mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-22 05:15:04 +00:00
Sanitize local user names in the greeting page.
This commit is contained in:
parent
a1d083ff27
commit
4c14a2e93c
2 changed files with 64 additions and 55 deletions
113
httpd.c
113
httpd.c
|
@ -36,7 +36,7 @@ const char *nodeinfo_2_0_template = ""
|
|||
"\"localPosts\":%d},"
|
||||
"\"openRegistrations\":false,\"metadata\":{}}";
|
||||
|
||||
d_char *nodeinfo_2_0(void)
|
||||
xs_str *nodeinfo_2_0(void)
|
||||
/* builds a nodeinfo json object */
|
||||
{
|
||||
xs *users = user_list();
|
||||
|
@ -47,7 +47,64 @@ d_char *nodeinfo_2_0(void)
|
|||
}
|
||||
|
||||
|
||||
int server_get_handler(xs_dict *req, char *q_path,
|
||||
static xs_str *greeting_html(void)
|
||||
/* processes and returns greeting.html */
|
||||
{
|
||||
/* try to open greeting.html */
|
||||
xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
|
||||
FILE *f;
|
||||
xs_str *s = NULL;
|
||||
|
||||
if ((f = fopen(fn, "r")) != NULL) {
|
||||
s = xs_readall(f);
|
||||
fclose(f);
|
||||
|
||||
/* replace %host% */
|
||||
s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));
|
||||
|
||||
const char *adm_email = xs_dict_get(srv_config, "admin_email");
|
||||
if (xs_is_null(adm_email) || *adm_email == '\0')
|
||||
adm_email = "the administrator of this instance";
|
||||
|
||||
/* replace %admin_email */
|
||||
s = xs_replace_i(s, "%admin_email%", adm_email);
|
||||
|
||||
/* does it have a %userlist% mark? */
|
||||
if (xs_str_in(s, "%userlist%") != -1) {
|
||||
const char *host = xs_dict_get(srv_config, "host");
|
||||
xs *list = user_list();
|
||||
xs_list *p;
|
||||
xs_str *uid;
|
||||
xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
|
||||
|
||||
p = list;
|
||||
while (xs_list_iter(&p, &uid)) {
|
||||
snac user;
|
||||
|
||||
if (user_open(&user, uid)) {
|
||||
xs *uname = encode_html(xs_dict_get(user.config, "name"));
|
||||
|
||||
xs *u = xs_fmt(
|
||||
"<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",
|
||||
user.actor, uid, host, uname);
|
||||
|
||||
ul = xs_str_cat(ul, u);
|
||||
|
||||
user_free(&user);
|
||||
}
|
||||
}
|
||||
|
||||
ul = xs_str_cat(ul, "</ul>\n");
|
||||
|
||||
s = xs_replace_i(s, "%userlist%", ul);
|
||||
}
|
||||
}
|
||||
|
||||
return s;
|
||||
}
|
||||
|
||||
|
||||
int server_get_handler(xs_dict *req, const char *q_path,
|
||||
char **body, int *b_size, char **ctype)
|
||||
/* basic server services */
|
||||
{
|
||||
|
@ -57,56 +114,8 @@ int server_get_handler(xs_dict *req, char *q_path,
|
|||
|
||||
/* is it the server root? */
|
||||
if (*q_path == '\0') {
|
||||
/* try to open greeting.html */
|
||||
xs *fn = xs_fmt("%s/greeting.html", srv_basedir);
|
||||
FILE *f;
|
||||
|
||||
if ((f = fopen(fn, "r")) != NULL) {
|
||||
d_char *s = xs_readall(f);
|
||||
fclose(f);
|
||||
|
||||
if ((*body = greeting_html()) != NULL)
|
||||
status = 200;
|
||||
|
||||
/* replace %host% */
|
||||
s = xs_replace_i(s, "%host%", xs_dict_get(srv_config, "host"));
|
||||
|
||||
const char *adm_email = xs_dict_get(srv_config, "admin_email");
|
||||
if (xs_is_null(adm_email) || *adm_email == '\0')
|
||||
adm_email = "the administrator of this instance";
|
||||
|
||||
/* replace %admin_email */
|
||||
s = xs_replace_i(s, "%admin_email%", adm_email);
|
||||
|
||||
/* does it have a %userlist% mark? */
|
||||
if (xs_str_in(s, "%userlist%") != -1) {
|
||||
char *host = xs_dict_get(srv_config, "host");
|
||||
xs *list = user_list();
|
||||
char *p, *uid;
|
||||
xs *ul = xs_str_new("<ul class=\"snac-user-list\">\n");
|
||||
|
||||
p = list;
|
||||
while (xs_list_iter(&p, &uid)) {
|
||||
snac snac;
|
||||
|
||||
if (user_open(&snac, uid)) {
|
||||
xs *u = xs_fmt(
|
||||
"<li><a href=\"%s\">@%s@%s (%s)</a></li>\n",
|
||||
snac.actor, uid, host,
|
||||
xs_dict_get(snac.config, "name"));
|
||||
|
||||
ul = xs_str_cat(ul, u);
|
||||
|
||||
user_free(&snac);
|
||||
}
|
||||
}
|
||||
|
||||
ul = xs_str_cat(ul, "</ul>\n");
|
||||
|
||||
s = xs_replace_i(s, "%userlist%", ul);
|
||||
}
|
||||
|
||||
*body = s;
|
||||
}
|
||||
}
|
||||
else
|
||||
if (strcmp(q_path, "/susie.png") == 0 || strcmp(q_path, "/favicon.ico") == 0 ) {
|
||||
|
@ -150,7 +159,7 @@ void httpd_connection(FILE *f)
|
|||
xs *req;
|
||||
char *method;
|
||||
int status = 0;
|
||||
d_char *body = NULL;
|
||||
xs_str *body = NULL;
|
||||
int b_size = 0;
|
||||
char *ctype = NULL;
|
||||
xs *headers = xs_dict_new();
|
||||
|
|
6
utils.c
6
utils.c
|
@ -13,7 +13,7 @@
|
|||
#include <sys/stat.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
const char *default_srv_config = "{"
|
||||
static const char *default_srv_config = "{"
|
||||
"\"host\": \"\","
|
||||
"\"prefix\": \"\","
|
||||
"\"address\": \"127.0.0.1\","
|
||||
|
@ -30,7 +30,7 @@ const char *default_srv_config = "{"
|
|||
"\"admin_account\": \"\""
|
||||
"}";
|
||||
|
||||
const char *default_css =
|
||||
static const char *default_css =
|
||||
"body { max-width: 48em; margin: auto; line-height: 1.5; padding: 0.8em; word-wrap: break-word; }\n"
|
||||
"pre { overflow-x: scroll; }\n"
|
||||
".snac-embedded-video, img { max-width: 100% }\n"
|
||||
|
@ -60,7 +60,7 @@ const char *default_css =
|
|||
".snac-poll-result { margin-left: auto; margin-right: auto; }\n"
|
||||
;
|
||||
|
||||
const char *greeting_html =
|
||||
static const char *greeting_html =
|
||||
"<!DOCTYPE html>\n"
|
||||
"<html><head>\n"
|
||||
"<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"/>\n"
|
||||
|
|
Loading…
Reference in a new issue