1 Only in cgiwrap-4.1-fixpyrocms/: basename.c
2 diff -ru cgiwrap-4.1/cgiwrap.c cgiwrap-4.1-fixpyrocms//cgiwrap.c
3 --- cgiwrap-4.1/cgiwrap.c 2008-06-16 16:34:37.000000000 +0200
4 +++ cgiwrap-4.1-fixpyrocms//cgiwrap.c 2010-04-20 12:50:57.405649032 +0200
6 int main (int argc, char *argv[])
8 char *userStr; /* User name */
10 char *scrStr; /* Name of script */
11 char *scriptPath; /* Path to script file */
12 char *cgiBaseDir; /* Base directory for cgi scripts in user's dir */
14 /* Determine the base directory where this user's CGI scripts
17 - cgiBaseDir = GetBaseDirectory(user);
18 + //cgiBaseDir = GetBaseDirectory(user);
19 + pt_path = FetchPT();
20 + DEBUG_Str("PATH_TRANSLATED z FetchPT(): ", pt_path);
21 + cgiBaseDir = getBasedir(pt_path);
22 DEBUG_Str("Script Base Directory: ", cgiBaseDir);
23 #if defined(CONF_MULTIUSER_CGI_DIR)
24 DEBUG_Str("MultiUser Script Base Directory: ", CONF_MULTIUSER_CGI_DIR);
26 if ( !DirExists(cgiBaseDir) )
29 - MSG_Error_NoScriptDir();
30 + cgiBaseDir = GetBaseDirectory(user);
31 + DEBUG_Str("Script Base Directory2: ", cgiBaseDir);
32 + //MSG_Error_NoScriptDir();
35 /* Get the script name from the given data */
37 StringEndsWith(scriptPath, ".php") ||
38 StringEndsWith(scriptPath, ".php3") ||
39 StringEndsWith(scriptPath, ".php4") ||
40 - StringEndsWith(scriptPath, ".phtml") )
41 + StringEndsWith(scriptPath, ".php5") ||
42 + StringEndsWith(scriptPath, ".php6") ||
43 + StringEndsWith(scriptPath, ".php7") ||
44 + //StringEndsWith(scriptPath, ".htm") ||
45 + //StringEndsWith(scriptPath, ".html") ||
46 + //StringEndsWith(scriptPath, ".phtml") ||
47 + !FileMagicSaysItsPHP(scriptPath))
49 Context.interpreted_script = 1;
50 interPath = PATH_PROG_PHP;
51 diff -ru cgiwrap-4.1/fetch.c cgiwrap-4.1-fixpyrocms//fetch.c
52 --- cgiwrap-4.1/fetch.c 2008-06-16 16:34:37.000000000 +0200
53 +++ cgiwrap-4.1-fixpyrocms//fetch.c 2010-04-20 12:52:29.176664704 +0200
58 - pathInfoString = getenv("PATH_INFO");
59 + //pathInfoString = getenv("PATH_INFO");
60 + pathInfoString = getenv("PATH_TRANSLATED");
61 if ( pathInfoString ) /* use PATH_INFO */
63 if ( pathInfoString[0] != 0 )
65 - DEBUG_Msg("Trying to extract user from PATH_INFO.");
66 + //DEBUG_Msg("Trying to extract user from PATH_INFO.");
67 + DEBUG_Msg("Trying to extract user from PATH_TRANSLATED.");
69 - userStr = GetPathComponents(1, pathInfoString);
70 + userStr = GetPathComponent(1, pathInfoString);
78 +char *FetchPT(void) {
79 + return getenv("PATH_TRANSLATED");
82 char *FetchScriptString( char *basedir )
84 char *tempStr, *tempStr2;
87 DEBUG_Msg("Trying to extract script from PATH_INFO");
89 - scrStr = StripPathComponents(1,pathInfoString);
90 + scrStr = StripPathComponents(0,pathInfoString);
91 + //scrStr = getBasename(pathInfoString);
92 if ( ! strlen(scrStr) ) { scrStr = 0; }
94 DEBUG_Str("Extracted PATH_INFO", scrStr);
95 Only in cgiwrap-4.1-fixpyrocms/: fetch.c~
96 diff -ru cgiwrap-4.1/fetch.h cgiwrap-4.1-fixpyrocms//fetch.h
97 --- cgiwrap-4.1/fetch.h 2008-06-16 16:34:37.000000000 +0200
98 +++ cgiwrap-4.1-fixpyrocms//fetch.h 2010-04-20 12:49:12.749949235 +0200
101 char *FetchUserString(void);
102 char *FetchScriptString(char *basedir);
103 +char *FetchPT(void);
104 diff -ru cgiwrap-4.1/util.c cgiwrap-4.1-fixpyrocms//util.c
105 --- cgiwrap-4.1/util.c 2008-06-16 16:34:37.000000000 +0200
106 +++ cgiwrap-4.1-fixpyrocms//util.c 2010-04-20 12:54:42.331388860 +0200
