Mercurial > hgrepos > hgweb.cgi > s4
changeset 326:d19e85a72a29
Allow spaces and special characters in filenames(tentative).
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Fri, 21 Oct 2016 16:22:12 +0859 |
| parents | b5185c66aacc |
| children | 5e56160ad1f5 |
| files | s4-blog.sh s4-cgi.sh s4-funcs.sh |
| diffstat | 3 files changed, 73 insertions(+), 64 deletions(-) [+] |
line wrap: on
line diff
--- a/s4-blog.sh Fri Oct 21 16:19:15 2016 +0859 +++ b/s4-blog.sh Fri Oct 21 16:22:12 2016 +0859 @@ -193,9 +193,12 @@ tdcls="repatt${new:+ new}" imgdir=`getcachedir home/"$uid"`/main if [ -n "$icon" -a -s "$icon" ]; then - picon="<p class=\"proficon\"><img src=\"$icon\"></p>" + icfn=`echo "$icon"|htmlescape` + picon="<p class=\"proficon\"><a href=\"$hlink+$uid\"><img src=\"$icfn\"></a></p>" else picon="" + query "DELETE FROM user_s WHERE key='$iconcachekey' AND + val=`sqlquotestr \"$icon\"`;" fi cat<<EOF
--- a/s4-cgi.sh Fri Oct 21 16:19:15 2016 +0859 +++ b/s4-cgi.sh Fri Oct 21 16:22:12 2016 +0859 @@ -43,21 +43,24 @@ EOF } cgi_text() { - echo "<input type=\"text\" name=\"$1\" value=\"$2\" $3>" + _v=`echo "$2"|htmlescape` + echo "<input type=\"text\" name=\"$1\" value=\"$_v\" $3>" } cgi_textarea() { + _v=`echo "$2"|htmlescape` cat<<EOF -<textarea name="$1" $3>$2</textarea> +<textarea name="$1" $3>$_v</textarea> EOF } cgi_file() ( # In a subshell # $1=name $2=val(as filename) $3=args(if any) + ## err cgi_file: \$1=$1 \$2=$2 \$3="[$3]" # Using global variable $dir - if [ -s $dir/$2 -a -s $dir/$2.content-type ]; then + if [ -n "$2" -a -s "$dir/$2" ]; then file=$dir/$2 bn=${file##*/} - ct=`cat $dir/$2.content-type` - data=`percenthex $file` + ct=`file --mime-type - < "$dir/$2" | cut -d' ' -f2` + data=`percenthex "$file"` icon="<img src=\"data:$ct,$data\">" fi cat<<EOF @@ -72,17 +75,9 @@ n=`cat $dir/$name.count` echo '<table class="text">' while [ $i -le $n ]; do - file=$name.$i ctf=$dir/$name.content-type - vname=$file.`cat $dir/$file.rowid` - if [ -s $ctf ]; then - case `cat $ctf` in - *:[Ii]mage:*) - - ;; - - esac - fi - val="`cat $dir/$file|htmlescape`" + file=$name.$i + vname=$file.`cat "$dir/$file.rowid"` + val="`cat $dir/$file`" cat<<EOF <tr><td>($i)</td><td> <input class="action" type="radio" name="action.$vname" id="keep.$vname" @@ -119,7 +114,7 @@ echo "<datalist id=\"$1\">" shift for i; do - echo "<option value=\"`echo "$i"|unhexize`\"></option>" + echo "<option value=\"`echo "$i"|unhexize|htmlescape`\"></option>" done echo "</datalist>" }
--- a/s4-funcs.sh Fri Oct 21 16:19:15 2016 +0859 +++ b/s4-funcs.sh Fri Oct 21 16:22:12 2016 +0859 @@ -642,7 +642,7 @@ vcount=`query "select count(val) from $cond;"` echo $vcount > $td/$c.count i=0 -err gvbid: i=$i vcount=$vcount +## err gvbid: i=$i vcount=$vcount while [ $i -lt $vcount ]; do slice="order by rowid limit 1 offset $i" i=$((i+1)) @@ -651,31 +651,37 @@ case $type in file:*) #file=$td/$val - file=$td/`query "select val from $cond $slice;"` + r_f=`query "select rowid||'//'||val from $cond $slice;"` + f_rid=${r_f%%//*} + file=$td/${r_f##*//} # FOR SPEED: Skip file generation if imgcache exists - [ -s $file -a -s $td/$fn.rowid -a -s $file.rowid ] && continue + [ -s "$file" -a -s "$td/$fn.rowid" -a -s "$file.rowid" ] \ + && [ x"$f_rid" = x"`cat $td/$fn.rowid`" ] \ + && continue # err gvbid-get="select