Fossil SCM
For candidate CGI parameter names that start with an uppercase letter, convert them to lowercase and then add.
Commit
b47b6b6906d51af37309c572d89a9aa545fbc89f8abd1d17b3900ab9e509cba9
Parent
8baac2646c3ef6c…
2 files changed
+57
-11
+2
+57
-11
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -489,10 +489,29 @@ | ||
| 489 | 489 | } |
| 490 | 490 | |
| 491 | 491 | /* |
| 492 | 492 | ** Add another query parameter or cookie to the parameter set. |
| 493 | 493 | ** zName is the name of the query parameter or cookie and zValue |
| 494 | +** is its fully decoded value. zName will be modified to be an | |
| 495 | +** all lowercase string. | |
| 496 | +** | |
| 497 | +** zName and zValue are not copied and must not change or be | |
| 498 | +** deallocated after this routine returns. | |
| 499 | +*/ | |
| 500 | +void cgi_set_parameter_nocopy_tolower( | |
| 501 | + char *zName, | |
| 502 | + const char *zValue, | |
| 503 | + int isQP | |
| 504 | +){ | |
| 505 | + int i; | |
| 506 | + for(i=0; zName[i]; i++){ zName[i] = fossil_tolower(zName[i]); } | |
| 507 | + cgi_set_parameter_nocopy(zName, zValue, isQP); | |
| 508 | +} | |
| 509 | + | |
| 510 | +/* | |
| 511 | +** Add another query parameter or cookie to the parameter set. | |
| 512 | +** zName is the name of the query parameter or cookie and zValue | |
| 494 | 513 | ** is its fully decoded value. |
| 495 | 514 | ** |
| 496 | 515 | ** Copies are made of both the zName and zValue parameters. |
| 497 | 516 | */ |
| 498 | 517 | void cgi_set_parameter(const char *zName, const char *zValue){ |
| @@ -523,10 +542,15 @@ | ||
| 523 | 542 | assert( aParamQP[i].isQP ); |
| 524 | 543 | return; |
| 525 | 544 | } |
| 526 | 545 | } |
| 527 | 546 | cgi_set_parameter_nocopy(zName, zValue, 1); |
| 547 | +} | |
| 548 | +void cgi_replace_query_parameter_tolower(char *zName, const char *zValue){ | |
| 549 | + int i; | |
| 550 | + for(i=0; zName[i]; i++){ zName[i] = fossil_tolower(zName[i]); } | |
| 551 | + cgi_replace_query_parameter(zName, zValue); | |
| 528 | 552 | } |
| 529 | 553 | |
| 530 | 554 | /* |
| 531 | 555 | ** Delete a parameter. |
| 532 | 556 | */ |
| @@ -614,12 +638,16 @@ | ||
| 614 | 638 | dehttpize(zValue); |
| 615 | 639 | }else{ |
| 616 | 640 | if( *z ){ *z++ = 0; } |
| 617 | 641 | zValue = ""; |
| 618 | 642 | } |
| 619 | - if( fossil_islower(zName[0]) && fossil_no_strange_characters(zName+1) ){ | |
| 620 | - cgi_set_parameter_nocopy(zName, zValue, isQP); | |
| 643 | + if( zName[0] && fossil_no_strange_characters(zName+1) ){ | |
| 644 | + if( fossil_islower(zName[0]) ){ | |
| 645 | + cgi_set_parameter_nocopy(zName, zValue, isQP); | |
| 646 | + }else if( fossil_isupper(zName[0]) ){ | |
| 647 | + cgi_set_parameter_nocopy_tolower(zName, zValue, isQP); | |
