X-Git-Url: http://git.marmaro.de/?p=mmh;a=blobdiff_plain;f=uip%2Fmhshowsbr.c;h=9317defd0af4bda6c5fcad08ae2cefe52a7d0a0b;hp=ef6f02c17459c9dfe6632b37bb0fe74ca0b3b3e4;hb=d8916ff5d389de5ab225cd6f40aeda1b285d0f28;hpb=2da3024caea2be71550f9eabd2fbc08fefe29bb5 diff --git a/uip/mhshowsbr.c b/uip/mhshowsbr.c index ef6f02c..9317def 100644 --- a/uip/mhshowsbr.c +++ b/uip/mhshowsbr.c @@ -3,6 +3,10 @@ * mhshowsbr.c -- routines to display the contents of MIME messages * * $Id$ + * + * This code is Copyright (c) 2002, by the authors of nmh. See the + * COPYRIGHT file in the root directory of the nmh distribution for + * complete copyright information. */ #include @@ -12,10 +16,11 @@ #include #include #include -#include -#include +#include +#include #include #include +#include #ifdef HAVE_SYS_WAIT_H # include @@ -31,7 +36,6 @@ # define siglongjmp(env,val) longjmp(env,val) #endif -extern int errno; extern int debugsw; int pausesw = 1; @@ -115,7 +119,7 @@ show_all_messages (CT *cts) ct = *ctp; /* if top-level type is ok, then display message */ - if (type_ok (ct, 0)) + if (type_ok (ct, 1)) show_single_message (ct, formsw); } } @@ -130,13 +134,15 @@ show_single_message (CT ct, char *form) { sigset_t set, oset; -#ifdef WAITINT - int status; -#else +#ifdef HAVE_UNION_WAIT union wait status; +#else + int status; #endif - umask (ct->c_umask); + /* Allow user executable bit so that temporary directories created by + * the viewer (e.g., lynx) are going to be accessible */ + umask (ct->c_umask & ~(0100)); /* * If you have a format file, then display @@ -166,10 +172,10 @@ show_single_message (CT ct, char *form) SIGPROCMASK (SIG_BLOCK, &set, &oset); while (wait (&status) != NOTOK) { -#ifdef WAITINT - pidcheck (status); -#else +#ifdef HAVE_UNION_WAIT pidcheck (status.w_status); +#else + pidcheck (status); #endif continue; } @@ -325,9 +331,9 @@ show_content (CT ct, int serial, int alternate) int show_content_aux (CT ct, int serial, int alternate, char *cp, char *cracked) { - int fd, len, buflen; + int fd, len, buflen, quoted; int xstdin, xlist, xpause, xtty; - char *bp, *file, buffer[BUFSIZ]; + char *bp, *pp, *file, buffer[BUFSIZ]; CI ci = &ct->c_ctinfo; if (!ct->c_ceopenfnx) { @@ -355,12 +361,15 @@ show_content_aux (CT ct, int serial, int alternate, char *cp, char *cracked) /* get buffer ready to go */ bp = buffer; - bp[0] = '\0'; - buflen = sizeof(buffer); + buflen = sizeof(buffer) - 1; + bp[0] = bp[buflen] = '\0'; + quoted = 0; /* Now parse display string */ - for ( ; *cp; cp++) { + for ( ; *cp && buflen > 0; cp++) { if (*cp == '%') { + pp = bp; + switch (*++cp) { case 'a': /* insert parameters from Content-Type field */ @@ -402,7 +411,16 @@ show_content_aux (CT ct, int serial, int alternate, char *cp, char *cracked) case 'f': /* insert filename containing content */ - snprintf (bp, buflen, "%s", file); + snprintf (bp, buflen, "'%s'", file); + /* since we've quoted the file argument, set things up + * to look past it, to avoid problems with the quoting + * logic below. (I know, I should figure out what's + * broken with the quoting logic, but..) + */ + len = strlen(bp); + buflen -= len; + bp += len; + pp = bp; break; case 'p': @@ -433,14 +451,56 @@ show_content_aux (CT ct, int serial, int alternate, char *cp, char *cracked) len = strlen (bp); bp += len; buflen -= len; + + /* Did we actually insert something? */ + if (bp != pp) { + /* Insert single quote if not inside quotes already */ + if (!quoted && buflen) { + len = strlen (pp); + memmove (pp + 1, pp, len); + *pp++ = '\''; + buflen--; + bp++; + } + /* Escape existing quotes */ + while ((pp = strchr (pp, '\'')) && buflen > 3) { + len = strlen (pp++); + memmove (pp + 3, pp, len); + *pp++ = '\\'; + *pp++ = '\''; + *pp++ = '\''; + buflen -= 3; + bp += 3; + } + /* If pp is still set, that means we ran out of space. */ + if (pp) + buflen = 0; + if (!quoted && buflen) { + *bp++ = '\''; + *bp = '\0'; + buflen--; + } + } } else { raw: - *bp++ = *cp; - *bp = '\0'; - buflen--; + *bp++ = *cp; + *bp = '\0'; + buflen--; + + if (*cp == '\'') + quoted = !quoted; } } + if (buflen <= 0 || (ct->c_termproc && buflen <= strlen(ct->c_termproc))) { + /* content_error would provide a more useful error message + * here, except that if we got overrun, it probably would + * too. + */ + fprintf(stderr, "Buffer overflow constructing show command!\n"); + return NOTOK; + } + /* use charset string to modify display method */ if (ct->c_termproc) { char term[BUFSIZ]; @@ -725,10 +785,10 @@ show_multi_internal (CT ct, int serial, int alternate) if (serial && !nowserial) { pid_t pid; int kids; -#ifdef WAITINT - int status; -#else +#ifdef HAVE_UNION_WAIT union wait status; +#else + int status; #endif kids = 0; @@ -744,10 +804,10 @@ show_multi_internal (CT ct, int serial, int alternate) } while (kids > 0 && (pid = wait (&status)) != NOTOK) { -#ifdef WAITINT - pidcheck (status); -#else +#ifdef HAVE_UNION_WAIT pidcheck (status.w_status); +#else + pidcheck (status); #endif for (part = m->mp_parts; part; part = part->mp_next) { @@ -782,9 +842,9 @@ out: static int show_multi_aux (CT ct, int serial, int alternate, char *cp) { - int len, buflen; + int len, buflen, quoted; int xlist, xpause, xtty; - char *bp, *file, buffer[BUFSIZ]; + char *bp, *pp, *file, buffer[BUFSIZ]; struct multipart *m = (struct multipart *) ct->c_ctparams; struct part *part; CI ci = &ct->c_ctinfo; @@ -819,12 +879,14 @@ show_multi_aux (CT ct, int serial, int alternate, char *cp) /* get buffer ready to go */ bp = buffer; - bp[0] = '\0'; - buflen = sizeof(buffer); + buflen = sizeof(buffer) - 1; + bp[0] = bp[buflen] = '\0'; + quoted = 0; /* Now parse display string */ - for ( ; *cp; cp++) { + for ( ; *cp && buflen > 0; cp++) { if (*cp == '%') { + pp = bp; switch (*++cp) { case 'a': /* insert parameters from Content-Type field */ @@ -877,6 +939,10 @@ show_multi_aux (CT ct, int serial, int alternate, char *cp) buflen -= len; s = " "; } + /* set our starting pointer back to bp, to avoid + * requoting the filenames we just added + */ + pp = bp; } break; @@ -908,14 +974,56 @@ show_multi_aux (CT ct, int serial, int alternate, char *cp) len = strlen (bp); bp += len; buflen -= len; + + /* Did we actually insert something? */ + if (bp != pp) { + /* Insert single quote if not inside quotes already */ + if (!quoted && buflen) { + len = strlen (pp); + memmove (pp + 1, pp, len); + *pp++ = '\''; + buflen--; + bp++; + } + /* Escape existing quotes */ + while ((pp = strchr (pp, '\'')) && buflen > 3) { + len = strlen (pp++); + memmove (pp + 3, pp, len); + *pp++ = '\\'; + *pp++ = '\''; + *pp++ = '\''; + buflen -= 3; + bp += 3; + } + /* If pp is still set, that means we ran out of space. */ + if (pp) + buflen = 0; + if (!quoted && buflen) { + *bp++ = '\''; + *bp = '\0'; + buflen--; + } + } } else { raw: - *bp++ = *cp; - *bp = '\0'; - buflen--; + *bp++ = *cp; + *bp = '\0'; + buflen--; + + if (*cp == '\'') + quoted = !quoted; } } + if (buflen <= 0 || (ct->c_termproc && buflen <= strlen(ct->c_termproc))) { + /* content_error would provide a more useful error message + * here, except that if we got overrun, it probably would + * too. + */ + fprintf(stderr, "Buffer overflow constructing show command!\n"); + return NOTOK; + } + /* use charset string to modify display method */ if (ct->c_termproc) { char term[BUFSIZ];