Clean up the cleaning up.

Sanitize on input. Use raw stuff internaly. Escape on output.
author: onefang 2020-05-14 10:48:05 +1000
committer: onefang 2020-05-14 10:48:05 +1000
commit: d5b036572ec5058817bf6e1e04a660407a1068a5 (patch)
tree: 3ee263cdce653afe1347c7e377e801725ac87362
parent: Remove the email from the validation page. (diff)
download: opensim-SC_OLD-d5b036572ec5058817bf6e1e04a660407a1068a5.zip
opensim-SC_OLD-d5b036572ec5058817bf6e1e04a660407a1068a5.tar.gz
opensim-SC_OLD-d5b036572ec5058817bf6e1e04a660407a1068a5.tar.bz2
opensim-SC_OLD-d5b036572ec5058817bf6e1e04a660407a1068a5.tar.xz
1 files changed, 266 insertions, 143 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 3391ad3..07477db 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -488,6 +488,8 @@ qlist_t *dbRequests;
 //          A better idea, when we spawn tmux or spawn-fcgi, capture STDERR, full log everything to that, filtered log to the tmux console (STDOUT).
 //          Then we can use STDOUT / STDIN to run the console stuff.
+// TODO - escape anything that will turn the console into garbage.
 // https://stackoverflow.com/questions/4842424/list-of-ansi-color-escape-sequences
 char *logTypes[] =
 {
@@ -633,7 +635,9 @@ int sendTmuxCmd(char *dest, char *cmd)
 void waitTmuxText(char *dest, char *text)
 {
  int i;
-  char *c = xmprintf("sleep 5; %s %s/%s capture-pane -t %s:'%s' -p | grep -E '%s' 2>&1 > /dev/null", Tcmd, scRun, Tsocket, Tconsole, dest, text);
+  // Using " for the grep pattern, coz ' might be used in a sim name.
+// TODO - should escape \ " ` in text.
+  char *c = xmprintf("sleep 5; %s %s/%s capture-pane -t %s:'%s' -p | grep -F \"%s\" 2>&1 > /dev/null", Tcmd, scRun, Tsocket, Tconsole, dest, text);
  D("Waiting for '%s'.", text);
  do
@@ -704,6 +708,25 @@ static int filterSims(struct dirtree *node)
    return 0;
 }
+// We particularly don't want \ " `
+char *cleanSimName(char *name)
+{
+  size_t l = strlen(name);
+  char *ret = xmalloc(l + 1);
+  int i, j = 0;
+  for (i = 0; i < l; i++)
+  {
+    char r = name[i];
+    if ((' ' == r) || (isalnum(r) != 0))
+      ret[j++] = r;
+  }
+  ret[j] = '\0';
+  return ret;
+}
 simList *getSims()
 {
  simList *sims = xmalloc(sizeof(simList));
@@ -2244,7 +2267,7 @@ d("  %s = %s", qstrtrim_head(key), val);
  return ret;
 }
-void santize(qhashtbl_t *tbl, bool decode)
+void santize(qhashtbl_t *tbl)
 {
  qhashtbl_obj_t obj;
@@ -2254,36 +2277,12 @@ void santize(qhashtbl_t *tbl, bool decode)
  {
    char *n = obj.name, *o = (char *) obj.data;
-    if (decode)
+    qurl_decode(o);
-      qurl_decode(o);
-//    if ((strcmp(n, "password") != 0) && (strcmp(n, "psswd") != 0))
-    {
-        // Poor mans Bobby Tables protection.
-// TODO - make this reversable, especially so these things can be used in aboutMe, and come out the other end unscathed.
-//          qurl_encode doesn't handle \, but does the rest.
-//          So that means don't qurl_decode it, and encode \\.
-//          But then I have to qurl_decode everwhere.
