Fossil

** the QUERY_STRING environment variable (if it exists), from standard
** input if there is POST data, and from HTTP_COOKIE.
**
** REQUEST_URI, PATH_INFO, and SCRIPT_NAME are related as follows:
**
**      REQUEST_URI == SCRIPT_NAME + PATH_INFO
**
** Or if QUERY_STRING is not empty:
**
**      REQUEST_URI == SCRIPT_NAME + PATH_INFO + '?' + QUERY_STRING
**
** Where "+" means concatenate.  Fossil requires SCRIPT_NAME.  If
** REQUEST_URI is provided but PATH_INFO is not, then PATH_INFO is
** computed from REQUEST_URI and SCRIPT_NAME.  If PATH_INFO is provided
** but REQUEST_URI is not, then compute REQUEST_URI from PATH_INFO and
** SCRIPT_NAME.  If neither REQUEST_URI nor PATH_INFO are provided, then
** assume that PATH_INFO is an empty string and set REQUEST_URI equal
** to PATH_INFO.
**
** Sometimes PATH_INFO is missing and SCRIPT_NAME is not a prefix of
** REQUEST_URI.  (See https://fossil-scm.org/forum/forumpost/049e8650ed)
** In that case, truncate SCRIPT_NAME so that it is a proper prefix
** of REQUEST_URI.
**
** SCGI typically omits PATH_INFO.  CGI sometimes omits REQUEST_URI and
** PATH_INFO when it is empty.
**
** CGI Parameter quick reference:
**
**                                      REQUEST_URI
**                               _____________|________________
**                              /                              \
**    https://www.fossil-scm.org/forum/info/12736b30c072551a?t=c
**            \________________/\____/\____________________/ \_/
**                    |            |             |            |
**               HTTP_HOST         |        PATH_INFO     QUERY_STRING
**                            SCRIPT_NAME
*/
void cgi_init(void){

  /* We must have SCRIPT_NAME. If the web server did not supply it, try
  ** to compute it from REQUEST_URI and PATH_INFO. */
  if( zScriptName==0 ){
    size_t nRU, nPI;
    if( zRequestUri==0 || zPathInfo==0 ){
      malformed_request("missing SCRIPT_NAME");  /* Does not return */
    }
    z = strchr(zRequestUri,'?');
    if( z ){
      nRU = (int)(z - zRequestUri);
    }else{
      nRU = strlen(zRequestUri);
    }
    nPI = strlen(zPathInfo);
    if( nRU<nPI ){
      malformed_request("PATH_INFO is longer than REQUEST_URI");
    }
    zScriptName = fossil_strndup(zRequestUri,(int)(nRU-nPI));
    cgi_set_parameter("SCRIPT_NAME", zScriptName);
  }

    for(j=i; zPathInfo[j] && zPathInfo[j]!='?'; j++){}
    zPathInfo = fossil_strndup(zPathInfo+i, j-i);
    cgi_replace_parameter("PATH_INFO", zPathInfo);
  }
#endif
  if( zRequestUri==0 ){
    const char *z = zPathInfo;
    const char *zQS = cgi_parameter("QUERY_STRING",0);
    if( zPathInfo==0 ){
      malformed_request("missing PATH_INFO and/or REQUEST_URI");
    }
    if( z[0]=='/' ) z++;
    if( zQS && zQS[0] ){
      zRequestUri = mprintf("%s/%s?%s", zScriptName, z, zQS);
    }else{
      zRequestUri = mprintf("%s/%s", zScriptName, z);
    }
    cgi_set_parameter("REQUEST_URI", zRequestUri);
  }
  if( zPathInfo==0 ){
    int i, j;
    for(i=0; zRequestUri[i]==zScriptName[i] && zRequestUri[i]; i++){}
    for(j=i; zRequestUri[j] && zRequestUri[j]!='?'; j++){}
    zPathInfo = fossil_strndup(zRequestUri+i, j-i);

  }
  cgi_setenv("GATEWAY_INTERFACE","CGI/1.0");
  cgi_setenv("REQUEST_METHOD",zToken);
  zToken = extract_token(z, &z);
  if( zToken==0 ){
    malformed_request("malformed URL in HTTP header");
  }
  cgi_setenv("REQUEST_URI", zToken);
  cgi_setenv("SCRIPT_NAME", "");
  for(i=0; zToken[i] && zToken[i]!='?'; i++){}
  if( zToken[i] ) zToken[i++] = 0;

  cgi_setenv("PATH_INFO", zToken);
  cgi_setenv("QUERY_STRING", &zToken[i]);
  if( zIpAddr==0 ){
    zIpAddr = cgi_remote_ip(fileno(g.httpIn));
  }
  if( zIpAddr ){
    cgi_setenv("REMOTE_ADDR", zIpAddr);