| 648 | + } | |
| 621 | 649 | } |
| 622 | 650 | #ifdef FOSSIL_ENABLE_JSON |
| 623 | 651 | json_setenv( zName, cson_value_new_string(zValue,strlen(zValue)) ); |
| 624 | 652 | #endif /* FOSSIL_ENABLE_JSON */ |
| 625 | 653 | } |
| @@ -758,15 +786,23 @@ | ||
| 758 | 786 | if( zBoundry==0 ) return; |
| 759 | 787 | while( (zLine = get_line_from_string(&z, &len))!=0 ){ |
| 760 | 788 | if( zLine[0]==0 ){ |
| 761 | 789 | int nContent = 0; |
| 762 | 790 | zValue = get_bounded_content(&z, &len, zBoundry, &nContent); |
| 763 | - if( zName && zValue && fossil_islower(zName[0]) ){ | |
| 764 | - cgi_set_parameter_nocopy(zName, zValue, 1); | |
| 765 | - if( showBytes ){ | |
| 766 | - cgi_set_parameter_nocopy(mprintf("%s:bytes", zName), | |
| 767 | - mprintf("%d",nContent), 1); | |
| 791 | + if( zName && zValue ){ | |
| 792 | + if( fossil_islower(zName[0]) ){ | |
| 793 | + cgi_set_parameter_nocopy(zName, zValue, 1); | |
| 794 | + if( showBytes ){ | |
| 795 | + cgi_set_parameter_nocopy(mprintf("%s:bytes", zName), | |
| 796 | + mprintf("%d",nContent), 1); | |
| 797 | + } | |
| 798 | + }else if( fossil_isupper(zName[0]) ){ | |
| 799 | + cgi_set_parameter_nocopy_tolower(zName, zValue, 1); | |
| 800 | + if( showBytes ){ | |
| 801 | + cgi_set_parameter_nocopy_tolower(mprintf("%s:bytes", zName), | |
| 802 | + mprintf("%d",nContent), 1); | |
| 803 | + } | |
| 768 | 804 | } |
| 769 | 805 | } |
| 770 | 806 | zName = 0; |
| 771 | 807 | showBytes = 0; |
| 772 | 808 | }else{ |
| @@ -778,18 +814,28 @@ | ||
| 778 | 814 | i++; |
| 779 | 815 | }else if( c=='n' && sqlite3_strnicmp(azArg[i],"name=",n)==0 ){ |
| 780 | 816 | zName = azArg[++i]; |
| 781 | 817 | }else if( c=='f' && sqlite3_strnicmp(azArg[i],"filename=",n)==0 ){ |
| 782 | 818 | char *z = azArg[++i]; |
| 783 | - if( zName && z && fossil_islower(zName[0]) ){ | |
| 784 | - cgi_set_parameter_nocopy(mprintf("%s:filename",zName), z, 1); | |
| 819 | + if( zName && z ){ | |
| 820 | + if( fossil_islower(zName[0]) ){ | |
| 821 | + cgi_set_parameter_nocopy(mprintf("%s:filename",zName), z, 1); | |
| 822 | + }else if( fossil_isupper(zName[0]) ){ | |
| 823 | + cgi_set_parameter_nocopy_tolower(mprintf("%s:filename",zName), | |
| 824 | + z, 1); | |
| 825 | + } | |
| 785 | 826 | } |
| 786 | 827 | showBytes = 1; |
| 787 | 828 | }else if( c=='c' && sqlite3_strnicmp(azArg[i],"content-type:",n)==0 ){ |
| 788 | 829 | char *z = azArg[++i]; |
| 789 | - if( zName && z && fossil_islower(zName[0]) ){ | |
| 790 | - cgi_set_parameter_nocopy(mprintf("%s:mimetype",zName), z, 1); | |
| 830 | + if( zName && z ){ | |
| 831 | + if( fossil_islower(zName[0]) ){ | |
| 832 | + cgi_set_parameter_nocopy(mprintf("%s:mimetype",zName), z, 1); | |
| 833 | + }else if( fossil_isupper(zName[0]) ){ | |