-        o = qstrreplace("tr", o, "'",  "_");
-        o = qstrreplace("tr", o, "\"", "_");
-        o = qstrreplace("tr", o, ";",  "_");
-        o = qstrreplace("tr", o, "(",  "_");
-        o = qstrreplace("tr", o, ")",  "_");
-    }
    tbl->putstr(tbl, n, o);
  }
  tbl->unlock(tbl);
 }
-/*
-char *unsantize(char *str)
-{
-  char *ret = qurl_decode(xstrdup(str));
-  return ret;
-}
-*/
 void outize(qgrow_t *reply, qhashtbl_t *tbl, char *label)
 {
  reply->addstrf(reply, "%s:<br>\n<pre>\n", label);
@@ -2296,43 +2295,6 @@ void outize(qgrow_t *reply, qhashtbl_t *tbl, char *label)
  reply->addstr(reply, "</pre>\n");
 }
-char *displayPrep(char *str)
-{
-  char *ret = xstrdup(str), *t;
-  qurl_decode(ret);
-  t  = qstrreplace("tn",  ret, "<", "&lt;");
-  free(ret);
-  ret = NULL;
-  if (NULL != t)
-  {
-    ret = qstrreplace("tn", t, ">", "&gt;");
-    if (NULL == ret)
-      ret = t;
-    else
-      free(t);
-  }
-  if (NULL == ret)
-    ret = xstrdup(str);
-  return ret;
-}
-char *encodeSlash(char *str)
-{
-  char *ret = xstrdup(str), *t  = qstrreplace("tn",  str, "\\", "%5c");
-  if (NULL != t)
-  {
-    free(ret);
-    ret = t;
-  }
-  return ret;
-}
 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
 enum cookieSame
 {
@@ -2476,6 +2438,89 @@ static void HTMLheader(qgrow_t *reply, char *title)
    HTMLdebug(reply);
 }
+// TODO - maybe escape non printables as well?
+char *HTMLentities[] =
+{
+  "", "", "", "", "", "", "", "", "",                                                   // NUL SOH STX ETX EOT ENQ ACK BEL BS
+  "&Tab;", "&NewLine;",
+  "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "",   // VT FF CR SO SI DLE DC1 DC2 DC3 DC4 NAK SYN ETB CAN EM SUB ESC FS GS RS US
+  " ",  // Space
+  "&excl;", "&quot;",
+  "&num;", "&dollar;",
+  "&percnt;", "&amp;",
+  "&apos;",
+  "&lpar;", "&rpar;",
+  "&ast;",
+  "&plus;",
+  "&comma;",
+  "-",
+  "&period;",
+  "&sol;",
+  "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
+  "&colon;", "&semi;",
+  "&lt;", "&equals;", "&gt;",
+  "&quest;",
+  "&commat;",
+  "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z",
+  "&lsqb;", "&bsol;", "&rsqb;",
+  "&Hat;",
+  "&lowbar;",
+  "&grave;",
+  "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z",
+  "&lcub;", "&verbar;", "&rcub;",
+  "~",
+  "",   // DEL
+  "&nbsp;"      // This is actually 160, not 128, but I hack around that.
+};
+static void HTMLescapeString(qgrow_t *reply, char *string)
+{
+  size_t l = strlen(string);
+  char *t = xmalloc(l * 10 + 1);
+  int i, j = 0;
+  boolean space = FALSE;
+  for (i = 0; i < l; i++)
+  {
+    int s = string[i];
+    // Alternate long line of spaces with space and &nbsp;.
+    if (' ' == s)
+    {
+      if (space)
+      {
+        s = 128;
+        space = FALSE;
+      }
+      else
+        space = TRUE;
+    }
+    else
+    {
+      space = FALSE;
+      if (128 == s)     // The real 128 character.
+      {
+        t[j++] = ' ';
+        continue;
+      }
+    }
+    if (128 >= s)
+    {
+      char *r = HTMLentities[s];
+      size_t m = strlen(r);
+      int k;
+      for (k = 0; k < m; k++)
+        t[j++] = r[k];
+    }
+    else
+        t[j++] = ' ';
+  }
+  t[j] = '\0';
+  reply->addstr(reply, t);
+  free(t);
+}
 static void HTMLtable(qgrow_t *reply, MYSQL *db, MYSQL_RES *result, char *caption, char *URL, char *id)
 {
  char *tbl = "";
@@ -2543,7 +2588,11 @@ static void HTMLtable(qgrow_t *reply, MYSQL *db, MYSQL_RES *result, char *captio
 static void HTMLhidden(qgrow_t *reply, char *name, char *val)
 {
  if ((NULL != val) && ("" != val))
-    reply->addstrf(reply, "      <input type=\"hidden\" name=\"%s\" value=\"%s\">\n", name, val);
+  {
+    reply->addstrf(reply, "      <input type=\"hidden\" name=\"%s\" value=\"", name);
+    HTMLescapeString(reply, val);
+    reply->addstr(reply, "\">\n");
+  }
 }
 static void HTMLform(qgrow_t *reply, char *action, char *token)
@@ -2596,7 +2645,11 @@ static void HTMLtextArea(qgrow_t *reply, char *name, char *title, int rows, int
  if ("" != wrap)
    reply->addstrf(reply, " wrap=\"%s\"", wrap);
