mothra: fix unicode buffer overflow and spurious select crash, webfs: dont rewrite relative url
This commit is contained in:
parent
19d3840701
commit
4ad59914e8
4 changed files with 20 additions and 16 deletions
|
@ -225,7 +225,7 @@ void rdform(Hglob *g){
|
|||
break;
|
||||
case Tag_option:
|
||||
if(g->form==0) goto BadTag;
|
||||
f=g->form->efields;
|
||||
if((f=g->form->efields)==0) goto BadTag;
|
||||
o=emallocz(sizeof(Option), 1);
|
||||
for(op=&f->options;*op;op=&(*op)->next);
|
||||
*op=o;
|
||||
|
@ -288,6 +288,8 @@ void rdform(Hglob *g){
|
|||
* Called by rdhtml on seeing a forms-related end tag
|
||||
*/
|
||||
void endform(Hglob *g){
|
||||
Field *f;
|
||||
|
||||
switch(g->tag){
|
||||
case Tag_form:
|
||||
g->form=0;
|
||||
|
@ -295,8 +297,10 @@ void endform(Hglob *g){
|
|||
case Tag_select:
|
||||
if(g->form==0)
|
||||
htmlerror(g->name, g->lineno, "</select> not in form, ignored\n");
|
||||
else if((f=g->form->efields)==0)
|
||||
htmlerror(g->name, g->lineno, "spurious </select>\n");
|
||||
else
|
||||
pl_htmloutput(g, g->nsp, g->form->efields->name,g->form->efields);
|
||||
pl_htmloutput(g, g->nsp, f->name, f);
|
||||
break;
|
||||
case Tag_textarea:
|
||||
break;
|
||||
|
|
|
@ -1064,11 +1064,9 @@ mothon(Www *w, int on)
|
|||
t->next = nil;
|
||||
ap=mallocz(sizeof(Action), 1);
|
||||
ap->link = strdup(a->link);
|
||||
t->space += 4;
|
||||
plrtstr(&t->next, 0, 0, t->font, strdup("->"), 1, ap);
|
||||
t->next->next = x;
|
||||
} else {
|
||||
t->space -= 4;
|
||||
t->next = x->next;
|
||||
x->next = nil;
|
||||
freetext(x);
|
||||
|
|
|
@ -210,7 +210,7 @@ int pl_nextc(Hglob *g){
|
|||
int c;
|
||||
int n;
|
||||
Rune r;
|
||||
char crune[4];
|
||||
char crune[UTFmax+1];
|
||||
if(g->heof) return EOF;
|
||||
if(g->npeekc!=0) return g->peekc[--g->npeekc];
|
||||
c=pl_readc(g);
|
||||
|
@ -229,9 +229,8 @@ int pl_nextc(Hglob *g){
|
|||
}
|
||||
if(c=='>') return ETAG;
|
||||
if(c==EOF) return c;
|
||||
n=0;
|
||||
for (;;){
|
||||
crune[n++]=c;
|
||||
for (n=1; n<=sizeof(crune); n++){
|
||||
crune[n-1]=c;
|
||||
if(fullrune(crune, n)){
|
||||
chartorune(&r, crune);
|
||||
return r;
|
||||
|
@ -437,7 +436,7 @@ int pl_gettag(Hglob *g){
|
|||
return pl_getcomment(g);
|
||||
pl_putback(g, c);
|
||||
while((c=pl_nextc(g))!=ETAG && c!=EOF)
|
||||
if(tokp!=&g->token[NTOKEN-3]) tokp += lrunetochar(tokp, c);
|
||||
if(tokp < &g->token[NTOKEN-UTFmax-1]) tokp += lrunetochar(tokp, c);
|
||||
*tokp='\0';
|
||||
if(c==EOF) htmlerror(g->name, g->lineno, "EOF in tag");
