[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
[0659]
[0660]
[0661]
[0662]
[0663]
[0664]
[0665]
[0666]
[0667]
[0668]
[0669]
[0670]
[0671]
[0672]
[0673]
[0674]
[0675]
[0676]
[0677]
[0678]
[0679]
[0680]
[0681]
[0682]
[0683]
[0684]
[0685]
[0686]
[0687]
[0688]
[0689]
[0690]
[0691]
[0692]
[0693]
[0694]
[0695]
[0696]
[0697]
[0698]
[0699]
[0700]
[0701]
[0702]
[0703]
[0704]
[0705]
[0706]
[0707]
[0708]
[0709]
[0710]
[0711]
[0712]
[0713]
[0714]
[0715]
[0716]
[0717]
[0718]
[0719]
[0720]
[0721]
[0722]
[0723]
[0724]
[0725]
[0726]
[0727]
[0728]
[0729]
[0730]
[0731]
[0732]
[0733]
[0734]
[0735]
[0736]
[0737]
[0738]
[0739]
[0740]
[0741]
[0742]
[0743]
[0744]
[0745]
[0746]
[0747]
[0748]
[0749]
[0750]
[0751]
[0752]
[0753]
[0754]
[0755]
[0756]
[0757]
[0758]
[0759]
[0760]
[0761]
[0762]
[0763]
[0764]
[0765]
[0766]
[0767]
[0768]
[0769]
[0770]
[0771]
[0772]
[0773]
[0774]
[0775]
[0776]
[0777]
[0778]
[0779]
[0780]
[0781]
[0782]
[0783]
[0784]
[0785]
[0786]
[0787]
[0788]
[0789]
[0790]
[0791]
[0792]
[0793]
[0794]
[0795]
[0796]
[0797]
[0798]
[0799]
[0800]
[0801]
[0802]
[0803]
[0804]
[0805]
[0806]
[0807]
[0808]
[0809]
[0810]
[0811]
[0812]
[0813]
[0814]
[0815]
[0816]
[0817]
[0818]
[0819]
[0820]
[0821]
[0822]
[0823]
[0824]
[0825]
[0826]
[0827]
[0828]
[0829]
[0830]
[0831]
[0832]
[0833]
[0834]
[0835]
[0836]
[0837]
[0838]
[0839]
[0840]
[0841]
[0842]
[0843]
[0844]
[0845]
[0846]
[0847]
[0848]
[0849]
[0850]
[0851]
[0852]
[0853]
[0854]
[0855]
[0856]
[0857]
[0858]
[0859]
[0860]
[0861]
[0862]
[0863]
[0864]
[0865]
[0866]
[0867]
[0868]
[0869]
[0870]
[0871]
[0872]
[0873]
[0874]
[0875]
[0876]
[0877]
[0878]
[0879]
[0880]
[0881]
[0882]
[0883]
[0884]
[0885]
[0886]
[0887]
[0888]
[0889]
[0890]
[0891]
[0892]
[0893]
[0894]
[0895]
[0896]
[0897]
[0898]
[0899]
[0900]
[0901]
[0902]
[0903]
[0904]
[0905]
[0906]
[0907]
[0908]
[0909]
[0910]
[0911]
[0912]
[0913]
[0914]
[0915]
[0916]
[0917]
[0918]
[0919]
[0920]
[0921]
[0922]
[0923]
[0924]
[0925]
[0926]
[0927]
[0928]
[0929]
[0930]
[0931]
[0932]
[0933]
[0934]
[0935]
[0936]
[0937]
[0938]
[0939]
[0940]
[0941]
[0942]
[0943]
[0944]
[0945]
[0946]
[0947]
[0948]
[0949]
[0950]
[0951]
[0952]
[0953]
[0954]
[0955]
[0956]
[0957]
[0958]
[0959]
[0960]
[0961]
[0962]
[0963]
[0964]
[0965]
[0966]
[0967]
[0968]
[0969]
[0970]
[0971]
[0972]
[0973]
[0974]
[0975]
[0976]
[0977]
[0978]
[0979]
[0980]
[0981]
[0982]
[0983]
[0984]
[0985]
[0986]
[0987]
[0988]
[0989]
[0990]
[0991]
[0992]
[0993]
[0994]
[0995]
[0996]
[0997]
[0998]
[0999]
[1000]
[1001]
[1002]
[1003]
[1004]
[1005]
[1006]
[1007]
[1008]
[1009]
[1010]
[1011]
[1012]
[1013]
[1014]
[1015]
[1016]
[1017]
[1018]
[1019]
[1020]
[1021]
[1022]
[1023]
[1024]
[1025]
[1026]
[1027]
[1028]
[1029]
[1030]
[1031]
[1032]
[1033]
[1034]
[1035]
[1036]
[1037]
[1038]
[1039]
[1040]
[1041]
[1042]
[1043]
[1044]
[1045]
[1046]
[1047]
[1048]
[1049]
[1050]
[1051]
[1052]
[1053]
[1054]
[1055]
[1056]
[1057]
[1058]
[1059]
[1060]
[1061]
[1062]
[1063]
[1064]
[1065]
[1066]
[1067]
[1068]
[1069]
[1070]
[1071]
[1072]
[1073]
[1074]
[1075]
[1076]
[1077]
[1078]
[1079]
[1080]
[1081]
[1082]
[1083]
[1084]
[1085]
[1086]
[1087]
[1088]
[1089]
[1090]
[1091]
[1092]
[1093]
[1094]
[1095]
[1096]
[1097]
[1098]
[1099]
[1100]
[1101]
[1102]
[1103]
[1104]
[1105]
[1106]
[1107]
[1108]
[1109]
[1110]
[1111]
[1112]
[1113]
[1114]
[1115]
[1116]
[1117]
[1118]
[1119]
[1120]
[1121]
[1122]
[1123]
[1124]
[1125]
[1126]
[1127]
[1128]
[1129]
[1130]
[1131]
[1132]
[1133]
[1134]
[1135]
[1136]
[1137]
[1138]
[1139]
[1140]
[1141]
[1142]
[1143]
[1144]
[1145]
[1146]
[1147]
[1148]
[1149]
[1150]
[1151]
[1152]
[1153]
[1154]
[1155]
[1156]
[1157]
[1158]
[1159]
[1160]
[1161]
[1162]
[1163]
[1164]
[1165]
[1166]
[1167]
[1168]
[1169]
[1170]
[1171]
[1172]
[1173]
[1174]
[1175]
[1176]
[1177]
[1178]
[1179]
[1180]
[1181]
[1182]
[1183]
[1184]
[1185]
[1186]
[1187]
[1188]
[1189]
[1190]
[1191]
[1192]
[1193]
[1194]
[1195]
[1196]
[1197]
[1198]
[1199]
[1200]
[1201]
[1202]
[1203]
[1204]
[1205]
[1206]
[1207]
[1208]
[1209]
[1210]
[1211]
[1212]
[1213]
[1214]
[1215]
[1216]
[1217]
[1218]
[1219]
[1220]
[1221]
[1222]
[1223]
[1224]
[1225]
[1226]
[1227]
[1228]
[1229]
[1230]
[1231]
[1232]
[1233]
[1234]
[1235]
[1236]
[1237]
[1238]
[1239]
[1240]
[1241]
[1242]
[1243]
[1244]
[1245]
[1246]
[1247]
[1248]
[1249]
[1250]
[1251]
[1252]
[1253]
[1254]
[1255]
[1256]
[1257]
[1258]
[1259]
[1260]
[1261]
[1262]
[1263]
[1264]
[1265]
[1266]
[1267]
[1268]
[1269]
[1270]
[1271]
[1272]
[1273]
[1274]
[1275]
[1276]
[1277]
[1278]
[1279]
[1280]
[1281]
[1282]
[1283]
[1284]
[1285]
[1286]
[1287]
[1288]
[1289]
[1290]
[1291]
[1292]
[1293]
[1294]
[1295]
[1296]
[1297]
[1298]
[1299]
[1300]
[1301]
[1302]
[1303]
[1304]
[1305]
[1306]
[1307]
[1308]
[1309]
[1310]
[1311]
[1312]
[1313]
[1314]
[1315]
[1316]
[1317]
[1318]
[1319]
[1320]
[1321]
[1322]
[1323]
[1324]
[1325]
[1326]
[1327]
[1328]
[1329]
[1330]
[1331]
[1332]
[1333]
[1334]
[1335]
[1336]
[1337]
[1338]
[1339]
[1340]
[1341]
[1342]
[1343]
[1344]
[1345]
[1346]
[1347]
[1348]
[1349]
[1350]
[1351]
[1352]
[1353]
[1354]
[1355]
[1356]
[1357]
[1358]
[1359]
[1360]
[1361]
[1362]
[1363]
[1364]
[1365]
[1366]
[1367]
[1368]
[1369]
[1370]
[1371]
[1372]
[1373]
[1374]
[1375]
[1376]
[1377]
[1378]
[1379]
[1380]
[1381]
[1382]
[1383]
[1384]
[1385]
[1386]
[1387]
[1388]
[1389]
[1390]
[1391]
[1392]
[1393]
[1394]
[1395]
[1396]
[1397]
[1398]
[1399]
[1400]
[1401]
[1402]
[1403]
[1404]
[1405]
[1406]
[1407]
[1408]
[1409]
[1410]
[1411]
[1412]
[1413]
[1414]
[1415]
[1416]
[1417]
[1418]
[1419]
[1420]
[1421]
[1422]
[1423]
[1424]
[1425]
[1426]
[1427]
[1428]
[1429]
[1430]
[1431]
[1432]
[1433]
[1434]
[1435]
[1436]
[1437]
[1438]
[1439]
[1440]
[1441]
[1442]
[1443]
[1444]
[1445]
[1446]
[1447]
[1448]
[1449]
[1450]
[1451]
[1452]
[1453]
[1454]
[1455]
[1456]
[1457]
[1458]
[1459]
[1460]
[1461]
[1462]
[1463]
[1464]
[1465]
[1466]
[1467]
[1468]
[1469]
[1470]
[1471]
[1472]
[1473]
[1474]
[1475]
[1476]
[1477]
[1478]
[1479]
[1480]
[1481]
[1482]
[1483]
[1484]
[1485]
[1486]
[1487]
[1488]
[1489]
[1490]
[1491]
[1492]
[1493]
[1494]
[1495]
[1496]
[1497]
[1498]
[1499]
[1500]
[1501]
[1502]
[1503]
[1504]
[1505]
[1506]
[1507]
[1508]
[1509]
[1510]
[1511]
[1512]
[1513]
[1514]
[1515]
[1516]
[1517]
[1518]
[1519]
[1520]
[1521]
[1522]
[1523]
[1524]
[1525]
[1526]
[1527]
[1528]
[1529]
[1530]
[1531]
[1532]
[1533]
[1534]
[1535]
[1536]
[1537]
[1538]
[1539]
[1540]
[1541]
[1542]
[1543]
[1544]
[1545]
[1546]
[1547]
[1548]
[1549]
[1550]
[1551]
[1552]
[1553]
[1554]
[1555]
[1556]
[1557]
[1558]
[1559]
[1560]
[1561]
[1562]
[1563]
[1564]
[1565]
[1566]
[1567]
[1568]
[1569]
[1570]
[1571]
[1572]
[1573]
[1574]
[1575]
[1576]
[1577]
[1578]
[1579]
[1580]
[1581]
[1582]
[1583]
[1584]
[1585]
[1586]
[1587]
[1588]
[1589]
[1590]
[1591]
[1592]
[1593]
[1594]
[1595]
[1596]
[1597]
[1598]
[1599]
[1600]
[1601]
[1602]
[1603]
[1604]
[1605]
[1606]
[1607]
[1608]
[1609]
[1610]
[1611]
[1612]
[1613]
[1614]
[1615]
[1616]
[1617]
[1618]
[1619]
[1620]
[1621]
[1622]
[1623]
[1624]
[1625]
[1626]
[1627]
[1628]
[1629]
[1630]
[1631]
[1632]
[1633]
[1634]
[1635]
[1636]
[1637]
[1638]
[1639]
[1640]
[1641]
[1642]
[1643]
[1644]
[1645]
[1646]
[1647]
[1648]
[1649]
[1650]
[1651]
[1652]
[1653]
[1654]
[1655]
[1656]
[1657]
[1658]
[1659]
[1660]
[1661]
[1662]
[1663]
[1664]
[1665]
[1666]
[1667]
[1668]
[1669]
[1670]
[1671]
[1672]
[1673]
[1674]
[1675]
[1676]
[1677]
[1678]
[1679]
[1680]
[1681]
[1682]
[1683]
[1684]
[1685]
[1686]
[1687]
[1688]
[1689]
[1690]
[1691]
[1692]
[1693]
[1694]
[1695]
[1696]
[1697]
[1698]
[1699]
[1700]
[1701]
[1702]
[1703]
[1704]
[1705]
[1706]
[1707]
[1708]
[1709]
[1710]
[1711]
[1712]
[1713]
[1714]
[1715]
[1716]
[1717]
[1718]
[1719]
[1720]
[1721]
[1722]
[1723]
[1724]
[1725]
[1726]
[1727]
[1728]
[1729]
[1730]
[1731]
[1732]
[1733]
[1734]
[1735]
[1736]
[1737]
[1738]
[1739]
[1740]
[1741]
[1742]
[1743]
[1744]
[1745]
[1746]
[1747]
[1748]
[1749]
[1750]
[1751]
[1752]
[1753]
[1754]
[1755]
[1756]
[1757]
[1758]
[1759]
[1760]
[1761]
[1762]
[1763]
[1764]
[1765]
[1766]
[1767]
[1768]
[1769]
[1770]
[1771]
[1772]
[1773]
[1774]
[1775]
[1776]
[1777]
[1778]
[1779]
[1780]
[1781]
[1782]
[1783]
[1784]
[1785]
[1786]
[1787]
[1788]
[1789]
[1790]
[1791]
[1792]
[1793]
[1794]
[1795]
[1796]
[1797]
[1798]
[1799]
[1800]
[1801]
[1802]
[1803]
[1804]
[1805]
[1806]
[1807]
[1808]
[1809]
[1810]
[1811]
[1812]
[1813]
[1814]
[1815]
[1816]
[1817]
[1818]
[1819]
[1820]
[1821]
[1822]
[1823]
[1824]
[1825]
[1826]
[1827]
[1828]
[1829]
[1830]
[1831]
[1832]
[1833]
[1834]
[1835]
[1836]
[1837]
[1838]
[1839]
[1840]
[1841]
[1842]
[1843]
[1844]
[1845]
[1846]
[1847]
[1848]
[1849]
[1850]
[1851]
[1852]
[1853]
[1854]
[1855]
[1856]
[1857]
[1858]
[1859]
[1860]
[1861]
[1862]
[1863]
[1864]
[1865]
[1866]
[1867]
[1868]
[1869]
[1870]
[1871]
[1872]
[1873]
[1874]
[1875]
[1876]
[1877]
[1878]
[1879]
[1880]
[1881]
[1882]
[1883]
[1884]
[1885]
[1886]
[1887]
[1888]
[1889]
[1890]
[1891]
[1892]
[1893]
[1894]
[1895]
[1896]
[1897]
[1898]
[1899]
[1900]
[1901]
[1902]
[1903]
[1904]
[1905]
[1906]
[1907]
[1908]
[1909]
[1910]
[1911]
[1912]
[1913]
[1914]
[1915]
[1916]
[1917]
[1918]
[1919]
[1920]
[1921]
[1922]
[1923]
[1924]
[1925]
[1926]
[1927]
[1928]
[1929]
[1930]
[1931]
[1932]
[1933]
[1934]
[1935]
[1936]
[1937]
[1938]
[1939]
[1940]
[1941]
[1942]
[1943]
[1944]
[1945]
[1946]
[1947]
[1948]
[1949]
[1950]
[1951]
[1952]
[1953]
[1954]
[1955]
[1956]
[1957]
[1958]
[1959]
[1960]
[1961]
[1962]
[1963]
[1964]
[1965]
[1966]
[1967]
[1968]
[1969]
[1970]
[1971]
[1972]
[1973]
[1974]
[1975]
[1976]
[1977]
[1978]
[1979]
[1980]
[1981]
[1982]
[1983]
[1984]
[1985]
[1986]
[1987]
[1988]
[1989]
[1990]
[1991]
[1992]
[1993]
[1994]
[1995]
[1996]
[1997]
[1998]
[1999]
[2000]
[2001]
[2002]
[2003]
[2004]
[2005]
[2006]
[2007]
[2008]
[2009]
[2010]
[2011]
[2012]
[2013]
[2014]
[2015]
[2016]
[2017]
[2018]
[2019]
[2020]
[2021]
[2022]
[2023]
[2024]
[2025]
[2026]
[2027]
[2028]
[2029]
[2030]
[2031]
[2032]
[2033]
[2034]
[2035]
[2036]
[2037]
[2038]
[2039]
[2040]
[2041]
[2042]
[2043]
[2044]
[2045]
[2046]
[2047]
[2048]
[2049]
[2050]
[2051]
[2052]
[2053]
[2054]
[2055]
[2056]
[2057]
[2058]
[2059]
[2060]
[2061]
[2062]
[2063]
[2064]
[2065]
[2066]
[2067]
[2068]
[2069]
[2070]
[2071]
[2072]
[2073]
[2074]
[2075]
[2076]
[2077]
[2078]
[2079]
[2080]
[2081]
[2082]
[2083]
[2084]
[2085]
[2086]
[2087]
[2088]
[2089]
[2090]
[2091]
[2092]
[2093]
[2094]
[2095]
[2096]
[2097]
[2098]
[2099]
[2100]
[2101]
[2102]
[2103]
[2104]
[2105]
[2106]
[2107]
[2108]
[2109]
[2110]
[2111]
[2112]
[2113]
[2114]
[2115]
[2116]
[2117]
[2118]
[2119]
[2120]
[2121]
[2122]
[2123]
[2124]
[2125]
[2126]
[2127]
[2128]
[2129]
[2130]
[2131]
[2132]
[2133]
[2134]
[2135]
[2136]
[2137]
[2138]
[2139]
[2140]
[2141]
[2142]
[2143]
[2144]
[2145]
[2146]
[2147]
[2148]
[2149]
[2150]
[2151]
[2152]
[2153]
[2154]
[2155]
[2156]
[2157]
[2158]
[2159]
[2160]
[2161]
[2162]
[2163]
[2164]
[2165]
[2166]
[2167]
[2168]
[2169]
[2170]
[2171]
[2172]
[2173]
[2174]
[2175]
[2176]
[2177]
[2178]
[2179]
[2180]
[2181]
[2182]
[2183]
[2184]
[2185]
[2186]
[2187]
[2188]
[2189]
[2190]
[2191]
[2192]
[2193]
[2194]
[2195]
[2196]
[2197]
[2198]
[2199]
[2200]
[2201]
[2202]
[2203]
[2204]
[2205]
[2206]
[2207]
[2208]
[2209]
[2210]
[2211]
[2212]
[2213]
[2214]
[2215]
[2216]
[2217]
[2218]
[2219]
[2220]
[2221]
[2222]
[2223]
[2224]
[2225]
[2226]
[2227]
[2228]
[2229]
[2230]
[2231]
[2232]
[2233]
[2234]
[2235]
[2236]
[2237]
[2238]
[2239]
[2240]
[2241]
[2242]
[2243]
[2244]
[2245]
[2246]
[2247]
[2248]
[2249]
[2250]
[2251]
[2252]
[2253]
[2254]
[2255]
[2256]
[2257]
[2258]
[2259]
[2260]
[2261]
[2262]
[2263]
[2264]
[2265]
[2266]
[2267]
[2268]
[2269]
[2270]
[2271]
[2272]
[2273]
[2274]
[2275]
[2276]
[2277]
[2278]
[2279]
[2280]
[2281]
[2282]
[2283]
[2284]