** characters are encoded as "%HH" where HH is a two-digit hexidecimal
** representation of the character.  The "/" character is not encoded
** by this routine.
*/
char *urlize(const char *z, int n){
  return EncodeHttp(z, n, 0);
}

/*
** If input string does not contain quotes (niether ' nor ")
** then return the argument itself. Otherwise return a newly allocated
** copy of input with all quotes %-escaped.
*/
const char* escape_quotes(const char *zIn){
  char *zRet, *zOut;
  size_t i, n = 0;
  for(i=0; zIn[i]; i++){
    if( zIn[i]== '"' || zIn[i]== '\'' ) n++;
  }
  if( !n ) return zIn;
  zRet = zOut = fossil_malloc( i + 2*n + 1 );
  for(i=0; zIn[i]; i++){
    if( zIn[i]=='"' ){
      *(zOut++) = '%';
      *(zOut++) = '2';
      *(zOut++) = '2';
    }else if( zIn[i]=='\'' ){
      *(zOut++) = '%';
      *(zOut++) = '2';
      *(zOut++) = '7';
    }else{
      *(zOut++) = zIn[i];
    }
  }
  *zOut = 0;
  return zRet;
}

/*
** Convert a single HEX digit to an integer
*/
static int AsciiToHex(int c){
  if( c>='a' && c<='f' ){
    c += 10 - 'a';

  }
  if( nScript==0 ){
    zFailReason = "path does not match any file or script";
    goto ext_not_found;
  }
  assert( nScript>=nRoot+1 );
  style_set_current_page("ext/%s", &zScript[nRoot+1]);

  /* Overriding of base href disabled as part of 'base-href-fix' branch
  ** otherwise #fragment links may break under /ext  */

  zMime = mimetype_from_name(zScript);
  if( zMime==0 ) zMime = "application/octet-stream";
  if( !file_isexe(zScript, ExtFILE) ){
    /* File is not executable.  Must be a regular file.  In that case,
    ** disallow extra path elements */
    if( zPath[nScript]!=0 ){
      zFailReason = "extra path elements after filename";

          /* Several places make sense for a save button, so we'll
             move that button around to those tabs where it makes sense. */
          btnSlot.parentNode.insertBefore( P.e.btnSave.parentNode, btnSlot );
          btnSlot.parentNode.insertBefore( P.e.btnSaveClose.parentNode, btnSlot );
          P.updateSaveButton();
        }
        if(theTab===P.e.tabs.preview){

          /* Overriding of base href disabled as part of 'base-href-fix' branch
          ** To bring back the old behavior uncomment the following call
          ** P.baseHrefForWiki();
          */
          if(P.previewNeedsUpdate && P.e.cbAutoPreview.checked) P.preview();
        }else if(theTab===P.e.tabs.diff){
          /* Work around a weird bug where the page gets wider than
             the window when the diff tab is NOT in view and the
             current SBS diff widget is wider than the window. When
             the diff IS in view then CSS overflow magically reduces
             the page size again. Weird. Maybe FF-specific. Note that
             this weirdness happens even though P.e.diffTarget's parent
             is hidden (and therefore P.e.diffTarget is also hidden).
          */
          D.removeClass(P.e.diffTarget, 'hidden');
        }
      }
    );
    P.tabs.addEventListener(
      /* Set up auto-refresh of the preview tab... */
      'before-switch-from', function(ev){
        const theTab = ev.detail;
        if(theTab===P.e.tabs.preview){

          /* Overriding of base href disabled as part of 'base-href-fix' branch
          ** To bring back the old behavior uncomment the following call
          ** P.baseHrefRestore();
          */
        }else if(theTab===P.e.tabs.diff){
          /* See notes in the before-switch-to handler. */
          D.addClass(P.e.diffTarget, 'hidden');
        }
      }
    );
    ////////////////////////////////////////////////////////////

    if( strcmp(zModAction,"approve")==0 ){
      moderation_approve('w', rid);
    }
  }
  style_header("Update of \"%h\"", pWiki->zWikiTitle);
  zUuid = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", rid);
  zDate = db_text(0, "SELECT datetime(%.17g)", pWiki->rDate);
  style_submenu_element("Raw", "%R/artifact/%s", zUuid);
  style_submenu_element("History", "%R/whistory?name=%t", pWiki->zWikiTitle);
  style_submenu_element("Page", "%R/wiki?name=%t", pWiki->zWikiTitle);
  login_anonymous_available();
  @ <div class="section">Overview</div>
  @ <p><table class="label-value">
  @ <tr><th>Artifact&nbsp;ID:</th>
  @ <td>%z(href("%R/artifact/%!S",zUuid))%s(zUuid)</a>
  if( g.perm.Setup ){
    @ (%d(rid))

