util_script.c revision 540bbdd4d087610fc0563f0dc3aab2fc5defbad9
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance/* ====================================================================
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * Copyright (c) 1995-1999 The Apache Group. All rights reserved.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * Redistribution and use in source and binary forms, with or without
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * modification, are permitted provided that the following conditions
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * 1. Redistributions of source code must retain the above copyright
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * notice, this list of conditions and the following disclaimer.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * 2. Redistributions in binary form must reproduce the above copyright
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * notice, this list of conditions and the following disclaimer in
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * the documentation and/or other materials provided with the
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * distribution.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * 3. All advertising materials mentioning features or use of this
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * software must display the following acknowledgment:
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * "This product includes software developed by the Apache Group
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * for use in the Apache HTTP server project (http://www.apache.org/)."
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * 4. The names "Apache Server" and "Apache Group" must not be used to
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * endorse or promote products derived from this software without
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * prior written permission. For written permission, please contact
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * apache@apache.org.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * 5. Products derived from this software may not be called "Apache"
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * nor may "Apache" appear in their names without prior written
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * permission of the Apache Group.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * 6. Redistributions of any form whatsoever must retain the following
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * acknowledgment:
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * "This product includes software developed by the Apache Group
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * for use in the Apache HTTP server project (http://www.apache.org/)."
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * OF THE POSSIBILITY OF SUCH DAMAGE.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * ====================================================================
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * This software consists of voluntary contributions made by many
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * individuals on behalf of the Apache Group and was originally based
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * on public domain software written at the National Center for
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * Supercomputing Applications, University of Illinois, Urbana-Champaign.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * For more information on the Apache Group and the Apache HTTP server
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * project, please see <http://www.apache.org/>.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance#include "http_request.h" /* for sub_req_lookup_uri() */
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance#include "util_date.h" /* For parseHTTPdate() */
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * Various utility functions which are common to a whole lot of
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * script-type extensions mechanisms, and might as well be gathered
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * in one place (if only to avoid creating inter-module dependancies
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * where there don't have to be).
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance#define MALFORMED_MESSAGE "malformed header from script. Bad header="
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance#define MALFORMED_HEADER_LENGTH_TO_SHOW 30
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance/* If a request includes query info in the URL (stuff after "?"), and
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * the query info does not contain "=" (indicative of a FORM submission),
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * then this routine is called to create the argument list to be passed
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * to the CGI script. When suexec is enabled, the suexec path, user, and
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * group are the first three arguments to be passed; if not, all three