quote(bin) from $cond $slice;" - sq $db<<EOF | unhexize > $file -.output $td/$fn.rowid +## err output: "fn=[$fn] file=[$file]" + sq $db<<EOF | unhexize > "$file" +.output '$td/$fn.rowid' select rowid from $cond $slice; -.output $td/$fn +.output '$td/$fn' select val from $cond $slice; -.output $file.content-type +.output '$td/${fn}.content-type' select substr(type, 6) from $cond $slice; .output stdout select quote(bin) from $cond $slice; EOF ## err gvbid-get2: "`ls -lF $file`" ## err i=$i - file=$file rowid=`cat $td/$fn.rowid` - cp $td/$fn.rowid $file.rowid 2>&3 # for convenience - cp $file $file.orig 2>&3 - ls -lh $file | awk '{print $5"B"}'|sed 's/BB/B/' > $file.size - case $type in - *:[Ii]mage*) mogrify -geometry $thumbxy $file ;; + cp "$td/$fn.rowid" "$file.rowid" 2>&3 # for convenience + cp "$file" "$file.orig" 2>&3 + ls -lh "$file" | + awk '{print $5"B"}'|sed 's/BB/B/' > "$file.size" + case "$type" in + *:[Ii]mage*) mogrify -geometry $thumbxy "$file" ;; ### ここのアイコンを増やしたい *|*:[Aa]pplication*) convert -geometry $thumbxy $imgdir/file-icon.png \ - png:- > $file + png:- > "$file" ;; esac ;; @@ -697,14 +703,13 @@ echo "$val" \ | while read fn; do file=$td/$fn - if [ ! -s $file ]; then + if [ ! -s "$file" ]; then ## sq $db "select quote(bin) from $cond and val=\"$fn\"" \ query "select quote(bin) from $cond and val=\"$fn\";" \ - | unhexize > $file - echo ${type#file:} > $file.content-type -# err TTTTTTTTTTTTTTTT: $type + | unhexize > "$file" + ##@@## -- echo ${type#file:} > "$file.content-type" case $type in - *:[Ii]mage*) mogrify -geometry $thumbxy $file ;; + *:[Ii]mage*) mogrify -geometry $thumbxy "$file" ;; *:[Aa]pplication*) convert -geometry $thumbxy $imgdir/file-icon.png \ png:- > $file ;; @@ -788,7 +793,7 @@ hexize="hexize_hd" fi fi - cat $1 | $hexize | tr -d '\n' + cat "$@" | $hexize | tr -d '\n' } unhexize() { if [ -z "$unhex" ]; then @@ -804,11 +809,11 @@ unhex="perl -n $tmpd/unhex.pl" fi fi - cat $1 | $unhex + cat "$@" | $unhex # cat $1 | tee /tmp/uh.in| $unhex | tee /tmp/uh.out } percenthex() { - hexize $1 | sed 's/\(..\)/%\1/g' + hexize "$@" | sed 's/\(..\)/%\1/g' } htmlescape() { sed -e 's/\&/\&/g' -e 's/"/\"/g' -e "s/'/\'/g" \ @@ -939,8 +944,8 @@ type=encoded ### val=`echo $val|encode` ;; */image*|*/document*) - type=`file --mime-type $val` - bin="X'`hexize $val`'" + type=`file --mime-type - < "$val" | cut -d' ' -f2` + bin="X'`hexize "$val"`'" ;; esac pkey=`echo "$tconfs"|grep "${t0}/.*=p"|sed 1q` @@ -1151,15 +1156,20 @@ case "$k" in *:filename) type='file'; k=${k%:filename} -(echo k=$k; ls -lF $tmpd/$v; file --mime-type $tmpd/$v) 1>&3 - case `file --mime-type $tmpd/$v|cut -d' ' -f2` in + # DO NOT ALLOW Space and '|' in file names + newv=`echo "$v"|sed 's/[ \|]/X/g'` + if [ x"$v" != x"$newv" ]; then + + fi +# (echo k=$k v="[$v]"; ls -lF "$tmpd/$v"; file --mime-type "$tmpd/$v") 1>&3 + case `file --mime-type - < "$tmpd/$v"|cut -d' ' -f2` in [Ii]mage/x-xcf) - bzip2 $tmpd/$v + bzip2 "$tmpd/$v" v=${v}.bz2 ;; [Ii]mage/x-*|*/vnd.*) ;; [Ii]mage/*) - mogrify -resize $maximagexy'>' $tmpd/$v + mogrify -resize $maximagexy'>' "$tmpd/$v" ;; esac ;; @@ -1534,10 +1544,10 @@ | tee $fifo \ | convert -define ${fmt}:size=${iconxy_M}x${iconxy_M} \ -resize ${iconxy_M}x${iconxy_M}'>' - pnm:- \ - | convert - $cacheimg_M & + | convert - "$cacheimg_M" & cat $fifo | convert -define ${fmt}:size=${iconxy_S}x${iconxy_S} \ -resize ${iconxy_S}x${iconxy_S}'>' - pnm:- \ - | convert - $cacheimg_S & + | convert - "$cacheimg_S" & printf '%s' "<img src=\"data:${filetype}," cat $tmpf | sed 's/\(..