL;
731 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
733 /* be safe; only files in this directory or below allowed */
734 if (!is_only_below(parsed_string)) {
735 error_fmt = "unable to include file \"%s\" "
739 rr = ap_sub_req_lookup_file(parsed_string, r);
743 rr = ap_sub_req_lookup_uri(parsed_string, r);
746 if (!error_fmt && rr->status != HTTP_OK) {
747 error_fmt = "unable to include \"%s\" in parsed file %s";
750 if (!error_fmt && noexec && rr->content_type
751 && (strncmp(rr->content_type, "text/", 5))) {
752 error_fmt = "unable to include potential exec \"%s\" "
755 if (error_fmt == NULL) {
756 /* try to avoid recursive includes. We do this by walking
757 * up the r->main list of subrequests, and at each level
758 * walking back through any internal redirects. At each
759 * step, we compare the filenames and the URIs.
761 * The filename comparison catches a recursive include
762 * with an ever-changing URL, eg.
763 * <!--#include virtual=
764 * "$REQUEST_URI/$QUERY_STRING?$QUERY_STRING/x"-->
765 * which, although they would eventually be caught because
766 * we have a limit on the length of files, etc., can
767 * recurse for a while.
769 * The URI comparison catches the case where the filename
770 * is changed while processing the request, so the
771 * current name is never the same as any previous one.
772 * This can happen with "DocumentRoot /foo" when you
773 * request "/" on the server and it includes "/".
774 * This only applies to modules such as mod_dir that
775 * (somewhat improperly) mess with r->filename outside
776 * of a filename translation phase.
780 for (p = r; p != NULL && !founddupe; p = p->main) {
782 for (q = p; q != NULL; q = q->prev) {
783 if ( (strcmp(q->filename, rr->filename) == 0) ||
784 (strcmp(q->uri, rr->uri) == 0) ){
792 error_fmt = "Recursive include of \"%s\" "
797 /* see the Kludge in send_parsed_file for why */
799 ap_set_module_config(rr->request_config, &includes_module, r);
802 /* The subrequest should inherit the remaining filters from
804 rr->output_filters = next;
805 if (ap_run_sub_req(rr)) {
806 error_fmt = "unable to include \"%s\" in parsed file %s";
809 ap_chdir_file(r->filename);
811 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
812 0, r, error_fmt, tag_val, r->filename);
816 /* destroy the sub request if it's not a nested include */
818 && ap_get_module_config(rr->request_config, &includes_module)
819 != NESTED_INCLUDE_MAGIC) {
820 ap_destroy_sub_req(rr);
823 else if (!strcmp(tag, "done")) {
827 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
828 "unknown parameter \"%s\" to tag include in %s",
845 static apr_status_t build_argv_list(char ***argv, request_rec *r, apr_pool_t *p)
847 int numwords, x, idx;
849 const char *args = r->args;
851 if (!args || !args[0] || ap_strchr_c(args, '=')) {
855 /* count the number of keywords */
856 for (x = 0, numwords = 1; args[x]; x++) {
857 if (args[x] == '+') {
862 /* Everything is - 1 to account for the first parameter which is the
863 * program name. We didn't used to have to do this, but APR wants it.
865 if (numwords > APACHE_ARG_MAX - 1) {
866 numwords = APACHE_ARG_MAX - 1; /* Truncate args to prevent overrun */
868 *argv = (char **) apr_palloc(p, (numwords + 2) * sizeof(char *));
870 for (x = 1, idx = 1; x < numwords; x++) {
871 w = ap_getword_nulls(p, &args, '+');
873 (*argv)[idx++] = ap_escape_shell_cmd(p, w);
882 static int include_cmd(char *s, request_rec *r, ap_filter_t *next)
885 apr_procattr_t *procattr;
888 apr_table_t *env = r->subprocess_env;
890 apr_file_t *file = NULL;
891 #if defined(RLIMIT_CPU) || defined(RLIMIT_NPROC) || \
892 defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined (RLIMIT_AS)
893 core_dir_config *conf;
894 conf = (core_dir_config *) ap_get_module_config(r->per_dir_config,
901 arg.t.filename = r->filename;
902 arg.t.subprocess_env = r->subprocess_env;
903 arg.t.prog_type = FORK_FILE;
906 if (r->path_info && r->path_info[0] != '\0') {
909 apr_table_setn(env, "PATH_INFO", ap_escape_shell_cmd(r->pool, r->path_info));
911 pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r);
912 if (pa_req->filename) {
913 apr_table_setn(env, "PATH_TRANSLATED",
914 apr_pstrcat(r->pool, pa_req->filename, pa_req->path_info,
920 char *arg_copy = apr_pstrdup(r->pool, r->args);
922 apr_table_setn(env, "QUERY_STRING", r->args);
923 ap_unescape_url(arg_copy);
924 apr_table_setn(env, "QUERY_STRING_UNESCAPED",
925 ap_escape_shell_cmd(r->pool, arg_copy));
928 if ((apr_createprocattr_init(&procattr, r->pool) != APR_SUCCESS) ||
929 (apr_setprocattr_io(procattr, APR_NO_PIPE,
930 APR_FULL_BLOCK, APR_NO_PIPE) != APR_SUCCESS) ||
931 (apr_setprocattr_dir(procattr, ap_make_dirstr_parent(r->pool, r->filename)) != APR_SUCCESS) ||
