X-Git-Url: https://git.octo.it/?p=rrdtool.git;a=blobdiff_plain;f=src%2Frrd_cgi.c;h=4b7797c4b196d6b19e48d0e77f70813a61915b56;hp=d72879f023a2c4a55b03b3a42fc2067a5d50e0e2;hb=b02eace34f83a08c55830cb05bc55078153e2ba6;hpb=0c87c2676bb826f8defb40d7d45e771ecd40550c

diff --git a/src/rrd_cgi.c b/src/rrd_cgi.c
index d72879f..4b7797c 100644
--- a/src/rrd_cgi.c
+++ b/src/rrd_cgi.c
@@ -1,5 +1,5 @@
 /*****************************************************************************
- * RRDtool 1.1.x  Copyright Tobias Oetiker, 1997 - 2004
+ * RRDtool 1.2rc4  Copyright by Tobi Oetiker, 1997-2005
  *****************************************************************************
  * rrd_cgi.c  RRD Web Page Generator
  *****************************************************************************/
@@ -220,6 +220,9 @@ rrd_expand_vars(char* buffer)
 		parse(&buffer, i, "<RRD::CV::PATH", cgigetqp);
 		parse(&buffer, i, "<RRD::GETENV", rrdgetenv);	 
 		parse(&buffer, i, "<RRD::GETVAR", rrdgetvar);	 
+                parse(&buffer, i, "<RRD::TIME::LAST", printtimelast);
+                parse(&buffer, i, "<RRD::TIME::NOW", printtimenow);
+                parse(&buffer, i, "<RRD::TIME::STRFTIME", printstrftime);
 	}
 	return buffer;
 }
@@ -316,6 +319,12 @@ int main(int argc, char *argv[]) {
 	/* initialize variable heap */
 	initvar();
 
+#ifdef DEBUG_PARSER
+       /* some fake header for testing */
+       printf ("Content-Type: text/html\nContent-Length: 10000000\n\n\n");
+#endif
+
+
 	/* expand rrd directives in buffer recursivly */
 	for (i=0; buffer[i]; i++) {
 		if (buffer[i] != '<')
@@ -383,6 +392,7 @@ char* rrdsetenv(long argc, const char **args) {
 			free(xyz);
 			return stralloc("[ERROR: failed to do putenv]");
 		};
+ 	        return stralloc("");
 	}
 	return stralloc("[ERROR: setenv failed because not enough "
 		  			"arguments were defined]");
@@ -433,8 +443,12 @@ char* rrdgetenv(long argc, const char **args) {
 	if (envvar) {
 		return stralloc(envvar);
 	} else {
-		snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
-		return stralloc(buf);
+#if defined(WIN32) && !defined(__CYGWIN__) && !defined(__CYGWIN32__)
+               _snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
+#else
+                snprintf(buf, sizeof(buf), "[ERROR:_getenv_'%s'_failed", args[0]);
+#endif         
+                return stralloc(buf);
 	}
 }
 
@@ -449,7 +463,11 @@ char* rrdgetvar(long argc, const char **args) {
 	if (value) {
 		return stralloc(value);
 	} else {
-		snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#if defined(WIN32) && !defined(__CYGWIN__) && !defined(__CYGWIN32__)
+               _snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#else
+                snprintf(buf, sizeof(buf), "[ERROR:_getvar_'%s'_failed", args[0]);
+#endif
 		return stralloc(buf);
 	}
 }
@@ -527,7 +545,8 @@ char* printstrftime(long argc, const char **args){
 char* includefile(long argc, const char **args){
   char *buffer;
   if (argc >= 1) {
-      readfile(args[0], &buffer, 0);
+      char* filename = args[0];
+      readfile(filename, &buffer, 0);
       if (rrd_test_error()) {
 	  	char *err = malloc((strlen(rrd_get_error())+DS_NAM_SIZE));
 	  sprintf(err, "[ERROR: %s]",rrd_get_error());
@@ -604,55 +623,58 @@ char* cgigetq(long argc, const char **args){
    paths which came in via cgi do not go UP ... */
 