| 834 | + cgi_set_parameter_nocopy_tolower(mprintf("%s:mimetype",zName), | |
| 835 | + z, 1); | |
| 836 | + } | |
| 791 | 837 | } |
| 792 | 838 | } |
| 793 | 839 | } |
| 794 | 840 | } |
| 795 | 841 | } |
| 796 | 842 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -489,10 +489,29 @@ | |
| 489 | } |
| 490 | |
| 491 | /* |
| 492 | ** Add another query parameter or cookie to the parameter set. |
| 493 | ** zName is the name of the query parameter or cookie and zValue |
| 494 | ** is its fully decoded value. |
| 495 | ** |
| 496 | ** Copies are made of both the zName and zValue parameters. |
| 497 | */ |
| 498 | void cgi_set_parameter(const char *zName, const char *zValue){ |
| @@ -523,10 +542,15 @@ | |
| 523 | assert( aParamQP[i].isQP ); |
| 524 | return; |
| 525 | } |
| 526 | } |
| 527 | cgi_set_parameter_nocopy(zName, zValue, 1); |
| 528 | } |
| 529 | |
| 530 | /* |
| 531 | ** Delete a parameter. |
| 532 | */ |
| @@ -614,12 +638,16 @@ | |
| 614 | dehttpize(zValue); |
| 615 | }else{ |
| 616 | if( *z ){ *z++ = 0; } |
| 617 | zValue = ""; |
| 618 | } |
| 619 | if( fossil_islower(zName[0]) && fossil_no_strange_characters(zName+1) ){ |
| 620 | cgi_set_parameter_nocopy(zName, zValue, isQP); |
| 621 | } |
| 622 | #ifdef FOSSIL_ENABLE_JSON |
| 623 | json_setenv( zName, cson_value_new_string(zValue,strlen(zValue)) ); |
| 624 | #endif /* FOSSIL_ENABLE_JSON */ |
| 625 | } |
| @@ -758,15 +786,23 @@ | |
| 758 | if( zBoundry==0 ) return; |
| 759 | while( (zLine = get_line_from_string(&z, &len))!=0 ){ |
| 760 | if( zLine[0]==0 ){ |
| 761 | int nContent = 0; |
| 762 | zValue = get_bounded_content(&z, &len, zBoundry, &nContent); |
| 763 | if( zName && zValue && fossil_islower(zName[0]) ){ |
| 764 | cgi_set_parameter_nocopy(zName, zValue, 1); |
| 765 | if( showBytes ){ |
| 766 | cgi_set_parameter_nocopy(mprintf("%s:bytes", zName), |
| 767 | mprintf("%d",nContent), 1); |
| 768 | } |
| 769 | } |
| 770 | zName = 0; |
| 771 | showBytes = 0; |
| 772 | }else{ |
| @@ -778,18 +814,28 @@ | |
| 778 | i++; |
| 779 | }else if( c=='n' && sqlite3_strnicmp(azArg[i],"name=",n)==0 ){ |
| 780 | zName = azArg[++i]; |
| 781 | }else if( c=='f' && sqlite3_strnicmp(azArg[i],"filename=",n)==0 ){ |
| 782 | char *z = azArg[++i]; |
| 783 | if( zName && z && fossil_islower(zName[0]) ){ |
| 784 | cgi_set_parameter_nocopy(mprintf("%s:filename",zName), z, 1); |
| 785 | } |
| 786 | showBytes = 1; |
| 787 | }else if( c=='c' && sqlite3_strnicmp(azArg[i],"content-type:",n)==0 ){ |
| 788 | char *z = azArg[++i]; |
| 789 | if( zName && z && fossil_islower(zName[0]) ){ |
| 790 | cgi_set_parameter_nocopy(mprintf("%s:mimetype",zName), z, 1); |
| 791 | } |
| 792 | } |
| 793 | } |
| 794 | } |
| 795 | } |