108 ** Purpose: Various utility routines used by cgiwrap
112 #include "cgiwrap.h" /* Headers for all CGIwrap source files */
116 int len = strlen(string);
117 int elen = strlen(ending);
119 - if ( len >= elen && !strncmp(string + len - elen, ending, elen) )
120 + if ( len >= elen && !strncasecmp(string + len - elen, ending, elen) )
128 + * Check Mime Magic to determine if file is really a php script, Bartosz Swiatek 04.06.2009
131 +int FileMagicSaysItsPHP(char *file)
133 + magic_t magic_filed;
134 + magic_filed = magic_open(MAGIC_ERROR);
135 + magic_load(magic_filed , NULL);
136 + if(magic_filed == NULL)
138 + const char *ftype = magic_file(magic_filed , file);
139 + const char *stype = "PHP script text";
140 + int len = strlen(stype);
141 + int cmp = strncmp(ftype,stype,len);
142 + DEBUG_Str(" FileMagicSaysItsPHP ftype=", ftype );
143 + DEBUG_Str(" FileMagicSaysItsPHP stype=", stype );
144 + DEBUG_Int(" FileMagicSaysItsPHP strncmp=", cmp);
145 + magic_close(magic_filed);
150 * Check if a path is safe to use
151 * Return true if 'path' contains any whitespace or non-printables
152 * Return true if 'path' contains '../'
157 +char *GetPathComponent(int count, char *path)
164 + tmp = strdup(path);
167 + /* First skip over any leading /'s */
170 + while ( i<len && !done )
172 + if ( path[i] == '/' )
183 + /* Now, only copy a certain number of components */
187 + while ( i<len && found < count)
189 + if ( path[i] == '/' )
193 + if ( found < count )
206 * Extract all but the first 'count' components of 'path'
211 +char* getBasedir(char* path) {
216 + new_path = strdup( path );
217 + if ( new_path == NULL )
221 + last = strrchr( new_path, '/' );
222 + if ( last[1] == '\0' ) {
228 + file_name = last + 1;
233 +char* getBasename(char* path) {
238 + new_path = strdup( path );
239 + if ( new_path == NULL )
243 + last = strrchr( new_path, '/' );
244 + if ( last[1] == '\0' ) {
250 + file_name = last + 1;
256 * Set Environment Variables
257 @@ -1463,10 +1576,11 @@
259 /* check if we find old path_info (with user) in the path_translated string */
260 buf = strstr(new_pt, old_pi);
264 - /* if so, copy in what we determined pathinfo should be after stripping off user portion */
265 - if ( Context.interpreted_script ) /* for PHP we do not strip script path from PATH_TRANSLATED */
267 + /* if so, copy in what we determined pathinfo should be after stripping off user portion *
268 + if ( Context.interpreted_script ) /* for PHP we do not strip script path from PATH_TRANSLATED *
271 strcat(buf, Context.scriptRelativePath);
272 @@ -1483,7 +1597,7 @@
276 - /* we might be able to fall back to using docroot if we have it */
277 + /* we might be able to fall back to using docroot if we have it *
279 docroot = getenv("DOCUMENT_ROOT");
281 @@ -1495,6 +1609,7 @@
289 diff -ru cgiwrap-4.1/util.h cgiwrap-4.1-fixpyrocms//util.h
290 --- cgiwrap-4.1/util.h 2008-06-16 16:34:37.000000000 +0200
291 +++ cgiwrap-4.1-fixpyrocms//util.h 2010-04-20 12:49:12.753491266 +0200
293 void VerifyExecutingUser(void);
294 char *BuildScriptPath(char *basedir, char *scrStr);
295 char *GetPathComponents(int count, char *path);
296 +char *GetPathComponent(int count, char *path);
297 +char *getBasedir(char *path);
298 +char *getBasename(char *path);
299 char *StripPathComponents(int count, char *path);
300 void ChangeID ( struct passwd *user);
301 void ChangeAuxGroups(struct passwd *user);