933 ((rc = apr_setprocattr_limit(procattr, APR_LIMIT_CPU, conf->limit_cpu)) != APR_SUCCESS) ||
935 #if defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_AS)
936 ((rc = apr_setprocattr_limit(procattr, APR_LIMIT_MEM, conf->limit_mem)) != APR_SUCCESS) ||
939 ((rc = apr_setprocattr_limit(procattr, APR_LIMIT_NPROC, conf->limit_nproc)) != APR_SUCCESS) ||
941 (apr_setprocattr_cmdtype(procattr, APR_SHELLCMD) != APR_SUCCESS)) {
942 /* Something bad happened, tell the world. */
943 ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
944 "couldn't initialize proc attributes: %s %s", r->filename, s);
948 build_argv_list(&argv, r, r->pool);
949 argv[0] = apr_pstrdup(r->pool, s);
950 procnew = apr_pcalloc(r->pool, sizeof(*procnew));
951 rc = ap_os_create_privileged_process(r, procnew, s, argv, ap_create_environment(r->pool, env), procattr, r->pool);
953 if (rc != APR_SUCCESS) {
954 /* Bad things happened. Everyone should have cleaned up. */
955 ap_log_rerror(APLOG_MARK, APLOG_ERR, errno, r,
956 "couldn't create child process: %d: %s", rc, s);
959 ap_bucket_brigade *bcgi;
962 apr_note_subprocess(r->pool, procnew, kill_after_timeout);
963 /* Fill in BUFF structure for parents pipe to child's stdout */
967 bcgi = ap_brigade_create(r->pool);
968 b = ap_bucket_create_pipe(file);
969 AP_BRIGADE_INSERT_TAIL(bcgi, b);
970 ap_pass_brigade(next, bcgi);
972 /* We can't close the pipe here, because we may return before the
973 * full CGI has been sent to the network. That's okay though,
974 * because we can rely on the pool to close the pipe for us.
982 static int handle_exec(ap_bucket *in, request_rec *r, const char *error,
985 char tag[MAX_STRING_LEN];
987 char *file = r->filename;
988 char parsed_string[MAX_STRING_LEN];
989 apr_off_t offset = strlen("exec ") + strlen(STARTING_SEQUENCE);
992 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1, &offset))) {
995 if (!strcmp(tag, "cmd")) {
996 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 1);
997 if (include_cmd(parsed_string, r, next) == -1) {
998 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
999 "execution failure for parameter \"%s\" "
1000 "to tag exec in file %s",
1004 /* just in case some stooge changed directories */
1005 ap_chdir_file(r->filename);
1007 else if (!strcmp(tag, "cgi")) {
1008 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1009 if (include_cgi(parsed_string, r, next) == -1) {
1010 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1011 "invalid CGI ref \"%s\" in %s", tag_val, file);
1014 ap_chdir_file(r->filename);
1016 else if (!strcmp(tag, "done")) {
1020 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1021 "unknown parameter \"%s\" to tag exec in %s",
1029 static int handle_echo(ap_bucket *in, request_rec *r, const char *error)
1031 char tag[MAX_STRING_LEN];
1033 enum {E_NONE, E_URL, E_ENTITY} encode;
1034 apr_off_t offset = strlen("echo ") + strlen(STARTING_SEQUENCE);
1039 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1, &offset))) {
1042 if (!strcmp(tag, "var")) {
1043 const char *val = apr_table_get(r->subprocess_env, tag_val);
1046 if (encode == E_NONE) {
1049 else if (encode == E_URL) {
1050 ap_rputs(ap_escape_uri(r->pool, val), r);
1052 else if (encode == E_ENTITY) {
1053 ap_rputs(ap_escape_html(r->pool, val), r);
1057 ap_rputs("(none)", r);
1060 else if (!strcmp(tag, "done")) {
1063 else if (!strcmp(tag, "encoding")) {
1064 if (!strcasecmp(tag_val, "none")) encode = E_NONE;
1065 else if (!strcasecmp(tag_val, "url")) encode = E_URL;
1066 else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY;
1068 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1069 "unknown value \"%s\" to parameter \"encoding\" of "
1071 tag_val, r->filename);
1077 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1078 "unknown parameter \"%s\" to tag echo in %s",
1086 static int handle_perl(ap_bucket *in, request_rec *r, const char *error)
1088 char tag[MAX_STRING_LEN];
1089 char parsed_string[MAX_STRING_LEN];
1093 apr_off_t offset = strlen("perl ") + strlen(STARTING_SEQUENCE);
1095 if (ap_allow_options(r) & OPT_INCNOEXEC) {
1096 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1097 "#perl SSI disallowed by IncludesNoExec in %s",
1102 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1, &offset))) {
1105 if (strnEQ(tag, "sub", 3)) {
1106 sub = newSVpv(tag_val, 0);
1108 else if (strnEQ(tag, "arg", 3)) {
1109 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1110 av_push(av, newSVpv(parsed_string, 0));
1112 else if (strnEQ(tag, "done", 4)) {
1116 perl_stdout2client(r);
1118 perl_call_handler(sub, r, av);
1123 /* error and tf must point to a string with room for at
1124 * least MAX_STRING_LEN characters
1126 static int handle_config(ap_bucket *in, request_rec *r, char *error, char *tf,
1129 char tag[MAX_STRING_LEN];