[2285]
[2286]
[2287]
[2288]
[2289]
[2290]
[2291]
[2292]
[2293]
[2294]
[2295]
[2296]
[2297]
[2298]
[2299]
[2300]
[2301]
[2302]
[2303]
[2304]
[2305]
[2306]
[2307]
[2308]
[2309]
[2310]
[2311]
[2312]
[2313]
[2314]
[2315]
[2316]
[2317]
[2318]
[2319]
[2320]
[2321]
[2322]
[2323]
[2324]
[2325]
[2326]
[2327]
[2328]
[2329]
[2330]
[2331]
[2332]
[2333]
[2334]
[2335]
[2336]
[2337]
[2338]
[2339]
[2340]
[2341]
[2342]
[2343]
[2344]
[2345]
[2346]
[2347]
[2348]
[2349]
[2350]
[2351]
[2352]
[2353]
[2354]
[2355]
[2356]
[2357]
[2358]
[2359]
[2360]
[2361]
[2362]
[2363]
[2364]
[2365]
[2366]
[2367]
[2368]
[2369]
[2370]
[2371]
[2372]
[2373]
[2374]
[2375]
[2376]
[2377]
[2378]
[2379]
[2380]
[2381]
[2382]
[2383]
[2384]
[2385]
[2386]
[2387]
[2388]
[2389]
[2390]
[2391]
[2392]
[2393]
[2394]
[2395]
[2396]
[2397]
[2398]
[2399]
[2400]
[2401]
[2402]
[2403]
[2404]
[2405]
[2406]
[2407]
[2408]
[2409]
[2410]
[2411]
[2412]
[2413]
[2414]
[2415]
[2416]
[2417]
[2418]
[2419]
[2420]
[2421]
[2422]
[2423]
[2424]
[2425]
[2426]
[2427]
[2428]
[2429]
[2430]
[2431]
[2432]
[2433]
[2434]
[2435]
[2436]
[2437]
[2438]
[2439]
[2440]
[2441]
[2442]
[2443]
[2444]
[2445]
[2446]
[2447]
[2448]
[2449]
[2450]
[2451]
[2452]
[2453]
[2454]
[2455]
[2456]
[2457]
[2458]
[2459]
[2460]
[2461]
[2462]
[2463]
[2464]
[2465]
[2466]
[2467]
[2468]
[2469]
[2470]
[2471]
[2472]
[2473]
[2474]
[2475]
[2476]
[2477]
[2478]
[2479]
[2480]
[2481]
[2482]
[2483]
[2484]
[2485]
[2486]
[2487]
[2488]
[2489]
[2490]
[2491]
[2492]
[2493]
[2494]
[2495]
[2496]
[2497]
[2498]
[2499]
[2500]
[2501]
[2502]
[2503]
[2504]
[2505]
[2506]
[2507]
[2508]
[2509]
[2510]
[2511]
[2512]
[2513]
[2514]
[2515]
[2516]
[2517]
[2518]
[2519]
[2520]
[2521]
[2522]
[2523]
[2524]
[2525]
[2526]
[2527]
[2528]
[2529]
[2530]
[2531]
[2532]
[2533]
[2534]
[2535]
[2536]
[2537]
[2538]
[2539]
[2540]
[2541]
[2542]
[2543]
[2544]
[2545]
[2546]
[2547]
[2548]
[2549]
[2550]
[2551]
[2552]
[2553]
[2554]
[2555]
[2556]
[2557]
[2558]
[2559]
[2560]
[2561]
[2562]
[2563]
[2564]
[2565]
[2566]
[2567]
[2568]
[2569]
[2570]
[2571]
[2572]
[2573]
[2574]
[2575]
[2576]
[2577]
[2578]
[2579]
[2580]
[2581]
[2582]
[2583]
[2584]
[2585]
[2586]
[2587]
[2588]
[2589]
[2590]
[2591]
[2592]
[2593]
[2594]
[2595]
[2596]
[2597]
[2598]
[2599]
[2600]
[2601]
[2602]
[2603]
[2604]
[2605]
[2606]
[2607]
[2608]
[2609]
[2610]
[2611]
[2612]
[2613]
[2614]
[2615]
[2616]
[2617]
[2618]
[2619]
[2620]
[2621]
[2622]
[2623]
[2624]
[2625]
[2626]
[2627]
[2628]
[2629]
[2630]
[2631]
[2632]
[2633]
[2634]
[2635]
[2636]
[2637]
[2638]
[2639]
[2640]
[2641]
[2642]
[2643]
[2644]
[2645]
[2646]
[2647]
[2648]
[2649]
[2650]
[2651]
[2652]
[2653]
[2654]
[2655]
[2656]
[2657]
[2658]
[2659]
[2660]
[2661]
[2662]
[2663]
[2664]
[2665]
[2666]
[2667]
[2668]
[2669]
[2670]
[2671]
[2672]
[2673]
[2674]
[2675]
[2676]
[2677]
[2678]
[2679]
[2680]
[2681]
[2682]
[2683]
[2684]
[2685]
[2686]
[2687]
[2688]
[2689]
[2690]
[2691]
[2692]
[2693]
[2694]
[2695]
[2696]
[2697]
[2698]
[2699]
[2700]
[2701]
[2702]
[2703]
[2704]
[2705]
[2706]
[2707]
[2708]
[2709]
[2710]
[2711]
[2712]
[2713]
[2714]
[2715]
[2716]
[2717]
[2718]
[2719]
[2720]
[2721]
[2722]
[2723]
[2724]
[2725]
[2726]
[2727]
[2728]
[2729]
[2730]
[2731]
[2732]
[2733]
[2734]
[2735]
[2736]
[2737]
[2738]
[2739]
[2740]
[2741]
[2742]
[2743]
[2744]
[2745]
[2746]
[2747]
[2748]
[2749]
[2750]
[2751]
[2752]
[2753]
[2754]
[2755]
[2756]
[2757]
[2758]
[2759]
[2760]
[2761]
[2762]
[2763]
[2764]
[2765]
[2766]
[2767]
[2768]
[2769]
[2770]
[2771]
[2772]
[2773]
[2774]
[2775]
[2776]
[2777]
[2778]
[2779]
[2780]
[2781]
[2782]
[2783]
[2784]
[2785]
[2786]
[2787]
[2788]
[2789]
[2790]
[2791]
[2792]
[2793]
[2794]
[2795]
[2796]
[2797]
[2798]
[2799]
[2800]
[2801]
[2802]
[2803]
[2804]
[2805]
[2806]
[2807]
[2808]
[2809]
[2810]
[2811]
[2812]
[2813]
[2814]
[2815]
[2816]
[2817]
[2818]
[2819]
[2820]
[2821]
[2822]
[2823]
[2824]
[2825]
[2826]
[2827]
[2828]
[2829]
[2830]
[2831]
[2832]
[2833]
[2834]
[2835]
[2836]
[2837]
[2838]
[2839]
[2840]
[2841]
[2842]
[2843]
[2844]
[2845]
[2846]
[2847]
[2848]
[2849]
[2850]
[2851]
[2852]
[2853]
[2854]
[2855]
[2856]
[2857]
[2858]
[2859]
[2860]
[2861]
[2862]
[2863]
[2864]
[2865]
[2866]
[2867]
[2868]
[2869]
[2870]
[2871]
[2872]
[2873]
[2874]
[2875]
[2876]
[2877]
[2878]
[2879]
[2880]
[2881]
[2882]
[2883]
[2884]
[2885]
[2886]
[2887]
[2888]
[2889]
[2890]
[2891]
[2892]
[2893]
[2894]
[2895]
[2896]
[2897]
[2898]
[2899]
[2900]
[2901]
[2902]
[2903]
[2904]
[2905]
[2906]
[2907]
[2908]
[2909]
[2910]
[2911]
[2912]
[2913]
[2914]
[2915]
[2916]
[2917]
[2918]
[2919]
[2920]
[2921]
[2922]
[2923]
[2924]
[2925]
[2926]
[2927]
[2928]
[2929]
[2930]
[2931]
[2932]
[2933]
[2934]
[2935]
[2936]
[2937]
[2938]
[2939]
[2940]
[2941]
[2942]
[2943]
[2944]
[2945]
[2946]
[2947]
[2948]
[2949]
[2950]
[2951]
[2952]
[2953]
[2954]
[2955]
[2956]
[2957]
[2958]
[2959]
[2960]
[2961]
[2962]
[2963]
[2964]
[2965]
[2966]
[2967]
[2968]
[2969]
[2970]
[2971]
[2972]
[2973]
[2974]
[2975]
[2976]
[2977]
[2978]
[2979]
[2980]
[2981]
[2982]
[2983]
[2984]
[2985]
[2986]
[2987]
[2988]
[2989]
[2990]
[2991]
[2992]
[2993]
[2994]
[2995]
[2996]
[2997]
[2998]
[2999]
[3000]
[3001]
[3002]
[3003]
[3004]
[3005]
[3006]
[3007]
[3008]
[3009]
[3010]
[3011]
[3012]
[3013]
[3014]
[3015]
[3016]
[3017]
[3018]
[3019]
[3020]
[3021]
[3022]
[3023]
[3024]
[3025]
[3026]
[3027]
[3028]
[3029]
[3030]
[3031]
[3032]
[3033]
[3034]
[3035]
[3036]
[3037]
[3038]
[3039]
[3040]
[3041]
[3042]
[3043]
[3044]
[3045]
[3046]
[3047]
[3048]
[3049]
[3050]
[3051]
[3052]
[3053]
[3054]
[3055]
[3056]
[3057]
[3058]
[3059]
[3060]
[3061]
[3062]
[3063]
[3064]
[3065]
[3066]
[3067]
[3068]
[3069]
[3070]
[3071]
[3072]
[3073]
[3074]
[3075]
[3076]
[3077]
[3078]
[3079]
[3080]
[3081]
[3082]
[3083]
[3084]
[3085]
[3086]
[3087]
[3088]
[3089]
[3090]
[3091]
[3092]
[3093]
[3094]
[3095]
[3096]
[3097]
[3098]
[3099]
[3100]
[3101]
[3102]
[3103]
[3104]
[3105]
[3106]
[3107]
[3108]
[3109]
[3110]
[3111]
[3112]
[3113]
[3114]
[3115]
[3116]
[3117]
[3118]
[3119]
[3120]
[3121]
[3122]
[3123]
[3124]
[3125]
[3126]
[3127]
[3128]
[3129]
[3130]
[3131]
[3132]
[3133]
[3134]
[3135]
[3136]
[3137]
[3138]
[3139]
[3140]
[3141]
[3142]
[3143]
[3144]
[3145]
[3146]
[3147]
[3148]
[3149]
[3150]
[3151]
[3152]
[3153]
[3154]
[3155]
[3156]
[3157]
[3158]
[3159]
[3160]
[3161]
[3162]
[3163]
[3164]
[3165]
[3166]
[3167]
[3168]
[3169]
[3170]
[3171]
[3172]
[3173]
[3174]
[3175]
[3176]
[3177]
[3178]
[3179]
[3180]
[3181]
[3182]
[3183]
[3184]
[3185]
[3186]
[3187]
[3188]
[3189]
[3190]
[3191]
[3192]
[3193]
[3194]
[3195]
[3196]
[3197]
[3198]
[3199]
[3200]
[3201]
[3202]
[3203]
[3204]
[3205]
[3206]
[3207]
[3208]
[3209]
[3210]
[3211]
[3212]
[3213]
[3214]
[3215]
[3216]
[3217]
[3218]
[3219]
[3220]
[3221]
[3222]
[3223]
[3224]
[3225]
[3226]
[3227]
[3228]
[3229]
[3230]
[3231]
[3232]
[3233]
[3234]
[3235]
[3236]
[3237]
[3238]
[3239]
[3240]
[3241]
[3242]
[3243]
[3244]
[3245]
[3246]
[3247]
[3248]
[3249]
[3250]
[3251]
[3252]
[3253]
[3254]
[3255]
[3256]
[3257]
[3258]
[3259]
[3260]
[3261]
[3262]
[3263]
[3264]
[3265]
[3266]
[3267]
[3268]
[3269]
[3270]
[3271]
[3272]
[3273]
[3274]
[3275]
[3276]
[3277]
[3278]
[3279]
[3280]
[3281]
[3282]
[3283]
[3284]
[3285]
[3286]
[3287]
[3288]
[3289]
[3290]
[3291]
[3292]
[3293]
[3294]
[3295]
[3296]
[3297]
[3298]
[3299]
[3300]
[3301]
[3302]
[3303]
[3304]
[3305]
[3306]
[3307]
[3308]
[3309]
[3310]
[3311]
[3312]
[3313]
[3314]
[3315]
[3316]
[3317]
[3318]
[3319]
[3320]
[3321]
[3322]
[3323]
[3324]
[3325]
[3326]
[3327]
[3328]
[3329]
[3330]
[3331]
[3332]
[3333]
[3334]
[3335]
[3336]
[3337]
[3338]
[3339]
[3340]
[3341]
[3342]
[3343]
[3344]
[3345]
[3346]
[3347]
[3348]
[3349]
[3350]
[3351]
[3352]
[3353]
[3354]
[3355]
[3356]
[3357]
[3358]
[3359]
[3360]
[3361]
[3362]
[3363]
[3364]
[3365]
[3366]
[3367]
[3368]
[3369]
[3370]
[3371]
[3372]
[3373]
[3374]
[3375]
[3376]
[3377]
[3378]
[3379]
[3380]
[3381]
[3382]
[3383]
[3384]
[3385]
[3386]
[3387]
[3388]
[3389]
[3390]
[3391]
[3392]
[3393]
[3394]
[3395]
[3396]
[3397]
[3398]
[3399]
[3400]
[3401]
[3402]
[3403]
[3404]
[3405]
[3406]
[3407]
[3408]
[3409]
[3410]
[3411]
[3412]
[3413]
[3414]
[3415]
[3416]
[3417]
[3418]
[3419]
[3420]
[3421]
[3422]
[3423]
[3424]
[3425]
[3426]
[3427]
[3428]
[3429]
[3430]
[3431]
[3432]
[3433]
[3434]
[3435]
[3436]
[3437]
[3438]
[3439]
[3440]
[3441]
[3442]
[3443]
[3444]
[3445]
[3446]
[3447]
[3448]
[3449]
/*****************************************************************************/
/*
CGI.c
Provide generalized CGI scripting support.
Creates a buffer containing either, the DCL commands to create CGI variables at
the VMS command line (e.g. for standard CGI scripts), or a stream of
'name=value' pairs for the CGI variables (e.g. for CGIplus scripts).
The buffer is dynamically allocated and contains a series of sequential records
comprising a word (16 bits) with the length of a following (varying)
null-terminated string (including the null character). The end of the series
is indicated by a zero length record.
This buffer is scanned from from first to last and the strings passed to the
script 'input' stream as appropriate.
CGI RESPONSE HEADER
-------------------
In common with other implementations, if the first line of the response header
begins "HTTP/1." then it is considered to be a full HTTP response (non-parsed
header output), the server does no more header processing and it is up to the
script to provide a fully compliant HTTP response.
Handling of the CGI response header is pretty standard. It should begin with
"Content-Type:", "Status:", or "Location:". One of more of these should be
received before the end-of-header blank line or other header lines. As soon as
any other line is received the server considered the CGI header complete.
The CGI header can be received record-by-record, with or without any
carriage-control, or as a block of lines with correct carriage-control (only
complete lines will be processed correctly).
The "X-vms-record-mode:" field is a VMS Apacheism for indicating to the server
whether VMS script output must be checked for correct carriage-control and
corrected if necessary. It seems as if 0 is "not record mode", 1 is.
If record mode carriage-control is being processed and completely empty records
start being received then switch to a record-rpcoessing mode where only
completely empty recards have carriage control inserted.
Current "Script-Control:" Directives
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
no-abort CGI/1.2, do not abort script because of timeout
X-buffer-records[=0|1] buffer records before sending to client
X-cache-max=<integer> kBytes maximum
X-cache-expires=<param> "day", "hour", "min", 'hh:mm:ss' or minutes
X-content-handler=<param> "SSI", content should be processed by SSI engine
X-content-encoding-gzip[=0|1] disable/enable gzip compression (if supported)
X-crlf-mode[=0|1] ensure all records have a trailing <CR><LF>
X-error-line=<integer> source line error noted (optional)
X-error-module=<string> source code module error noted (optional)
X-error-text=<string> textual explanation of error (required)
X-error-vms-status=<integer> if generated by a VMS status error (optional)
X-error-vms-text=<string> VMS explanation (often a file spec, optional)
X-filter-stream[=0|1] remove all non-printable characters
X-http-status=<integer> override response line status and for redirected
error reporting script override original status
X-lifetime=<int> "none" or integer, set script process lifetime
X-record-mode[=0|1] ensure all records have at least trailing <LF>
X-record0-mode[=0|1] only empty records have a trailing <LF> inserted
X-stream-mode[=0|1] do not alter records at all, WSSIWCG!