\)/%\1/g' echo '">' @@ -1765,8 +1775,8 @@ } iconhref() ( # $1=icon-file, $2=Href $3=title $4...=anchor - data=`percenthex $1` - ct=`file --mime-type $1|cut -d' ' -f2` + data=`percenthex "$1"` + ct=`file --mime-type - < "$1"|cut -d' ' -f2` err iconhref: \$1=$1 \$2=$2 \$3="$@" href=$2; title=$3; shift 3 echo "<a href=\"$href\"><img title=\"$title\" src=\"data:$ct,$data\">$@</a>" @@ -2967,13 +2977,13 @@ err type=file=$file [ -z "$file" ] && continue bn=`sqlquotestr "${file##*/}"` - bin="X'"$(hexize $file)"'" - ct=`file --mime-type $file|cut -d' ' -f2` + bin="X'"$(hexize "$file")"'" + ct=`file --mime-type - < "$file" |cut -d' ' -f2` type=\"file:$ct\" newsql="update $tb2 set val=$bn, type=$type, bin=$bin" cachedir=`getcachedir "$tbl/$rowid"` err getcache tbl/rowid=$tbl/$rowid, rm -r $cachedir - rm -r $cachedir + rm -rf $cachedir ;; *) newsql="update $tb2 set val=(select val from par where var \ @@ -3020,8 +3030,8 @@ file) file=$tmpd/`getparfilename $col "$limit"` err parfile-$col=$file [ -z "$file" ] && continue - bin="X'"$(hexize $file)"'" - ct=`file --mime-type $file|cut -d' ' -f2` + bin="X'"$(hexize "$file")"'" + ct=`file --mime-type - < "$file"|cut -d' ' -f2` type=\"file:$ct\" ;; "*"*) continue ;; # foreign table *) type=\"string\" ;; @@ -3119,7 +3129,7 @@ rawval=`getvalbyid $2 $name $rowid $td` val=`echo "$rawval"|htmlescape` err genform3a: getvalbyid $2 $name $rowid $td -err genform3b: val="[$val]" +err genform3b: val="[$val]" type="$type" fi if [ -n "$GF_VIEWONLY" ]; then is_hidden "$2" "$name" && continue @@ -3161,27 +3171,28 @@ ;; [Ii][Mm][Aa][Gg][Ee]|[Dd][Oo][Cc][Uu][Mm][Ee][Nn][Tt]|[Bb]inary) if [ -s $td/$name.count ]; then +err Calling cgi_multi_file: "nae=[$name] td=[$td] args=[$args]" form=`cgi_multi_file $name $td "$args"` if [ -n "$val" ]; then hrfb="$myname?showattc+$2_m" val=$(echo "$rawval" \ | while read fn; do - data=`percenthex $td/$fn` + data=`percenthex "$td/$fn"` #ct=`cat $td/$fn.content-type` - ct=`file --mime-type $td/$fn|cut -d' ' -f2` - ri=`cat $td/$fn.rowid` -## err fn=$fn, name=$name, ri=$ri; ls -lF $td 1>&3 + ct=`file --mime-type - < "$td/$fn"|cut -d' ' -f2` + ri=`cat "$td/$fn.rowid"` + err fn=$fn, name=$name, ri=$ri; ls -lF "$td/" 1>&3 #imgsrc="<img src=\"data:$ct,$data\">" #echo "<a href=\"$hrfb+$ri\">$imgsrc</a><br>" - iconhref $td/$fn "$hrfb+$ri" "" + iconhref "$td/$fn" "$hrfb+$ri" "" done) fi else form="<input type=\"file\" name=\"$name\" $args>" if [ -n "$val" ]; then - imgs=$(echo "$val"\ + imgs=$(echo "$rawval"\ |while read fn;do - data=`percenthex $td/$fn` + data=`percenthex "$td/$fn"` echo "<img src=\"data:image/png,$data\">$fn<br>" done) form=$form"<br>$imgs" @@ -3286,8 +3297,8 @@ sql="select quote(bin) from $1 where rowid='$2';" err showattc: sql: $sql sq $db "$sql" | unhexize > $bin - tv=`query "select type,val from $1 where rowid='$2';"` - type=${tv%\|*} fn=${tv#*\|} + tv=`query "select type||'//'||val from $1 where rowid='$2';"` + type=${tv%//*} fn=${tv#*//} err tv=$tv type=$type fn=$fn, tp2=${tv%\|*} ct=${type#file:} case $ct in # all text/* changed to text/plain