1131 char parsed_string[MAX_STRING_LEN];
1132 apr_table_t *env = r->subprocess_env;
1133 apr_off_t offset = strlen("config ") + strlen(STARTING_SEQUENCE);
1136 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 0, &offset))) {
1139 if (!strcmp(tag, "errmsg")) {
1140 parse_string(r, tag_val, error, MAX_STRING_LEN, 0);
1142 else if (!strcmp(tag, "timefmt")) {
1143 apr_time_t date = r->request_time;
1145 parse_string(r, tag_val, tf, MAX_STRING_LEN, 0);
1146 apr_table_setn(env, "DATE_LOCAL", ap_ht_time(r->pool, date, tf, 0));
1147 apr_table_setn(env, "DATE_GMT", ap_ht_time(r->pool, date, tf, 1));
1148 apr_table_setn(env, "LAST_MODIFIED",
1149 ap_ht_time(r->pool, r->finfo.mtime, tf, 0));
1151 else if (!strcmp(tag, "sizefmt")) {
1152 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1153 decodehtml(parsed_string);
1154 if (!strcmp(parsed_string, "bytes")) {
1155 *sizefmt = SIZEFMT_BYTES;
1157 else if (!strcmp(parsed_string, "abbrev")) {
1158 *sizefmt = SIZEFMT_KMG;
1161 else if (!strcmp(tag, "done")) {
1165 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1166 "unknown parameter \"%s\" to tag config in %s",
1174 static int find_file(request_rec *r, const char *directive, const char *tag,
1175 char *tag_val, apr_finfo_t *finfo, const char *error)
1177 char *to_send = tag_val;
1178 request_rec *rr = NULL;
1180 char *error_fmt = NULL;
1182 if (!strcmp(tag, "file")) {
1183 /* be safe; only files in this directory or below allowed */
1184 if (!is_only_below(tag_val)) {
1185 error_fmt = "unable to access file \"%s\" "
1186 "in parsed file %s";
1189 ap_getparents(tag_val); /* get rid of any nasties */
1190 rr = ap_sub_req_lookup_file(tag_val, r);
1192 if (rr->status == HTTP_OK && rr->finfo.protection != 0) {
1193 to_send = rr->filename;
1194 if (apr_stat(finfo, to_send, rr->pool) != APR_SUCCESS) {
1195 error_fmt = "unable to get information about \"%s\" "
1196 "in parsed file %s";
1200 error_fmt = "unable to lookup information about \"%s\" "
1201 "in parsed file %s";
1207 /* TODO: pass APLOG_NOERRNO if no apr_stat() failure; pass rv from apr_stat()
1210 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, error_fmt, to_send, r->filename);
1214 if (rr) ap_destroy_sub_req(rr);
1218 else if (!strcmp(tag, "virtual")) {
1219 rr = ap_sub_req_lookup_uri(tag_val, r);
1221 if (rr->status == HTTP_OK && rr->finfo.protection != 0) {
1222 memcpy((char *) finfo, (const char *) &rr->finfo,
1224 ap_destroy_sub_req(rr);
1228 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1229 "unable to get information about \"%s\" "
1230 "in parsed file %s",
1231 tag_val, r->filename);
1233 ap_destroy_sub_req(rr);
1238 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1239 "unknown parameter \"%s\" to tag %s in %s",
1240 tag, directive, r->filename);
1247 static int handle_fsize(ap_bucket *in, request_rec *r, const char *error, int sizefmt)
1249 char tag[MAX_STRING_LEN];
1252 char parsed_string[MAX_STRING_LEN];
1253 apr_off_t offset = strlen("fsize ") + strlen(STARTING_SEQUENCE);
1256 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1, &offset))) {
1259 else if (!strcmp(tag, "done")) {
1263 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1264 if (!find_file(r, "fsize", tag, parsed_string, &finfo, error)) {
1265 if (sizefmt == SIZEFMT_KMG) {
1266 ap_send_size(finfo.size, r);
1270 apr_snprintf(tag, sizeof(tag), "%" APR_OFF_T_FMT, finfo.size);
1271 l = strlen(tag); /* grrr */
1272 for (x = 0; x < l; x++) {
1273 if (x && (!((l - x) % 3))) {
1276 ap_rputc(tag[x], r);
1284 static int handle_flastmod(ap_bucket *in, request_rec *r, const char *error, const char *tf)
1286 char tag[MAX_STRING_LEN];
1289 char parsed_string[MAX_STRING_LEN];
1290 apr_off_t offset = strlen("flastmod ") + strlen(STARTING_SEQUENCE);
1293 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1, &offset))) {
1296 else if (!strcmp(tag, "done")) {
1300 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
1301 if (!find_file(r, "flastmod", tag, parsed_string, &finfo, error)) {
1302 ap_rputs(ap_ht_time(r->pool, finfo.mtime, tf, 0), r);
1308 static int re_check(request_rec *r, char *string, char *rexp)
1313 compiled = ap_pregcomp(r->pool, rexp, REG_EXTENDED | REG_NOSUB);
1314 if (compiled == NULL) {
1315 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1316 "unable to compile pattern \"%s\"", rexp);
1319 regex_error = ap_regexec(compiled, string, 0, (regmatch_t *) NULL, 0);
1320 ap_pregfree(r->pool, compiled);
1321 return (!regex_error);
1326 token_and, token_or, token_not, token_eq, token_ne,
1327 token_rbrace, token_lbrace, token_group,
1328 token_ge, token_le, token_gt, token_lt
1331 enum token_type type;
1332 char value[MAX_STRING_LEN];
1335 /* there is an implicit assumption here that string is at most MAX_STRING_LEN-1
1336 * characters long...