| 796 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -489,10 +489,29 @@ | |
| 489 | } |
| 490 | |
| 491 | /* |
| 492 | ** Add another query parameter or cookie to the parameter set. |
| 493 | ** zName is the name of the query parameter or cookie and zValue |
| 494 | ** is its fully decoded value. zName will be modified to be an |
| 495 | ** all lowercase string. |
| 496 | ** |
| 497 | ** zName and zValue are not copied and must not change or be |
| 498 | ** deallocated after this routine returns. |
| 499 | */ |
| 500 | void cgi_set_parameter_nocopy_tolower( |
| 501 | char *zName, |
| 502 | const char *zValue, |
| 503 | int isQP |
| 504 | ){ |
| 505 | int i; |
| 506 | for(i=0; zName[i]; i++){ zName[i] = fossil_tolower(zName[i]); } |
| 507 | cgi_set_parameter_nocopy(zName, zValue, isQP); |
| 508 | } |
| 509 | |
| 510 | /* |
| 511 | ** Add another query parameter or cookie to the parameter set. |
| 512 | ** zName is the name of the query parameter or cookie and zValue |
| 513 | ** is its fully decoded value. |
| 514 | ** |
| 515 | ** Copies are made of both the zName and zValue parameters. |
| 516 | */ |
| 517 | void cgi_set_parameter(const char *zName, const char *zValue){ |
| @@ -523,10 +542,15 @@ | |
| 542 | assert( aParamQP[i].isQP ); |
| 543 | return; |
| 544 | } |
| 545 | } |
| 546 | cgi_set_parameter_nocopy(zName, zValue, 1); |
| 547 | } |
| 548 | void cgi_replace_query_parameter_tolower(char *zName, const char *zValue){ |
| 549 | int i; |
| 550 | for(i=0; zName[i]; i++){ zName[i] = fossil_tolower(zName[i]); } |
| 551 | cgi_replace_query_parameter(zName, zValue); |
| 552 | } |
| 553 | |
| 554 | /* |
| 555 | ** Delete a parameter. |
| 556 | */ |
| @@ -614,12 +638,16 @@ | |
| 638 | dehttpize(zValue); |
| 639 | }else{ |
| 640 | if( *z ){ *z++ = 0; } |
| 641 | zValue = ""; |
| 642 | } |
| 643 | if( zName[0] && fossil_no_strange_characters(zName+1) ){ |
| 644 | if( fossil_islower(zName[0]) ){ |
| 645 | cgi_set_parameter_nocopy(zName, zValue, isQP); |
| 646 | }else if( fossil_isupper(zName[0]) ){ |
| 647 | cgi_set_parameter_nocopy_tolower(zName, zValue, isQP); |
| 648 | } |
| 649 | } |
| 650 | #ifdef FOSSIL_ENABLE_JSON |
| 651 | json_setenv( zName, cson_value_new_string(zValue,strlen(zValue)) ); |
| 652 | #endif /* FOSSIL_ENABLE_JSON */ |
| 653 | } |
| @@ -758,15 +786,23 @@ | |
| 786 | if( zBoundry==0 ) return; |
| 787 | while( (zLine = get_line_from_string(&z, &len))!=0 ){ |
| 788 | if( zLine[0]==0 ){ |
| 789 | int nContent = 0; |
| 790 | zValue = get_bounded_content(&z, &len, zBoundry, &nContent); |
| 791 | if( zName && zValue ){ |
| 792 | if( fossil_islower(zName[0]) ){ |
| 793 | cgi_set_parameter_nocopy(zName, zValue, 1); |
| 794 | if( showBytes ){ |
