Sanitize local user names in the greeting page.

This commit is contained in:
default 2023-08-14 09:32:17 +02:00
parent a1d083ff27
commit 4c14a2e93c
2 changed files with 64 additions and 55 deletions

55
httpd.c
View file

@ -36,7 +36,7 @@ const char *nodeinfo_2_0_template = ""
"\"localPosts\":%d}," "\"localPosts\":%d},"
"\"openRegistrations\":false,\"metadata\":{}}"; "\"openRegistrations\":false,\"metadata\":{}}";
d_char *nodeinfo_2_0(void) xs_str *nodeinfo_2_0(void)
/* builds a nodeinfo json object */ /* builds a nodeinfo json object */
{ {
xs *users = user_list(); xs *users = user_list();
@ -47,26 +47,18 @@ d_char *nodeinfo_2_0(void)
} }
int server_get_handler(xs_dict *req, char *q_path, static xs_str *greeting_html(void)
char **body, int *b_size, char **ctype) /* processes and returns greeting.html */
/* basic server services */
{ {
int status = 0;
(void)req;
/* is it the server root? */
if (*q_path == '\0') {
/* try to open greeting.html */ /* try to open greeting.html */
xs *fn = xs_fmt("%s/greeting.html", srv_basedir); xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
FILE *f; FILE *f;
xs_str *s = NULL;
if ((f = fopen(fn, "r")) != NULL) { if ((f = fopen(fn, "r")) != NULL) {
d_char *s = xs_readall(f); s = xs_readall(f);
fclose(f); fclose(f);
status = 200;
/* replace %host% */ /* replace %host% */
s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host")); s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));
@ -79,24 +71,26 @@ int server_get_handler(xs_dict *req, char *q_path,
/* does it have a %userlist% mark? */ /* does it have a %userlist% mark? */
if (xs_str_in(s, "%userlist%") != -1) { if (xs_str_in(s, "%userlist%") != -1) {
char *host = xs_dict_get(srv_config, "host"); const char *host = xs_dict_get(srv_config, "host");
xs *list = user_list(); xs *list = user_list();
char *p, *uid; xs_list *p;
xs_str *uid;
xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n"); xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
p = list; p = list;
while (xs_list_iter(&p, &uid)) { while (xs_list_iter(&p, &uid)) {
snac snac; snac user;
if (user_open(&user, uid)) {
xs *uname = encode_html(xs_dict_get(user.config, "name"));
if (user_open(&snac, uid)) {
xs *u = xs_fmt( xs *u = xs_fmt(
"<li><a href=\"%s\">@%s@%s (%s)</a></li>\n", "<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",
snac.actor, uid, host, user.actor, uid, host, uname);
xs_dict_get(snac.config, "name"));
ul = xs_str_cat(ul, u); ul = xs_str_cat(ul, u);
user_free(&snac); user_free(&user);
} }
} }
@ -104,9 +98,24 @@ int server_get_handler(xs_dict *req, char *q_path,
s = xs_replace_i(s, "%userlist%", ul); s = xs_replace_i(s, "%userlist%", ul);
} }
*body = s;
} }
return s;
}
int server_get_handler(xs_dict *req, const char *q_path,
char **body, int *b_size, char **ctype)
/* basic server services */
{
int status = 0;
(void)req;
/* is it the server root? */
if (*q_path == '\0') {
if ((*body = greeting_html()) != NULL)
status = 200;
} }
else else
if (strcmp(q_path, "/susie.png") == 0 || strcmp(q_path, "/favicon.ico") == 0 ) { if (strcmp(q_path, "/susie.png") == 0 || strcmp(q_path, "/favicon.ico") == 0 ) {
@ -150,7 +159,7 @@ void httpd_connection(FILE *f)
xs *req; xs *req;
char *method; char *method;
int status = 0; int status = 0;
d_char *body = NULL; xs_str *body = NULL;
int b_size = 0; int b_size = 0;
char *ctype = NULL; char *ctype = NULL;
xs *headers = xs_dict_new(); xs *headers = xs_dict_new();

View file

@ -13,7 +13,7 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <stdlib.h> #include <stdlib.h>
const char *default_srv_config = "{" static const char *default_srv_config = "{"
"\"host\": \"\"," "\"host\": \"\","
"\"prefix\": \"\"," "\"prefix\": \"\","
"\"address\": \"127.0.0.1\"," "\"address\": \"127.0.0.1\","
@ -30,7 +30,7 @@ const char *default_srv_config = "{"
"\"admin_account\": \"\"" "\"admin_account\": \"\""
"}"; "}";
const char *default_css = static const char *default_css =
"body { max-width: 48em; margin: auto; line-height: 1.5; padding: 0.8em; word-wrap: break-word; }\n" "body { max-width: 48em; margin: auto; line-height: 1.5; padding: 0.8em; word-wrap: break-word; }\n"
"pre { overflow-x: scroll; }\n" "pre { overflow-x: scroll; }\n"
".snac-embedded-video, img { max-width: 100% }\n" ".snac-embedded-video, img { max-width: 100% }\n"
@ -60,7 +60,7 @@ const char *default_css =
".snac-poll-result { margin-left: auto; margin-right: auto; }\n" ".snac-poll-result { margin-left: auto; margin-right: auto; }\n"
; ;
const char *greeting_html = static const char *greeting_html =
"<!DOCTYPE html>\n" "<!DOCTYPE html>\n"
"<html><head>\n" "<html><head>\n"
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"/>\n" "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"/>\n"