1338 static const char *get_ptoken(request_rec *r, const char *string, struct token *token)
1344 /* Skip leading white space */
1345 if (string == (char *) NULL) {
1346 return (char *) NULL;
1348 while ((ch = *string++)) {
1349 if (!apr_isspace(ch)) {
1354 return (char *) NULL;
1357 token->type = token_string; /* the default type */
1360 token->type = token_lbrace;
1363 token->type = token_rbrace;
1366 token->type = token_eq;
1369 if (*string == '=') {
1370 token->type = token_ne;
1371 return (string + 1);
1374 token->type = token_not;
1378 token->type = token_string;
1382 if (*string == '|') {
1383 token->type = token_or;
1384 return (string + 1);
1388 if (*string == '&') {
1389 token->type = token_and;
1390 return (string + 1);
1394 if (*string == '=') {
1395 token->type = token_ge;
1396 return (string + 1);
1399 token->type = token_gt;
1403 if (*string == '=') {
1404 token->type = token_le;
1405 return (string + 1);
1408 token->type = token_lt;
1412 token->type = token_string;
1415 /* We should only be here if we are in a string */
1417 token->value[next++] = ch;
1421 * Yes I know that goto's are BAD. But, c doesn't allow me to
1422 * exit a loop from a switch statement. Yes, I could use a flag,
1423 * but that is (IMHO) even less readable/maintainable than the goto.
1426 * I used the ++string throughout this section so that string
1427 * ends up pointing to the next token and I can just return it
1429 for (ch = *string; ch != '\0'; ch = *++string) {
1431 if ((ch = *++string) == '\0') {
1434 token->value[next++] = ch;
1438 if (apr_isspace(ch)) {
1451 if (*(string + 1) == '|') {
1456 if (*(string + 1) == '&') {
1465 token->value[next++] = ch;
1473 token->value[next++] = ch;
1477 /* If qs is still set, I have an unmatched ' */
1479 ap_rputs("\nUnmatched '\n", r);
1482 token->value[next] = '\0';
1488 * Hey I still know that goto's are BAD. I don't think that I've ever
1489 * used two in the same project, let alone the same file before. But,
1490 * I absolutely want to make sure that I clean up the memory in all
1491 * cases. And, without rewriting this completely, the easiest way
1492 * is to just branch to the return code which cleans it up.
1494 /* there is an implicit assumption here that expr is at most MAX_STRING_LEN-1
1495 * characters long...
1497 static int parse_expr(request_rec *r, const char *expr, const char *error)
1500 struct parse_node *left, *right, *parent;
1503 } *root, *current, *new;
1505 char buffer[MAX_STRING_LEN];
1506 apr_pool_t *expr_pool;
1509 if ((parse = expr) == (char *) NULL) {
1512 root = current = (struct parse_node *) NULL;
1513 if (apr_create_pool(&expr_pool, r->pool) != APR_SUCCESS)
1516 /* Create Parse Tree */
1518 new = (struct parse_node *) apr_palloc(expr_pool,
1519 sizeof(struct parse_node));
1520 new->parent = new->left = new->right = (struct parse_node *) NULL;
1522 if ((parse = get_ptoken(r, parse, &new->token)) == (char *) NULL) {
1525 switch (new->token.type) {
1528 #ifdef DEBUG_INCLUDE
1529 ap_rvputs(r, " Token: string (", new->token.value, ")\n", NULL);
1531 if (current == (struct parse_node *) NULL) {
1532 root = current = new;
1535 switch (current->token.type) {
1537 if (current->token.value[0] != '\0') {
1538 strncat(current->token.value, " ",
1539 sizeof(current->token.value)
1540 - strlen(current->token.value) - 1);
1542 strncat(current->token.value, new->token.value,
1543 sizeof(current->token.value)
1544 - strlen(current->token.value) - 1);
1545 current->token.value[sizeof(current->token.value) - 1] = '\0';
1557 new->parent = current;
1558 current = current->right = new;
1561 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1562 "Invalid expression \"%s\" in file %s",
1571 #ifdef DEBUG_INCLUDE
1572 ap_rputs(" Token: and/or\n", r);
1574 if (current == (struct parse_node *) NULL) {
1575 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1576 "Invalid expression \"%s\" in file %s",
1581 /* Percolate upwards */
1582 while (current != (struct parse_node *) NULL) {
1583 switch (current->token.type) {
1595 current = current->parent;
1600 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1601 "Invalid expression \"%s\" in file %s",
1608 if (current == (struct parse_node *) NULL) {
1610 new->left->parent = new;
1611 new->parent = (struct parse_node *) NULL;
1615 new->left = current->right;
1616 current->right = new;
1617 new->parent = current;
1623 #ifdef DEBUG_INCLUDE
1624 ap_rputs(" Token: not\n", r);
1626 if (current == (struct parse_node *) NULL) {
1627 root = current = new;
1630 /* Percolate upwards */
1631 while (current != (struct parse_node *) NULL) {
1632 switch (current->token.type) {
1645 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1646 "Invalid expression \"%s\" in file %s",
1653 if (current == (struct parse_node *) NULL) {
