int
show_content_aux (CT ct, int serial, int alternate, char *cp, char *cracked)
{
- int fd, len, buflen;
+ int fd, len, buflen, quoted;
int xstdin, xlist, xpause, xtty;
- char *bp, *file, buffer[BUFSIZ];
+ char *bp, *pp, *file, buffer[BUFSIZ];
CI ci = &ct->c_ctinfo;
if (!ct->c_ceopenfnx) {
/* get buffer ready to go */
bp = buffer;
- bp[0] = '\0';
- buflen = sizeof(buffer);
+ buflen = sizeof(buffer) - 1;
+ bp[0] = bp[buflen] = '\0';
+ quoted = 0;
/* Now parse display string */
- for ( ; *cp; cp++) {
+ for ( ; *cp && buflen > 0; cp++) {
if (*cp == '%') {
+ pp = bp;
+
switch (*++cp) {
case 'a':
/* insert parameters from Content-Type field */
case 'f':
/* insert filename containing content */
- snprintf (bp, buflen, "%s", file);
+ snprintf (bp, buflen, "'%s'", file);
+ /* since we've quoted the file argument, set things up
+ * to look past it, to avoid problems with the quoting
+ * logic below. (I know, I should figure out what's
+ * broken with the quoting logic, but..)
+ */
+ len = strlen(bp);
+ buflen -= len;
+ bp += len;
+ pp = bp;
break;
case 'p':
len = strlen (bp);
bp += len;
buflen -= len;
+
+ /* Did we actually insert something? */
+ if (bp != pp) {
+ /* Insert single quote if not inside quotes already */
+ if (!quoted && buflen) {
+ len = strlen (pp);
+ memmove (pp + 1, pp, len);
+ *pp++ = '\'';
+ buflen--;
+ bp++;
+ }
+ /* Escape existing quotes */
+ while ((pp = strchr (pp, '\'')) && buflen > 3) {
+ len = strlen (pp++);
+ memmove (pp + 3, pp, len);
+ *pp++ = '\\';
+ *pp++ = '\'';
+ *pp++ = '\'';
+ buflen -= 3;
+ bp += 3;
+ }
+ /* If pp is still set, that means we ran out of space. */
+ if (pp)
+ buflen = 0;
+ if (!quoted && buflen) {
+ *bp++ = '\'';
+ *bp = '\0';
+ buflen--;
+ }
+ }
} else {
raw:
- *bp++ = *cp;
- *bp = '\0';
- buflen--;
+ *bp++ = *cp;
+ *bp = '\0';
+ buflen--;
+
+ if (*cp == '\'')
+ quoted = !quoted;
}
}
+ if (buflen <= 0 || (ct->c_termproc && buflen <= strlen(ct->c_termproc))) {
+ /* content_error would provide a more useful error message
+ * here, except that if we got overrun, it probably would
+ * too.
+ */
+ fprintf(stderr, "Buffer overflow constructing show command!\n");
+ return NOTOK;
+ }
+
/* use charset string to modify display method */
if (ct->c_termproc) {
char term[BUFSIZ];
read (fileno (stdout), prompt, sizeof(prompt));
}
SIGNAL (SIGINT, istat);
- if (intr != OK) {
+ if (intr != OK || prompt[0] == 'n') {
(*ct->c_ceclosefnx) (ct);
return (alternate ? DONE : NOTOK);
}
+ if (prompt[0] == 'q') done(OK);
}
}
for (part = m->mp_parts; part; part = part->mp_next) {
p = part->mp_part;
- if (p->c_pid > OK)
+ if (p->c_pid > OK) {
if (kill (p->c_pid, 0) == NOTOK)
p->c_pid = 0;
else
kids++;
+ }
}
while (kids > 0 && (pid = wait (&status)) != NOTOK) {
static int
show_multi_aux (CT ct, int serial, int alternate, char *cp)
{
- int len, buflen;
+ int len, buflen, quoted;
int xlist, xpause, xtty;
- char *bp, *file, buffer[BUFSIZ];
+ char *bp, *pp, *file, buffer[BUFSIZ];
struct multipart *m = (struct multipart *) ct->c_ctparams;
struct part *part;
CI ci = &ct->c_ctinfo;
/* get buffer ready to go */
bp = buffer;
- bp[0] = '\0';
- buflen = sizeof(buffer);
+ buflen = sizeof(buffer) - 1;
+ bp[0] = bp[buflen] = '\0';
+ quoted = 0;
/* Now parse display string */
- for ( ; *cp; cp++) {
+ for ( ; *cp && buflen > 0; cp++) {
if (*cp == '%') {
+ pp = bp;
switch (*++cp) {
case 'a':
/* insert parameters from Content-Type field */
buflen -= len;
s = " ";
}
+ /* set our starting pointer back to bp, to avoid
+ * requoting the filenames we just added
+ */
+ pp = bp;
}
break;
len = strlen (bp);
bp += len;
buflen -= len;
+
+ /* Did we actually insert something? */
+ if (bp != pp) {
+ /* Insert single quote if not inside quotes already */
+ if (!quoted && buflen) {
+ len = strlen (pp);
+ memmove (pp + 1, pp, len);
+ *pp++ = '\'';
+ buflen--;
+ bp++;
+ }
+ /* Escape existing quotes */
+ while ((pp = strchr (pp, '\'')) && buflen > 3) {
+ len = strlen (pp++);
+ memmove (pp + 3, pp, len);
+ *pp++ = '\\';
+ *pp++ = '\'';
+ *pp++ = '\'';
+ buflen -= 3;
+ bp += 3;
+ }
+ /* If pp is still set, that means we ran out of space. */
+ if (pp)
+ buflen = 0;
+ if (!quoted && buflen) {
+ *bp++ = '\'';
+ *bp = '\0';
+ buflen--;
+ }
+ }
} else {
raw:
- *bp++ = *cp;
- *bp = '\0';
- buflen--;
+ *bp++ = *cp;
+ *bp = '\0';
+ buflen--;
+
+ if (*cp == '\'')
+ quoted = !quoted;
}
}
+ if (buflen <= 0 || (ct->c_termproc && buflen <= strlen(ct->c_termproc))) {
+ /* content_error would provide a more useful error message
+ * here, except that if we got overrun, it probably would
+ * too.
+ */
+ fprintf(stderr, "Buffer overflow constructing show command!\n");
+ return NOTOK;
+ }
+
/* use charset string to modify display method */
if (ct->c_termproc) {
char term[BUFSIZ];