  if ((NULL != val) && ("" != val))
-    reply->addstrf(reply, ">%s</textarea></label></p>\n", val);
+  {
+    reply->addstr(reply, ">");
+    HTMLescapeString(reply, val);
+    reply->addstr(reply, "</textarea></label></p>\n");
+  }
  else
    reply->addstrf(reply, "></textarea></label></p>\n");
 }
@@ -2605,7 +2658,11 @@ static void HTMLtext(qgrow_t *reply, char *type, char *title, char *name, char *
 {
  reply->addstrf(reply, "      <p><label>%s : <input type=\"%s\" name=\"%s\"", title, type, name);
  if ((NULL != val) && ("" != val))
-    reply->addstrf(reply, " value=\"%s\"", val);
+  {
+    reply->addstr(reply, " value=\"");
+    HTMLescapeString(reply, val);
+    reply->addstr(reply, "\"");
+  }
  if (0 < size)
    reply->addstrf(reply, " size=\"%d\"", size); 
  if (0 < max)
@@ -2653,7 +2710,11 @@ static void HTMLlist(qgrow_t *reply, char *title, qlist_t *list)
  memset((void*)&obj, 0, sizeof(obj)); // must be cleared before call
  list->lock(list);
  while (list->getnext(list, &obj, false) == true)
-    reply->addstrf(reply, "<li>%s</li>\n", (char *) obj.data);
+  {
+    reply->addstr(reply, "<li>");
+    HTMLescapeString(reply, (char *) obj.data);
+    reply->addstr(reply, "</li>\n");
+  }
  list->unlock(list);
  reply->addstr(reply, "</ul>\n");
 }
@@ -3623,61 +3684,95 @@ systemFolders sysFolders[] =
  {NULL,                -1}
 };
+boolean writeLuaDouble(reqData *Rd, int fd, char *file, char *name, double number)
+{
+  boolean ret = TRUE;
+// TODO - putting these in Lua as numbers causes lua_tolstring to barf when we read them.  Though Lua is supposed to convert between numbers and strings.
+  char *t = xmprintf("  ['%s'] = '%f',\n", name, number);       // NOTE - default precision is 6 decimal places.
+  size_t l = strlen(t);
+  if (l != writeall(fd, t, l))
+  {
+    perror_msg("Writing %s", file);
+    ret = FALSE;
+  }
+  free(t);
+  return ret;
+}
+boolean writeLuaInteger(reqData *Rd, int fd, char *file, char *name, long number)
+{
+  boolean ret = TRUE;
+// TODO - putting these in Lua as numbers causes lua_tolstring to barf when we read them.  Though Lua is supposed to convert between numbers and strings.
+  char *t = xmprintf("  ['%s'] = '%ld',\n", name, number);
+  size_t l = strlen(t);
+  if (l != writeall(fd, t, l))
+  {
+    perror_msg("Writing %s", file);
+    ret = FALSE;
+  }
+  free(t);
+  return ret;
+}
+boolean writeLuaString(reqData *Rd, int fd, char *file, char *name, char *string)
+{
+  boolean ret = TRUE;
+  if (NULL == string)
+    string = getStrH(Rd->stuff, name);
+  size_t l = strlen(string);
+  char *t0 = xmalloc(l * 2 + 1);
+  int i, j = 0;
+// TODO - maybe escape other non printables as well?
+  for (i = 0; i < l; i++)
+  {
+    // We don't need to escape [] here, coz we are using '' below.  Same applies to ", but do it anyway.
+    switch(string[i])
+    {
+      case '\n':
+      case '\\':
+      case '\'':
+      case '"':
+        t0[j++] = '\\'; break;
+    }
+    if ('\n' == string[i])
+      t0[j++] = 'n';
+    else if ('\r' == string[i])
+      ;
+    else
+      t0[j++] = string[i];
+  }
+  t0[j] = '\0';
+  char *t1 = xmprintf("  ['%s'] = '%s',\n", name, t0);
+  l = strlen(t1);
+  if (l != writeall(fd, t1, l))
+  {
+    perror_msg("Writing %s to %s", name, file);
+    ret = FALSE;
+  }
+  free(t1);
+  free(t0);
+  return ret;
+}
 static void accountWrite(reqData *Rd)
 {
  char *uuid = getStrH(Rd->database, "UserAccounts.PrincipalID"); 
  char *file = xmprintf("%s/users/%s.lua", scData, uuid);
  char *level = getStrH(Rd->database, "UserAccounts.UserLevel");
  char *link = (NULL == Rd->lnk) ? "" : Rd->lnk->hashish;
-  char *about = encodeSlash(getStrH(Rd->stuff, "aboutMe"));
+  char *tnm = "user = \n{\n";
-  char *voucher = encodeSlash(getStrH(Rd->stuff, "voucher"));
-  char *tnm = xmprintf( "user = \n"
-                        "{\n"
-                        "  ['name']='%s',\n"
-// TODO - putting these in Lua as numbers causes lua_tolstring to barf when we read them.  Though Lua is supposed to convert between numbers and strings.