1655 new->left->parent = new;
1656 new->parent = (struct parse_node *) NULL;
1660 new->left = current->right;
1661 current->right = new;
1662 new->parent = current;
1673 #ifdef DEBUG_INCLUDE
1674 ap_rputs(" Token: eq/ne/ge/gt/le/lt\n", r);
1676 if (current == (struct parse_node *) NULL) {
1677 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1678 "Invalid expression \"%s\" in file %s",
1683 /* Percolate upwards */
1684 while (current != (struct parse_node *) NULL) {
1685 switch (current->token.type) {
1688 current = current->parent;
1702 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1703 "Invalid expression \"%s\" in file %s",
1710 if (current == (struct parse_node *) NULL) {
1712 new->left->parent = new;
1713 new->parent = (struct parse_node *) NULL;
1717 new->left = current->right;
1718 current->right = new;
1719 new->parent = current;
1725 #ifdef DEBUG_INCLUDE
1726 ap_rputs(" Token: rbrace\n", r);
1728 while (current != (struct parse_node *) NULL) {
1729 if (current->token.type == token_lbrace) {
1730 current->token.type = token_group;
1733 current = current->parent;
1735 if (current == (struct parse_node *) NULL) {
1736 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1737 "Unmatched ')' in \"%s\" in file %s",
1745 #ifdef DEBUG_INCLUDE
1746 ap_rputs(" Token: lbrace\n", r);
1748 if (current == (struct parse_node *) NULL) {
1749 root = current = new;
1752 /* Percolate upwards */
1753 while (current != (struct parse_node *) NULL) {
1754 switch (current->token.type) {
1769 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1770 "Invalid expression \"%s\" in file %s",
1777 if (current == (struct parse_node *) NULL) {
1779 new->left->parent = new;
1780 new->parent = (struct parse_node *) NULL;
1784 new->left = current->right;
1785 current->right = new;
1786 new->parent = current;
1795 /* Evaluate Parse Tree */
1797 while (current != (struct parse_node *) NULL) {
1798 switch (current->token.type) {
1800 #ifdef DEBUG_INCLUDE
1801 ap_rputs(" Evaluate string\n", r);
1803 parse_string(r, current->token.value, buffer, sizeof(buffer), 0);
1804 apr_cpystrn(current->token.value, buffer, sizeof(current->token.value));
1805 current->value = (current->token.value[0] != '\0');
1807 current = current->parent;
1812 #ifdef DEBUG_INCLUDE
1813 ap_rputs(" Evaluate and/or\n", r);
1815 if (current->left == (struct parse_node *) NULL ||
1816 current->right == (struct parse_node *) NULL) {
1817 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1818 "Invalid expression \"%s\" in file %s",
1823 if (!current->left->done) {
1824 switch (current->left->token.type) {
1826 parse_string(r, current->left->token.value,
1827 buffer, sizeof(buffer), 0);
1828 apr_cpystrn(current->left->token.value, buffer,
1829 sizeof(current->left->token.value));
1830 current->left->value = (current->left->token.value[0] != '\0');
1831 current->left->done = 1;
1834 current = current->left;
1838 if (!current->right->done) {
1839 switch (current->right->token.type) {
1841 parse_string(r, current->right->token.value,
1842 buffer, sizeof(buffer), 0);
1843 apr_cpystrn(current->right->token.value, buffer,
1844 sizeof(current->right->token.value));
1845 current->right->value = (current->right->token.value[0] != '\0');
1846 current->right->done = 1;
1849 current = current->right;
1853 #ifdef DEBUG_INCLUDE
1854 ap_rvputs(r, " Left: ", current->left->value ? "1" : "0",
1856 ap_rvputs(r, " Right: ", current->right->value ? "1" : "0",
1859 if (current->token.type == token_and) {
1860 current->value = current->left->value && current->right->value;
1863 current->value = current->left->value || current->right->value;
1865 #ifdef DEBUG_INCLUDE
1866 ap_rvputs(r, " Returning ", current->value ? "1" : "0",
1870 current = current->parent;
1875 #ifdef DEBUG_INCLUDE
1876 ap_rputs(" Evaluate eq/ne\n", r);
1878 if ((current->left == (struct parse_node *) NULL) ||
1879 (current->right == (struct parse_node *) NULL) ||
1880 (current->left->token.type != token_string) ||
1881 (current->right->token.type != token_string)) {
1882 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1883 "Invalid expression \"%s\" in file %s",
1888 parse_string(r, current->left->token.value,
1889 buffer, sizeof(buffer), 0);
1890 apr_cpystrn(current->left->token.value, buffer,
1891 sizeof(current->left->token.value));
1892 parse_string(r, current->right->token.value,
1893 buffer, sizeof(buffer), 0);
1894 apr_cpystrn(current->right->token.value, buffer,
1895 sizeof(current->right->token.value));
1896 if (current->right->token.value[0] == '/') {
1898 len = strlen(current->right->token.value);
1899 if (current->right->token.value[len - 1] == '/') {
1900 current->right->token.value[len - 1] = '\0';
