OSDN Git Service

(root) / modchxj / mod_chxj.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d75254f)
* Bug with wrong treatment of QUERY_STRING when POST is done to another site.
authorkonn <konn@1a406e8e-add9-4483-a2c8-d8cac5b7c224>
Fri, 19 Sep 2008 14:14:06 +0000 (14:14 +0000)
committerkonn <konn@1a406e8e-add9-4483-a2c8-d8cac5b7c224>
Fri, 19 Sep 2008 14:14:06 +0000 (14:14 +0000)
git-svn-id: svn+ssh://svn.sourceforge.jp/svnroot/modchxj/mod_chxj/branches/RELEASE_0_11_0@3193 1a406e8e-add9-4483-a2c8-d8cac5b7c224

include/chxj_tag_util.h patch | blob | history
src/chxj_chtml10.c patch | blob | history
src/chxj_chtml20.c patch | blob | history
src/chxj_chtml30.c patch | blob | history
src/chxj_jhtml.c patch | blob | history
src/chxj_tag_util.c patch | blob | history
src/chxj_xhtml_mobile_1_0.c patch | blob | history

diff --git a/include/chxj_tag_util.h b/include/chxj_tag_util.h
index 4c5d535..457cd43 100644 (file)
--- a/include/chxj_tag_util.h
+++ b/include/chxj_tag_util.h
@@ -97,7 +97,7 @@ extern char* qs_get_parse_attr(
   Node*        tag, 
   request_rec* r);
 
-extern char * chxj_form_action_to_hidden_tag(apr_pool_t *pool, const char *str, int xmlFlag, int post_flag);
+extern char * chxj_form_action_to_hidden_tag(request_rec *r, apr_pool_t *pool, const char *str, int xmlFlag, int post_flag);
 #endif
 /*
  * vim:ts=2 et
diff --git a/src/chxj_chtml10.c b/src/chxj_chtml10.c
index 539c5b4..5482b65 100644 (file)
--- a/src/chxj_chtml10.c
+++ b/src/chxj_chtml10.c
@@ -1879,8 +1879,10 @@ s_chtml10_start_form_tag(void *pdoc, Node *node)
     char *q;
     q = strchr(attr_value, '?');
     if (q) {
-      new_hidden_tag = chxj_form_action_to_hidden_tag(doc->pool, attr_value, 0, post_flag);
-      *q = 0;
+      new_hidden_tag = chxj_form_action_to_hidden_tag(r, doc->pool, attr_value, 0, post_flag);
+      if (new_hidden_tag) {
+        *q = 0;
+      }
     }
     W10_L(" action=\"");
     W10_V(attr_value);
diff --git a/src/chxj_chtml20.c b/src/chxj_chtml20.c
index c6a3aa1..33fb29c 100644 (file)
--- a/src/chxj_chtml20.c
+++ b/src/chxj_chtml20.c
@@ -1488,8 +1488,10 @@ s_chtml20_start_form_tag(void *pdoc, Node *node)
     char *q;
     q = strchr(attr_action, '?');
     if (q) {
-      new_hidden_tag = chxj_form_action_to_hidden_tag(doc->pool, attr_action, 0, post_flag);
-      *q = 0;
+      new_hidden_tag = chxj_form_action_to_hidden_tag(r, doc->pool, attr_action, 0, post_flag);
+      if (new_hidden_tag) {
+        *q = 0;
+      }
     }
     W_L(" action=\"");
     W_V(attr_action);
diff --git a/src/chxj_chtml30.c b/src/chxj_chtml30.c
index c11355d..1880fac 100644 (file)
--- a/src/chxj_chtml30.c
+++ b/src/chxj_chtml30.c
@@ -1395,8 +1395,10 @@ s_chtml30_start_form_tag(void *pdoc, Node *node)
     char *q;
     q = strchr(attr_action, '?');
     if (q) {
-      new_hidden_tag = chxj_form_action_to_hidden_tag(doc->pool, attr_action, 0, post_flag);
-      *q = 0;
+      new_hidden_tag = chxj_form_action_to_hidden_tag(r, doc->pool, attr_action, 0, post_flag);
+      if (new_hidden_tag) {
+        *q = 0;
+      }
     }
     W_L(" action=\"");
     W_V(attr_action);
diff --git a/src/chxj_jhtml.c b/src/chxj_jhtml.c
index c9c5fc4..33d1524 100644 (file)
--- a/src/chxj_jhtml.c
+++ b/src/chxj_jhtml.c
@@ -1384,8 +1384,10 @@ s_jhtml_start_form_tag(void *pdoc, Node *node)
     char *q;
     q = strchr(attr_action, '?');
     if (q) {
-      new_hidden_tag = chxj_form_action_to_hidden_tag(doc->pool, attr_action, 0, post_flag);
-      *q = 0;
+      new_hidden_tag = chxj_form_action_to_hidden_tag(r, doc->pool, attr_action, 0, post_flag);
+      if (new_hidden_tag) {
+        *q = 0;
+      }
     }
     W_L(" action=\"");
     W_V(attr_action);
diff --git a/src/chxj_tag_util.c b/src/chxj_tag_util.c
index 959c956..b95eb6c 100644 (file)
--- a/src/chxj_tag_util.c
+++ b/src/chxj_tag_util.c
@@ -16,6 +16,7 @@
  */
 #include "chxj_tag_util.h"
 #include "chxj_url_encode.h"
+#include "chxj_str_util.h"
 
 /**
  * The value of the VALUE attribute that the object tag node maintains is
@@ -603,11 +604,19 @@ qs_get_parse_attr(Doc* doc, Node* tag, request_rec* r)
 
 
 char *
-chxj_form_action_to_hidden_tag(apr_pool_t *pool, const char *str, int xmlFlag, int post)
+chxj_form_action_to_hidden_tag(request_rec *r, apr_pool_t *pool, const char *str, int xmlFlag, int post)
 {
   char *s = apr_pstrdup(pool, str);
+  if (!s) return NULL;
+  if (chxj_starts_with(s, "http://") || chxj_starts_with(s, "https://")) {
+    apr_uri_t url;
+    apr_uri_parse(pool, s, &url);
+    if (url.hostname && strcasecmp(url.hostname, r->hostname) != 0) {
+      return NULL;
+    }
+  }
   s = strchr(s, '?');
-  if (!s) return (char *)str;
+  if (!s) return NULL;
   s++;
   char *result = NULL;
 
diff --git a/src/chxj_xhtml_mobile_1_0.c b/src/chxj_xhtml_mobile_1_0.c
index 5f15364..d3222c0 100644 (file)
--- a/src/chxj_xhtml_mobile_1_0.c
+++ b/src/chxj_xhtml_mobile_1_0.c
@@ -1281,8 +1281,10 @@ s_xhtml_1_0_start_form_tag(void *pdoc, Node *node)
     char *q;
     q = strchr(attr_action, '?');
     if (q) {
-      new_hidden_tag = chxj_form_action_to_hidden_tag(doc->pool, attr_action, 1, post_flag);
-      *q = 0;
+      new_hidden_tag = chxj_form_action_to_hidden_tag(r, doc->pool, attr_action, 1, post_flag);
+      if (new_hidden_tag) {
+        *q = 0;
+      }
     }
     W_L(" action=\"");
     W_V(attr_action);
mod_chxj
About OSDN
Find Software
Develop Software
Help