mothra: fix unicode buffer overflow and spurious select crash, webfs: dont rewrite relative url

This commit is contained in:
cinap_lenrek 2011-10-10 19:54:15 +02:00
parent 19d3840701
commit 4ad59914e8
4 changed files with 20 additions and 16 deletions

View file

@ -225,7 +225,7 @@ void rdform(Hglob *g){
break;
case Tag_option:
if(g->form==0) goto BadTag;
f=g->form->efields;
if((f=g->form->efields)==0) goto BadTag;
o=emallocz(sizeof(Option), 1);
for(op=&f->options;*op;op=&(*op)->next);
*op=o;
@ -288,6 +288,8 @@ void rdform(Hglob *g){
* Called by rdhtml on seeing a forms-related end tag
*/
void endform(Hglob *g){
Field *f;
switch(g->tag){
case Tag_form:
g->form=0;
@ -295,8 +297,10 @@ void endform(Hglob *g){
case Tag_select:
if(g->form==0)
htmlerror(g->name, g->lineno, "</select> not in form, ignored\n");
else if((f=g->form->efields)==0)
htmlerror(g->name, g->lineno, "spurious </select>\n");
else
pl_htmloutput(g, g->nsp, g->form->efields->name,g->form->efields);
pl_htmloutput(g, g->nsp, f->name, f);
break;
case Tag_textarea:
break;

View file

@ -1064,11 +1064,9 @@ mothon(Www *w, int on)
t->next = nil;
ap=mallocz(sizeof(Action), 1);
ap->link = strdup(a->link);
t->space += 4;
plrtstr(&t->next, 0, 0, t->font, strdup("->"), 1, ap);
t->next->next = x;
} else {
t->space -= 4;
t->next = x->next;
x->next = nil;
freetext(x);

View file

@ -210,7 +210,7 @@ int pl_nextc(Hglob *g){
int c;
int n;
Rune r;
char crune[4];
char crune[UTFmax+1];
if(g->heof) return EOF;
if(g->npeekc!=0) return g->peekc[--g->npeekc];
c=pl_readc(g);
@ -229,9 +229,8 @@ int pl_nextc(Hglob *g){
}
if(c=='>') return ETAG;
if(c==EOF) return c;
n=0;
for (;;){
crune[n++]=c;
for (n=1; n<=sizeof(crune); n++){
crune[n-1]=c;
if(fullrune(crune, n)){
chartorune(&r, crune);
return r;
@ -437,7 +436,7 @@ int pl_gettag(Hglob *g){
return pl_getcomment(g);
pl_putback(g, c);
while((c=pl_nextc(g))!=ETAG && c!=EOF)
if(tokp!=&g->token[NTOKEN-3]) tokp += lrunetochar(tokp, c);
if(tokp < &g->token[NTOKEN-UTFmax-1]) tokp += lrunetochar(tokp, c);
*tokp='\0';
if(c==EOF) htmlerror(g->name, g->lineno, "EOF in tag");
pl_tagparse(g, g->token);
@ -464,12 +463,12 @@ int pl_gettoken(Hglob *g){
default:
tokp=g->token;
while(c=='\t'){
if(tokp!=&g->token[NTOKEN-3]) tokp += lrunetochar(tokp, c);
if(tokp < &g->token[NTOKEN-UTFmax-1]) tokp += lrunetochar(tokp, c);
c=pl_nextc(g);
}
while(c!='\t' && c!='\n' && c!=STAG && c!=EOF){
if(c==ETAG) c='>';
if(tokp!=&g->token[NTOKEN-3]) tokp += lrunetochar(tokp, c);
if(tokp < &g->token[NTOKEN-UTFmax-1]) tokp += lrunetochar(tokp, c);
c=pl_nextc(g);
}
*tokp='\0';
@ -489,7 +488,7 @@ int pl_gettoken(Hglob *g){
tokp=g->token;
do{
if(c==ETAG) c='>';
if(tokp!=&g->token[NTOKEN-3]) tokp += lrunetochar(tokp, c);
if(tokp < &g->token[NTOKEN-UTFmax-1]) tokp += lrunetochar(tokp, c);
c=pl_nextc(g);
}while(c!=' ' && c!='\t' && c!='\n' && c!=STAG && c!=EOF);
*tokp='\0';
@ -518,19 +517,19 @@ void plaintext(Hglob *g){
int c;
g->state->font=CWIDTH;
g->state->size=NORMAL;
elp=&line[NLINE+1];
elp=&line[NLINE-UTFmax-1];
lp=line;
for(;;){
c=pl_readc(g);
if(c==EOF) break;
if(c=='\n' || lp==elp){
if(c=='\n' || lp>=elp){
*lp='\0';
g->linebrk=1;
pl_htmloutput(g, 0, line, 0);
lp=line;
}
if(c=='\t'){
do *lp++=' '; while(lp!=elp && utfnlen(line, lp-line)%8!=0);
do *lp++=' '; while(lp<elp && utfnlen(line, lp-line)%8!=0);
}
else if(c!='\n')
lp += lrunetochar(lp, c);
@ -580,6 +579,7 @@ void plrdhtml(char *name, int fd, Www *dst){
Hglob g;
int t;
int tagerr;
g.state=g.stack;
g.state->tag=Tag_html;
g.state->font=ROMAN;

View file

@ -901,6 +901,8 @@ rewriteurl(Url *u)
{
char *s;
if(u->scheme == nil)
return;
if(u->schemedata)
s = estrmanydup(u->scheme, ":", u->schemedata, nil);
else
@ -909,7 +911,7 @@ rewriteurl(Url *u)
u->passwd ? ":" : "", u->passwd ? u->passwd : "",
u->user ? "@" : "", u->host ? u->host : "",
u->port ? ":" : "", u->port ? u->port : "",
u->path,
u->path ? u->path : "",
u->query ? "?" : "", u->query ? u->query : "",
u->fragment ? "#" : "", u->fragment ? u->fragment : "",
nil);