1903 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1904 "Invalid rexp \"%s\" in file %s",
1905 current->right->token.value, r->filename);
1909 #ifdef DEBUG_INCLUDE
1910 ap_rvputs(r, " Re Compare (", current->left->token.value,
1911 ") with /", ¤t->right->token.value[1], "/\n", NULL);
1914 re_check(r, current->left->token.value,
1915 ¤t->right->token.value[1]);
1918 #ifdef DEBUG_INCLUDE
1919 ap_rvputs(r, " Compare (", current->left->token.value,
1920 ") with (", current->right->token.value, ")\n", NULL);
1923 (strcmp(current->left->token.value,
1924 current->right->token.value) == 0);
1926 if (current->token.type == token_ne) {
1927 current->value = !current->value;
1929 #ifdef DEBUG_INCLUDE
1930 ap_rvputs(r, " Returning ", current->value ? "1" : "0",
1934 current = current->parent;
1940 #ifdef DEBUG_INCLUDE
1941 ap_rputs(" Evaluate ge/gt/le/lt\n", r);
1943 if ((current->left == (struct parse_node *) NULL) ||
1944 (current->right == (struct parse_node *) NULL) ||
1945 (current->left->token.type != token_string) ||
1946 (current->right->token.type != token_string)) {
1947 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
1948 "Invalid expression \"%s\" in file %s",
1953 parse_string(r, current->left->token.value,
1954 buffer, sizeof(buffer), 0);
1955 apr_cpystrn(current->left->token.value, buffer,
1956 sizeof(current->left->token.value));
1957 parse_string(r, current->right->token.value,
1958 buffer, sizeof(buffer), 0);
1959 apr_cpystrn(current->right->token.value, buffer,
1960 sizeof(current->right->token.value));
1961 #ifdef DEBUG_INCLUDE
1962 ap_rvputs(r, " Compare (", current->left->token.value,
1963 ") with (", current->right->token.value, ")\n", NULL);
1966 strcmp(current->left->token.value,
1967 current->right->token.value);
1968 if (current->token.type == token_ge) {
1969 current->value = current->value >= 0;
1971 else if (current->token.type == token_gt) {
1972 current->value = current->value > 0;
1974 else if (current->token.type == token_le) {
1975 current->value = current->value <= 0;
1977 else if (current->token.type == token_lt) {
1978 current->value = current->value < 0;
1981 current->value = 0; /* Don't return -1 if unknown token */
1983 #ifdef DEBUG_INCLUDE
1984 ap_rvputs(r, " Returning ", current->value ? "1" : "0",
1988 current = current->parent;
1992 if (current->right != (struct parse_node *) NULL) {
1993 if (!current->right->done) {
1994 current = current->right;
1997 current->value = !current->right->value;
2002 #ifdef DEBUG_INCLUDE
2003 ap_rvputs(r, " Evaluate !: ", current->value ? "1" : "0",
2007 current = current->parent;
2011 if (current->right != (struct parse_node *) NULL) {
2012 if (!current->right->done) {
2013 current = current->right;
2016 current->value = current->right->value;
2021 #ifdef DEBUG_INCLUDE
2022 ap_rvputs(r, " Evaluate (): ", current->value ? "1" : "0",
2026 current = current->parent;
2030 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2031 "Unmatched '(' in \"%s\" in file %s",
2037 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2038 "Unmatched ')' in \"%s\" in file %s",
2044 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2051 retval = (root == (struct parse_node *) NULL) ? 0 : root->value;
2053 apr_destroy_pool(expr_pool);
2057 static int handle_if(ap_bucket *in, request_rec *r, const char *error,
2058 int *conditional_status, int *printing)
2060 char tag[MAX_STRING_LEN];
2063 apr_off_t offset = strlen("if ") + strlen(STARTING_SEQUENCE);
2067 tag_val = get_tag(r->pool, in, tag, sizeof(tag), 0, &offset);
2071 else if (!strcmp(tag, "done")) {
2073 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2074 "missing expr in if statement: %s",
2079 *printing = *conditional_status = parse_expr(r, expr, error);
2080 #ifdef DEBUG_INCLUDE
2081 ap_rvputs(r, "**** if conditional_status=\"",
2082 *conditional_status ? "1" : "0", "\"\n", NULL);
2086 else if (!strcmp(tag, "expr")) {
2088 #ifdef DEBUG_INCLUDE
2089 ap_rvputs(r, "**** if expr=\"", expr, "\"\n", NULL);
2093 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2094 "unknown parameter \"%s\" to tag if in %s",
2101 static int handle_elif(ap_bucket *in, request_rec *r, const char *error,
2102 int *conditional_status, int *printing)
2104 char tag[MAX_STRING_LEN];
2107 apr_off_t offset = strlen("elif ") + strlen(STARTING_SEQUENCE);
2111 tag_val = get_tag(r->pool, in, tag, sizeof(tag), 0, &offset);
2115 else if (!strcmp(tag, "done")) {
2116 #ifdef DEBUG_INCLUDE
2117 ap_rvputs(r, "**** elif conditional_status=\"",
2118 *conditional_status ? "1" : "0", "\"\n", NULL);
2120 if (*conditional_status) {
2125 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2126 "missing expr in elif statement: %s",
2131 *printing = *conditional_status = parse_expr(r, expr, error);
2132 #ifdef DEBUG_INCLUDE