-                        "  ['created']='%ld',\n"
-                        "  ['email']='%s',\n"
-                        "  ['title']='%s',\n"
-                        "  ['level']='%s',\n"
-                        "  ['flags']='%d',\n"
-                        "  ['active']='%d',\n"
-                        "  ['passwordHash']='%s',\n"
-                        "  ['passwordSalt']='%s',\n"
-                        "  ['UUID']='%s',\n"
-                        "  ['DoB']='%s',\n"
-                        "  ['agree']='%s',\n"
-                        "  ['adult']='%s',\n"
-                        "  ['aboutMe']='%s',\n"
-                        "  ['vouched']='%s',\n"
-                        "  ['voucher']='%s',\n"
-                        "  ['linky-hashish']='%s',\n"
-                        "}\n"
-                        "return user\n",
-                        getStrH(Rd->stuff, "name"),
-                        (strcmp("", getStrH(Rd->stuff, "created")) != 0) ? atol(getStrH(Rd->stuff, "created")) : (long) Rd->shs.timeStamp[1].tv_sec,
-                        getStrH(Rd->stuff, "email"),
-                        getLevel(atoi(level)),
-                        level,
-                        0,
-                        1,
-                        getStrH(Rd->stuff, "passwordHash"),
-                        getStrH(Rd->stuff, "passwordSalt"),
-                        uuid,
-                        getStrH(Rd->stuff, "DoB"),
-                        getStrH(Rd->stuff, "agree"),
-                        getStrH(Rd->stuff, "adult"),
-                        about,
-                        "off",
-                        voucher,
-                        link
-                      );
  struct stat st;
  int s = stat(file, &st);
  int fd = notstdio(xcreate_stdio(file, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR));
  size_t l = strlen(tnm);
  uuid_t binuuid;
  uuid_clear(binuuid);
@@ -3689,19 +3784,48 @@ static void accountWrite(reqData *Rd)
      I("Creating user %s.", file);
    else
      I("Updating user %s.", file);
    if (l != writeall(fd, tnm, l))
      perror_msg("Writing %s", file);
    else
    {
      char *name = Rd->stuff->getstr(Rd->stuff, "name", true);
-      char *nm = xmprintf("%s/users/%s.lua", scData, qstrreplace("tr", name, " ", "_"));
+      char *end = "}\nreturn user\n";
-      free(file);
+      if (!writeLuaString (Rd, fd, file, "name",        name))                  goto notWritten;
-      file = xmprintf("%s.lua", uuid);
+      if (!writeLuaInteger(Rd, fd, file, "created",
-      I("Symlinking %s to %s", file, nm);
+                (strcmp("", getStrH(Rd->stuff, "created")) != 0) ? atol(getStrH(Rd->stuff, "created")) : (long) Rd->shs.timeStamp[1].tv_sec))   goto notWritten;
-      if (0 != symlink(file, nm))
+      if (!writeLuaString (Rd, fd, file, "email",       NULL))                  goto notWritten;
-        perror_msg("Symlinking %s to %s", file, nm);
+      if (!writeLuaString (Rd, fd, file, "title",       getLevel(atoi(level)))) goto notWritten;
-      free(nm);  free(name);
+      if (!writeLuaString (Rd, fd, file, "level",       level))                 goto notWritten;
+      if (!writeLuaInteger(Rd, fd, file, "flags",       0))                     goto notWritten;
+      if (!writeLuaInteger(Rd, fd, file, "active",      1))                     goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "passwordHash", NULL))                 goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "passwordSalt", NULL))                 goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "UUID",        uuid))                  goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "DoB",         NULL))                  goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "agree",       NULL))                  goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "adult",       NULL))                  goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "aboutMe",     NULL))                  goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "vouched",     "off"))                 goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "voucher",     NULL))                  goto notWritten;