 char* cgigetqp(long argc, const char **args){
-  if (argc>= 1) {
-    char *buf = rrdstrip(cgiGetValue(cgiArg,args[0]));
-    char *buf2;
-    char *c,*d;
-    int  qc=0;
-
-    if (buf==NULL) 
-		return NULL;
-
-    for(c=buf;*c != '\0';c++) {
-    	if (*c == '"') {
-			qc++;
-		}
-	}
-
-    if ((buf2 = malloc((strlen(buf) + 4 * qc + 4))) == NULL) {
-		perror("Malloc Buffer");
-		exit(1);
+       char* buf;
+    char* buf2;
+    char* p;
+        char* d;
+
+        if (argc < 1)
+        {
+                return stralloc("[ERROR: not enough arguments for RRD::CV::PATH]");
+        }
+
+        buf = rrdstrip(cgiGetValue(cgiArg, args[0]));
+    if (!buf)
+        {
+                return NULL;
+        }
+
+        buf2 = malloc(strlen(buf)+1);
+    if (!buf2)
+        {
+                perror("cgigetqp(): Malloc Path Buffer");
+                exit(1);
     };
 
-    c=buf;
-    d=buf2;
-
-    *(d++) = '"';
-    while (*c != '\0') {
-		if (*c == '"') {
-			*(d++) = '"';
-			*(d++) = '\'';
-			*(d++) = '"';
-			*(d++) = '\'';
-		}
-		if(*c == '/') {
-			*(d++) = '_';
-			c++;
-		} else {
-			if (*c=='.' && *(c+1) == '.') {
-				c += 2;
-				*(d++) = '_'; *(d++) ='_';	
-			} else {
-				*(d++) = *(c++);
-			}
-		}
+    p = buf;
+    d = buf2;
+
+    while (*p)
+        {
+                /* prevent mallicious paths from entering the system */
+                if (p[0] == '.' && p[1] == '.')
+                {
+                        p += 2;
+                        *d++ = '_';
+                        *d++ = '_';     
+                }
+                else
+                {
+                        *d++ = *p++;
+                }
     }
-    *(d++) = '"';
-    *(d) = '\0';
+
+    *d = 0;
     free(buf);
+
+    /* Make sure the path is relative, e.g. does not start with '/' */
+    p = buf2;
+    while ('/' == *p)
+        {
+            *p++ = '_';
+    }
+
     return buf2;
-  }
-  return stralloc("[ERROR: not enough arguments for RRD::CV::PATH]");
 }
 
 
@@ -667,6 +689,7 @@ char* cgiget(long argc, const char **args){
 
 char* drawgraph(long argc, char **args){
   int i,xsize, ysize;
+  double ymin,ymax;
   for(i=0;i<argc;i++)
     if(strcmp(args[i],"--imginfo")==0 || strcmp(args[i],"-g")==0) break;
   if(i==argc) {
@@ -676,7 +699,7 @@ char* drawgraph(long argc, char **args){
   optind=0; /* reset gnu getopt */
   opterr=0; /* reset gnu getopt */
   calfree();
-  if( rrd_graph(argc+1, args-1, &calcpr, &xsize, &ysize,NULL) != -1 ) {
+  if( rrd_graph(argc+1, args-1, &calcpr, &xsize, &ysize,NULL,&ymin,&ymax) != -1 ) {
     return stralloc(calcpr[0]);
   } else {
     if (rrd_test_error()) {
@@ -816,7 +839,7 @@ scanargs(char *line, int *argument_count, char ***arguments)
 		{
 		case ' ': 
 			if (Quote || tagcount) {
-				/* copy quoted/tagged string */
+				/* copy quoted/tagged (=RRD expanded) string */
 				*putP++ = c;
 			}
 			else if (in_arg)
@@ -842,7 +865,7 @@ scanargs(char *line, int *argument_count, char ***arguments)
 				}
 			} else {
 				if (!in_arg) {
-					/* reference argument string in argument array */
+					/* reference start of argument string in argument array */
 					argv[argc++] = putP;
 					in_arg=1;
 				}
@@ -851,7 +874,6 @@ scanargs(char *line, int *argument_count, char ***arguments)
 			break;
 
 		default:
-			if (!Quote) {
 				if (!in_arg) {
 					/* start new argument */
 					argv[argc++] = putP;
@@ -868,7 +890,6 @@ scanargs(char *line, int *argument_count, char ***arguments)
 						curarg_contains_rrd_directives = 1;
 					}
 				}
-			}
 			*putP++ = c;
 			break;
 		}