2133 ap_rvputs(r, "**** elif conditional_status=\"",
2134 *conditional_status ? "1" : "0", "\"\n", NULL);
2138 else if (!strcmp(tag, "expr")) {
2140 #ifdef DEBUG_INCLUDE
2141 ap_rvputs(r, "**** if expr=\"", expr, "\"\n", NULL);
2145 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2146 "unknown parameter \"%s\" to tag if in %s",
2153 static int handle_else(ap_bucket *in, request_rec *r, const char *error,
2154 int *conditional_status, int *printing)
2156 char tag[MAX_STRING_LEN];
2157 apr_off_t offset = strlen("else ") + strlen(STARTING_SEQUENCE);
2159 if (!get_tag(r->pool, in, tag, sizeof(tag), 1, &offset)) {
2162 else if (!strcmp(tag, "done")) {
2163 #ifdef DEBUG_INCLUDE
2164 ap_rvputs(r, "**** else conditional_status=\"",
2165 *conditional_status ? "1" : "0", "\"\n", NULL);
2167 *printing = !(*conditional_status);
2168 *conditional_status = 1;
2172 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2173 "else directive does not take tags in %s",
2182 static int handle_endif(ap_bucket *in, request_rec *r, const char *error,
2183 int *conditional_status, int *printing)
2185 char tag[MAX_STRING_LEN];
2186 apr_off_t offset = strlen("endif ") + strlen(STARTING_SEQUENCE);
2188 if (!get_tag(r->pool, in, tag, sizeof(tag), 1, &offset)) {
2191 else if (!strcmp(tag, "done")) {
2192 #ifdef DEBUG_INCLUDE
2193 ap_rvputs(r, "**** endif conditional_status=\"",
2194 *conditional_status ? "1" : "0", "\"\n", NULL);
2197 *conditional_status = 1;
2201 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2202 "endif directive does not take tags in %s",
2209 static int handle_set(ap_bucket *in, request_rec *r, const char *error)
2211 char tag[MAX_STRING_LEN];
2212 char parsed_string[MAX_STRING_LEN];
2215 apr_off_t offset = strlen("set ") + strlen(STARTING_SEQUENCE);
2217 var = (char *) NULL;
2219 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1, &offset))) {
2222 else if (!strcmp(tag, "done")) {
2225 else if (!strcmp(tag, "var")) {
2228 else if (!strcmp(tag, "value")) {
2229 if (var == (char *) NULL) {
2230 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2231 "variable must precede value in set directive in %s",
2236 parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
2237 apr_table_setn(r->subprocess_env, var, apr_pstrdup(r->pool, parsed_string));
2240 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2241 "Invalid tag for set directive in %s", r->filename);
2248 static int handle_printenv(ap_bucket *in, request_rec *r, const char *error)
2250 char tag[MAX_STRING_LEN];
2252 apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
2253 apr_table_entry_t *elts = (apr_table_entry_t *)arr->elts;
2255 apr_off_t offset = strlen("printenv ") + strlen(STARTING_SEQUENCE);
2257 if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1, &offset))) {
2260 else if (!strcmp(tag, "done")) {
2261 for (i = 0; i < arr->nelts; ++i) {
2262 ap_rvputs(r, ap_escape_html(r->pool, elts[i].key), "=",
2263 ap_escape_html(r->pool, elts[i].val), "\n", NULL);
2268 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2269 "printenv directive does not take tags in %s",
2278 /* -------------------------- The main function --------------------------- */
2280 /* This is a stub which parses a file descriptor. */
2282 typedef struct include_ctx {
2283 ap_bucket_brigade *bb;
2285 static void send_parsed_content(ap_bucket_brigade **bb, request_rec *r,
2288 char directive[MAX_STRING_LEN], error[MAX_STRING_LEN];
2289 char timefmt[MAX_STRING_LEN];
2290 int noexec = ap_allow_options(r) & OPT_INCNOEXEC;
2294 int conditional_status;
2295 ap_bucket *dptr = AP_BRIGADE_FIRST(*bb);
2296 ap_bucket *tagbuck, *dptr2;
2298 ap_bucket_brigade *tag_and_after;
2302 apr_cpystrn(error, DEFAULT_ERROR_MSG, sizeof(error));
2303 apr_cpystrn(timefmt, DEFAULT_TIME_FORMAT, sizeof(timefmt));
2304 sizefmt = SIZEFMT_KMG;
2306 /* Turn printing on */
2307 printing = conditional_status = 1;
2310 ap_chdir_file(r->filename);
2311 if (r->args) { /* add QUERY stuff to env cause it ain't yet */
2312 char *arg_copy = apr_pstrdup(r->pool, r->args);
2314 apr_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
2315 ap_unescape_url(arg_copy);
2316 apr_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
2317 ap_escape_shell_cmd(r->pool, arg_copy));
2321 f->ctx = ctx = apr_pcalloc(r->pool, sizeof(f->ctx));
2322 ctx->bb = ap_brigade_create(r->pool);
2326 AP_BRIGADE_CONCAT(*bb, ctx->bb);
2329 AP_BRIGADE_FOREACH(dptr, *bb) {
2330 if ((tagbuck = find_string(dptr, STARTING_SEQUENCE, AP_BRIGADE_LAST(*bb))) != NULL) {
2333 endsec = find_string(dptr2, ENDING_SEQUENCE, AP_BRIGADE_LAST(*bb));
2334 if (endsec == NULL) {
2335 ap_save_brigade(f, &ctx->bb, bb);
2338 /* At this point, everything between tagbuck and endsec is an SSI
2339 * directive, we just have to deal with it now.