X-timeout-output=<param> "none" or integer, set request output timer
X-timeout-noprogress=<param> "none" or integer, set request no-progress timer
X-transfer-encoding-chunked[=0|1] disable/enable chunking
(all times are in minutes)
The "Script-Control:" is a proposed CGI/1.2 header field intended for script
control ;^). By default WASD writes each record to the client as it is received
from the script (in case of slow or intermittent output). For script's where
this is known not to be an issue this directive can be used to have the server
buffer the records, outputting the block when the buffer fills or at script
conclusion. This is often *much* more efficient. The record mode forces each
record received to be checked for correct carriage-control (a trailing <LF>)
and if not present to be appended.
SCRIPT REQUESTED ERROR MESSAGE
------------------------------
Using the script control error fields a script can request the server to
generate an error response on it's behalf. This has the advantage of
generating error messages conforming to the configured components and layout of
server error responses. The following show examples of the response header
lines required to use this facility. The 'X-error-text' field is what triggers
the error generation and is the only mandatory field.
Vanilla error message
|Status: 400<LF>
|Script-Control: X-error-text="Object not found."<LF>
|<LF>
VMS status error message
|Status: 403<LF>
|Script-Control: X-error-text="opening file"<LF>
|Script-Control: X-error-vms-status=36<LF>
|Script-Control: X-error-vms-text="HT_ROOT:[SRC]EXAMPLE.TXT"<LF>
|<LF>
or using a VMS hexadecimal string (with module name and line information)
|Status: 403<LF>
|Script-Control: X-error-text="opening file"<LF>
|Script-Control: X-error-vms-status=%X00000024<LF>
|Script-Control: X-error-vms-text="HT_ROOT:[SRC]EXAMPLE.TXT"<LF>
|Script-Control: X-error-module=EXAMPLE<LF>
|Script-Control: X-error-line=123<LF>
|<LF>
CGI VARIABLES
-------------
Most of these CGI variable names are those supported by the INTERNET-DRAFT
authored by D.Robinson (drtr@ast.cam.ac.uk), 8 January 1996, plus some
"convenience" variables, breaking the query string into its components (KEY_,
FORM_, etc.) The CGI symbols (CERN/VMS-HTTPd-like DCL symbols instead of Unix
environment variables) are created by the SYS$COMMAND stream of each
script process before the script DCL procedure is invoked. By default each
variable name is prefixed by "WWW_" (similar to CERN HTTPd), although this can
be modified at the command line when starting the server.
VARIABLE NAME DESCRIPTION ORIGIN
------------- ----------- ------
(if the request is not authorized only AUTH_TYPE will exist)
o AUTH_ACCESS ............ "READ" or "READ+WRITE" WASD
o AUTH_AGENT ............. indicates authentication agent WASD
o AUTH_GROUP ............. path authorization group WASD
o AUTH_PASSWORD .......... only if "EXTERNAL" realm WASD
o AUTH_PATH .............. path from rule (only in agent) WASD
o AUTH_REALM ............. authentication realm WASD
o AUTH_REALM_DESCRIPTION . realm description WASD
o AUTH_REMOTE_USER ....... original, now proxied username WASD
o AUTH_TYPE .............. "BASIC" or "DIGEST" (or empty) CGI
o AUTH_USER .............. details of user WASD
o CONTENT_LENGTH ......... "Content-Length:" from header CGI
o CONTENT_TYPE ........... "Content-Type:" from header CGI
o DOCUMENT_ROOT .......... base directory for serving files Apache
o FORM_field ............. query "&" separated form elements WASD
o FORM__integer .......... relaxed empty form field names WASD
o GATEWAY_BG ............. socket BG device name WASD
o GATEWAY_EOF ............ CGIPLUSEOF sentinal (if CGIplus) WASD
o GATEWAY_EOT ............ CGIPLUSEOT sentinal (if not DECnet) WASD
o GATEWAY_ESC ............ CGIPLUSESC sentinal (if not DECnet) WASD
o GATEWAY_INTERFACE ...... "CGI/1.1" CGI
o GATEWAY_MRS ............ maximum record size of mailbox WASD
o HTML_BODYTAG ........... report <body..> tag (e.g. "BGCOLOR=") WASD
o HTML_FOOTER ............ report footer text WASD
o HTML_FOOTERTAG ......... report footer <td..> tag WASD
o HTML_HEADER ............ report header text WASD
o HTML_HEADERTAG ......... report header <td..> tag WASD
o HTTP2_PING ............. most recent HTTP/2 ping result WASD
o HTTP_ACCEPT ............ list of browser-accepted content types CGI
o HTTP_ACCEPT_CHARSET .... list of browser-accepted character set CGI
o HTTP_ACCEPT_ENCODING ... list of browser-accepted encodings CGI
o HTTP_ACCEPT_LANGUAGE ... list of browser-accepted languages CGI
o HTTP_AUTHORIZATION ..... only if "EXTERNAL" realm CGI
o HTTP_CACHE_CONTROL ..... HTTP/1.1 cache control field CGI
o HTTP_CONNECTION ........ connection control field CGI
o HTTP_CONTENT_LENGTH .... content-length CGI
o HTTP_CONTENT_TYPE ...... content-type CGI
o HTTP_COOKIE ............ any cookie sent by the client CGI
o HTTP_FORWARDED ......... list of proxy/gateway hosts CGI
o HTTP_HOST .............. destination host name/port CGI
o HTTP_IF_MATCH .......... HTTP/1.1 if-match request field CGI
o HTTP_IF_NONE_MATCH ..... HTTP/1.1 if-none-match request field CGI
o HTTP_IF_MODIFIED_SINCE ..... request field CGI
o HTTP_IF_UNMODIFIED_SINCE ... HTTP/1.1 request field CGI
o HTTP_IF_RANGE .......... HTTP/1.1 if-range request field CGI
o HTTP_KEEP_ALIVE ........ request field CGI
o HTTP_PRAGMA ............ request filed CGI
o HTTP_RANGE ............. HTTP/1.1 requested body byte range CGI
o HTTP_REFERER ........... source document URL for this request CGI
o HTTP_TRAILER ........... HTTP/1.1 request field CGI
o HTTP_TRANSFER_ENCODING ... HTTP/1.1 request field CGI
o HTTP_USER_AGENT ........ client/browser identification string CGI
o HTTP_X_FORWARDED_FOR ... proxy forwarded for this client SQUID
o KEY_integer ............ query string "+" separated elements WASD
o KEY_COUNT .............. number of "+" separated elements WASD
o PATH_INFO .............. virtual path of data requested in URL CGI
o PATH_ODS ............... on-disk structure of path (0, 2 or 5) WASD
o PATH_TRANSLATED ........ VMS file path of data requested in URL CGI
o QUERY_STRING ........... string following "?" in URL CGI
o REMOTE_ADDR ............ IP host address of HTTP client CGI
o REMOTE_HOST ............ IP host name of HTTP client CGI
o REMOTE_PORT ............ IP port of HTTP client WASD
o REMOTE_USER ............ authenticated username (or empty) CGI
o REQUEST_CHARSET ........ charset SET by mapping rule WASD
o REQUEST_CONTENT_TYPE ... content-type SET by mapping rule WASD
o REQUEST_METHOD ......... "GET", "PUT", etc. CGI
o REQUEST_PROTOCOL ....... HTTP protocol version ("HTTP/2") WASD
o REQUEST_SCHEME ......... "http:" or "https:" WASD
o REQUEST_TIME_GMT ....... request GMT time WASD
o REQUEST_TIME_LOCAL ..... request local time WASD
o REQUEST_URI ............ un-encoded path[?query-string] Apache
o SCRIPT_DEFAULT ......... script process default directory WASD
o SCRIPT_FILENAME ........ (e.g. "CGI-BIN:[000000]TEST.COM") Apache
o SCRIPT_NAME ............ name of script (e.g. "/query") CGI
o SCRIPT_RTE ............. script run-time environment WASD
o SERVER_ADDR ............ IP host address of server system WASD
o SERVER_ADMIN ........... "webmaster@site.domain" Apache
o SERVER_CHARSET ......... default charset (e.g. "ISO-8895-1") WASD
o SERVER_GMT ............. offset from GMT time (e.g. "+09:30) WASD
o SERVER_MULTIHOME ....... IP address client used (if different) WASD
o SERVER_NAME ............ IP host name of server system CGI
o SERVER_PROTOCOL ........ HTTP protocol version ("HTTP/1.1") CGI
o SERVER_PORT ............ IP port request was received on CGI
o SERVER_SOFTWARE ........ software ID of the HTTPD daemon CGI
o SERVER_SIGNATURE ....... "server host port" Apache
o SERVER_TRUNCATE ........ if script=symbol=truncate in effect WASD
o UNIQUE_ID .............. a "unique" request ID Apache
o UPSTREAM_ADDR .......... client address rewritten - original WASD
o some SSL related CGI variable can be generated when SSL is available
(see Sesola.C module)
NOTE: If script portability is a concern then confine use to the "standard" CGI
variables. For WASD-specific scripts the extension variables may be used. Not
all variables will be present for all requests, especially 'HTTP_' ones. For
instance, the presence or not of HTTP_CONTENT_LENGTH may be used to determine
whether it was actually present in the request header or not.
CGI VARIABLES USING DCL SYMBOLS
-------------------------------
Due to the mechanism used to create DCL symbols for the CGI variables (for
standard CGI) the variable value is limited to the symbol size number of
characters minus the length of the DCL symbol name assignment (e.g.
"WWW_QUERY_STRING=A+B+C+D"). DCL symbol creation at the command line is
limited by the CLI command line length (255 characters for pre 7.3-2, 4095 for
post 7.3-1). Symbol values however can be up to 1024 (or pragmatically about
1000 characters) for pre 7.3-2 and 8192 (or thereabouts) for post 7.3-1,
probably enough for any CGI variable value. If a CGI value is too large for
for a single command-line assignment then build it up using multiple
assignments, a symbol assignment kludge! All this is of course ultimately
limited by the size of the DCL command mailbox.
CGI VARIABLES USING CGIPLUS STREAM
----------------------------------
The maximum 'name=value' length for a CGI variable conveyed using the CGIPLUSIN
stream is limited by the size of of the 'DclCgiPlusInSize' global storage value
which is in turn set by the [BufferSizeDclCgiPlusIn] configuration directive.
Hence if this is set to 3072 bytes (the current default) then the maximum
'name=value' length is the that value minus 3 bytes. This value is also the
total mailbox buffer space allocated for script process IPC and so is also the
limit on all variables! So, in the circumstance where the largest variable
needs to be 4000 bytes in length, and the rest total up to another 3000 bytes,
the [BufferSizeDclCgiPlusIn] is suggested to be 8192 bytes. When this value is
adjusted it is recommended to review the HTTP server account's BYTLM quota.
CGIPLUS VARIABLE STRUCTURE
--------------------------
CGIplus (and standard CGI) variables are originally created as a single,
structured block of data. The internal structure is quite simple. Each
null-terminated "name=value" pair is preceded by an unsigned short (16 bit)
length field. This value includes all characters in the "name=value" pair,
plus the terminating null character. Hence the maximum length of one of these
pairs is 65535 minus 1. The end of the "name=value" pairs is indicated by a
zero-value (and hence "name=value" length) short.
|length|name=value\0|length|name=value\0|length|name=value\0|zero|
This data structure can easily be walked. Passing these CGI variables to the
scripting process can be done in two ways, parsing each CGI variable and
providing it individually as a "record", and by providing the entire data
structure intact as a "struct". Of course with the latter it remains for the
script itself to parse the structure to obtain the CGI variable values.
Transfering the CGIplus variables as a single structure (rather than as
per-variable records) can double the throughput!! Demonstrated using the
[SRC.CGIPLUS]CGIPLUSTEST.C program. This indicates that there is much less
than half the overhead for performing this using the 'struct' method!
VERSION HISTORY
---------------
27-MAY-2021 MGD using v12... agent functionality
dictionary entries ~CGI_<name> become CGI variables
02-APR-2021 MGD bugfix; CgiGenerateVariables() "AUTHAGENT hangs when called
for a POST request" per JPP
30-APR-2019 MGD bugfix; CgiOutput() Content-Length: strtoul()
25-FEB-2018 MGD CgiOutput() constrain response header field names
28-NOV-2017 MGD CgiOutput() reject subsequent non-header
04-OCT-2017 MGD CgiOutput() refine Content-Length: to report out-of-range
28-SEP-2017 MGD bugfix; CgiGenerateVariables()
|rqptr->rqAuth.SourceRealm != AUTH_SOURCE_AGENT_OPAQUE &&|
24-MAY-2017 MGD bugfix; for HTTP/2 (sigh) we need NPH to generate a header
01-DEC-2016 MGD RAWSOCKET_.. variables
11-AUG-2016 MGD Script-Control: X-http-status=<integer>
20-JUL-2016 MGD CgiGenerateVariables() mitigate httpoxy vulnerability
bugfix; CgiGenerateVariables() names from dictionary
24-JAN-2016 MGD REQUEST_PROTOCOL, HTTP2_PING and "cgi_.." dictionary
17-OCT-2015 MGD CgiVariable() if |SymbolValue| is NULL parse the
name then value from |SymbolName| <name>=<value>
CgiGenerateVariables() WATCH total bytes in variables
02-DEC-2014 MGD X-record0-mode[=0|1]
a completely empty record can only be where carriage-control
is being generated as records without C-RTL newline char
insertion - so switch to a non-embedded CC record mode
06-NOV-2014 MGD UPSTREAM_ADDR client address rewitten - this is the original
25-MAY-2013 MGD bugfix; AUTH_GROUP selected using write/read status
26-JAN-2010 MGD Web Socket scripting
ScriptControlField() returns non-zero to indicate success
01-JUN-2008 JPP CgiVariable() optimise single-quotation escaping
19-APR-2008 MGD WATCH_SCRIPT indicates when script WATCHing is enabled
17-JAN-2008 MGD CgiGenerateVariables() if SCRIPT_NAME is "/" (empty
froM mapping) then make it "" (really empty :-)
24-NOV-2007 MGD AUTH_PATH provides path from rule for auth agent
08-APR-2007 MGD CgiGenerateVariables() provide TRACK_ID if present (for JPP)
08-FEB-2006 MGD potential bugfix; CgiOutput() CGI_OUTPUT_MODE_CRLF output
count should be checked zero before using negative index,
bugfix; CgiOutput() empty 'record' in stream mode should be
ignored and not have carriage-control adjusted (JFP)
01-JUN-2005 MGD CgiVariable() allow path mapping script=symbol=truncate to
truncate a CLI symbol within the limit of the current VMS
version capacity, noting this in SERVER_TRUNCATE variable
20-APR-2005 MGD provide SERVER_MULTIHOME if present (see NET.C)
20-JAN-2005 MGD if CGI response "Location:" is supplied but no HTTP
status turn it into a 302 (see also ResponseHeader())
08-JAN-2005 MGD process script=control=<...> path setting
16-DEC-2004 MGD Script-Control: X-transfer-encoding-chunked[=0|1],
detect when a script is providing content-encoded output
26-NOV-2004 MGD Script-Control: X-content-encoding-gzip[=0|1],
allow other binary controls to specify off or on (=[0|1])
07-NOV-2004 MGD massage PATH_TRANSLATED and SCRIPT_FILENAME
if path SET script=syntax=unix
20-OCT-2004 MGD change content_length CGI variable to "?" if a POSTed
(etc.) requests's body is being decoded by the server,
use pseudo-random numbers in CgiSequence()
17-OCT-2004 MGD bugfix; CgiOutputFile() missing sizeof(FILE_CONTENT)
when VmReallocHeap() increasing buffer space
20-JUL-2004 MGD rework provision of HTTP_ CGI variables,
provide HTTP_CONTENT_LENGTH if in header,
allow for "HTTP/1.1 100 Continue" responses
07-APR-2004 MGD bugfix; agent script should have non-strict-CGI ignored
(stupid problem introduced with script output caching)
26-FEB-2004 MGD add SCRIPT_DEFAULT from SET 'script=default=<string>'
10-JAN-2004 MGD absorb CGI/NPH header,
Script-Control: X-content-handler=SSI field
23-DEC-2003 MGD for VMS 7.3-2 and later take advantage of the larger
EDCL CLI line (255->4095) and symbol (1024->8192) sizes
28-SEP-2003 MGD add HTTP_KEEP_ALIVE and HTTP_CONNECTION
21-AUG-2003 MGD HTTP_RANGE field CGI variable
09-JUL-2003 MGD add new dynamic caching capability
21-JUN-2003 MGD bugfix; CgiOutput() (jpp@esme.fr)
11-MAY-2003 MGD unrecognised request fields as "HTTP_.." variables
02-APR-2003 MGD add HTTP_X_FORWARDED_FOR CGI variable
01-MAR-2003 MGD path setting HTML body/header/footer
24-JAN-2003 MGD relax initial CGI response line checking
17-JAN-2003 MGD path setting 'script=query=none' suppresses parsing of
query string into form or key elements
added GATEWAY_EOF/EOT/ESC variables,
sentinals changed to have only RMS-compliant characters,
path set carriage-control on CGIPLUSIN stream,
supply more detail from "%DCL-E-OPENIN, blah" responses
10-JAN-2003 MGD path setting 'script=query=relaxed' allows form-url-encoded
query strings to be non-conformant without error reporting
05-DEC-2002 MGD in non-strict CGI mode report anything like
"%DCL-E-OPENIN, blah" as a failed script activation
08-OCT-2002 MGD Script-Control: X-error-... fields
17-AUG-2002 MGD modify PATH_ODS variable to allow for PWK and SRI
01-AUG-2002 MGD bugfix; do not count callout records for CGI header purposes
16-JUL-2002 MGD last-minute relaxation of stricter CGI header processing
allowing a trailing CR to terminate a single header record
30-APR-2002 MGD "Cache-Control:" field for Mozilla compatibility
30-MAR-2002 MGD stream-mode with zero output as suppressed carriage-control
24-NOV-2001 MGD significant rework CgiOutput() CGI header processing
14-OCT-2001 MGD support script=params=(name=value) SET rule
15-SEP-2001 MGD modify CgiOutput() processing,
X-filter-stream removes non-printable characters
04-AUG-2001 MGD support module WATCHing
27-FEB-2001 MGD suppress "x-internal/" CONTENT_TYPE
20-FEB-2001 MGD AUTH_REMOTE_USER for proxied authorization,
refine detection of authorization agent reponse errors
01-FEB-2001 MGD bugfix; CGI strict output suppression for auth agent
18-JAN-2001 MGD bugfix; REMOTE_PORT ntohs()
19-DEC-2000 MGD refine [CgiStrictOutput] to detect an incomplete header
05-SEP-2000 MGD additional "Script-Control:" directives
08-AUG-2000 MGD if response "Content-Encoding:" force stream mode,
add GATEWAY_BG and GATEWAY_MRS variables
01-JUL-2000 MGD modify CgiOutput() to better handle CGI responses,
add "Script-Control:" (CGI/1.2)
24-JUN-2000 MGD SCRIPT_RTE for persistent run-time environments
10-MAY-2000 MGD refined CgiOutput() and CgiHeader()
08-APR-2000 MGD CGI binary header response can now be processed,
(some) VMS Apache compatibility
31-DEC-1999 MGD PATH_ODS variable (to indicate on-disk file system)
17-DEC-1999 MGD bugfix; quote double-up in CgiVariable()
27-NOV-1999 MGD rework DCL variable stream,
remove sys$fao() from stream CGI variable creation,
avoid "''" substitution creating DCL symbol CGI variables
20-NOV-1999 MGD end-of-header blank line may now be an empty record,
or a record containing a single '\n' or '\r\n' sequence
06-NOV-1999 MGD allow slightly more latitude with form fields, no "=value"
(i.e. name terminated by '&') and back-to-back '&'
14-SEP-1999 MGD modify CgiOutput() for delayed CGI "Content-Type:"
28-AUG-1999 MGD support CGIplus "agents", added AUTH_USER
30-MAY-1999 MGD add SSL variables (via call to SesolaCgiGenerateVariables())
21-FEB-1999 MGD change authorization CGI variables
28-DEC-1998 MGD added HTTP_ACCEPT_ENCODING
07-NOV-1998 MGD WATCH facility
17-OCT-1998 MGD CgiUrlDecodeString(),
SERVER_CHARSET, REQUEST_CHARSET, REQUEST_CONTENT_TYPE
28-APR-1998 MGD CGI variable memory allocation changed in support of SSI
03-APR-1998 MGD bugfix; extra quotes generated in form field value
19-MAR-1998 MGD suppress 'Authorization:' unless "external" authorization
06-DEC-1997 MGD functionality unbundled from DCL.c, generalized for version 5
*/
/*****************************************************************************/
#ifdef WASD_VMS_V7
#undef _VMS__V6__SOURCE
#define _VMS__V6__SOURCE
#undef __VMS_VER
#define __VMS_VER 70000000
#undef __CRTL_VER
#define __CRTL_VER 70000000
#endif
/* standard C header files */
#include <ctype.h>
#include <stdio.h>
#include <errno.h>
#include <limits.h>
/* VMS related header files */
#include <descrip.h>
#include <dvidef.h>
#include <ssdef.h>
#include <stsdef.h>
/* application header files */
#include "wasd.h"
#define WASD_MODULE "CGI"
/**********/
/* macros */
/**********/
#define CLI$_BUFOVF 229400
/******************/
/* global storage */
/******************/
char CgiNotStrict [] = "not a strict CGI response",
ErrorCgiCli [] = "CLI reported \"!AZ\"",
ErrorCgiSymbol [] = "DCL symbol assignment too large!",
ErrorCgiNotStrict [] = "NOT a strict CGI response!!",
ErrorCgiSetCookie [] = "Set-Cookie array exhausted";
/********************/
/* external storage */
/********************/
#ifdef DBUG
extern BOOL Debug;
#else
#define Debug 0
#endif
extern BOOL OdsExtended;
extern int DclCgiHeaderSize,
DclCgiPlusInSize,
DclSysCommandSize,
DclSysOutputSize,
EfnWait,
ServerPort,
SsiSizeMax;
extern int ToLowerCase[],
ToUpperCase[];
extern int64 HttpdTime64;
extern char DclCgiVariablePrefix[],
ErrorSanityCheck[],
SoftwareID[],
TimeGmtString[];
extern CONFIG_STRUCT Config;
extern HTTPD_PROCESS HttpdProcess;
extern MSG_STRUCT Msgs;
extern SYS_INFO SysInfo;
extern WATCH_STRUCT Watch;
/*****************************************************************************/
/*
Creates a buffer containing a series of null-terminated strings, terminated by
a null-string (two successive null characters). Each of the strings contains
either DCL command(s) to create a DCL symbol (CGI variable) using the CLI, or
an equate separated 'name=value' pair used for CGIplus variable streams, etc.
