s4
changeset 326:d19e85a72a29
Allow spaces and special characters in filenames(tentative).
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Fri, 21 Oct 2016 16:22:12 +0859 |
| parents | b5185c66aacc |
| children | 5e56160ad1f5 |
| files | s4-blog.sh s4-cgi.sh s4-funcs.sh |
| diffstat | 3 files changed, 73 insertions(+), 64 deletions(-) [+] |
line diff
1.1 --- a/s4-blog.sh Fri Oct 21 16:19:15 2016 +0859 1.2 +++ b/s4-blog.sh Fri Oct 21 16:22:12 2016 +0859 1.3 @@ -193,9 +193,12 @@ 1.4 tdcls="repatt${new:+ new}" 1.5 imgdir=`getcachedir home/"$uid"`/main 1.6 if [ -n "$icon" -a -s "$icon" ]; then 1.7 - picon="<p class=\"proficon\"><img src=\"$icon\"></p>" 1.8 + icfn=`echo "$icon"|htmlescape` 1.9 + picon="<p class=\"proficon\"><a href=\"$hlink+$uid\"><img src=\"$icfn\"></a></p>" 1.10 else 1.11 picon="" 1.12 + query "DELETE FROM user_s WHERE key='$iconcachekey' AND 1.13 + val=`sqlquotestr \"$icon\"`;" 1.14 fi 1.15 1.16 cat<<EOF
2.1 --- a/s4-cgi.sh Fri Oct 21 16:19:15 2016 +0859 2.2 +++ b/s4-cgi.sh Fri Oct 21 16:22:12 2016 +0859 2.3 @@ -43,21 +43,24 @@ 2.4 EOF 2.5 } 2.6 cgi_text() { 2.7 - echo "<input type=\"text\" name=\"$1\" value=\"$2\" $3>" 2.8 + _v=`echo "$2"|htmlescape` 2.9 + echo "<input type=\"text\" name=\"$1\" value=\"$_v\" $3>" 2.10 } 2.11 cgi_textarea() { 2.12 + _v=`echo "$2"|htmlescape` 2.13 cat<<EOF 2.14 -<textarea name="$1" $3>$2</textarea> 2.15 +<textarea name="$1" $3>$_v</textarea> 2.16 EOF 2.17 } 2.18 cgi_file() ( # In a subshell 2.19 # $1=name $2=val(as filename) $3=args(if any) 2.20 + ## err cgi_file: \$1=$1 \$2=$2 \$3="[$3]" 2.21 # Using global variable $dir 2.22 - if [ -s $dir/$2 -a -s $dir/$2.content-type ]; then 2.23 + if [ -n "$2" -a -s "$dir/$2" ]; then 2.24 file=$dir/$2 2.25 bn=${file##*/} 2.26 - ct=`cat $dir/$2.content-type` 2.27 - data=`percenthex $file` 2.28 + ct=`file --mime-type - < "$dir/$2" | cut -d' ' -f2` 2.29 + data=`percenthex "$file"` 2.30 icon="<img src=\"data:$ct,$data\">" 2.31 fi 2.32 cat<<EOF 2.33 @@ -72,17 +75,9 @@ 2.34 n=`cat $dir/$name.count` 2.35 echo '<table class="text">' 2.36 while [ $i -le $n ]; do 2.37 - file=$name.$i ctf=$dir/$name.content-type 2.38 - vname=$file.`cat $dir/$file.rowid` 2.39 - if [ -s $ctf ]; then 2.40 - case `cat $ctf` in 2.41 - *:[Ii]mage:*) 2.42 - 2.43 - ;; 2.44 - 2.45 - esac 2.46 - fi 2.47 - val="`cat $dir/$file|htmlescape`" 2.48 + file=$name.$i 2.49 + vname=$file.`cat "$dir/$file.rowid"` 2.50 + val="`cat $dir/$file`" 2.51 cat<<EOF 2.52 <tr><td>($i)</td><td> 2.53 <input class="action" type="radio" name="action.$vname" id="keep.$vname" 2.54 @@ -119,7 +114,7 @@ 2.55 echo "<datalist id=\"$1\">" 2.56 shift 2.57 for i; do 2.58 - echo "<option value=\"`echo "$i"|unhexize`\"></option>" 2.59 + echo "<option value=\"`echo "$i"|unhexize|htmlescape`\"></option>" 2.60 done 2.61 echo "</datalist>" 2.62 }
