Sanitize local user names in the greeting page.

This commit is contained in:
default 2023-08-14 09:32:17 +02:00
parent a1d083ff27
commit 4c14a2e93c
2 changed files with 64 additions and 55 deletions

113
httpd.c
View file

@ -36,7 +36,7 @@ const char *nodeinfo_2_0_template = ""
"\"localPosts\":%d}," "\"localPosts\":%d},"
"\"openRegistrations\":false,\"metadata\":{}}"; "\"openRegistrations\":false,\"metadata\":{}}";
d_char *nodeinfo_2_0(void) xs_str *nodeinfo_2_0(void)
/* builds a nodeinfo json object */ /* builds a nodeinfo json object */
{ {
xs *users = user_list(); xs *users = user_list();
@ -47,7 +47,64 @@ d_char *nodeinfo_2_0(void)
} }
int server_get_handler(xs_dict *req, char *q_path, static xs_str *greeting_html(void)
/* processes and returns greeting.html */
{
/* try to open greeting.html */
xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
FILE *f;
xs_str *s = NULL;
if ((f = fopen(fn, "r")) != NULL) {
s = xs_readall(f);
fclose(f);
/* replace %host% */
s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));
const char *adm_email = xs_dict_get(srv_config, "admin_email");
if (xs_is_null(adm_email) || *adm_email == '\0')
adm_email = "the administrator of this instance";
/* replace %admin_email */
s = xs_replace_i(s, "%admin_email%", adm_email);
/* does it have a %userlist% mark? */
if (xs_str_in(s, "%userlist%") != -1) {
const char *host = xs_dict_get(srv_config, "host");
xs *list = user_list();
xs_list *p;
xs_str *uid;
xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
p = list;
while (xs_list_iter(&p, &uid)) {
snac user;
if (user_open(&user, uid)) {
xs *uname = encode_html(xs_dict_get(user.config, "name"));
xs *u = xs_fmt(
"<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",
user.actor, uid, host, uname);
ul = xs_str_cat(ul, u);
user_free(&user);
}
}
ul = xs_str_cat(ul, "</ul>\n");
s = xs_replace_i(s, "%userlist%", ul);
}
}
return s;
}
int server_get_handler(xs_dict *req, const char *q_path,
char **body, int *b_size, char **ctype) char **body, int *b_size, char **ctype)
/* basic server services */ /* basic server services */
{ {
@ -57,56 +114,8 @@ int server_get_handler(xs_dict *req, char *q_path,
/* is it the server root? */ /* is it the server root? */
if (*q_path == '\0') { if (*q_path == '\0') {
/* try to open greeting.html */ if ((*body = greeting_html()) != NULL)
xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
FILE *f;
if ((f = fopen(fn, "r")) != NULL) {
d_char *s = xs_readall(f);
fclose(f);
status = 200; status = 200;
/* replace %host% */
s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));
const char *adm_email = xs_dict_get(srv_config, "admin_email");
if (xs_is_null(adm_email) || *adm_email == '\0')
adm_email = "the administrator of this instance";
/* replace %admin_email */
s = xs_replace_i(s, "%admin_email%", adm_email);
/* does it have a %userlist% mark? */
if (xs_str_in(s, "%userlist%") != -1) {
char *host = xs_dict_get(srv_config, "host");
xs *list = user_list();
char *p, *uid;
xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
p = list;
while (xs_list_iter(&p, &uid)) {
snac snac;
if (user_open(&snac, uid)) {
xs *u = xs_fmt(
"<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",
snac.actor, uid, host,
xs_dict_get(snac.config, "name"));
ul = xs_str_cat(ul, u);
user_free(&snac);
}
}
ul = xs_str_cat(ul, "</ul>\n");
s = xs_replace_i(s, "%userlist%", ul);
}
*body = s;
}
} }
else else
if (strcmp(q_path, "/susie.png") == 0 || strcmp(q_path, "/favicon.ico") == 0 ) { if (strcmp(q_path, "/susie.png") == 0 || strcmp(q_path, "/favicon.ico") == 0 ) {
@ -150,7 +159,7 @@ void httpd_connection(FILE *f)
xs *req; xs *req;
char *method; char *method;
int status = 0; int status = 0;
d_char *body = NULL; xs_str *body = NULL;
int b_size = 0; int b_size = 0;
char *ctype = NULL; char *ctype = NULL;
xs *headers = xs_dict_new(); xs *headers = xs_dict_new();

View file

@ -13,7 +13,7 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <stdlib.h> #include <stdlib.h>
const char *default_srv_config = "{" static const char *default_srv_config = "{"
"\"host\": \"\"," "\"host\": \"\","
"\"prefix\": \"\"," "\"prefix\": \"\","
"\"address\": \"127.0.0.1\"," "\"address\": \"127.0.0.1\","
@ -30,7 +30,7 @@ const char *default_srv_config = "{"
"\"admin_account\": \"\"" "\"admin_account\": \"\""
"}"; "}";
const char *default_css = static const char *default_css =
"body { max-width: 48em; margin: auto; line-height: 1.5; padding: 0.8em; word-wrap: break-word; }\n" "body { max-width: 48em; margin: auto; line-height: 1.5; padding: 0.8em; word-wrap: break-word; }\n"
"pre { overflow-x: scroll; }\n" "pre { overflow-x: scroll; }\n"
".snac-embedded-video, img { max-width: 100% }\n" ".snac-embedded-video, img { max-width: 100% }\n"
@ -60,7 +60,7 @@ const char *default_css =
".snac-poll-result { margin-left: auto; margin-right: auto; }\n" ".snac-poll-result { margin-left: auto; margin-right: auto; }\n"
; ;
const char *greeting_html = static const char *greeting_html =
"<!DOCTYPE html>\n" "<!DOCTYPE html>\n"
"<html><head>\n" "<html><head>\n"
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"/>\n" "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"/>\n"