*/
int CgiGenerateVariables
(
REQUEST_STRUCT *rqptr,
int VarType
)
{
static $DESCRIPTOR (NumberFaoDsc, "!UL\0");
static $DESCRIPTOR (Number64FaoDsc, "!@SQ\0");
static $DESCRIPTOR (StatusValueFaoDsc, "%X!8UL\0");
static char BgDevNam [65];
static unsigned short BgDevNamLength;
static struct {
short buf_len;
short item;
char *buf_addr;
short *ret_len;
}
BgDevNamItemList [] =
{
{ sizeof(BgDevNam), DVI$_DEVNAM, &BgDevNam, &BgDevNamLength },
{ 0, 0, 0, 0 }
};
BOOL BodyUnEncodeStream;
int idx, status,
Count,
EmptyFieldNameCount,
KeyCount;
char *cptr, *sptr, *zptr,
*NameValuePtr;
char FieldName [256],
LocalDateTime [48];
char String [8192];
$DESCRIPTOR (StringDsc, String);
struct {
unsigned short Status;
unsigned short Count;
unsigned long Unused;
} IOsb;
DICT_ENTRY_STRUCT *denptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI, "CgiGenerateVariables()");
if (rqptr->AgentRequestPtr)
{
/* no method indicates NetAgentBegin() or TcpIpAltAgentBegin() */
if (!rqptr->rqHeader.Method)
{
/***************/
/* limited CGI */
/***************/
if (VMSnok (status =
CgiVariable (rqptr, "GATEWAY_INTERFACE", "CGI/1.1", VarType)))
return (status);
if (rqptr->ClientPtr->IpAddressString[0])
if (VMSnok (status =
CgiVariable (rqptr, "REMOTE_ADDR",
rqptr->ClientPtr->IpAddressString, VarType)))
return (status);
if (rqptr->ClientPtr->Lookup.HostName[0])
if (VMSnok (status =
CgiVariable (rqptr, "REMOTE_HOST",
rqptr->ClientPtr->Lookup.HostName, VarType)))
return (status);
if (rqptr->ServicePtr->ServerHostName[0])
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_NAME",
rqptr->ServicePtr->ServerHostName, VarType)))
return (status);
if (rqptr->ServicePtr->ServerPortString[0])
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_PORT",
rqptr->ServicePtr->ServerPortString, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_SOFTWARE", SoftwareID, VarType)))
return (status);
if (VMSnok (status = SesolaCgiGenerateVariables (rqptr, VarType)))
return (status);
return (CgiVariable (rqptr, NULL, NULL, VarType));
}
/* drop through for full CGI */
}
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, "VARIABLES !&?stream\rdcl\r",
VarType == CGI_VARIABLE_STREAM);
if (rqptr->rqCgi.BufferLength)
{
/* free previous variables and storage */
if (rqptr->rqCgi.BufferPtr)
VmFreeFromHeap (rqptr, rqptr->rqCgi.BufferPtr, FI_LI);
rqptr->rqCgi.BufferLength = 0;
rqptr->rqCgi.BufferPtr = rqptr->rqCgi.BufferCurrentPtr = NULL;
}
if (VarType == CGI_VARIABLE_STREAM)
CgiVariableBufferMemory (rqptr, DclCgiPlusInSize*2);
else
CgiVariableBufferMemory (rqptr, DclSysCommandSize);
HttpLocalTimeString (LocalDateTime, &rqptr->rqTime.BeginTime64);
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_TYPE", rqptr->rqAuth.Type, VarType)))
return (status);
if (rqptr->AgentRequestPtr ||
rqptr->rqAuth.Type[0])
{
if (rqptr->rqAuth.SourceRealm &&
rqptr->rqAuth.RequestCan)
{
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_ACCESS",
AuthCanString (rqptr->rqAuth.RequestCan,
AUTH_CAN_FORMAT_LONG),
VarType)))
return (status);
}
if (rqptr->rqAuth.PathParameterPtr &&
rqptr->rqAuth.PathParameterPtr[0])
{
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_AGENT",
rqptr->rqAuth.PathParameterPtr, VarType)))
return (status);
}
if (rqptr->rqAuth.GroupWritePtr &&
rqptr->rqAuth.GroupWritePtr[0] &&
VMSok(rqptr->rqAuth.GroupWriteStatus))
{
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_GROUP",
rqptr->rqAuth.GroupWritePtr, VarType)))
return (status);
}
else
if (rqptr->rqAuth.GroupReadPtr &&
rqptr->rqAuth.GroupReadPtr[0] &&
VMSok(rqptr->rqAuth.GroupReadStatus))
{
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_GROUP",
rqptr->rqAuth.GroupReadPtr, VarType)))
return (status);
}
if (rqptr->AgentRequestPtr &&
rqptr->rqAuth.PathLocationPtr)
{
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_PATH",
rqptr->rqAuth.PathLocationPtr, VarType)))
return (status);
}
if ((rqptr->RemoteUserPassword[0] &&
rqptr->rqAuth.PathParameterPtr &&
rqptr->rqAuth.PathParameterPtr[0]) ||
rqptr->rqAuth.SourceRealm == AUTH_SOURCE_EXTERNAL)
{
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_PASSWORD",
rqptr->RemoteUserPassword, VarType)))
return (status);
}
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_REALM", rqptr->rqAuth.RealmPtr, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_REALM_DESCRIPTION",
rqptr->rqAuth.RealmDescrPtr, VarType)))
return (status);
if (rqptr->rqAuth.RemoteUser[0])
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_REMOTE_USER",
rqptr->rqAuth.RemoteUser, VarType)))
return (status);
if (rqptr->rqAuth.UserDetailsPtr &&
rqptr->rqAuth.UserDetailsPtr[0])
{
if (VMSnok (status =
CgiVariable (rqptr, "AUTH_USER",
rqptr->rqAuth.UserDetailsPtr, VarType)))
return (status);
}
}
/* if there is an associated request body and it's being decoded */
if (rqptr->rqHeader.Method == HTTP_METHOD_POST)
BodyUnEncodeStream = BodyReadUnEncode (rqptr);
else
BodyUnEncodeStream = false;
if (BodyUnEncodeStream)
{
/* indicate the content-length is unknown because of the decode */
if (VMSnok (status =
CgiVariable (rqptr, "CONTENT_LENGTH", "?", VarType)))
return (status);
}
else
{
sys$fao (&Number64FaoDsc, 0, &StringDsc,
&rqptr->rqHeader.ContentLength64);
if (VMSnok (status =
CgiVariable (rqptr, "CONTENT_LENGTH", String, VarType)))
return (status);
}
if (rqptr->rqHeader.ContentTypePtr)
{
if (VMSnok (status =
CgiVariable (rqptr, "CONTENT_TYPE",
rqptr->rqHeader.ContentTypePtr, VarType)))
return (status);
}
else
if (rqptr->rqContentInfo.ContentTypePtr &&
!strsame (rqptr->rqContentInfo.ContentTypePtr, "x-internal/", 11))
{
if (VMSnok (status =
CgiVariable (rqptr, "CONTENT_TYPE",
rqptr->rqContentInfo.ContentTypePtr, VarType)))
return (status);
}
else
{
if (VMSnok (status =
CgiVariable (rqptr, "CONTENT_TYPE", "", VarType)))
return (status);
}
if (!(cptr = rqptr->rqPathSet.MapRootPtr)) cptr = "";
if (VMSnok (status =
CgiVariable (rqptr, "DOCUMENT_ROOT", cptr, VarType)))
return (status);
if (Config.cfScript.GatewayBg &&
rqptr->ServicePtr->RequestScheme == SCHEME_HTTP)
{
status = sys$getdviw (EfnWait, rqptr->NetIoPtr->Channel, 0,
&BgDevNamItemList, &IOsb, 0, 0, 0);
if (VMSok (status)) status = IOsb.Status;
if (VMSok(status))
{
BgDevNam[BgDevNamLength] = '\0';
if (VMSnok (status =
CgiVariable (rqptr, "GATEWAY_BG",
BgDevNam[0] == '_' ? BgDevNam+1 : BgDevNam,
VarType)))
return (status);
}
else
return (status);
}
if (VMSnok (status =
CgiVariable (rqptr, "GATEWAY_INTERFACE", "CGI/1.1", VarType)))
return (status);
if (VarType == CGI_VARIABLE_STREAM)
{
/* if 'stream' then must be CGIplus */
if (rqptr->rqCgi.EofLength)
if (VMSnok (status =
CgiVariable (rqptr, "GATEWAY_EOF", rqptr->rqCgi.EofStr, VarType)))
return (status);
}
if (rqptr->rqCgi.EotLength)
if (VMSnok (status =
CgiVariable (rqptr, "GATEWAY_EOT", rqptr->rqCgi.EotStr, VarType)))
return (status);
if (rqptr->rqCgi.EscLength)
if (VMSnok (status =
CgiVariable (rqptr, "GATEWAY_ESC", rqptr->rqCgi.EscStr, VarType)))
return (status);
if (rqptr->DclTaskPtr)
{
/* size of mailbox */
sys$fao (&NumberFaoDsc, 0, &StringDsc, DclSysOutputSize);
if (VMSnok (status =
CgiVariable (rqptr, "GATEWAY_MRS", String, VarType)))
return (status);
}
/*************/
/* SET html= */
/*************/
if (rqptr->rqPathSet.HtmlBodyTagPtr)
if (VMSnok (status =
CgiVariable (rqptr, "HTML_BODYTAG",
rqptr->rqPathSet.HtmlBodyTagPtr, VarType)))
return (status);
if (rqptr->rqPathSet.HtmlFooterPtr)
if (VMSnok (status =
CgiVariable (rqptr, "HTML_FOOTER",
rqptr->rqPathSet.HtmlFooterPtr, VarType)))
return (status);
if (rqptr->rqPathSet.HtmlFooterTagPtr)
if (VMSnok (status =
CgiVariable (rqptr, "HTML_FOOTERTAG",
rqptr->rqPathSet.HtmlFooterTagPtr, VarType)))
return (status);
if (rqptr->rqPathSet.HtmlHeaderPtr)
if (VMSnok (status =
CgiVariable (rqptr, "HTML_HEADER",
rqptr->rqPathSet.HtmlHeaderPtr, VarType)))
return (status);
if (rqptr->rqPathSet.HtmlHeaderTagPtr)
if (VMSnok (status =
CgiVariable (rqptr, "HTML_HEADERTAG",
rqptr->rqPathSet.HtmlHeaderTagPtr, VarType)))
return (status);
/**********************************/
/* request header field variables */
/**********************************/
memcpy (FieldName, "HTTP_", 5);
zptr = FieldName + sizeof(FieldName);
DictIterate (rqptr->rqDictPtr, NULL);
while (denptr = DictIterate (rqptr->rqDictPtr, DICT_TYPE_REQUEST))
{
cptr = DICT_GET_KEY(denptr);
/* these are not supplied for one reason or another */
if (MATCH14 (cptr, "authorization") &&
rqptr->rqAuth.SourceRealm != AUTH_SOURCE_AGENT_OPAQUE &&
rqptr->rqAuth.SourceRealm != AUTH_SOURCE_EXTERNAL &&
rqptr->rqAuth.SourceRealm != AUTH_SOURCE_OPAQUE)
continue;
if (MATCH4(cptr,"prox"))
{
if (MATCH20 (cptr, "proxy-authorization")) continue;
/* mitigate httpoxy vulnerability by introducing an extra underscore */
if (MATCH6 (cptr, "proxy")) cptr = "_PROXY";
}
sptr = FieldName + 5;
while (*cptr && sptr < zptr)
{
if (isalnum(*cptr))
*sptr++ = TOUP(*cptr);
else
if (!ISLWS(*cptr))
*sptr++ = '_';
cptr++;
}
if (sptr >= zptr)
{
ErrorVmsStatus (rqptr, SS$_RESULTOVF, FI_LI);
return (STS$K_ERROR);
}
*sptr = '\0';
cptr = DICT_GET_VALUE(denptr);
if (VMSnok (status = CgiVariable (rqptr, FieldName, cptr, VarType)))
return (status);
}
/*********************/
/* rest of variables */
/*********************/
if (VMSnok (status =
CgiVariable (rqptr, "PATH_INFO", rqptr->rqHeader.PathInfoPtr, VarType)))
return (status);
switch (rqptr->PathOds)
{
case 0 : cptr = NULL; break;
case MAPURL_PATH_ODS_2 : cptr = "2"; break;
case MAPURL_PATH_ODS_5 : if (OdsExtended) cptr = "5"; break;
case MAPURL_PATH_ODS_ADS : cptr = "ADS"; break;
case MAPURL_PATH_ODS_PWK : cptr = "PWK"; break;
case MAPURL_PATH_ODS_SMB : cptr = "SMB"; break;
case MAPURL_PATH_ODS_SRI : cptr = "SRI"; break;
default : cptr = "?";
}
if (cptr)
if (VMSnok (status =
CgiVariable (rqptr, "PATH_ODS", cptr, VarType)))
return (status);
cptr = rqptr->ParseOds.ExpFileName;
if (*cptr && rqptr->rqPathSet.ScriptSyntaxUnix)
{
if (VMSnok (status = MapOdsVmsToUnix (cptr, String, sizeof(String))))
{
ErrorVmsStatus (rqptr, status, FI_LI);
return (status);
}
cptr = String;
}
if (VMSnok (status =
CgiVariable (rqptr, "PATH_TRANSLATED", cptr, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "QUERY_STRING",
rqptr->rqHeader.QueryStringPtr, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "REMOTE_ADDR",
rqptr->ClientPtr->IpAddressString, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "REMOTE_HOST",
rqptr->ClientPtr->Lookup.HostName, VarType)))
return (status);
/* if client address has been rewritten the port is no longer reliable */
if (rqptr->ClientPtr->SetClientAddress)
SET2(String,'0\0');
else
sys$fao (&NumberFaoDsc, 0, &StringDsc, rqptr->ClientPtr->IpPort);
if (VMSnok (status =
CgiVariable (rqptr, "REMOTE_PORT", String, VarType)))
return (status);
if (rqptr->rqAuth.CaseLess)
{
/* force remote user name to upper-case if a case-less authentication */
zptr = (sptr = String) + sizeof(String)-1;
for (cptr = rqptr->RemoteUser;
*cptr && sptr < zptr;
*sptr++ = TOUP(*cptr++));
*sptr = '\0';
if (VMSnok (status =
CgiVariable (rqptr, "REMOTE_USER", String, VarType)))
return (status);
}
else
if (VMSnok (status =
CgiVariable (rqptr, "REMOTE_USER", rqptr->RemoteUser, VarType)))
return (status);
if (rqptr->rqPathSet.CharsetPtr &&
rqptr->rqPathSet.CharsetPtr[0] &&
rqptr->rqPathSet.CharsetPtr[0] != '(')
{
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_CHARSET",
rqptr->rqPathSet.CharsetPtr, VarType)))
return (status);
}
if (rqptr->rqPathSet.ContentTypePtr)
{
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_CONTENT_TYPE",
rqptr->rqPathSet.ContentTypePtr, VarType)))
return (status);
}
if ((rqptr->AgentRequestPtr &&
rqptr->AgentRequestPtr[0]) ||
(rqptr->rqAuth.PathParameterPtr &&
rqptr->rqAuth.PathParameterPtr[0]))
{
/* AUTHAGENT hangs when called for a POST request (per JPP) */
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_METHOD", "GET", VarType)))
return (status);
}
else
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_METHOD",
rqptr->rqHeader.MethodName, VarType)))
return (status);
if (HTTP2_REQUEST(rqptr))
cptr = "HTTP/2";
else
if (rqptr->rqHeader.HttpVersion == HTTP_VERSION_1_1)
cptr = "HTTP/1.1";
else
if (rqptr->rqHeader.HttpVersion == HTTP_VERSION_1_0)
cptr = "HTTP/1.0";
else
cptr = "HTTP/0.9";
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_PROTOCOL", cptr, VarType)))
return (status);
if (HTTP2_REQUEST(rqptr))
if (rqptr->Http2Stream.Http2Ptr->PingMicroSeconds)
if (denptr = DictLookup (rqptr->rqDictPtr, DICT_TYPE_INTERNAL,
"http2_ping", 10))
if (VMSnok (status =
CgiVariable (rqptr, "HTTP2_PING",
DICT_GET_VALUE(denptr), VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_SCHEME",
rqptr->ServicePtr->RequestSchemeNamePtr, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_TIME_GMT",
rqptr->rqTime.GmDateTime, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_TIME_LOCAL", LocalDateTime, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "REQUEST_URI",
rqptr->rqHeader.RequestUriPtr, VarType)))
return (status);
/* Apache-like */
if (rqptr->rqCgi.ScriptFileNamePtr &&
rqptr->rqCgi.ScriptFileNamePtr[0])
{
cptr = rqptr->rqCgi.ScriptFileNamePtr;
if (rqptr->rqPathSet.ScriptSyntaxUnix)
{
if (VMSnok (status = MapOdsVmsToUnix (cptr, String, sizeof(String))))
{
ErrorVmsStatus (rqptr, status, FI_LI);
return (status);
}
cptr = String;
}
if (VMSnok (status =
CgiVariable (rqptr, "SCRIPT_FILENAME", cptr, VarType)))
return (status);
}
if (rqptr->rqPathSet.ScriptDefaultPtr &&
rqptr->rqPathSet.ScriptDefaultPtr[0] != '#')
{
/* script default directory ('#' means backward-compatible) */
if (VMSnok (status =
CgiVariable (rqptr, "SCRIPT_DEFAULT",
rqptr->rqPathSet.ScriptDefaultPtr, VarType)))
return (status);
}
/* if it's "/" (empty from mapping) then make it "" (really empty :-) */
if (VMSnok (status =
CgiVariable (rqptr, "SCRIPT_NAME",
rqptr->ScriptName[0] && rqptr->ScriptName[1] ?