3.1 --- a/s4-funcs.sh Fri Oct 21 16:19:15 2016 +0859 3.2 +++ b/s4-funcs.sh Fri Oct 21 16:22:12 2016 +0859 3.3 @@ -642,7 +642,7 @@ 3.4 vcount=`query "select count(val) from $cond;"` 3.5 echo $vcount > $td/$c.count 3.6 i=0 3.7 -err gvbid: i=$i vcount=$vcount 3.8 +## err gvbid: i=$i vcount=$vcount 3.9 while [ $i -lt $vcount ]; do 3.10 slice="order by rowid limit 1 offset $i" 3.11 i=$((i+1)) 3.12 @@ -651,31 +651,37 @@ 3.13 case $type in 3.14 file:*) 3.15 #file=$td/$val 3.16 - file=$td/`query "select val from $cond $slice;"` 3.17 + r_f=`query "select rowid||'//'||val from $cond $slice;"` 3.18 + f_rid=${r_f%%//*} 3.19 + file=$td/${r_f##*//} 3.20 # FOR SPEED: Skip file generation if imgcache exists 3.21 - [ -s $file -a -s $td/$fn.rowid -a -s $file.rowid ] && continue 3.22 + [ -s "$file" -a -s "$td/$fn.rowid" -a -s "$file.rowid" ] \ 3.23 + && [ x"$f_rid" = x"`cat $td/$fn.rowid`" ] \ 3.24 + && continue 3.25 # err gvbid-get="select quote(bin) from $cond $slice;" 3.26 - sq $db<<EOF | unhexize > $file 3.27 -.output $td/$fn.rowid 3.28 +## err output: "fn=[$fn] file=[$file]" 3.29 + sq $db<<EOF | unhexize > "$file" 3.30 +.output '$td/$fn.rowid' 3.31 select rowid from $cond $slice; 3.32 -.output $td/$fn 3.33 +.output '$td/$fn' 3.34 select val from $cond $slice; 3.35 -.output $file.content-type 3.36 +.output '$td/${fn}.content-type' 3.37 select substr(type, 6) from $cond $slice; 3.38 .output stdout 3.39 select quote(bin) from $cond $slice; 3.40 EOF 3.41 ## err gvbid-get2: "`ls -lF $file`" 3.42 ## err i=$i - file=$file rowid=`cat $td/$fn.rowid` 3.43 - cp $td/$fn.rowid $file.rowid 2>&3 # for convenience 3.44 - cp $file $file.orig 2>&3 3.45 - ls -lh $file | awk '{print $5"B"}'|sed 's/BB/B/' > $file.size 3.46 - case $type in 3.47 - *:[Ii]mage*) mogrify -geometry $thumbxy $file ;; 3.48 + cp "$td/$fn.rowid" "$file.rowid" 2>&3 # for convenience 3.49 + cp "$file" "$file.orig" 2>&3 3.50 + ls -lh "$file" | 3.51 + awk '{print $5"B"}'|sed 's/BB/B/' > "$file.size" 3.52 + case "$type" in 3.53 + *:[Ii]mage*) mogrify -geometry $thumbxy "$file" ;; 3.54 ### ここのアイコンを増やしたい 3.55 *|*:[Aa]pplication*) 3.56 convert -geometry $thumbxy $imgdir/file-icon.png \ 3.57 - png:- > $file 3.58 + png:- > "$file" 3.59 ;; 3.60 esac 3.61 ;; 3.62 @@ -697,14 +703,13 @@ 3.63 echo "$val" \ 3.64 | while read fn; do 3.65 file=$td/$fn 3.66 - if [ ! -s $file ]; then 3.67 + if [ ! -s "$file" ]; then 3.68 ## sq $db "select quote(bin) from $cond and val=\"$fn\"" \ 3.69 query "select quote(bin) from $cond and val=\"$fn\";" \ 3.70 - | unhexize > $file 3.71 - echo ${type#file:} > $file.content-type 3.72 -# err TTTTTTTTTTTTTTTT: $type 3.73 + | unhexize > "$file" 3.74 + ##@@## -- echo ${type#file:} > "$file.content-type" 3.75 case $type in 3.76 - *:[Ii]mage*) mogrify -geometry $thumbxy $file ;; 3.77 + *:[Ii]mage*) mogrify -geometry $thumbxy "$file" ;; 3.78 *:[Aa]pplication*) 3.79 convert -geometry $thumbxy $imgdir/file-icon.png \ 3.80 png:- > $file ;; 3.81 @@ -788,7 +793,7 @@ 3.82 hexize="hexize_hd" 3.83 fi 3.84 fi 3.85 - cat $1 | $hexize | tr -d '\n' 3.86 + cat "$@" | $hexize | tr -d '\n' 3.87 } 3.88 unhexize() { 3.89 if [ -z "$unhex" ]; then 3.90 @@ -804,11 +809,11 @@ 3.91 unhex="perl -n $tmpd/unhex.pl" 3.92 fi 3.93 fi 3.94 - cat $1 | $unhex 3.95 + cat "$@" | $unhex 3.96 # cat $1 | tee /tmp/uh.in| $unhex | tee /tmp/uh.out 3.97 } 3.98 percenthex() { 3.99 - hexize $1 | sed 's/\(..