2341 if (get_directive(tagbuck, directive, sizeof(directive), r->pool)) {
2342 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2343 "mod_include: error reading directive in %s",
2348 tag_and_after = ap_brigade_split(*bb, dptr);
2349 ap_pass_brigade(f->next, *bb); /* process what came before the tag */
2350 *bb = tag_and_after;
2351 if (!strcmp(directive, "if")) {
2356 ret = handle_if(tagbuck, r, error, &conditional_status,
2362 else if (!strcmp(directive, "else")) {
2364 ret = handle_else(tagbuck, r, error, &conditional_status,
2369 else if (!strcmp(directive, "elif")) {
2371 ret = handle_elif(tagbuck, r, error, &conditional_status,
2376 else if (!strcmp(directive, "endif")) {
2378 ret = handle_endif(tagbuck, r, error, &conditional_status,
2389 if (!strcmp(directive, "exec")) {
2391 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2392 "exec used but not allowed in %s",
2399 ret = handle_exec(tagbuck, r, error, f->next);
2402 else if (!strcmp(directive, "config")) {
2403 ret = handle_config(tagbuck, r, error, timefmt, &sizefmt);
2405 else if (!strcmp(directive, "set")) {
2406 ret = handle_set(tagbuck, r, error);
2408 else if (!strcmp(directive, "include")) {
2409 ret = handle_include(tagbuck, r, f->next, error, noexec);
2411 else if (!strcmp(directive, "echo")) {
2412 ret = handle_echo(tagbuck, r, error);
2414 else if (!strcmp(directive, "fsize")) {
2415 ret = handle_fsize(tagbuck, r, error, sizefmt);
2417 else if (!strcmp(directive, "flastmod")) {
2418 ret = handle_flastmod(tagbuck, r, error, timefmt);
2420 else if (!strcmp(directive, "printenv")) {
2421 ret = handle_printenv(tagbuck, r, error);
2424 else if (!strcmp(directive, "perl")) {
2425 ret = handle_perl(tagbuck, r, error);
2429 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
2430 "unknown directive \"%s\" "
2432 directive, r->filename);
2437 *bb = ap_brigade_split(tag_and_after, endsec);
2438 dptr = AP_BUCKET_PREV(endsec);
2446 /*****************************************************************
2448 * XBITHACK. Sigh... NB it's configurable per-directory; the compile-time
2449 * option only changes the default.
2452 module includes_module;
2454 xbithack_off, xbithack_on, xbithack_full
2458 #define DEFAULT_XBITHACK xbithack_full
2460 #define DEFAULT_XBITHACK xbithack_off
2463 static void *create_includes_dir_config(apr_pool_t *p, char *dummy)
2465 enum xbithack *result = (enum xbithack *) apr_palloc(p, sizeof(enum xbithack));
2466 *result = DEFAULT_XBITHACK;
2470 static const char *set_xbithack(cmd_parms *cmd, void *xbp, const char *arg)
2472 enum xbithack *state = (enum xbithack *) xbp;
2474 if (!strcasecmp(arg, "off")) {
2475 *state = xbithack_off;
2477 else if (!strcasecmp(arg, "on")) {
2478 *state = xbithack_on;
2480 else if (!strcasecmp(arg, "full")) {
2481 *state = xbithack_full;
2484 return "XBitHack must be set to Off, On, or Full";
2490 static int includes_filter(ap_filter_t *f, ap_bucket_brigade *b)
2492 request_rec *r = f->r;
2493 enum xbithack *state =
2494 (enum xbithack *) ap_get_module_config(r->per_dir_config, &includes_module);
2495 request_rec *parent;
2497 if (!(ap_allow_options(r) & OPT_INCLUDES)) {
2498 return ap_pass_brigade(f->next, b);
2500 r->allowed |= (1 << M_GET);
2501 if (r->method_number != M_GET) {
2502 return ap_pass_brigade(f->next, b);
2505 if ((*state == xbithack_full)
2506 #if !defined(OS2) && !defined(WIN32)
2507 /* OS/2 dosen't support Groups. */
2508 && (r->finfo.protection & APR_GEXECUTE)
2511 ap_update_mtime(r, r->finfo.mtime);
2512 ap_set_last_modified(r);
2515 if ((parent = ap_get_module_config(r->request_config, &includes_module))) {
2516 /* Kludge --- for nested includes, we want to keep the subprocess
2517 * environment of the base document (for compatibility); that means
2518 * torquing our own last_modified date as well so that the
2519 * LAST_MODIFIED variable gets reset to the proper value if the
2520 * nested document resets <!--#config timefmt-->.
2521 * We also insist that the memory for this subrequest not be
2522 * destroyed, that's dealt with in handle_include().
2524 r->subprocess_env = r->main->subprocess_env;
2525 apr_pool_join(r->main->pool, r->pool);
2526 r->finfo.mtime = r->main->finfo.mtime;
2529 /* we're not a nested include, so we create an initial
2531 ap_add_common_vars(r);
2533 add_include_vars(r, DEFAULT_TIME_FORMAT);
2535 /* XXX: this is bogus, at some point we're going to do a subrequest,
2536 * and when we do it we're going to be subjecting code that doesn't
2537 * expect to be signal-ready to SIGALRM. There is no clean way to
2538 * fix this, except to put alarm support into BUFF. -djg
2541 send_parsed_content(&b, r, f);
2542 ap_pass_brigade(f->next, b);
2545 /* signify that the sub request should not be killed */
2546 ap_set_module_config(r->request_config, &includes_module,
2547 NESTED_INCLUDE_MAGIC);
2553 static const command_rec includes_cmds[] =
2555 AP_INIT_TAKE1("XBitHack", set_xbithack, NULL, OR_OPTIONS,
2556 "Off, On, or Full"),
2560 static void register_hooks(void)
2562 ap_register_output_filter("INCLUDES", includes_filter, AP_FTYPE_CONTENT);
2565 module AP_MODULE_DECLARE_DATA includes_module =
2567 STANDARD20_MODULE_STUFF,
2568 create_includes_dir_config, /* dir config creater */
2569 NULL, /* dir merger --- default is to override */
2570 NULL, /* server config */
2571 NULL, /* merge server config */
2572 includes_cmds, /* command apr_table_t */
2574 includes_handlers, /* handlers */
2576 NULL, /* handlers */
2578 register_hooks /* register hooks */