rqptr->ScriptName : "",
VarType)))
return (status);
if (rqptr->DclTaskPtr &&
rqptr->DclTaskPtr->ScriptRunTime[0] &&
rqptr->DclTaskPtr->ScriptRunTime[0] != '!')
{
/* Run-Time Environment (RTE engine file name) */
if (VMSnok (status =
CgiVariable (rqptr, "SCRIPT_RTE",
rqptr->DclTaskPtr->ScriptRunTime, VarType)))
return (status);
}
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_ADDR",
rqptr->ServicePtr->ServerIpAddressString, VarType)))
return (status);
/* Apache-like */
if (Config.cfServer.AdminEmail[0])
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_ADMIN",
Config.cfServer.AdminEmail, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_CHARSET",
Config.cfContent.CharsetDefault, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_GMT", TimeGmtString, VarType)))
return (status);
if (rqptr->ClientPtr->MultiHomeIpAddressString[0])
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_MULTIHOME",
rqptr->ClientPtr->MultiHomeIpAddressString, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_NAME",
rqptr->ServicePtr->ServerHostName, VarType)))
return (status);
if (rqptr->rqResponse.HttpVersion == HTTP_VERSION_1_1)
cptr = "HTTP/1.1";
else
if (rqptr->rqResponse.HttpVersion == HTTP_VERSION_1_0)
cptr = "HTTP/1.0";
else
cptr = "HTTP/0.9";
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_PROTOCOL", cptr, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_PORT",
rqptr->ServicePtr->ServerPortString, VarType)))
return (status);
/* Apache-like */
ServerSignature (rqptr, String, sizeof(String));
if (String[0])
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_SIGNATURE", String, VarType)))
return (status);
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_SOFTWARE", SoftwareID, VarType)))
return (status);
/* Apache-like */
if (VMSnok (status =
CgiVariable (rqptr, "UNIQUE_ID", GenerateUniqueId(rqptr), VarType)))
return (status);
/* if the client address has been rewritten */
if (rqptr->ClientPtr->SetClientAddress)
if (VMSnok (status =
CgiVariable (rqptr, "UPSTREAM_ADDR",
rqptr->ClientPtr->UpstreamIpAddressString,
VarType)))
return (status);
if (rqptr->RawSocketRequest)
{
if (rqptr->rqWebSocket.InputChannel)
{
if (VMSnok (status = CgiVariable (rqptr, "RAWSOCKET_INPUT",
rqptr->rqWebSocket.InputDevName, VarType)))
return (status);
sys$fao (&NumberFaoDsc, 0, &StringDsc, rqptr->rqWebSocket.InputSize);
if (VMSnok (status = CgiVariable (rqptr, "RAWSOCKET_INPUT_MRS",
String, VarType)))
return (status);
}
if (rqptr->rqWebSocket.OutputChannel)
{
if (VMSnok (status = CgiVariable (rqptr, "RAWSOCKET_OUTPUT",
rqptr->rqWebSocket.OutputDevName, VarType)))
return (status);
sys$fao (&NumberFaoDsc, 0, &StringDsc, rqptr->rqWebSocket.OutputSize);
if (VMSnok (status = CgiVariable (rqptr, "RAWSOCKET_OUTPUT_MRS",
String, VarType)))
return (status);
}
}
else
if (rqptr->WebSocketRequest)
{
sys$fao (&NumberFaoDsc, 0, &StringDsc, rqptr->rqHeader.WebSocketVersion);
if (VMSnok (status = CgiVariable (rqptr, "WEBSOCKET_VERSION",
String, VarType)))
return (status);
if (rqptr->rqWebSocket.InputChannel)
{
if (VMSnok (status = CgiVariable (rqptr, "WEBSOCKET_INPUT",
rqptr->rqWebSocket.InputDevName, VarType)))
return (status);
sys$fao (&NumberFaoDsc, 0, &StringDsc, rqptr->rqWebSocket.InputSize);
if (VMSnok (status = CgiVariable (rqptr, "WEBSOCKET_INPUT_MRS",
String, VarType)))
return (status);
}
if (rqptr->rqWebSocket.OutputChannel)
{
if (VMSnok (status = CgiVariable (rqptr, "WEBSOCKET_OUTPUT",
rqptr->rqWebSocket.OutputDevName, VarType)))
return (status);
sys$fao (&NumberFaoDsc, 0, &StringDsc, rqptr->rqWebSocket.OutputSize);
if (VMSnok (status = CgiVariable (rqptr, "WEBSOCKET_OUTPUT_MRS",
String, VarType)))
return (status);
}
}
/* if we're WATCHing you - say something! */
if (WATCHING (rqptr, WATCH_SCRIPT))
if (VMSnok (status =
CgiVariable (rqptr, "WATCH_SCRIPT", "TRUE", VarType)))
return (status);
/*****************/
/* SSL variables */
/*****************/
if (VMSnok (status = SesolaCgiGenerateVariables (rqptr, VarType)))
return (status);
/***************************/
/* query string components */
/***************************/
if (rqptr->rqHeader.QueryStringLength &&
!rqptr->rqPathSet.ScriptQueryNone)
{
EmptyFieldNameCount = KeyCount = 0;
cptr = rqptr->rqHeader.QueryStringPtr;
while (*cptr && *cptr != '=') cptr++;
/* if an equal symbol was found then its a form not a keyword search */
if (*cptr)
{
/***************/
/* form fields */
/***************/
memcpy (FieldName, "FORM_", 5);
cptr = rqptr->rqHeader.QueryStringPtr;
while (*cptr)
{
sptr = FieldName + 5;
zptr = FieldName + sizeof(FieldName);
while (*cptr && *cptr != '=' && *cptr != '&' && sptr < zptr)
{
if (isalnum(*cptr))
*sptr++ = TOUP(*cptr++);
else
{
*sptr++ = '_';
cptr++;
}
}
if (sptr >= zptr)
{
ErrorVmsStatus (rqptr, SS$_RESULTOVF, FI_LI);
return (STS$K_ERROR);
}
*sptr = '\0';
if (!FieldName[5] || (*cptr && *cptr != '=' && *cptr != '&'))
{
if (*cptr == '&')
{
/* allow back-to-back '&' (effectively null field name) */
cptr++;
continue;
}
/* out-of-place '=' (no field name) */
if (rqptr->rqPathSet.ScriptQueryRelaxed)
{
/* let's be relaxed about this, script will handle it */
sys$fao (&NumberFaoDsc, 0, &StringDsc, ++EmptyFieldNameCount);
FieldName[5] = '_';
strcpy (FieldName+6, String);
}
else
{
rqptr->rqResponse.HttpStatus = 400;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_REQUEST_URL_FORM),
FI_LI);
return (STS$K_ERROR);
}
}
/* if encountered an '=' */
if (*cptr == '=') cptr++;
Count = CgiUrlDecodeString (rqptr, cptr,
String, sizeof(String), '&');
if (Count < 0) return (STS$K_ERROR);
cptr += Count;
if (VMSnok (status =
CgiVariable (rqptr, FieldName, String, VarType)))
return (status);
}
if (VMSnok (status =
CgiVariable (rqptr, "KEY_COUNT", "0", VarType)))
return (status);
}
else
{
/******************/
/* query keywords */
/******************/
cptr = rqptr->rqHeader.QueryStringPtr;
while (*cptr)
{
sys$fao (&NumberFaoDsc, 0, &StringDsc, ++KeyCount);
memcpy (FieldName, "KEY_", 4);
strcpy (FieldName+4, String);
Count = CgiUrlDecodeString (rqptr, cptr,
String, sizeof(String), '+');
if (Count < 0) return (STS$K_ERROR);
cptr += Count;
if (VMSnok (status =
CgiVariable (rqptr, FieldName, String, VarType)))
return (status);
}
sys$fao (&NumberFaoDsc, 0, &StringDsc, KeyCount);
if (VMSnok (status =
CgiVariable (rqptr, "KEY_COUNT", String, VarType)))
return (status);
}
}
else
if (!rqptr->rqPathSet.ScriptQueryNone)
{
/* no keywords if no query string! */
if (VMSnok (status =
CgiVariable (rqptr, "KEY_COUNT", "0", VarType)))
return (status);
}
/*********************/
/* SET script=params */
/*********************/
if (rqptr->rqPathSet.ScriptParamsPtr)
{
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI, "!&Z",
rqptr->rqPathSet.ScriptParamsPtr);
NameValuePtr = rqptr->rqPathSet.ScriptParamsPtr;
for (;;)
{
status = StringParseNameValue (&NameValuePtr, true,
FieldName, sizeof(FieldName),
String, sizeof(String));
if (VMSnok (status)) break;
status = CgiVariable (rqptr, FieldName, String, VarType);
if (VMSnok (status)) break;
}
if (status != SS$_ENDOFFILE) ErrorVmsStatus (rqptr, status, FI_LI);
}
/******************/
/* dictionary CGI */
/******************/
/* these can (also) be used to overwrite any CGI variable! */
DictIterate (rqptr->rqDictPtr, NULL);
while (denptr = DictIterate (rqptr->rqDictPtr, DICT_TYPE_CONFIG))
{
cptr = DICT_GET_KEY(denptr);
if (!MATCH4 (cptr, "cgi_")) continue;
sptr = DICT_GET_VALUE(denptr);
if (VMSnok (status = CgiVariable (rqptr, cptr+4, sptr, VarType)))
return (status);
}
/**************************/
/* auth agent script-meta */
/**************************/
if (rqptr->rqAuth.ScriptMetaPtr)
{
NameValuePtr = rqptr->rqAuth.ScriptMetaPtr;
for (;;)
{
status = StringParseNullNameValue (&NameValuePtr, true,
FieldName, sizeof(FieldName),
String, sizeof(String));
if (VMSnok (status)) break;
status = CgiVariable (rqptr, FieldName, String, VarType);
if (VMSnok (status)) break;
}
if (status != SS$_ENDOFFILE) ErrorVmsStatus (rqptr, status, FI_LI);
}
/***********/
/* finally */
/***********/
if (rqptr->rqCgi.SymbolTruncatePtr)
if (VMSnok (status =
CgiVariable (rqptr, "SERVER_TRUNCATE",
rqptr->rqCgi.SymbolTruncatePtr, VarType)))
return (status);
/********************/
/* end of variables */
/********************/
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, "VARIABLES !&,UL bytes",
rqptr->rqCgi.BufferLength - rqptr->rqCgi.BufferRemaining);
return (CgiVariable (rqptr, NULL, NULL, VarType));
}
/*****************************************************************************/
/*
URL-decode a URL-encoded string! Return -1 if an error occurs, otherwise
return the number of characters read from the original, encoded string.
*/
int CgiUrlDecodeString
(
REQUEST_STRUCT *rqptr,
char *EncodedString,
char *DecodedString,
int SizeofDecodedString,
char Separator
)
{
unsigned char ch;
char *cptr, *sptr, *zptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI,
"CgiUrlDecodeString() !&Z", EncodedString);
cptr = EncodedString;
zptr = (sptr = DecodedString) + SizeofDecodedString;
while (*cptr && *cptr != Separator && sptr < zptr)
{
if (*cptr == '+')
{
*sptr++ = ' ';
cptr++;
}
else
if (*cptr == '%')
{
/* an escaped character ("%xx" where xx is a hex number) */
cptr++;
ch = 0;
if (*cptr >= '0' && *cptr <= '9')
{ ch = (*cptr - (int)'0') << 4; cptr++; }
else
if (TOLO(*cptr) >= 'a' && TOLO(*cptr) <= 'f')
{ ch = (TOLO(*cptr) - (int)'a' + 10) << 4; cptr++; }
else
{
rqptr->rqResponse.HttpStatus = 400;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_REQUEST_URL_ENC), FI_LI);
return (-1);
}
if (*cptr >= '0' && *cptr <= '9')
{ ch += (*cptr - (int)'0'); cptr++; }
else
if (TOLO(*cptr) >= 'a' && TOLO(*cptr) <= 'f')
{ ch += (TOLO(*cptr) - (int)'a' + 10); cptr++; }
else
{
rqptr->rqResponse.HttpStatus = 400;
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_REQUEST_URL_ENC), FI_LI);
return (-1);
}
if (sptr < zptr) *sptr++ = ch;
}
else
*sptr++ = *cptr++;
}
if (sptr >= zptr)
{
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_GENERAL_OVERFLOW), FI_LI);
return (-1);
}
*sptr = '\0';
if (*cptr) cptr++;
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchDataFormatted ("!&Z\n", DecodedString);
return (cptr - EncodedString);
}
/*****************************************************************************/
/*
Depending on whether the CGI variable is for creation at the DCL CLI or as part
of a CGI variable stream (e.g. CGIplus) create a null-terminated string
containing either commands to create a DCL symbol, or a 'name=value' pair.
DCL symbol creation at the command line is limited by the CLI command line
length (255 characters for pre 7.3-2, 4095 for post 7.3-1). Symbol values
however can be up to 1024 (or pragmatically about 1000 characters) for pre
7.3-2 and 8192 (or thereabouts) for post 7.3-1, probably enough for any CGI
variable value. If a CGI value is too large for for a single command-line
assignment then build it up using multiple assignments, a symbol assignment
kludge!