+      if (!writeLuaString (Rd, fd, file, "link",        link))                  goto notWritten;
+      l = strlen(end);
+      if (l != writeall(fd, end, l))
+        perror_msg("Writing %s", file);
+      else
+      {
+        char *nm = xmprintf("%s/users/%s.lua", scData, qstrreplace("tr", name, " ", "_"));
+        free(file);
+        file = xmprintf("%s.lua", uuid);
+        I("Symlinking %s to %s", file, nm);
+        if (0 != symlink(file, nm))
+          perror_msg("Symlinking %s to %s", file, nm);
+        free(nm);
+      }
+notWritten:
+      free(name);
    }
    xclose(fd);
@@ -3925,9 +4049,6 @@ T(c);
  }
  else
    W("Not writing NULL UUID user!");
-  free(tnm);
-  free(voucher);
-  free(about);
  free(file);
 }
@@ -4554,7 +4675,7 @@ static int emailValidate(reqData *Rd, inputForm *iF, inputValue *iV)
 }
 static void emailWeb(reqData *Rd, inputForm *oF, inputValue *oV)
 {
-  HTMLtext(Rd->reply, "email", oV->field->title, oV->field->name, displayPrep(getStrH(Rd->stuff, oV->field->name)), oV->field->viewLength, oV->field->maxLength, oV->field->flags & FLD_REQUIRED);
+  HTMLtext(Rd->reply, "email", oV->field->title, oV->field->name, getStrH(Rd->stuff, oV->field->name), oV->field->viewLength, oV->field->maxLength, oV->field->flags & FLD_REQUIRED);
  Rd->reply->addstrf(Rd->reply, "<p>An email will be sent from %s@%s, and it might be in your spam folder, coz these sorts of emails sometimes end up there. &nbsp; "
                    "You should add that email address to your contacts, or otherwise let it through your spam filter.</p>",
                    "grid_no_reply", Rd->Host);
@@ -4748,9 +4869,10 @@ static int voucherValidate(reqData *Rd, inputForm *oF, inputValue *oV)
  if ((0 == ret) && (NULL != voucher))
  {
-    char *t = qurl_encode(voucher, strlen(voucher));
+//    char *t = qurl_encode(voucher, strlen(voucher));
-    Rd->stuff->putstr(Rd->stuff, "voucher", t);
+//    Rd->stuff->putstr(Rd->stuff, "voucher", t);
-    free(t);
+    Rd->stuff->putstr(Rd->stuff, "voucher", voucher);
+//    free(t);
  }
  return ret;
@@ -4773,9 +4895,10 @@ static int aboutMeValidate(reqData *Rd, inputForm *oF, inputValue *oV)
  if ((0 == ret) && (NULL != about))
  {
-    char *t = qurl_encode(about, strlen(about));
+//    char *t = qurl_encode(about, strlen(about));
-    Rd->stuff->putstr(Rd->stuff, "aboutMe", t);
+//    Rd->stuff->putstr(Rd->stuff, "aboutMe", t);
-    free(t);
+    Rd->stuff->putstr(Rd->stuff, "aboutMe", about);
+//    free(t);
  }
  return ret;
@@ -4880,15 +5003,13 @@ static void accountViewWeb(reqData *Rd, inputForm *oF, inputValue *oV)
 {
  char  *name           = getStrH(Rd->database, "Lua.name"),
        *level          = getStrH(Rd->database, "UserAccounts.UserLevel"),
-        *email          = displayPrep(getStrH(Rd->database, "UserAccounts.Email")),
+        *email          = getStrH(Rd->database, "UserAccounts.Email"),
-        *voucher        = displayPrep(getStrH(Rd->database, "Lua.voucher")),
+        *voucher        = getStrH(Rd->database, "Lua.voucher"),
-        *about          = displayPrep(getStrH(Rd->database, "Lua.aboutMe"));
+        *about          = getStrH(Rd->database, "Lua.aboutMe");
  time_t crtd = atol(getStrH(Rd->database, "UserAccounts.Created"));
  accountWebHeaders(Rd, oF);
    accountWebFields(Rd, oF, oV);
-// TODO - still need to encode < > as &lt; u&gt; for email, voucher, and about.
-// TODO - dammit, qurl_decode returns the string length, and decodes the string in place.