| 795 | cgi_set_parameter_nocopy(mprintf("%s:bytes", zName), |
| 796 | mprintf("%d",nContent), 1); |
| 797 | } |
| 798 | }else if( fossil_isupper(zName[0]) ){ |
| 799 | cgi_set_parameter_nocopy_tolower(zName, zValue, 1); |
| 800 | if( showBytes ){ |
| 801 | cgi_set_parameter_nocopy_tolower(mprintf("%s:bytes", zName), |
| 802 | mprintf("%d",nContent), 1); |
| 803 | } |
| 804 | } |
| 805 | } |
| 806 | zName = 0; |
| 807 | showBytes = 0; |
| 808 | }else{ |
| @@ -778,18 +814,28 @@ | |
| 814 | i++; |
| 815 | }else if( c=='n' && sqlite3_strnicmp(azArg[i],"name=",n)==0 ){ |
| 816 | zName = azArg[++i]; |
| 817 | }else if( c=='f' && sqlite3_strnicmp(azArg[i],"filename=",n)==0 ){ |
| 818 | char *z = azArg[++i]; |
| 819 | if( zName && z ){ |
| 820 | if( fossil_islower(zName[0]) ){ |
| 821 | cgi_set_parameter_nocopy(mprintf("%s:filename",zName), z, 1); |
| 822 | }else if( fossil_isupper(zName[0]) ){ |
| 823 | cgi_set_parameter_nocopy_tolower(mprintf("%s:filename",zName), |
| 824 | z, 1); |
| 825 | } |
| 826 | } |
| 827 | showBytes = 1; |
| 828 | }else if( c=='c' && sqlite3_strnicmp(azArg[i],"content-type:",n)==0 ){ |
| 829 | char *z = azArg[++i]; |
| 830 | if( zName && z ){ |
| 831 | if( fossil_islower(zName[0]) ){ |
| 832 | cgi_set_parameter_nocopy(mprintf("%s:mimetype",zName), z, 1); |
| 833 | }else if( fossil_isupper(zName[0]) ){ |
| 834 | cgi_set_parameter_nocopy_tolower(mprintf("%s:mimetype",zName), |
| 835 | z, 1); |
| 836 | } |
| 837 | } |
| 838 | } |
| 839 | } |
| 840 | } |
| 841 | } |
| 842 |
+2
| --- src/dispatch.c | ||
| +++ src/dispatch.c | ||
| @@ -196,10 +196,12 @@ | ||
| 196 | 196 | if( *z ){ *z++ = 0; } |
| 197 | 197 | zValue = ""; |
| 198 | 198 | } |
| 199 | 199 | if( fossil_islower(zName[0]) ){ |
| 200 | 200 | cgi_replace_query_parameter(zName, zValue); |
| 201 | + }else if( fossil_isupper(zName[0]) ){ | |
| 202 | + cgi_replace_query_parameter_tolower(zName, zValue); | |
| 201 | 203 | } |
| 202 | 204 | } |
| 203 | 205 | return 0; |
| 204 | 206 | } |
| 205 | 207 | |
| 206 | 208 |
| --- src/dispatch.c | |
| +++ src/dispatch.c | |
| @@ -196,10 +196,12 @@ | |
| 196 | if( *z ){ *z++ = 0; } |
| 197 | zValue = ""; |
| 198 | } |
| 199 | if( fossil_islower(zName[0]) ){ |
| 200 | cgi_replace_query_parameter(zName, zValue); |
| 201 | } |
| 202 | } |
| 203 | return 0; |
| 204 | } |
| 205 | |
| 206 |
| --- src/dispatch.c | |
| +++ src/dispatch.c | |
| @@ -196,10 +196,12 @@ | |
| 196 | if( *z ){ *z++ = 0; } |
| 197 | zValue = ""; |
| 198 | } |
| 199 | if( fossil_islower(zName[0]) ){ |
| 200 | cgi_replace_query_parameter(zName, zValue); |
| 201 | }else if( fossil_isupper(zName[0]) ){ |
| 202 | cgi_replace_query_parameter_tolower(zName, zValue); |
| 203 | } |
| 204 | } |
| 205 | return 0; |
| 206 | } |
| 207 | |
| 208 |