*/
int CgiVariable
(
REQUEST_STRUCT *rqptr,
char *SymbolName,
char *SymbolValue,
int VarType
)
{
static char DeleteAllLocalSymbol[] = "DELETE/SYMBOL/LOCAL/ALL";
int status,
CliLineSize,
CliSymbolSize,
SymbolCount,
SymbolValueLength;
unsigned short Length;
char *cptr, *sptr, *zptr,
*CgiPlusInCCPtr,
*CgiVariablePrefixPtr;
char NameString [256],
ValueString [2048];
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI,
"CgiVariable() !UL !AZ !&Z", VarType, SymbolName, SymbolValue);
if (!SymbolName)
{
/************************/
/* end of CGI variables */
/************************/
if (rqptr->rqCgi.BufferRemaining < sizeof(short))
CgiVariableBufferMemory (rqptr, sizeof(short));
/* zero length record terminates generated CGI variables */
SET2(rqptr->rqCgi.BufferCurrentPtr,0);
rqptr->rqCgi.BufferRemaining -= sizeof(short);
rqptr->rqCgi.BufferCurrentPtr += sizeof(short);
return (SS$_NORMAL);
}
if (!SymbolValue)
{
/************************/
/* parse <name>=<value> */
/************************/
zptr = (sptr = NameString) + sizeof(NameString)-1;
cptr = SymbolName;
while (*cptr && *cptr != '=' && sptr < zptr) *sptr++ = *cptr++;
*sptr = '\0';
while (*cptr && *cptr != '=') cptr++;
if (*cptr) cptr++;
zptr = (sptr = ValueString) + sizeof(ValueString)-1;
while (*cptr && sptr < zptr) *sptr++ = *cptr++;
*sptr = '\0';
SymbolName = NameString;
SymbolValue = ValueString;
}
if (rqptr->rqPathSet.CgiPrefixPtr)
CgiVariablePrefixPtr = rqptr->rqPathSet.CgiPrefixPtr;
else
CgiVariablePrefixPtr = DclCgiVariablePrefix;
CgiPlusInCCPtr = rqptr->rqPathSet.CgiPlusInCC;
if (!SymbolValue) SymbolValue = "";
if (WATCHING (rqptr, WATCH_CGI))
WatchDataFormatted ("!AZ=!AZ\n", SymbolName, SymbolValue);
if (VarType == CGI_VARIABLE_STREAM)
{
/******************************/
/* variables in record stream */
/******************************/
if (rqptr->rqCgi.BufferRemaining <= DclCgiPlusInSize + sizeof(short))
CgiVariableBufferMemory (rqptr, DclCgiPlusInSize*2);
zptr = (sptr = rqptr->rqCgi.BufferCurrentPtr + sizeof(short)) +
(rqptr->rqCgi.BufferRemaining - sizeof(short));
for (cptr = CgiVariablePrefixPtr; *cptr; *sptr++ = *cptr++);
for (cptr = SymbolName; *cptr && sptr < zptr; *sptr++ = *cptr++);
if (sptr < zptr) *sptr++ = '=';
for (cptr = SymbolValue; *cptr && sptr < zptr; *sptr++ = *cptr++);
if (sptr < zptr && CgiPlusInCCPtr[0]) *sptr++ = CgiPlusInCCPtr[0];
if (sptr < zptr && CgiPlusInCCPtr[1]) *sptr++ = CgiPlusInCCPtr[1];
if (sptr < zptr) *sptr++ = '\0';
if (sptr < zptr)
{
Length = sptr - (char*)rqptr->rqCgi.BufferCurrentPtr - sizeof(short);
SET2(rqptr->rqCgi.BufferCurrentPtr,Length);
rqptr->rqCgi.BufferRemaining -= Length + sizeof(short);
rqptr->rqCgi.BufferCurrentPtr += Length + sizeof(short);
return (SS$_NORMAL);
}
ErrorGeneral (rqptr, MsgFor(rqptr,MSG_GENERAL_OVERFLOW), FI_LI);
return (STS$K_ERROR);
}
/********************************/
/* variables created at DCL CLI */
/********************************/
if (SysInfo.VersionInteger >= 732)
{
/* take advantage of EDCL - ultimately limited by 'DclSysCommandSize'! */
CliLineSize = 4095;
CliSymbolSize = 8191;
}
else
{
/* same old command-line length we've grown up knowing and hating */
CliLineSize = 255;
CliSymbolSize = 1023;
}
if (rqptr->rqCgi.BufferRemaining <= CliLineSize + sizeof(short))
CgiVariableBufferMemory (rqptr, DclSysCommandSize);
/********************************/
/* try for a single assignment! */
/********************************/
zptr = (sptr = rqptr->rqCgi.BufferCurrentPtr + sizeof(short)) + CliLineSize;
for (cptr = CgiVariablePrefixPtr; *cptr; *sptr++ = *cptr++);
for (cptr = SymbolName; *cptr && sptr < zptr; *sptr++ = *cptr++);
if (sptr < zptr) *sptr++ = '=';
if (sptr < zptr) *sptr++ = '=';
if (sptr < zptr) *sptr++ = '\"';
cptr = SymbolValue;
while (*cptr && sptr < zptr)
{
if (*cptr == '\"')
{
/* escape double quotes, by doubling up */
if (sptr+2 < zptr)
{
cptr++;
*sptr++ = '\"';
*sptr++ = '\"';
}
else
zptr = sptr;
continue;
}
if (SAME2(cptr,'\'\''))
{
/* escape doubled single quotes by concatenation */
if (sptr+4 < zptr)
{
cptr++;
memcpy (sptr, "\'\"+\"", 4);
sptr += 4;
}
else
zptr = sptr;
continue;
}
if (sptr < zptr) *sptr++ = *cptr++;
}
if (sptr < zptr) *sptr++ = '\"';
if (sptr < zptr)
{
/**********************************/
/* fitted into the one assignment */
/**********************************/
*sptr++ = '\0';
Length = sptr - (char*)rqptr->rqCgi.BufferCurrentPtr - sizeof(short);
SET2(rqptr->rqCgi.BufferCurrentPtr,Length);
rqptr->rqCgi.BufferRemaining -= Length + sizeof(short);
rqptr->rqCgi.BufferCurrentPtr += Length + sizeof(short);
return (SS$_NORMAL);
}
/************************/
/* multiple assignments */
/************************/
/* plus one allows for the first equate symbol in the global assignment */
SymbolValueLength = strlen(SymbolName) + 1;
/* loop assigning maximum amount allowed by DCL until all assigned */
SymbolCount = 0;
cptr = SymbolValue;
while (*cptr)
{
if (rqptr->rqCgi.BufferRemaining <= CliLineSize + sizeof(short))
CgiVariableBufferMemory (rqptr, DclSysCommandSize);
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchDataFormatted ("!&Z\n", cptr);
/* set this to DCL line length minus one for the terminating quote */
zptr = (sptr = rqptr->rqCgi.BufferCurrentPtr + sizeof(short)) +
CliLineSize - 1;
/* allow for each of the +B+C apparently implemented as +".."+".." */
SymbolValueLength += 3;
if (SymbolValueLength >= CliSymbolSize) break;
switch (++SymbolCount)
{
case 1 : memcpy (sptr, "A=\"", 3); break;
case 2 : memcpy (sptr, "B=\"", 3); break;
case 3 : memcpy (sptr, "C=\"", 3); break;
case 4 : memcpy (sptr, "D=\"", 3); break;
case 5 : memcpy (sptr, "E=\"", 3); break;
case 6 : memcpy (sptr, "F=\"", 3); break;
default : memcpy (sptr, "X=\"", 3); break;
}
sptr += 3;
while (*cptr && sptr < zptr)
{
SymbolValueLength++;
/* quit one before completely full to allow for trailing quote */
if (SymbolValueLength >= CliSymbolSize) break;
if (*cptr == '\"')
{
/* escape double quotes, by doubling up */
if (sptr+2 < zptr)
{
cptr++;
*sptr++ = '\"';
*sptr++ = '\"';
}
else
zptr = sptr;
continue;
}
if (SAME2(cptr,'\'\''))
{
/* escape doubled single quotes by concatenation */
if (sptr+4 < zptr)
{
cptr++;
memcpy (sptr, "\'\"+\"", 4);
sptr += 4;
}
else
zptr = sptr;
continue;
}
*sptr++ = *cptr++;
}
*sptr++ = '\"';
*sptr++ = '\0';
Length = sptr - (char*)rqptr->rqCgi.BufferCurrentPtr - sizeof(short);
SET2(rqptr->rqCgi.BufferCurrentPtr,Length);
rqptr->rqCgi.BufferRemaining -= Length + sizeof(short);
rqptr->rqCgi.BufferCurrentPtr += Length + sizeof(short);
if (SymbolValueLength >= CliSymbolSize) break;
}
if (SymbolValueLength >= CliSymbolSize)
{
/**************************/
/* symbol value too large */
/**************************/
if (rqptr->rqPathSet.ScriptSymbolTruncate)
{
/* add this CGI variable name to the truncated symbol(s) list */
rqptr->rqCgi.SymbolTruncatePtr =
VmReallocHeap (rqptr,
rqptr->rqCgi.SymbolTruncatePtr,
rqptr->rqCgi.SymbolTruncateLength +
strlen(SymbolName)+2, FI_LI);
if (rqptr->rqCgi.SymbolTruncateLength)
{
strcat (rqptr->rqCgi.SymbolTruncatePtr, ",");
rqptr->rqCgi.SymbolTruncateLength++;
}
strcat (rqptr->rqCgi.SymbolTruncatePtr, SymbolName);
rqptr->rqCgi.SymbolTruncateLength += strlen(SymbolName);
}
else
{
/* cannot create a symbol this size */
rqptr->rqResponse.ErrorTextPtr = SymbolName;
rqptr->rqResponse.ErrorOtherTextPtr = ErrorCgiSymbol;
ErrorVmsStatus (rqptr, CLI$_BUFOVF, FI_LI);
ErrorNoticed (rqptr, CLI$_BUFOVF, "!AZ too big at !UL characters,",
FI_LI, SymbolName, strlen(SymbolValue));
return (STS$K_ERROR);
}
}
/* assign the temporary symbol value(s) to the CGI symbol */
if (rqptr->rqCgi.BufferRemaining <= CliLineSize + sizeof(short))
CgiVariableBufferMemory (rqptr, DclSysCommandSize);
sptr = rqptr->rqCgi.BufferCurrentPtr + sizeof(short);
for (cptr = CgiVariablePrefixPtr; *cptr; *sptr++ = *cptr++);
for (cptr = SymbolName; *cptr; *sptr++ = *cptr++);
switch (SymbolCount)
{
case 1 : memcpy (sptr, "==A", 4); sptr += 4; break;
case 2 : memcpy (sptr, "==A+B", 6); sptr += 6; break;
case 3 : memcpy (sptr, "==A+B+C", 8); sptr += 8; break;
case 4 : memcpy (sptr, "==A+B+C+D", 10); sptr += 10; break;
case 5 : memcpy (sptr, "==A+B+C+D+E", 12); sptr += 12; break;
case 6 : memcpy (sptr, "==A+B+C+D+E+F", 14); sptr += 14; break;
default : break;
}
Length = sptr - (char*)rqptr->rqCgi.BufferCurrentPtr - sizeof(short);
SET2(rqptr->rqCgi.BufferCurrentPtr,Length);
rqptr->rqCgi.BufferRemaining -= Length + sizeof(short);
rqptr->rqCgi.BufferCurrentPtr += Length + sizeof(short);
/* not really necessary, but let's be tidy */
if (rqptr->rqCgi.BufferRemaining <=
sizeof(DeleteAllLocalSymbol) + sizeof(short))
CgiVariableBufferMemory (rqptr, DclSysCommandSize);
memcpy (rqptr->rqCgi.BufferCurrentPtr + sizeof(short),
DeleteAllLocalSymbol, sizeof(DeleteAllLocalSymbol));
SET2(rqptr->rqCgi.BufferCurrentPtr,sizeof(DeleteAllLocalSymbol));
rqptr->rqCgi.BufferRemaining -= sizeof(DeleteAllLocalSymbol) + sizeof(short);
rqptr->rqCgi.BufferCurrentPtr += sizeof(DeleteAllLocalSymbol) + sizeof(short);
return (SS$_NORMAL);
}
/*****************************************************************************/
/*
Allocate, or reallocate on subsequent calls, memory for storing the CGI
variables in. Adjusts the CGI variable buffer pointers, lengths, etc,
appropriately.
*/
void CgiVariableBufferMemory
(
REQUEST_STRUCT *rqptr,
int BufferChunk
)
{
int CurrentLength,
CurrentOffset;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI,
"CgiVariableBufferMemory() !UL !UL !UL",
BufferChunk, rqptr->rqCgi.BufferLength,
rqptr->rqCgi.BufferCurrentPtr - rqptr->rqCgi.BufferPtr);
if (!rqptr->rqCgi.BufferLength)
{
/* initialize CGI variable buffer */
rqptr->rqCgi.BufferLength = rqptr->rqCgi.BufferRemaining = BufferChunk;
rqptr->rqCgi.BufferPtr = rqptr->rqCgi.BufferCurrentPtr =
VmGetHeap (rqptr, BufferChunk);
return;
}
CurrentLength = rqptr->rqCgi.BufferLength;
CurrentOffset = rqptr->rqCgi.BufferCurrentPtr - rqptr->rqCgi.BufferPtr;
rqptr->rqCgi.BufferPtr =
VmReallocHeap (rqptr, rqptr->rqCgi.BufferPtr,
CurrentLength + BufferChunk, FI_LI);
rqptr->rqCgi.BufferLength = CurrentLength + BufferChunk;
rqptr->rqCgi.BufferRemaining += BufferChunk;
rqptr->rqCgi.BufferCurrentPtr = rqptr->rqCgi.BufferPtr + CurrentOffset;
}
/*****************************************************************************/
/*
Process output from a CGI/CGIplus/RTE/WebSocket script (or even plain DCL
processing). For CGI scripts check the first output from each for CGI-relevant
HTTP header lines. For all output check that carriage-control is as required.
Returns one of two things. Either a constant value ("CGI_OUTPUT_...") that
indicates some event in output processing, or a value indicating quantity of
output still available in the stream.
*/
int CgiOutput
(
REQUEST_STRUCT *rqptr,
char *OutputPtr,
int OutputCount
)
{
BOOL CgiCompliant,
EndOfHeader,
HTTP1dot1;
int cnt, idx, status,
AbsorbCount,
HeaderLength,
HeaderRemaining,
HttpStatus,
LineCount;
char *cptr, *lptr, *sptr, *zptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
{
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI,
"CgiOutput() !SL !&X", OutputCount, OutputPtr);
WatchDataDump (OutputPtr, OutputCount);
}
cptr = OutputPtr;
cnt = OutputCount;
if (!cptr)
{
/********************/
/* reset CGI output */
/********************/
rqptr->rqCgi.CalloutInProgress =
rqptr->rqCgi.ContentTypeText =
rqptr->rqCgi.Header100Continue =
rqptr->rqCgi.Header100ContinueDone =
rqptr->rqCgi.ProcessingBody = false;
rqptr->rqCgi.CalloutOutputCount =
rqptr->rqCgi.OutputMode =
rqptr->rqCgi.RecordCount =
rqptr->rqCgi.XVMSRecordMode = 0;
rqptr->rqCgi.ContentLength = -1;
if (rqptr->rqCgi.HeaderPtr)
VmFreeFromHeap (rqptr, rqptr->rqCgi.HeaderPtr, FI_LI);
rqptr->rqCgi.HeaderLength = rqptr->rqCgi.HeaderLineCount = 0;
rqptr->rqCgi.HeaderPtr = VmGetHeap (rqptr, DclCgiHeaderSize);
return (0);
}
if (rqptr->rqCgi.EofLength)
{
if (cnt >= rqptr->rqCgi.EofLength &&
cnt <= rqptr->rqCgi.EofLength+2 &&
MATCH0 (cptr, rqptr->rqCgi.EofStr, rqptr->rqCgi.EofLength))
{
/******************************/
/* end of output from script! */
/******************************/
rqptr->rqCgi.AbsorbHeader =
rqptr->rqCgi.BufferRecords = false;
if (!rqptr->rqCgi.IsCliDcl &&
!rqptr->AgentRequestPtr &&
!rqptr->rqCgi.ProcessingBody &&
/* ->HttpStatus can be set by DCL callout GATEWAY-BEGIN: */
!rqptr->rqResponse.HttpStatus &&
!rqptr->rqResponse.RedactBufferPtr &&
!rqptr->rqResponse.RedactBufferCount &&
Config.cfScript.CgiStrictOutput)
{
/* hmmmm, didn't receive any output */
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, ErrorCgiNotStrict);
ErrorNoticed (rqptr, 0, CgiNotStrict, FI_LI);
return (CGI_OUTPUT_NOT_STRICT);
}
if (rqptr->rqCache.LoadFromCgi)
{
rqptr->rqCache.LoadStatus = SS$_ENDOFFILE;
CacheLoadEnd (rqptr);
}
return (CGI_OUTPUT_END);
}
}
if (rqptr->rqCgi.CalloutInProgress)
{
/********************************/
/* output escape is in progress */
/********************************/
if (cnt >= rqptr->rqCgi.EotLength &&
cnt <= rqptr->rqCgi.EotLength+2 &&
MATCH0 (cptr, rqptr->rqCgi.EotStr, rqptr->rqCgi.EotLength))
{
/******************************/
/* end of escape from script! */
/******************************/
return (CGI_OUTPUT_ESCAPE_END);
}
return (CGI_OUTPUT_ESCAPE);
}
if (!rqptr->rqCgi.IsCliDcl &&
rqptr->rqCgi.EscLength)
{
if (cnt >= rqptr->rqCgi.EscLength &&
cnt <= rqptr->rqCgi.EscLength+2 &&
MATCH0 (cptr, rqptr->rqCgi.EscStr, rqptr->rqCgi.EscLength))
{
/******************************/
/* escape from script output! */
/******************************/
return (CGI_OUTPUT_ESCAPE_BEGIN);
}
}
rqptr->rqCgi.RecordCount++;
if (!rqptr->rqCgi.ProcessingBody &&
!rqptr->rqCgi.IsCliDcl)
{
/******************************/
/* processing response header */
/******************************/
/* buffer part of, one, or multiple lines of script (header) output */
LineCount = 0;
EndOfHeader = false;
sptr = rqptr->rqCgi.HeaderPtr + rqptr->rqCgi.HeaderLength;
zptr = sptr + DclCgiHeaderSize;
while (*cptr && sptr < zptr)
{
if (*cptr != '\n' &&
!SAME2(cptr,'\r\n') &&
!SAME2(cptr,'\r\0'))
{
*sptr++ = *cptr++;
continue;
}
if (*cptr == '\n')
{
/* record terminated by a trailing newline */
if (sptr > rqptr->rqCgi.HeaderPtr && *(sptr-1) == '\n')
{
cptr++;
EndOfHeader = true;
break;
}
*sptr++ = '\r';
if (sptr < zptr) *sptr++ = *cptr++;
LineCount++;
rqptr->rqCgi.HeaderCarRet = false;
continue;
}
else
if (SAME2(cptr,'\r\n'))
{
/* record 'correctly' terminated */
if (sptr > rqptr->rqCgi.HeaderPtr && *(sptr-1) == '\n')
{
cptr++;
cptr++;
EndOfHeader = true;
break;
}
*sptr++ = *cptr++;
if (sptr < zptr) *sptr++ = *cptr++;
LineCount++;
rqptr->rqCgi.HeaderCarRet = false;
continue;
}
else
{
/* single record terminated by a trailing carriage-return */
if (sptr > rqptr->rqCgi.HeaderPtr && *(sptr-1) == '\n')
{
cptr++;
EndOfHeader = true;
break;
}
*sptr++ = *cptr++;
if (sptr < zptr) *sptr++ = '\n';
LineCount++;
rqptr->rqCgi.HeaderCarRet = false;
continue;
}
}
/* an empty record can only mean one thing, a '\n' in record-mode! */
if (!OutputCount || rqptr->rqCgi.HeaderCarRet)
{
/* header output contains no explicit carriage-control */
LineCount++;
if (sptr > rqptr->rqCgi.HeaderPtr && *(sptr-1) == '\n')
EndOfHeader = true;
else
{
if (sptr < zptr) *sptr++ = '\r';
if (sptr < zptr) *sptr++ = '\n';
}
}
if (sptr >= zptr)
{
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, ErrorCgiNotStrict);
ErrorNoticed (rqptr, 0, CgiNotStrict, FI_LI);
return (CGI_OUTPUT_NOT_STRICT);
}
*sptr = '\0';
HeaderLength = sptr - rqptr->rqCgi.HeaderPtr;
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchDataDump(rqptr->rqCgi.HeaderPtr, HeaderLength);
}
if (!rqptr->rqCgi.ProcessingBody &&
!rqptr->rqCgi.IsCliDcl &&
!rqptr->rqCgi.HeaderLineCount)
{
/****************/
/* first record */
/****************/
lptr = rqptr->rqCgi.HeaderPtr;
if (MATCH7 (lptr, "HTTP/1."))