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * must be NULL. The query info is split into separate arguments, where
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * "+" is the separator between keyword arguments.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * XXXX: note that the WIN32 code uses one of the suexec strings
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * to pass an interpreter name. Remember this if changing the way they
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * are handled in create_argv.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mancestatic char **create_argv(ap_context_t *p, char *path, char *user, char *group,
a6526952d69bccd048c954eb920493a6a83e78faFelix Gabriel Mance /* count the number of keywords */
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance for (x = 0, numwords = 1; args[x]; x++) {
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance numwords = APACHE_ARG_MAX - 5; /* Truncate args to prevent overrun */
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance av = (char **) ap_palloc(p, (numwords + 5) * sizeof(char *));
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance#endif /* defined(OS2) || defined(WIN32) */
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mancestatic char *http2env(ap_context_t *a, char *w)
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance char *res = ap_pstrcat(a, "HTTP_", w, NULL);
137edd3944aacd150d60af8977de962113ead859Felix Gabriel ManceAPI_EXPORT(char **) ap_create_environment(ap_context_t *p, ap_table_t *t)
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance ap_array_header_t *env_arr = ap_table_elts(t);
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance ap_table_entry_t *elts = (ap_table_entry_t *) env_arr->elts;
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance char **env = (char **) ap_palloc(p, (env_arr->nelts + 2) * sizeof(char *));
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance env[j++] = ap_pstrcat(p, "TZ=", tz, NULL);
c41f2d65ecbf5ad9d3233a21f406a7698338a04bFelix Gabriel Mance env[j] = ap_pstrcat(p, elts[i].key, "=", elts[i].val, NULL);
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance if (!ap_isalnum(*whack) && *whack != '_') {
137edd3944aacd150d60af8977de962113ead859Felix Gabriel ManceAPI_EXPORT(void) ap_add_common_vars(request_rec *r)
1341e758a8a0785dd7063b93aed3989f13b36f2aFelix Gabriel Mance ap_array_header_t *hdrs_arr = ap_table_elts(r->headers_in);
1341e758a8a0785dd7063b93aed3989f13b36f2aFelix Gabriel Mance ap_table_entry_t *hdrs = (ap_table_entry_t *) hdrs_arr->elts;
1341e758a8a0785dd7063b93aed3989f13b36f2aFelix Gabriel Mance /* use a temporary ap_table_t which we'll overlap onto
1341e758a8a0785dd7063b93aed3989f13b36f2aFelix Gabriel Mance * r->subprocess_env later
1341e758a8a0785dd7063b93aed3989f13b36f2aFelix Gabriel Mance e = ap_make_table(r->pool, 25 + hdrs_arr->nelts);
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance /* First, add environment vars from headers... this is as per
e05e1babc9a0edf2ebd39713d5c44fd0a035d6daFelix Gabriel Mance * CGI specs, though other sorts of scripting interfaces see
c41f2d65ecbf5ad9d3233a21f406a7698338a04bFelix Gabriel Mance * the same vars...
1341e758a8a0785dd7063b93aed3989f13b36f2aFelix Gabriel Mance /* A few headers are special cased --- Authorization to prevent
1341e758a8a0785dd7063b93aed3989f13b36f2aFelix Gabriel Mance * rogue scripts from capturing passwords; content-type and -length
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance * for no particular reason.
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance if (!strcasecmp(hdrs[i].key, "Content-type")) {
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance ap_table_addn(e, "CONTENT_TYPE", hdrs[i].val);
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance else if (!strcasecmp(hdrs[i].key, "Content-length")) {
137edd3944aacd150d60af8977de962113ead859Felix Gabriel Mance ap_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
e05e1babc9a0edf2ebd39713d5c44fd0a035d6daFelix Gabriel Mance * You really don't want to disable this check, since it leaves you
e05e1babc9a0edf2ebd39713d5c44fd0a035d6daFelix Gabriel Mance * wide open to CGIs stealing passwords and people viewing them
e05e1babc9a0edf2ebd39713d5c44fd0a035d6daFelix Gabriel Mance * in the environment with "ps -e". But, if you must...
e05e1babc9a0edf2ebd39713d5c44fd0a035d6daFelix Gabriel Mance else if (!strcasecmp(hdrs[i].key, "Authorization")
6e7fe479953725884826bd38e4779229d45d3a40Felix Gabriel Mance || !strcasecmp(hdrs[i].key, "Proxy-Authorization")) {
6e7fe479953725884826bd38e4779229d45d3a40Felix Gabriel Mance ap_table_addn(e, http2env(r->pool, hdrs[i].key), hdrs[i].val);
if (host) {
if (r->user) {
if (r->ap_auth_type) {
if (rem_logname) {
if (r->prev) {
lu = 0;
lu++;
return lu;
#ifdef WIN32
NULL);
#ifdef WIN32
int (*getsfunc) (char *, int, void *),
void *getsfunc_data)
char x[MAX_STRING_LEN];
if (buffer) {
return HTTP_INTERNAL_SERVER_ERROR;
p = strlen(w);
return cond_status;
#ifdef CHARSET_EBCDIC
char *cp;
++maybeEBCDIC;
++maybeASCII;
if (!buffer) {
return HTTP_INTERNAL_SERVER_ERROR;
while (*l && ap_isspace(*l)) {
char *tmp;
char *buffer)
char *buffer)
else if (!size) {
char **av;
ap_unescape_url(w);
return av;