From: Michael R Sweet Date: Tue, 2 Apr 2024 12:36:06 +0000 (-0400) Subject: Fix the initialization and validation of checkbox and text fields in CGI forms. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9927a4b08642dffc44cd41689ee70c171f34a39;p=thirdparty%2Fcups.git Fix the initialization and validation of checkbox and text fields in CGI forms. --- diff --git a/CHANGES.md b/CHANGES.md index 39c3eff1b6..74113d5974 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -65,6 +65,8 @@ Changes in CUPS v2.5b1 (TBA) (Issue #901) - Fixed encoding of IPv6 addresses in HTTP requests (Issue #903) - Fixed encoding of `IPP_TAG_EXTENSION` values in IPP messages (Issue #913) +- Fixed CGI program initialization and validation of form checkbox and text + fields. - Removed hash support for SHA2-512-224 and SHA2-512-256. - Removed `mantohtml` script for generating html pages (use `https://www.msweet.org/mantohtml/`) diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c index 34c2d46bed..34291f2e2d 100644 --- a/cgi-bin/admin.c +++ b/cgi-bin/admin.c @@ -335,9 +335,9 @@ do_am_class(http_t *http, /* I - HTTP connection */ title = cgiText(modify ? _("Modify Class") : _("Add Class")); op = cgiGetVariable("OP"); - name = cgiGetVariable("PRINTER_NAME"); + name = cgiGetTextfield("PRINTER_NAME"); - if (cgiGetVariable("PRINTER_LOCATION") == NULL) + if (cgiGetTextfield("PRINTER_LOCATION") == NULL) { /* * Build a CUPS_GET_PRINTERS request, which requires the @@ -544,10 +544,10 @@ do_am_class(http_t *http, /* I - HTTP connection */ NULL, uri); ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-location", - NULL, cgiGetVariable("PRINTER_LOCATION")); + NULL, cgiGetTextfield("PRINTER_LOCATION")); ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-info", - NULL, cgiGetVariable("PRINTER_INFO")); + NULL, cgiGetTextfield("PRINTER_INFO")); ippAddBoolean(request, IPP_TAG_PRINTER, "printer-is-accepting-jobs", 1); @@ -643,7 +643,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */ }; - ptr = cgiGetVariable("DEVICE_URI"); + ptr = cgiGetTextfield("DEVICE_URI"); fprintf(stderr, "DEBUG: do_am_printer: DEVICE_URI=\"%s\"\n", ptr ? ptr : "(null)"); @@ -664,7 +664,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */ httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/printers/%s", - cgiGetVariable("PRINTER_NAME")); + cgiGetTextfield("PRINTER_NAME")); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); @@ -687,7 +687,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */ fprintf(stderr, "DEBUG: file->mimetype=%s\n", file->mimetype); } - if ((name = cgiGetVariable("PRINTER_NAME")) != NULL) + if ((name = cgiGetTextfield("PRINTER_NAME")) != NULL) { for (ptr = name; *ptr; ptr ++) if ((*ptr >= 0 && *ptr <= ' ') || *ptr == 127 || *ptr == '/' || *ptr == '\\' || *ptr == '?' || *ptr == '\'' || *ptr == '\"' || *ptr == '#') @@ -704,7 +704,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */ } } - if ((var = cgiGetVariable("DEVICE_URI")) != NULL) + if ((var = cgiGetTextfield("DEVICE_URI")) != NULL) { if ((uriptr = strrchr(var, '|')) != NULL) { @@ -880,7 +880,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */ cgiCopyTemplateLang("choose-serial.tmpl"); cgiEndHTML(); } - else if (!name || !cgiGetVariable("PRINTER_LOCATION")) + else if (!name || !cgiGetTextfield("PRINTER_LOCATION")) { cgiStartHTML(title); @@ -1119,7 +1119,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */ httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/printers/%s", - cgiGetVariable("PRINTER_NAME")); + cgiGetTextfield("PRINTER_NAME")); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); @@ -1132,12 +1132,12 @@ do_am_printer(http_t *http, /* I - HTTP connection */ } ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-location", - NULL, cgiGetVariable("PRINTER_LOCATION")); + NULL, cgiGetTextfield("PRINTER_LOCATION")); ippAddString(request, IPP_TAG_PRINTER, IPP_TAG_TEXT, "printer-info", - NULL, cgiGetVariable("PRINTER_INFO")); + NULL, cgiGetTextfield("PRINTER_INFO")); - cupsCopyString(uri, cgiGetVariable("DEVICE_URI"), sizeof(uri)); + cupsCopyString(uri, cgiGetTextfield("DEVICE_URI"), sizeof(uri)); /* * Strip make and model from URI... @@ -1166,7 +1166,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */ ippAddBoolean(request, IPP_TAG_PRINTER, "printer-is-accepting-jobs", 1); - var = cgiGetVariable("printer_is_shared"); + var = cgiGetCheckbox("printer_is_shared"); ippAddBoolean(request, IPP_TAG_PRINTER, "printer-is-shared", var && (!strcmp(var, "1") || !strcmp(var, "on"))); @@ -1307,29 +1307,29 @@ do_config_server(http_t *http) /* I - HTTP connection */ * Get the checkbox values from the form... */ - debug_logging = cgiGetVariable("DEBUG_LOGGING") ? "1" : "0"; - remote_admin = cgiGetVariable("REMOTE_ADMIN") ? "1" : "0"; - remote_any = cgiGetVariable("REMOTE_ANY") ? "1" : "0"; - share_printers = cgiGetVariable("SHARE_PRINTERS") ? "1" : "0"; - user_cancel_any = cgiGetVariable("USER_CANCEL_ANY") ? "1" : "0"; + debug_logging = cgiGetCheckbox("DEBUG_LOGGING") ? "1" : "0"; + remote_admin = cgiGetCheckbox("REMOTE_ADMIN") ? "1" : "0"; + remote_any = cgiGetCheckbox("REMOTE_ANY") ? "1" : "0"; + share_printers = cgiGetCheckbox("SHARE_PRINTERS") ? "1" : "0"; + user_cancel_any = cgiGetCheckbox("USER_CANCEL_ANY") ? "1" : "0"; - advanced = cgiGetVariable("ADVANCEDSETTINGS") != NULL; + advanced = cgiGetCheckbox("ADVANCEDSETTINGS") != NULL; if (advanced) { /* * Get advanced settings... */ - browse_web_if = cgiGetVariable("BROWSE_WEB_IF") ? "Yes" : "No"; - max_clients = cgiGetVariable("MAX_CLIENTS"); - max_log_size = cgiGetVariable("MAX_LOG_SIZE"); - preserve_jobs = cgiGetVariable("PRESERVE_JOBS"); + browse_web_if = cgiGetCheckbox("BROWSE_WEB_IF") ? "Yes" : "No"; + max_clients = cgiGetTextfield("MAX_CLIENTS"); + max_log_size = cgiGetTextfield("MAX_LOG_SIZE"); + preserve_jobs = cgiGetTextfield("PRESERVE_JOBS"); if (preserve_jobs) { - max_jobs = cgiGetVariable("MAX_JOBS"); - preserve_job_history = cgiGetVariable("PRESERVE_JOB_HISTORY"); - preserve_job_files = cgiGetVariable("PRESERVE_JOB_FILES"); + max_jobs = cgiGetTextfield("MAX_JOBS"); + preserve_job_history = cgiGetTextfield("PRESERVE_JOB_HISTORY"); + preserve_job_files = cgiGetTextfield("PRESERVE_JOB_FILES"); if (!max_jobs || atoi(max_jobs) < 0) max_jobs = "500"; @@ -1374,7 +1374,7 @@ do_config_server(http_t *http) /* I - HTTP connection */ * Get authentication settings... */ - if (cgiGetVariable("KERBEROS")) + if (cgiGetCheckbox("KERBEROS")) cupsCopyString(default_auth_type, "Negotiate", sizeof(default_auth_type)); else { @@ -1795,7 +1795,7 @@ do_delete_class(http_t *http) /* I - HTTP connection */ return; } - if ((pclass = cgiGetVariable("PRINTER_NAME")) != NULL) + if ((pclass = cgiGetTextfield("PRINTER_NAME")) != NULL) httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/classes/%s", pclass); else @@ -1880,7 +1880,7 @@ do_delete_printer(http_t *http) /* I - HTTP connection */ return; } - if ((printer = cgiGetVariable("PRINTER_NAME")) != NULL) + if ((printer = cgiGetTextfield("PRINTER_NAME")) != NULL) httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/printers/%s", printer); else @@ -2171,22 +2171,32 @@ do_menu(http_t *http) /* I - HTTP connection */ if ((val = cupsGetOption(CUPS_SERVER_DEBUG_LOGGING, num_settings, settings)) != NULL && atoi(val)) cgiSetVariable("DEBUG_LOGGING", "CHECKED"); + else + cgiSetVariable("DEBUG_LOGGING", ""); if ((val = cupsGetOption(CUPS_SERVER_REMOTE_ADMIN, num_settings, settings)) != NULL && atoi(val)) cgiSetVariable("REMOTE_ADMIN", "CHECKED"); + else + cgiSetVariable("REMOTE_ADMIN", ""); if ((val = cupsGetOption(CUPS_SERVER_REMOTE_ANY, num_settings, settings)) != NULL && atoi(val)) cgiSetVariable("REMOTE_ANY", "CHECKED"); + else + cgiSetVariable("REMOTE_ANY", ""); if ((val = cupsGetOption(CUPS_SERVER_SHARE_PRINTERS, num_settings, settings)) != NULL && atoi(val)) cgiSetVariable("SHARE_PRINTERS", "CHECKED"); + else + cgiSetVariable("SHARE_PRINTERS", ""); if ((val = cupsGetOption(CUPS_SERVER_USER_CANCEL_ANY, num_settings, settings)) != NULL && atoi(val)) cgiSetVariable("USER_CANCEL_ANY", "CHECKED"); + else + cgiSetVariable("USER_CANCEL_ANY", ""); #ifdef HAVE_GSSAPI cgiSetVariable("HAVE_GSSAPI", "1"); @@ -2205,6 +2215,8 @@ do_menu(http_t *http) /* I - HTTP connection */ if (!_cups_strcasecmp(val, "yes") || !_cups_strcasecmp(val, "on") || !_cups_strcasecmp(val, "true")) cgiSetVariable("BROWSE_WEB_IF", "CHECKED"); + else + cgiSetVariable("BROWSE_WEB_IF", ""); if ((val = cupsGetOption("PreserveJobHistory", num_settings, settings)) == NULL) @@ -2288,7 +2300,7 @@ do_set_allowed_users(http_t *http) /* I - HTTP connection */ is_class = cgiGetVariable("IS_CLASS"); - printer = cgiGetVariable("PRINTER_NAME"); + printer = cgiGetTextfield("PRINTER_NAME"); if (!printer) { @@ -2299,7 +2311,7 @@ do_set_allowed_users(http_t *http) /* I - HTTP connection */ return; } - users = cgiGetVariable("users"); + users = cgiGetTextfield("users"); type = cgiGetVariable("type"); if (!users || !type || @@ -2541,7 +2553,7 @@ do_set_default(http_t *http) /* I - HTTP connection */ is_class = cgiGetVariable("IS_CLASS"); - printer = cgiGetVariable("PRINTER_NAME"); + printer = cgiGetTextfield("PRINTER_NAME"); title = cgiText(_("Set As Server Default")); if (!printer) @@ -2651,7 +2663,7 @@ do_set_options(http_t *http, /* I - HTTP connection */ * Get the printer name... */ - if ((printer = cgiGetVariable("PRINTER_NAME")) != NULL) + if ((printer = cgiGetTextfield("PRINTER_NAME")) != NULL) httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, is_class ? "/classes/%s" : "/printers/%s", printer); @@ -3365,8 +3377,8 @@ do_set_sharing(http_t *http) /* I - HTTP connection */ is_class = cgiGetVariable("IS_CLASS"); - printer = cgiGetVariable("PRINTER_NAME"); - shared = cgiGetVariable("SHARED"); + printer = cgiGetTextfield("PRINTER_NAME"); + shared = cgiGetCheckbox("SHARED"); if (!printer || !shared) { diff --git a/cgi-bin/cgi-private.h b/cgi-bin/cgi-private.h index 23c3651bd5..ffc798f627 100644 --- a/cgi-bin/cgi-private.h +++ b/cgi-bin/cgi-private.h @@ -2,10 +2,11 @@ * Private CGI definitions for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2011 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2011 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* diff --git a/cgi-bin/cgi.h b/cgi-bin/cgi.h index 2b7497a7de..18981d2758 100644 --- a/cgi-bin/cgi.h +++ b/cgi-bin/cgi.h @@ -70,11 +70,13 @@ extern char *cgiFormEncode(char *dst, const char *src, extern void cgiFreeSearch(void *search); extern char *cgiGetArray(const char *name, int element); extern void cgiGetAttributes(ipp_t *request, const char *tmpl); +extern const char *cgiGetCheckbox(const char *name); extern const char *cgiGetCookie(const char *name); extern const cgi_file_t *cgiGetFile(void); extern cups_array_t *cgiGetIPPObjects(ipp_t *response, void *search); extern int cgiGetSize(const char *name); extern char *cgiGetTemplateDir(void); +extern const char *cgiGetTextfield(const char *name); extern char *cgiGetVariable(const char *name); extern int cgiInitialize(void); extern int cgiIsPOST(void); diff --git a/cgi-bin/classes.c b/cgi-bin/classes.c index 602318308c..eb83a920d6 100644 --- a/cgi-bin/classes.c +++ b/cgi-bin/classes.c @@ -2,10 +2,11 @@ * Class status CGI for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2016 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2016 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -334,7 +335,7 @@ show_all_classes(http_t *http, /* I - Connection to server */ * Get a list of matching job objects. */ - if ((var = cgiGetVariable("QUERY")) != NULL && + if ((var = cgiGetTextfield("QUERY")) != NULL && !cgiGetVariable("CLEAR")) search = cgiCompileSearch(var); else diff --git a/cgi-bin/help-index.h b/cgi-bin/help-index.h index c6486f0152..21c07bd395 100644 --- a/cgi-bin/help-index.h +++ b/cgi-bin/help-index.h @@ -2,10 +2,11 @@ * Online help index definitions for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2011 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products. + * Copyright © 2007-2011 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ #ifndef _CUPS_HELP_INDEX_H_ diff --git a/cgi-bin/help.c b/cgi-bin/help.c index 348971275e..e85dcdedf4 100644 --- a/cgi-bin/help.c +++ b/cgi-bin/help.c @@ -2,10 +2,11 @@ * Online help CGI for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2011 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2011 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -172,7 +173,7 @@ main(int argc, /* I - Number of command-line arguments */ if (cgiGetVariable("CLEAR")) cgiSetVariable("QUERY", ""); - query = cgiGetVariable("QUERY"); + query = cgiGetTextfield("QUERY"); si = helpSearchIndex(hi, query, topic, helpfile); cgiClearVariables(); diff --git a/cgi-bin/html.c b/cgi-bin/html.c index 97490bf19c..41d7b09daa 100644 --- a/cgi-bin/html.c +++ b/cgi-bin/html.c @@ -2,10 +2,11 @@ * HTML support functions for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2011 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2011 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* diff --git a/cgi-bin/ipp-var.c b/cgi-bin/ipp-var.c index 72401783c4..0f00a75118 100644 --- a/cgi-bin/ipp-var.c +++ b/cgi-bin/ipp-var.c @@ -2,10 +2,11 @@ * CGI <-> IPP variable routines for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2016 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products. + * Copyright © 2007-2016 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* diff --git a/cgi-bin/jobs.c b/cgi-bin/jobs.c index 1217c1fd4f..66a4f81a2a 100644 --- a/cgi-bin/jobs.c +++ b/cgi-bin/jobs.c @@ -2,10 +2,11 @@ * Job status CGI for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2014 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2014 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* diff --git a/cgi-bin/printers.c b/cgi-bin/printers.c index 097ed6ba2c..b20c0a9ff2 100644 --- a/cgi-bin/printers.c +++ b/cgi-bin/printers.c @@ -2,10 +2,11 @@ * Printer status CGI for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2016 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2016 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -351,7 +352,7 @@ show_all_printers(http_t *http, /* I - Connection to server */ * Get a list of matching job objects. */ - if ((var = cgiGetVariable("QUERY")) != NULL && + if ((var = cgiGetTextfield("QUERY")) != NULL && !cgiGetVariable("CLEAR")) search = cgiCompileSearch(var); else diff --git a/cgi-bin/search.c b/cgi-bin/search.c index f9411c19f3..106d15406b 100644 --- a/cgi-bin/search.c +++ b/cgi-bin/search.c @@ -2,8 +2,8 @@ * Search routines for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2018 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2018 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * * Licensed under Apache License v2.0. See the file "LICENSE" for more * information. diff --git a/cgi-bin/template.c b/cgi-bin/template.c index e3602c4e2c..931e660ce4 100644 --- a/cgi-bin/template.c +++ b/cgi-bin/template.c @@ -2,10 +2,11 @@ * CGI template function. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2015 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2015 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ #include "cgi-private.h" @@ -398,6 +399,8 @@ cgi_copy(FILE *out, /* I - Output file */ * See if the terminating character requires another test... */ + fprintf(stderr, "DEBUG2: %*s\"{%s}\" mapped to \"%s\"...\n", indent, "", name, outptr); + if (ch == '}') { /* diff --git a/cgi-bin/testcgi.c b/cgi-bin/testcgi.c index ed636b5d17..836a237c53 100644 --- a/cgi-bin/testcgi.c +++ b/cgi-bin/testcgi.c @@ -2,10 +2,11 @@ * CGI test program for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2014 by Apple Inc. - * Copyright 1997-2005 by Easy Software Products. + * Copyright © 2007-2014 by Apple Inc. + * Copyright © 1997-2005 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* diff --git a/cgi-bin/testhi.c b/cgi-bin/testhi.c index 26f867a976..61afae422b 100644 --- a/cgi-bin/testhi.c +++ b/cgi-bin/testhi.c @@ -2,10 +2,11 @@ * Help index test program for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2017 by Apple Inc. - * Copyright 1997-2007 by Easy Software Products. + * Copyright © 2007-2017 by Apple Inc. + * Copyright © 1997-2007 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* diff --git a/cgi-bin/testtemplate.c b/cgi-bin/testtemplate.c index 7f9ba78e8d..a68a4b7595 100644 --- a/cgi-bin/testtemplate.c +++ b/cgi-bin/testtemplate.c @@ -2,10 +2,11 @@ * CGI template test program for CUPS. * * Copyright © 2020-2024 by OpenPrinting. - * Copyright 2007-2011 by Apple Inc. - * Copyright 2006 by Easy Software Products. + * Copyright © 2007-2011 by Apple Inc. + * Copyright © 2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* diff --git a/cgi-bin/var.c b/cgi-bin/var.c index 0e5f6a43ec..d03a5d77a3 100644 --- a/cgi-bin/var.c +++ b/cgi-bin/var.c @@ -178,6 +178,41 @@ cgiGetArray(const char *name, /* I - Name of array variable */ } +/* + * 'cgiGetCheckbox()' - Get a checkbox value, deleting any invalid values. + */ + +const char * /* O - Value or NULL */ +cgiGetCheckbox(const char *name) /* I - Name of form field */ +{ + _cgi_var_t *var = cgi_find_variable(name); + /* Found variable */ + const char *value = var ? var->values[var->nvalues - 1] : NULL; + + + if (value && _cups_strcasecmp(value, "checkbox")) + { + /* + * Delete the invalid checkbox value... + */ + + int i = var - form_vars, j; + + form_count --; + + for (j = 0; j < var->nvalues; j ++) + free(var->values[j]); + free(var->name); + free(var->values); + + if (i < form_count) + memmove(var, var + 1, (size_t)(form_count - i) * sizeof(_cgi_var_t)); + } + + return (value); +} + + /* * 'cgiGetCookie()' - Get a cookie value. */ @@ -217,6 +252,41 @@ cgiGetSize(const char *name) /* I - Name of variable */ } +/* + * 'cgiGetTextfield()' - Get a textfield value, deleting any invalid values. + */ + +const char * /* O - Value or NULL */ +cgiGetTextfield(const char *name) /* I - Name of form field */ +{ + _cgi_var_t *var = cgi_find_variable(name); + /* Found variable */ + const char *value = var ? var->values[var->nvalues - 1] : NULL; + + + if (value && strchr(value, '\"') != NULL) + { + /* + * Delete the invalid text field value... + */ + + int i = var - form_vars, j; + + form_count --; + + for (j = 0; j < var->nvalues; j ++) + free(var->values[j]); + free(var->name); + free(var->values); + + if (i < form_count) + memmove(var, var + 1, (size_t)(form_count - i) * sizeof(_cgi_var_t)); + } + + return (value); +} + + /* * 'cgiGetVariable()' - Get a CGI variable from the database. *