{
HTTP1dot1 = (*(lptr += 7) == '1');
for (lptr++; ISLWS(*lptr) && NOTEOL(*lptr); lptr++);
/* get (what should be) the response status code */
HttpStatus = atoi(lptr);
if (HTTP1dot1 && HttpStatus == 100)
{
/****************/
/* 100 continue */
/****************/
if (rqptr->rqCgi.Header100ContinueDone)
{
/* hmmm, not putting up with two of these back-to-back! */
ErrorNoticed (rqptr, 0, CgiNotStrict, FI_LI);
return (CGI_OUTPUT_NOT_STRICT);
}
rqptr->rqCgi.Header100Continue = true;
}
else
if (HTTP1dot1 && HttpStatus == 101 &&
(rqptr->WebSocketRequest || rqptr->RawSocketRequest))
{
/***************************/
/* 101 switching protocols */
/***************************/
/* we'll be generating a Web Socket specific response header */
rqptr->rqCgi.Header101Switching = rqptr->rqCgi.AbsorbHeader = true;
}
else
{
/**************************/
/* full HTTP stream (NPH) */
/**************************/
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, "RESPONSE NPH mode!AZ",
HTTP2_REQUEST(rqptr) ? " (but HTTP/2)" : "");
/* status used for logging purposes */
rqptr->rqResponse.HttpStatus = HttpStatus;
if (!rqptr->rqCgi.AbsorbHeader)
{
if (Watch.Category && Watch.Category != WATCH_ONE_SHOT_CAT)
WatchFilterHttpStatus (rqptr);
if (rqptr->rqPathSet.CacheNPH &&
!rqptr->rqCache.LoadCheck)
{
/* script output to be cached */
rqptr->rqCache.LoadFromCgi = CacheLoadBegin (rqptr, 0, NULL);
if (rqptr->rqCache.LoadFromCgi)
CacheLoadData (rqptr, OutputPtr, OutputCount);
}
/* HTTP/2 requires an explicit response header */
if (!HTTP2_REQUEST(rqptr))
{
/* HTTP/1.n does not */
rqptr->rqCgi.ProcessingBody = true;
return (OutputCount);
}
}
}
}
else
{
/************************************/
/* check for CGI-like response line */
/************************************/
/* ensure it looks something like "blah-blah:" */
while (*lptr && *lptr != ':' && !ISLWS(*lptr)) lptr++;
if (*lptr != ':')
{
/***********************/
/* non-CGI/NPH output? */
/***********************/
if (rqptr->AgentRequestPtr)
{
/* not allowed for an agent */
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, ErrorCgiNotStrict);
ErrorNoticed (rqptr, 0, CgiNotStrict, FI_LI);
return (CGI_OUTPUT_NOT_STRICT);
}
if (Config.cfScript.CgiStrictOutput)
{
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, ErrorCgiNotStrict);
ErrorNoticed (rqptr, 0, CgiNotStrict, FI_LI);
return (CGI_OUTPUT_NOT_STRICT);
}
lptr = rqptr->rqCgi.HeaderPtr;
if (*lptr == '%')
{
/* check for something like "%DCL-E-OPENIN, blah" */
for (cptr = lptr+1; *cptr && isalpha(*cptr); cptr++);
if (cptr[0] == '-' &&
(cptr[1] == 'F' || cptr[1] == 'E' || cptr[1] == 'W') &&
cptr[2] == '-')
{
cptr += 3;
while (*cptr && isalpha(*cptr)) cptr++;
if (*cptr == ',')
{
/* yep, looks like it */
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI,
ErrorCgiCli, lptr);
rqptr->rqResponse.HttpStatus = 502;
ErrorGeneral (rqptr, lptr, FI_LI);
ErrorNoticed (rqptr, 0, CgiNotStrict, FI_LI);
return (CGI_OUTPUT_NOT_STRICT);
}
}
}
ResponseHeader (rqptr, 200, "text/plain", -1, NULL, NULL);
rqptr->rqCgi.ContentTypeText =
rqptr->rqCgi.ProcessingBody = true;
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD;
}
}
if (!LineCount && rqptr->rqCgi.RecordCount == 1)
{
/* no carriage-control has been detected in first record */
rqptr->rqCgi.HeaderCarRet = true;
if (sptr < zptr) *sptr++ = '\r';
if (sptr < zptr) *sptr++ = '\n';
LineCount++;
}
}
if (!rqptr->rqCgi.ProcessingBody &&
!rqptr->rqCgi.IsCliDcl)
{
/***************************/
/* (still) response header */
/***************************/
rqptr->rqCgi.HeaderLineCount += LineCount;
rqptr->rqCgi.HeaderLength = HeaderLength = sptr - rqptr->rqCgi.HeaderPtr;
/* eliminate header line(s) */
memmove (OutputPtr, cptr, OutputCount - (cptr - OutputPtr));
/* adjust for what we have buffered/eliminated of the header */
OutputCount -= cptr - OutputPtr;
if (!(rqptr->rqCgi.ProcessingBody = EndOfHeader)) return (OutputCount);
/***************************/
/* end of response header! */
/***************************/
if (rqptr->rqCgi.Header100Continue)
{
/****************/
/* 100 continue */
/****************/
/* output a "100 Continue" header to the client */
ResponseHeader100Continue (rqptr);
/* reset the CGI header storage */
CgiOutput (rqptr, NULL, 0);
/* note that we've already done this once */
rqptr->rqCgi.Header100ContinueDone = true;
/* restart the header processing with anything that's left */
if (OutputCount)
OutputCount = CgiOutput (rqptr, OutputPtr, OutputCount);
return (OutputCount);
}
/*****************/
/* "real" header */
/*****************/
/* look at each line in the script-generated CGI response header */
CgiCompliant = false;
LineCount = 0;
HeaderRemaining = rqptr->rqCgi.HeaderLength;
cptr = rqptr->rqCgi.HeaderPtr;
while (*cptr)
{
/**************************/
/* process header line(s) */
/**************************/
for (zptr = lptr = cptr;
*zptr && *zptr != '\r' && !SAME2(zptr,'\r\n');
zptr++);
LineCount++;
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI,
"RESPONSE header line !UL \'!#AZ\' !UL bytes",
LineCount, zptr-lptr, lptr, zptr-lptr);
/* continue on to the beginning of (any) next line */
if (*zptr == '\r') zptr++;
if (*zptr == '\n') zptr++;
HeaderRemaining -= zptr - lptr;
if (LineCount == 1 &&
MATCH7 (cptr, "HTTP/1."))
{
/*********************/
/* absorb NPH header */
/*********************/
/* well, sort of! */
CgiCompliant = true;
/* bump to the start of the next line */
if (!*(cptr = zptr)) break;
continue;
}
/* ensure it looks like a response header field format */
for (sptr = cptr;
sptr < zptr && *sptr != ':' && !ISLWS(*sptr);
sptr++);
/* a little more restrictive than RFC2616 but... */
if (!isalnum(*cptr) || *sptr != ':')
{
ErrorNoticed (rqptr, 0, CgiNotStrict, FI_LI);
return (CGI_OUTPUT_NOT_STRICT);
}
if (TOUP(*cptr) == 'C' && strsame (cptr, "Content-Type:", 13))
{
/****************/
/* content-type */
/****************/
CgiCompliant = true;
cptr += 13;
while (ISLWS(*cptr) && NOTEOL(*cptr)) cptr++;
sptr = cptr;
while (NOTEOL(*cptr)) cptr++;
if (!rqptr->rqCgi.AbsorbHeader)
{
rqptr->rqResponse.ContentTypePtr =
VmGetHeap (rqptr, cptr-sptr+1);
memcpy (rqptr->rqResponse.ContentTypePtr, sptr, cptr-sptr);
rqptr->rqResponse.ContentTypePtr[cptr-sptr] = '\0';
rqptr->rqHeader.ContentTypePtr =
rqptr->rqResponse.ContentTypePtr;
}
if (strsame (sptr, "text/", 5))
rqptr->rqCgi.ContentTypeText = true;
else
rqptr->rqCgi.ContentTypeText = false;
/* eliminate this header line */
rqptr->rqCgi.HeaderLength -= zptr - lptr;
memmove (lptr, zptr, HeaderRemaining+1);
zptr -= zptr - lptr;
}
else
if (TOUP(*cptr) == 'C' && strsame (cptr, "Content-Length:", 15))
{
/******************/
/* content-length */
/******************/
cptr += 15;
while (ISLWS(*cptr)) cptr++;
if (!rqptr->rqCgi.AbsorbHeader)
{
ulong result;
/* must be 0 to 4,294,967,295 anything else is out-of-range */
result = strtoul (cptr, NULL, 10);
if (!isdigit(*cptr) || result == ULONG_MAX)
{
for (sptr = cptr; *sptr && isdigit(*sptr); sptr++);
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, "!#AZ !AZ",
sptr-cptr, cptr, strerror(errno));
return (CGI_OUTPUT_NOT_STRICT);
}
rqptr->rqCgi.ContentLength = result;
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, "!&,UL bytes", result);
/* eliminate this header line */
rqptr->rqCgi.HeaderLength -= zptr - lptr;
memmove (lptr, zptr, HeaderRemaining+1);
zptr -= zptr - lptr;
}
}
else
if (TOUP(*cptr) == 'C' && strsame (cptr, "Content-Encoding:", 17))
{
/********************/
/* content-encoding */
/********************/
cptr += 17;
while (ISLWS(*cptr)) cptr++;
if (strsame (cptr, "gzip", 4))
rqptr->rqResponse.ContentIsEncodedGzip = true;
else
rqptr->rqResponse.ContentIsEncodedUnknown = true;
}
else
if (TOUP(*cptr) == 'S' && strsame (cptr, "Status:", 7))
{
/**********/
/* status */
/**********/
CgiCompliant = true;
cptr += 7;
/* create HTTP header status line using supplied status */
while (*cptr++ && !isdigit(*cptr) && *cptr != '\n') cptr++;
if (!rqptr->rqCgi.AbsorbHeader)
{
/* get response status code for header and logging purposes */
if (isdigit(*cptr)) rqptr->rqResponse.HttpStatus = atoi(cptr);
if (rqptr->rqResponse.HttpStatus == 101 &&
rqptr->WebSocketRequest)
{
/******************************************/
/* 101 switching protocols (to WebSocket) */
/******************************************/
rqptr->rqCgi.Header101Switching =
rqptr->rqCgi.AbsorbHeader = true;
}
}
/* eliminate this header line */
rqptr->rqCgi.HeaderLength -= zptr - lptr;
memmove (lptr, zptr, HeaderRemaining+1);
zptr -= zptr - lptr;
}
else
if (TOUP(*cptr) == 'S' && strsame (cptr, "Script-Control:", 15))
{
/*****************************************/
/* script control (Apache Group CGI/1.2) */
/*****************************************/
cptr += 15;
while (*cptr && NOTEOL(*cptr))
{
while (ISLWS(*cptr) || *cptr == ',' || *cptr == ';') cptr++;
if (ISEOL(*cptr)) break;
if (cnt = CgiScriptControlField (rqptr, cptr))
cptr += cnt;
else
{
/* discard unknown script-control */
char Scratch [1024];
StringParseValue (&cptr, Scratch, sizeof(Scratch));
}
}
/* eliminate this header line */
rqptr->rqCgi.HeaderLength -= zptr - lptr;
memmove (lptr, zptr, HeaderRemaining+1);
zptr -= zptr - lptr;
}
else
if (TOUP(*cptr) == 'T' && strsame (cptr, "Transfer-Encoding:", 18))
{
/*********************/
/* transfer-encoding */
/*********************/
/* take note the response body is transfer-encoded in some way */
rqptr->rqCgi.TransferEncoding = true;
}
else
if (TOUP(*cptr) == 'X' && strsame (cptr, "X-vms-record-mode:", 18))
{
/*****************************/
/* VMS Apache record control */
/*****************************/
/*
VMS Apache (in pre-CSWS days) uses an eXtension header field
so that the script can convey to the server whether the output
should be processed as a binary stream or as records.
(Keep this in post-CSWS days for backward compatibility.)
*/
cptr += 18;
while (ISLWS(*cptr) && NOTEOL(*cptr)) cptr++;
/* this value should either 0 or 1 ("no" or "yes") plus 1 */
rqptr->rqCgi.XVMSRecordMode = atoi(cptr)+1;
/* eliminate this header line */
rqptr->rqCgi.HeaderLength -= zptr - lptr;
memmove (lptr, zptr, HeaderRemaining+1);
zptr -= zptr - lptr;
}
else
if (TOUP(*cptr) == 'L' && strsame (cptr, "Location:", 9))
{
/************/
/* location */
/************/
CgiCompliant = true;
cptr += 9;
while (ISLWS(*cptr) && NOTEOL(*cptr)) cptr++;
sptr = cptr;
while (NOTEOL(*cptr)) cptr++;
if (!rqptr->rqCgi.AbsorbHeader)
ResponseLocation (rqptr, sptr, cptr-sptr);
/* eliminate this header line */
rqptr->rqCgi.HeaderLength -= zptr - lptr;
memmove (lptr, zptr, HeaderRemaining+1);
zptr -= zptr - lptr;
}
/* bump to the start of the next (if any) line */
if (!*(cptr = zptr)) break;
}
if (cptr = rqptr->rqPathSet.ScriptControlPtr)
{
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI, "!AZ", cptr);
while (*cptr)
{
while (ISLWS(*cptr) || *cptr == ',' || *cptr == ';') cptr++;
if (!*cptr) break;
if (cnt = CgiScriptControlField (rqptr, cptr))
cptr += cnt;
else
{
/* discard unknown script-control */
char Scratch [1024];
StringParseValue (&cptr, Scratch, sizeof(Scratch));
}
}
}
if (WATCHING (rqptr, WATCH_CGI))
if (rqptr->rqCgi.AbsorbHeader)
WatchThis (WATCHITM(rqptr), WATCH_CGI, "RESPONSE header absorbed");
/****************************/
/* generate response header */
/****************************/
if (!rqptr->rqCgi.OutputMode)
{
if (rqptr->rqCgi.XVMSRecordMode)
{
if (rqptr->rqCgi.XVMSRecordMode-1)
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD;
else
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_STREAM;
}
else
/* always enforce stream mode if it's encoded in some way! */
if (rqptr->rqResponse.ContentIsEncodedGzip ||
rqptr->rqResponse.ContentIsEncodedUnknown)
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_STREAM;
else
if (rqptr->rqCgi.ContentTypeText ||
rqptr->rqCgi.Header101Switching)
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD;
else
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_STREAM;
}
if (WATCHING (rqptr, WATCH_CGI))
{
switch (rqptr->rqCgi.OutputMode)
{
case CGI_OUTPUT_MODE_CRLF : cptr = "crlf"; break;
case CGI_OUTPUT_MODE_RECORD0 : cptr = "record0"; break;
case CGI_OUTPUT_MODE_RECORD : cptr = "record"; break;
case CGI_OUTPUT_MODE_STREAM : cptr = "stream"; break;
default : cptr = "?";
}
WatchThis (WATCHITM(rqptr), WATCH_CGI, "RESPONSE !AZ mode", cptr);
}
if (rqptr->rqCgi.Header101Switching)
{
/***************************/
/* 101 switching protocols */
/***************************/
/* output the Web Socket handshake header to the client */
WebSockSwitchResponse (rqptr);
/* delay WebSocket I/O ASTs until after response header */
WebSockInput (rqptr);
WebSockOutput (rqptr);
return (OutputCount);
}
if (!CgiCompliant)
{
ErrorNoticed (rqptr, 0, CgiNotStrict, FI_LI);
return (CGI_OUTPUT_NOT_STRICT);
}
if (rqptr->rqCgi.ScriptControlErrorTextPtr)
{
/* script is requesting the server generate an error message */
sptr = rqptr->rqCgi.ScriptControlErrorModulePtr;
cnt = rqptr->rqCgi.ScriptControlErrorLine;
if (status = rqptr->rqCgi.ScriptControlErrorVmsStatus)
{
rqptr->rqResponse.ErrorTextPtr =
rqptr->rqCgi.ScriptControlErrorTextPtr;
rqptr->rqResponse.ErrorOtherTextPtr =
rqptr->rqCgi.ScriptControlErrorVmsTextPtr;
if (sptr)
ErrorVmsStatus (rqptr, status, sptr, cnt);
else
ErrorVmsStatus (rqptr, status, FI_LI);
}
else
{
cptr = rqptr->rqCgi.ScriptControlErrorTextPtr;
if (sptr)
ErrorGeneral (rqptr, cptr, sptr, cnt);
else
ErrorGeneral (rqptr, cptr, FI_LI);
}
}
else
if (!rqptr->rqCgi.AbsorbHeader)
{
if (rqptr->rqPathSet.CacheCGI &&
!rqptr->rqCache.LoadCheck)
{
/* script output to be cached */
rqptr->rqCache.LoadFromCgi =
CacheLoadBegin (rqptr, (int)rqptr->rqResponse.ContentLength64,
rqptr->rqResponse.ContentTypePtr);
if (rqptr->rqCache.LoadFromCgi &&
rqptr->rqCgi.HeaderLength)
{
/* plus one to include the terminating null */
CacheLoadData (rqptr, rqptr->rqCgi.HeaderPtr,
rqptr->rqCgi.HeaderLength+1);
}
}
/* if it was a 'redirect' and no other response status was supplied */
if (rqptr->rqResponse.LocationPtr &&
!rqptr->rqResponse.HttpStatus)
rqptr->rqResponse.HttpStatus = 302;
ResponseHeader (rqptr, rqptr->rqResponse.HttpStatus,
rqptr->rqResponse.ContentTypePtr,
rqptr->rqCgi.ContentLength,
NULL,
rqptr->rqCgi.HeaderPtr);
}
if (rqptr->WebSocketRequest)
{
/*************************/
/* shouldn't get to here */
/*************************/
/* encourage writing of the response header */
NetWrite (rqptr, &RequestEnd, NULL, 0);
return (CGI_OUTPUT_END);
}
if (!OutputCount) return (OutputCount);
}
/*************************/
/* HTTP carriage-control */
/*************************/
if (rqptr->rqCgi.FilterStream)
{
/* remove all non-printable characters */
for (zptr=(cptr=OutputPtr)+OutputCount;
(isprint(*cptr) || isspace(*cptr)) && cptr < zptr;
cptr++);
if (cptr < zptr)
{
/* a non-printable was detected, now eliminate it and any following */
sptr = cptr;
while (cptr < zptr)
{
while (!(isprint(*cptr) || isspace(*cptr)) && cptr < zptr) cptr++;
while ((isprint(*cptr) || isspace(*cptr)) && cptr < zptr)
*sptr++ = *cptr++;
}
*sptr = '\0';
OutputCount = sptr - OutputPtr;
}
}
if (rqptr->rqCgi.OutputMode == CGI_OUTPUT_MODE_RECORD ||
rqptr->rqCgi.IsCliDcl)
{
if (OutputCount)
{
if (OutputPtr[OutputCount-1] != '\n')
{
OutputPtr[OutputCount++] = '\n';
OutputPtr[OutputCount] = '\0';
}
}
else
{
OutputPtr[OutputCount++] = '\n';
OutputPtr[OutputCount] = '\0';
}
if (rqptr->FileContentPtr)
{
CgiOutputFile (rqptr, OutputPtr, OutputCount);
return (0);
}
if (rqptr->rqCache.LoadFromCgi)
CacheLoadData (rqptr, OutputPtr, OutputCount);
return (OutputCount);
}
if (rqptr->rqCgi.OutputMode == CGI_OUTPUT_MODE_RECORD0)
{
/* only have empty records as newlines */
if (!OutputCount)
{
OutputPtr[OutputCount++] = '\n';
OutputPtr[OutputCount] = '\0';
}
if (rqptr->FileContentPtr)
{
CgiOutputFile (rqptr, OutputPtr, OutputCount);
return (0);
}
if (rqptr->rqCache.LoadFromCgi)
CacheLoadData (rqptr, OutputPtr, OutputCount);
return (OutputCount);
}
if (rqptr->rqCgi.OutputMode == CGI_OUTPUT_MODE_CRLF)
{
if (!OutputCount ||
OutputPtr[OutputCount-1] != '\n' ||
(OutputCount >= 2 && OutputPtr[OutputCount-2] != '\r'))
{
/* record0 record, or no trailing <LF>, or no trailing <CR><LF> */
if (OutputCount && OutputPtr[OutputCount-1] == '\n') OutputCount--;
OutputPtr[OutputCount++] = '\r';
OutputPtr[OutputCount++] = '\n';
OutputPtr[OutputCount] = '\0';
if (rqptr->FileContentPtr)
{
CgiOutputFile (rqptr, OutputPtr, OutputCount);
return (0);
}
if (rqptr->rqCache.LoadFromCgi)
CacheLoadData (rqptr, OutputPtr, OutputCount);
return (OutputCount);
}
}
else
if (!OutputCount)
{
/* stream-mode with zero bytes - do nothing, just return */
return (OutputCount);
}
if (rqptr->FileContentPtr)
{
CgiOutputFile (rqptr, OutputPtr, OutputCount);
return (0);
}
if (rqptr->rqCache.LoadFromCgi)
CacheLoadData (rqptr, OutputPtr, OutputCount);
return (OutputCount);
}
/*****************************************************************************/
/*
Process a CGI/1.2 "Script-Control:" response header field. Most of these are
WASD extensions. Returns the number of characters parsed from the line.