|
||||
pl_tagparse(g, g->token);
|
||||
|
@ -464,12 +463,12 @@ int pl_gettoken(Hglob *g){
|
|||
default:
|
||||
tokp=g->token;
|
||||
while(c=='\t'){
|
||||
if(tokp!=&g->token[NTOKEN-3]) tokp += lrunetochar(tokp, c);
|
||||
if(tokp < &g->token[NTOKEN-UTFmax-1]) tokp += lrunetochar(tokp, c);
|
||||
c=pl_nextc(g);
|
||||
}
|
||||
while(c!='\t' && c!='\n' && c!=STAG && c!=EOF){
|
||||
if(c==ETAG) c='>';
|
||||
if(tokp!=&g->token[NTOKEN-3]) tokp += lrunetochar(tokp, c);
|
||||
if(tokp < &g->token[NTOKEN-UTFmax-1]) tokp += lrunetochar(tokp, c);
|
||||
c=pl_nextc(g);
|
||||
}
|
||||
*tokp='\0';
|
||||
|
@ -489,7 +488,7 @@ int pl_gettoken(Hglob *g){
|
|||
tokp=g->token;
|
||||
do{
|
||||
if(c==ETAG) c='>';
|
||||
if(tokp!=&g->token[NTOKEN-3]) tokp += lrunetochar(tokp, c);
|
||||
if(tokp < &g->token[NTOKEN-UTFmax-1]) tokp += lrunetochar(tokp, c);
|
||||
c=pl_nextc(g);
|
||||
}while(c!=' ' && c!='\t' && c!='\n' && c!=STAG && c!=EOF);
|
||||
*tokp='\0';
|
||||
|
@ -518,19 +517,19 @@ void plaintext(Hglob *g){
|
|||
int c;
|
||||
g->state->font=CWIDTH;
|
||||
g->state->size=NORMAL;
|
||||
elp=&line[NLINE+1];
|
||||
elp=&line[NLINE-UTFmax-1];
|
||||
lp=line;
|
||||
for(;;){
|
||||
c=pl_readc(g);
|
||||
if(c==EOF) break;
|
||||
if(c=='\n' || lp==elp){
|
||||
if(c=='\n' || lp>=elp){
|
||||
*lp='\0';
|
||||
g->linebrk=1;
|
||||
pl_htmloutput(g, 0, line, 0);
|
||||
lp=line;
|
||||
}
|
||||
if(c=='\t'){
|
||||
do *lp++=' '; while(lp!=elp && utfnlen(line, lp-line)%8!=0);
|
||||
do *lp++=' '; while(lp<elp && utfnlen(line, lp-line)%8!=0);
|
||||
}
|
||||
else if(c!='\n')
|
||||
lp += lrunetochar(lp, c);
|
||||
|
@ -580,6 +579,7 @@ void plrdhtml(char *name, int fd, Www *dst){
|
|||
Hglob g;
|
||||
int t;
|
||||
int tagerr;
|
||||
|
||||
g.state=g.stack;
|
||||
g.state->tag=Tag_html;
|
||||
g.state->font=ROMAN;
|
||||
|
|
|
@ -901,6 +901,8 @@ rewriteurl(Url *u)
|
|||
{
|
||||
char *s;
|
||||
|
||||
if(u->scheme == nil)
|
||||
return;
|
||||
if(u->schemedata)
|
||||
s = estrmanydup(u->scheme, ":", u->schemedata, nil);
|
||||
else
|
||||
|
@ -909,7 +911,7 @@ rewriteurl(Url *u)
|
|||
u->passwd ? ":" : "", u->passwd ? u->passwd : "",
|
||||
u->user ? "@" : "", u->host ? u->host : "",
|
||||
u->port ? ":" : "", u->port ? u->port : "",
|
||||
u->path,
|
||||
u->path ? u->path : "",
|
||||
u->query ? "?" : "", u->query ? u->query : "",
|
||||
u->fragment ? "#" : "", u->fragment ? u->fragment : "",
|
||||
nil);
|
||||
|
|
Loading…
Reference in a new issue