    Rd->reply->addstrf(Rd->reply, "<p><font size='5'><span style='font-size: x-large'><b>Name :</b></span></font> %s</p>", name);
    Rd->reply->addstrf(Rd->reply, "<p><font size='5'><span style='font-size: x-large'><b>Title / level :</b></span></font> %s / %s</p>", getLevel(atoi(level)), level);
    Rd->reply->addstrf(Rd->reply, "<p><font size='5'><span style='font-size: x-large'><b>Date of birth :</b></span></font> %s</p>", getStrH(Rd->database, "Lua.DoB"));
@@ -4909,9 +5030,9 @@ static void accountEditWeb(reqData *Rd, inputForm *oF, inputValue *oV)
 {
  char  *name           = getStrH(Rd->database, "Lua.name"),
        *level          = getStrH(Rd->database, "UserAccounts.UserLevel"),
-        *email          = displayPrep(getStrH(Rd->database, "UserAccounts.Email")),
+        *email          = getStrH(Rd->database, "UserAccounts.Email"),
-        *voucher        = displayPrep(getStrH(Rd->database, "Lua.voucher")),
+        *voucher        = getStrH(Rd->database, "Lua.voucher"),
-        *about          = displayPrep(getStrH(Rd->database, "Lua.aboutMe")),
+        *about          = getStrH(Rd->database, "Lua.aboutMe"),
        *lvl            = getLevel(atoi(level));
  short lv              = atoi(level);
@@ -6748,12 +6869,12 @@ if ((strcmp("HTTP_COOKIE", ky) == 0) || (strcmp("CONTENT_LENGTH", ky) == 0) || (
 t("COOKIES");
        Rd->cookies = toknize(Rd->headers->getstr(Rd->headers, "HTTP_COOKIE", false), "=;");
-        santize(Rd->cookies, TRUE);
+        santize(Rd->cookies);
        if (strcmp("GET", Rd->Method) == 0)
        {  // In theory a POST has body fields INSTEAD of query fields.  Especially for ignoring the linky-hashish after the validation page.
 t("QUERY");
          Rd->queries = toknize(Rd->headers->getstr(Rd->headers, "QUERY_STRING", false),   "=&");
-          santize(Rd->queries, TRUE);
+          santize(Rd->queries);
        }
        else
        {
@@ -6779,7 +6900,7 @@ t("BODY");
        Length = "0";
        Rd->body = toknize(Body,   "=&");
        free(Body);
-        santize(Rd->body, TRUE);
+        santize(Rd->body);
        I("%s %s://%s%s -> %s%s", Rd->Method, Rd->Scheme, Rd->Host, Rd->RUri, webRoot, Path);
        D("Started FCGI web request ROLE = %s, body is %s bytes, pid %d.", Role, Length, getpid());
@@ -7072,10 +7193,12 @@ fcgiDone:
      if (!checkSimIsRunning(sim))
      {
+        char *nm = cleanSimName(name);
        I("%s is starting up.", name);
        memset(toybuf, 0, sizeof(toybuf));
        snprintf(toybuf, sizeof(toybuf), "%s %s/%s new-window -dn '%s' -t '%s:%d' 'cd %s/current/bin; mono OpenSim.exe -inidirectory=%s/config/%s'",
-          Tcmd, scRun, Tsocket, name, Tconsole, i + 1, scRoot, scRoot, sim);
+          Tcmd, scRun, Tsocket, nm, Tconsole, i + 1, scRoot, scRoot, sim);
        int r = system(toybuf);
        if (!WIFEXITED(r))
          E("tmux new-window command failed!");
@@ -7083,7 +7206,7 @@ fcgiDone:
        {
          memset(toybuf, 0, sizeof(toybuf));
          snprintf(toybuf, sizeof(toybuf), "INITIALIZATION COMPLETE FOR %s", name);
-          waitTmuxText(name, toybuf);
+          waitTmuxText(nm, toybuf);
          I("%s is done starting up.", name);
          la = waitLoadAverage(la, loadAverageInc, simTimeOut);
        }
author	onefang	2020-05-14 10:48:05 +1000
committer	onefang	2020-05-14 10:48:05 +1000
commit	d5b036572ec5058817bf6e1e04a660407a1068a5 (patch)
tree	3ee263cdce653afe1347c7e377e801725ac87362
parent	Remove the email from the validation page. (diff)
download	opensim-SC_OLD-d5b036572ec5058817bf6e1e04a660407a1068a5.zip opensim-SC_OLD-d5b036572ec5058817bf6e1e04a660407a1068a5.tar.gz opensim-SC_OLD-d5b036572ec5058817bf6e1e04a660407a1068a5.tar.bz2 opensim-SC_OLD-d5b036572ec5058817bf6e1e04a660407a1068a5.tar.xz