*/
int CgiScriptControlField
(
REQUEST_STRUCT *rqptr,
char *ControlString
)
{
int Number;
char *cptr, *sptr, *zptr;
char Scratch [1024];
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_CGI))
{
for (cptr = ControlString; *cptr && NOTEOL(*cptr); cptr++);
if (ISEOL(*cptr)) cptr--;
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI,
"CgiScriptControlField() !#AZ",
cptr-ControlString+1, ControlString);
}
cptr = ControlString;
/* the one and only "official" field of CGI/1.2 :^) */
if (strsame (cptr, "no-abort", 8))
{
HttpdTimerSet (rqptr, TIMER_OUTPUT, -1);
HttpdTimerSet (rqptr, TIMER_NOPROGRESS, -1);
cptr += 8;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
/**************************/
/* carriage-control modes */
/**************************/
if (strsame (cptr, "X-crlf-mode", 11))
{
cptr += 11;
if (*cptr == '=')
{
cptr++;
if (*cptr == '0')
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD;
else
if (*cptr == '1')
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_CRLF;
}
else
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_CRLF;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr, "X-record-mode", 13))
{
cptr += 13;
if (*cptr == '=')
{
cptr++;
if (*cptr == '0')
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_STREAM;
else
if (*cptr == '1')
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD;
}
else
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr, "X-record0-mode", 14))
{
cptr += 14;
if (*cptr == '=')
{
cptr++;
if (*cptr == '0')
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD;
else
if (*cptr == '1')
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD0;
}
else
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD0;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr, "X-stream-mode", 13))
{
cptr += 13;
if (*cptr == '=')
{
cptr++;
if (*cptr == '0')
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_RECORD;
else
if (*cptr == '1')
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_STREAM;
}
else
rqptr->rqCgi.OutputMode = CGI_OUTPUT_MODE_STREAM;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
/*******************/
/* stream handling */
/*******************/
if (strsame (cptr, "X-buffer-records", 16))
{
cptr += 16;
if (*cptr == '=')
{
cptr++;
if (*cptr == '0')
rqptr->rqCgi.BufferRecords = false;
else
if (*cptr == '1')
rqptr->rqCgi.BufferRecords = true;
}
else
rqptr->rqCgi.BufferRecords = true;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr, "X-content-encoding-gzip", 23))
{
cptr += 23;
if (*cptr == '=')
{
cptr++;
if (*cptr == '0')
rqptr->rqCgi.ContentEncodingGzip = CGI_OUTPUT_NO_GZIP;
else
if (*cptr == '1')
rqptr->rqCgi.ContentEncodingGzip = CGI_OUTPUT_GZIP;
}
else
rqptr->rqCgi.ContentEncodingGzip = CGI_OUTPUT_GZIP;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr, "X-filter-stream", 15))
{
cptr += 15;
if (*cptr == '=')
{
cptr++;
if (*cptr == '0')
rqptr->rqCgi.FilterStream = false;
else
if (*cptr == '1')
rqptr->rqCgi.FilterStream = true;
}
else
rqptr->rqCgi.FilterStream = true;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr, "X-transfer-encoding-chunked", 27))
{
cptr += 27;
if (*cptr == '=')
{
cptr++;
if (*cptr == '0')
rqptr->rqCgi.TransferEncodingChunked = CGI_OUTPUT_NO_CHUNK;
else
if (*cptr == '1')
rqptr->rqCgi.TransferEncodingChunked = CGI_OUTPUT_CHUNK;
}
else
rqptr->rqCgi.ContentEncodingGzip = CGI_OUTPUT_CHUNK;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
/************************/
/* server cache control */
/************************/
if (strsame (cptr, "X-cache-", 8))
{
if (strsame (cptr+8, "max=", 4))
{
cptr += 12;
if (strsame (cptr, "none", 4))
Number = 0;
else
Number = atoi(cptr);
rqptr->rqCgi.ScriptControlCacheMaxKBytes = Number;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr+8, "expires=", 8))
{
cptr += 16;
if (strsame (cptr, "day", 3))
Number = CACHE_EXPIRES_DAY;
else
if (strsame (cptr, "hour", 4))
Number = CACHE_EXPIRES_HOUR;
else
if (strsame (cptr, "minute", 6))
Number = CACHE_EXPIRES_MINUTE;
else
if (*cptr == '0')
Number = CACHE_EXPIRES_NONE;
else
{
/* if it's not a 'hh:mm:ss' format then it's in minutes */
Number = MetaConSetSeconds (NULL, cptr, 60);
if (Number < 0) Number = 0;
}
rqptr->rqCgi.ScriptControlCacheExpiresAfter = Number;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
}
/**********/
/* timers */
/**********/
if (strsame (cptr, "X-timeout-", 10))
{
if (strsame (cptr+10, "output=", 7))
{
cptr += 17;
if (strsame (cptr, "none", 4))
Number = -1;
else
Number = atoi(cptr);
HttpdTimerSet (rqptr, TIMER_OUTPUT, Number);
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr+10, "noprogress=", 11))
{
cptr += 21;
if (strsame (cptr, "none", 4))
Number = -1;
else
Number = atoi(cptr);
HttpdTimerSet (rqptr, TIMER_NOPROGRESS, Number);
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
}
if (rqptr->DclTaskPtr &&
strsame (cptr, "X-lifetime=", 11))
{
cptr += 11;
if (strsame (cptr, "none", 4))
Number = -1;
else
{
if (!(Number = atoi(cptr) * 60))
{
if (rqptr->DclTaskPtr->TaskType == DCL_TASK_TYPE_CGI_SCRIPT)
Number = Config.cfScript.ZombieLifeTime+1;
else
Number = Config.cfScript.CgiPlusLifeTime+1;
}
}
rqptr->DclTaskPtr->LifeTimeSecond = Number;
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
/********************************/
/* error message control fields */
/********************************/
if (strsame (cptr, "X-error-", 8))
{
if (strsame (cptr+8, "line=", 5))
{
cptr += 13;
rqptr->rqCgi.ScriptControlErrorLine = atoi(cptr);
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr+8, "module=", 7))
{
cptr += 15;
zptr = cptr;
StringParseValue (&cptr, Scratch, sizeof(Scratch));
sptr = VmGetHeap (rqptr, cptr-zptr+1);
strcpy (sptr, Scratch);
rqptr->rqCgi.ScriptControlErrorModulePtr = sptr;
return (cptr - ControlString);
}
if (strsame (cptr+8, "text=", 5))
{
cptr += 13;
zptr = cptr;
StringParseValue (&cptr, Scratch, sizeof(Scratch));
sptr = VmGetHeap (rqptr, cptr-zptr+1);
strcpy (sptr, Scratch);
rqptr->rqCgi.ScriptControlErrorTextPtr = sptr;
return (cptr - ControlString);
}
if (strsame (cptr+8, "vms-status=", 11))
{
cptr += 19;
if (SAME2(cptr,'%x') || SAME2(cptr,'%X'))
rqptr->rqCgi.ScriptControlErrorVmsStatus = strtol(cptr+2, NULL, 16);
else
rqptr->rqCgi.ScriptControlErrorVmsStatus = atoi(cptr);
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
if (strsame (cptr+8, "vms-text=", 9))
{
cptr += 17;
zptr = cptr;
StringParseValue (&cptr, Scratch, sizeof(Scratch));
sptr = VmGetHeap (rqptr, cptr-zptr+1);
strcpy (sptr, Scratch);
rqptr->rqCgi.ScriptControlErrorVmsTextPtr = sptr;
return (cptr - ControlString);
}
}
/*******************/
/* content handler */
/*******************/
if (strsame (cptr, "X-content-handler=", 18))
{
cptr += 18;
StringParseValue (&cptr, Scratch, sizeof(Scratch));
if (strsame (Scratch, "SSI", -1))
{
if (!rqptr->SsiTaskPtr &&
!rqptr->FileContentPtr)
{
/* initialize the file contents structure */
CgiOutputFile (rqptr, NULL, SsiSizeMax);
/* set the content structure handler so SSI engine gets control */
rqptr->FileContentPtr->ContentHandlerFunction = &SsiBegin;
/* don't want the CGI header in the contents */
rqptr->rqCgi.AbsorbHeader = true;
}
}
return (cptr - ControlString);
}
/**************************/
/* force this HTTP status */
/**************************/
if (strsame (cptr, "X-http-status=", 14))
{
/* applicable only to an error reporting script */
cptr += 14;
rqptr->rqCgi.ScriptControlHttpStatus = atoi(cptr);
while (*cptr && !ISLWS(*cptr) && NOTEOL(*cptr) && *cptr != ';') cptr++;
return (cptr - ControlString);
}
/************************/
/* ignore anything else */
/************************/
if (WATCHING (rqptr, WATCH_CGI))
{
WatchThis (WATCHITM(rqptr), WATCH_CGI,
"UNRECOGNISED script control field");
WatchDataFormatted ("!&Z", cptr);
}
return (0);
}
/*****************************************************************************/
/*
Capturing script output to a 'file contents' structure. This will be detected
and 'handled' by RequestEnd().
*/
void CgiOutputFile
(
REQUEST_STRUCT *rqptr,
char *OutputPtr,
int OutputCount
)
{
#define CONTENT_SIZE_INITIAL 8192
int ContentSize;
char *cptr, *sptr, *zptr;
FILE_CONTENT *fcptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
{
if (fcptr = rqptr->FileContentPtr)
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI,
"CgiOutputFile() !UL !UL !UL !UL !&X",
fcptr->ContentSizeMax, fcptr->ContentSize,
fcptr->ContentLength, OutputCount, OutputPtr);
else
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI,
"CgiOutputFile() !UL !&X", OutputCount, OutputPtr);
if (OutputPtr) WatchDataDump (OutputPtr, OutputCount);
}
if (!OutputPtr)
{
/**************/
/* initialize */
/**************/
ContentSize = CONTENT_SIZE_INITIAL;
if (ContentSize > OutputCount) ContentSize = OutputCount;
/* allow one extra character for a terminating null */
rqptr->FileContentPtr = fcptr = (FILE_CONTENT*)
VmGetHeap (rqptr, sizeof(FILE_CONTENT) + ContentSize+1);
fcptr->ContentSizeMax = OutputCount;
fcptr->ContentSize = ContentSize;
if (WATCHING (rqptr, WATCH_CGI))
WatchThis (WATCHITM(rqptr), WATCH_CGI,
"CONTENT !UL bytes max", fcptr->ContentSizeMax);
/* buffer space immediately follows the structured storage */
fcptr->ContentPtr = (char*)fcptr + sizeof(FILE_CONTENT);
/* populate the file contents structure with some file data */
zptr = (sptr = fcptr->FileName) + sizeof(fcptr->FileName);
for (cptr = rqptr->rqCgi.ScriptFileNamePtr;
*cptr && sptr < zptr;
*sptr++ = *cptr++);
if (sptr >= zptr)
{
ErrorGeneralOverflow (rqptr, FI_LI);
return;
}
*sptr = '\0';
fcptr->FileNameLength = sptr - fcptr->FileName;
fcptr->CdtTime64 = rqptr->rqTime.BeginTime64;
fcptr->RdtTime64 = rqptr->rqTime.BeginTime64;
fcptr->UicGroup = 0;
fcptr->UicMember = 0;
fcptr->Protection = 0;
return;
}
/**********/
/* buffer */
/**********/
fcptr = rqptr->FileContentPtr;
if (fcptr->ContentLength + OutputCount > fcptr->ContentSize)
{
if (fcptr->ContentSize >= fcptr->ContentSizeMax)
{
/* keep track of how large it would have grown */
fcptr->ContentLength += OutputCount;
return;
}
/* double it's size each time, up to the size limit */
fcptr->ContentSize += fcptr->ContentSize;
if (fcptr->ContentSize > fcptr->ContentSizeMax)
fcptr->ContentSize = fcptr->ContentSizeMax;
rqptr->FileContentPtr = fcptr = (FILE_CONTENT*)
VmReallocHeap (rqptr, rqptr->FileContentPtr,
sizeof(FILE_CONTENT) + fcptr->ContentSize+1, FI_LI);
fcptr->ContentPtr = (char*)fcptr + sizeof(FILE_CONTENT);
}
memcpy (fcptr->ContentPtr + fcptr->ContentLength, OutputPtr, OutputCount);
fcptr->ContentLength += OutputCount;
fcptr->ContentPtr[fcptr->ContentLength] = '\0';
if (WATCHMOD (rqptr, WATCH_MOD_CGI))
WatchThis (WATCHITM(rqptr), WATCH_MOD_CGI, "!UL !UL !UL",
fcptr->ContentSizeMax, fcptr->ContentSize,
fcptr->ContentLength);
}
/*****************************************************************************/
/*
Generate a (hopefully) unique sequence of 224 bits (28 bytes, which is a fair
bit :^) The string is generated using three pseudo-random numbers (seeded each
second from binary time) each time it is called. This provides a continuous,
non-repeating series of unlikely bit combinations with a one in 2^224 chance (I
think!) of presence in an I/O stream.
*/
void CgiSequence
(
char OneChar,
char *CgiSequencePtr,
int *CgiSequenceLengthPtr
)
{
static $DESCRIPTOR (SequenceFaoDsc, "$!AZ-!8XL!8XL!8XL-\0");
static $DESCRIPTOR (SequenceDsc, "");
static char OneCharString [] = " ";
static int64 PrevTime64,
RandomNumber;
unsigned short Length;
unsigned long rand1, rand2, rand3;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_CGI))
WatchThis (WATCHALL, WATCH_MOD_CGI, "CgiSequence()");
/* (re)seed the random number every second or so */
if (PrevTime64 != HttpdTime64)
RandomNumber += (PrevTime64 = HttpdTime64);
/* cheap (no subroutine call) MTH$RANDOM() */
rand1 = RandomNumber = RandomNumber * 69069 + 1;
rand2 = RandomNumber = RandomNumber * 69069 + 1;
rand3 = RandomNumber = RandomNumber * 69069 + 1;
SequenceDsc.dsc$w_length = 29;
SequenceDsc.dsc$a_pointer = CgiSequencePtr;
OneCharString[0] = OneChar;
sys$fao (&SequenceFaoDsc, &Length, &SequenceDsc,
OneCharString, rand1, rand2, rand3);
*CgiSequenceLengthPtr = Length-1;
if (WATCH_MODULE(WATCH_MOD_CGI))
WatchThis (WATCHALL, WATCH_MOD_CGI, "!&Z", CgiSequencePtr);
}
/*****************************************************************************/