\)/%\1/g' 3.100 + hexize "$@" | sed 's/\(..\)/%\1/g' 3.101 } 3.102 htmlescape() { 3.103 sed -e 's/\&/\&/g' -e 's/"/\"/g' -e "s/'/\'/g" \ 3.104 @@ -939,8 +944,8 @@ 3.105 type=encoded ### val=`echo $val|encode` 3.106 ;; 3.107 */image*|*/document*) 3.108 - type=`file --mime-type $val` 3.109 - bin="X'`hexize $val`'" 3.110 + type=`file --mime-type - < "$val" | cut -d' ' -f2` 3.111 + bin="X'`hexize "$val"`'" 3.112 ;; 3.113 esac 3.114 pkey=`echo "$tconfs"|grep "${t0}/.*=p"|sed 1q` 3.115 @@ -1151,15 +1156,20 @@ 3.116 case "$k" in 3.117 *:filename) 3.118 type='file'; k=${k%:filename} 3.119 -(echo k=$k; ls -lF $tmpd/$v; file --mime-type $tmpd/$v) 1>&3 3.120 - case `file --mime-type $tmpd/$v|cut -d' ' -f2` in 3.121 + # DO NOT ALLOW Space and '|' in file names 3.122 + newv=`echo "$v"|sed 's/[ \|]/X/g'` 3.123 + if [ x"$v" != x"$newv" ]; then 3.124 + 3.125 + fi 3.126 +# (echo k=$k v="[$v]"; ls -lF "$tmpd/$v"; file --mime-type "$tmpd/$v") 1>&3 3.127 + case `file --mime-type - < "$tmpd/$v"|cut -d' ' -f2` in 3.128 [Ii]mage/x-xcf) 3.129 - bzip2 $tmpd/$v 3.130 + bzip2 "$tmpd/$v" 3.131 v=${v}.bz2 3.132 ;; 3.133 [Ii]mage/x-*|*/vnd.*) ;; 3.134 [Ii]mage/*) 3.135 - mogrify -resize $maximagexy'>' $tmpd/$v 3.136 + mogrify -resize $maximagexy'>' "$tmpd/$v" 3.137 ;; 3.138 esac 3.139 ;; 3.140 @@ -1534,10 +1544,10 @@ 3.141 | tee $fifo \ 3.142 | convert -define ${fmt}:size=${iconxy_M}x${iconxy_M} \ 3.143 -resize ${iconxy_M}x${iconxy_M}'>' - pnm:- \ 3.144 - | convert - $cacheimg_M & 3.145 + | convert - "$cacheimg_M" & 3.146 cat $fifo | convert -define ${fmt}:size=${iconxy_S}x${iconxy_S} \ 3.147 -resize ${iconxy_S}x${iconxy_S}'>' - pnm:- \ 3.148 - | convert - $cacheimg_S & 3.149 + | convert - "$cacheimg_S" & 3.150 printf '%s' "<img src=\"data:${filetype}," 3.151 cat $tmpf | sed 's/\(..\)/%\1/g' 3.152 echo '">' 3.153 @@ -1765,8 +1775,8 @@ 3.154 } 3.155 iconhref() ( 3.156 # $1=icon-file, $2=Href $3=title $4...=anchor 3.157 - data=`percenthex $1` 3.158 - ct=`file --mime-type $1|cut -d' ' -f2` 3.159 + data=`percenthex "$1"` 3.160 + ct=`file --mime-type - < "$1"|cut -d' ' -f2` 3.161 err iconhref: \$1=$1 \$2=$2 \$3="$@" 3.162 href=$2; title=$3; shift 3 3.163 echo "<a href=\"$href\"><img title=\"$title\" src=\"data:$ct,$data\">$@</a>" 3.164 @@ -2967,13 +2977,13 @@ 3.165 err type=file=$file 3.166 [ -z "$file" ] && continue 3.167 bn=`sqlquotestr "${file##*/}"` 3.168 - bin="X'"$(hexize $file)"'" 3.169 - ct=`file --mime-type $file|cut -d' ' -f2` 3.170 + bin="X'"$(hexize "$file")"'" 3.171 + ct=`file --mime-type - < "$file" |cut -d' ' -f2` 3.172 type=\"file:$ct\" 3.173 newsql="update $tb2 set val=$bn, type=$type, bin=$bin" 3.174 cachedir=`getcachedir "$tbl/$rowid"` 3.175 err getcache tbl/rowid=$tbl/$rowid, rm -r $cachedir 3.176 - rm -r $cachedir 3.177 + rm -rf $cachedir 3.178 ;; 3.179 *) 3.180 newsql="update $tb2 set val=(select val from par where var \ 3.181 @@ -3020,8 +3030,8 @@ 3.182 file) file=$tmpd/`getparfilename $col "$limit"` 3.183 err parfile-$col=$file 3.184 [ -z "$file" ] && continue 3.185 - bin="X'"$(hexize $file)"'" 3.186 - ct=`file --mime-type $file|cut -d' ' -f2` 3.187 + bin="X'"$(hexize "$file")"'" 3.188 + ct=`file --mime-type - < "$file"|cut -d' ' -f2` 3.189 type=\"file:$ct\" ;; 3.190 "*"*) continue ;; # foreign table 3.191 *) type=\"string\" ;; 3.192 @@ -3119,7 +3129,7 @@ 3.193 rawval=`getvalbyid $2 $name $rowid $td` 3.194 val=`echo "$rawval"|htmlescape` 3.195 err genform3a: getvalbyid $2 $name $rowid $td 3.196 -err genform3b: val="[$val]" 3.197 +err genform3b: val="[$val]" type="$type" 3.198 fi 3.199 if [ -n "$GF_VIEWONLY" ]; then 3.200 is_hidden "$2" "$name" && continue 3.201 @@ -3161,27 +3171,28 @@ 3.202 ;; 3.203 [Ii][Mm][Aa][Gg][Ee]|[Dd][Oo][Cc][Uu][Mm][Ee][Nn][Tt]|[Bb]inary) 3.204 if [ -s $td/$name.count ]; then 3.205 +err Calling cgi_multi_file: "nae=[$name] td=[$td] args=[$args]" 3.206 form=`cgi_multi_file $name $td "$args"` 3.207 if [ -n "$val" ]; then 3.208 hrfb="$myname?showattc+$2_m" 3.209 val=$(echo "$rawval" \ 3.210 | while read fn; do 3.211 - data=`percenthex $td/$fn` 3.212 + data=`percenthex "$td/$fn"` 3.213 #ct=`cat $td/$fn.content-type` 3.214 - ct=`file --mime-type $td/$fn|cut -d' ' -f2` 3.215 - ri=`cat $td/$fn.rowid` 3.216 -## err fn=$fn, name=$name, ri=$ri; ls -lF $td 1>&3 3.217 + ct=`file --mime-type - < "$td/$fn"|cut -d' ' -f2` 3.218 + ri=`cat "$td/$fn.rowid"` 3.219 + err fn=$fn, name=$name, ri=$ri; ls -lF "$td/" 1>&3 3.220 #imgsrc="<img src=\"data:$ct,$data\">" 3.221 #echo "<a href=\"$hrfb+$ri\">$imgsrc</a><br>" 3.222 - iconhref $td/$fn "$hrfb+$ri" "" 3.223 + iconhref "$td/$fn" "$hrfb+$ri" "" 3.224 done) 3.225 fi 3.226 else 3.227 form="<input type=\"file\" name=\"$name\" $args>" 3.228 if [ -n "$val" ]; then 3.229 - imgs=$(echo "$val"\ 3.230 + imgs=$(echo "$rawval"\ 3.231 |while read fn;do 3.232 - data=`percenthex $td/$fn` 3.233 + data=`percenthex "$td/$fn"` 3.234 echo "<img src=\"data:image/png,$data\">$fn<br>" 3.235 done) 3.236 form=$form"<br>$imgs" 3.237 @@ -3286,8 +3297,8 @@ 3.238 sql="select quote(bin) from $1 where rowid='$2';" 3.239 err showattc: sql: $sql 3.240 sq $db "$sql" | unhexize > $bin 3.241 - tv=`query "select type,val from $1 where rowid='$2';"` 3.242 - type=${tv%\|*} fn=${tv#*\|} 3.243 + tv=`query "select type||'//'||val from $1 where rowid='$2';"` 3.244 + type=${tv%//*} fn=${tv#*//} 3.245 err tv=$tv type=$type fn=$fn, tp2=${tv%\|*} 3.246 ct=${type#file:} 3.247 case $ct in # all text/* changed to text/plain