    @ <tr><th>Mimetype:</th><td>%h(pWiki->zMimetype)</td></tr>
  }
  if( pWiki->nParent>0 ){
    int i;
    @ <tr><th>Parent%s(pWiki->nParent==1?"":"s"):</th><td>
    for(i=0; i<pWiki->nParent; i++){
      char *zParent = pWiki->azParent[i];
      @ %z(href("%R/info/%!S",zParent))%s(zParent)</a>
      @ %z(href("%R/wdiff?id=%!S&pid=%!S",zUuid,zParent))(diff)</a>
    }
    @ </td></tr>
  }
  tagid = wiki_tagid(pWiki->zWikiTitle);
  if( tagid>0 && (ridNext = wiki_next(tagid, pWiki->rDate))>0 ){
    char *zId = db_text(0, "SELECT uuid FROM blob WHERE rid=%d", ridNext);

        @ <li>Executable file
        objType |= OBJTYPE_EXE;
      }else{
        @ <li>File
        if( bNeedBase ){
          bNeedBase = 0;
          style_set_current_page("doc/%S/%s",zVers,zName);
          style_set_base_href_suffix("doc/%S/%s",zVers,zName);
        }
      }
      objType |= OBJTYPE_CONTENT;
      @ %z(href("%R/finfo?name=%T&ci=%!S&m=%!S",zName,zVers,zUuid))\
      @ %h(zName)</a>
      tag_private_status(rid);
      if( showDetail ){

    }
  }

  if( isFile ){
    if( isSymbolicCI ){
      zHeader = mprintf("%s at %s", file_tail(zName), zCI);
      style_set_current_page("doc/%t/%T", zCI, zName);
      style_set_base_href_suffix("doc/%t/%T", zCI, zName);
    }else if( zCIUuid && zCIUuid[0] ){
      zHeader = mprintf("%s at [%S]", file_tail(zName), zCIUuid);
      style_set_current_page("doc/%S/%T", zCIUuid, zName);
      style_set_base_href_suffix("doc/%S/%T", zCIUuid, zName);
    }else{
      zHeader = mprintf("%s", file_tail(zName));
      style_set_current_page("doc/tip/%T", zName);
      style_set_base_href_suffix("doc/tip/%T", zName);
    }
  }else if( descOnly ){
    zHeader = mprintf("Artifact Description [%S]", zUuid);
  }else{
    zHeader = mprintf("Artifact [%S]", zUuid);
  }
  style_header("%s", zHeader);

  int fNoHttpCompress;    /* Do not compress HTTP traffic (for debugging) */
  char *zSshCmd;          /* SSH command string */
  const char *zHttpCmd;   /* External program to do HTTP requests */
  int fNoSync;            /* Do not do an autosync ever.  --nosync */
  int fIPv4;              /* Use only IPv4, not IPv6. --ipv4 */
  char *zPath;            /* Name of webpage being served */
  char *zExtra;           /* Extra path information past the webpage name */
  char *zBaseURL;         /* Full URL for the toplevel of the fossil tree */
  const char *zRelReqURI; /* Relative Request URI (includes QUERY_STRING)
     zBaseUrl/zRelReqURI  == Full text of the URL being served */
  char *zHttpsURL;        /* zBaseURL translated to https: */
  char *zTop;             /* Parent directory of zPath */
  int nExtraURL;          /* Extra bytes added to SCRIPT_NAME */
  const char *zExtRoot;   /* Document root for the /ext sub-website */
  const char *zContentType;  /* The content type of the input HTTP request */
  int iErrPriority;       /* Priority of current error message */
  char *zErrMsg;          /* Text of an error message */

** g.zBaseURL and g.zTop is set from that instead.
*/
void set_base_url(const char *zAltBase){
  int i;
  const char *zHost;
  const char *zMode;
  const char *zCur;
  const char *zRU;     /* REQUEST_URI      */
  size_t nTop;         /* length of g.zTop */

  if( g.zBaseURL!=0 ) return;
  if( zAltBase ){
    int i, n, c;
    g.zTop = g.zBaseURL = mprintf("%s", zAltBase);
    i = (int)strlen(g.zBaseURL);
    while( i>3 && g.zBaseURL[i-1]=='/' ){ i--; }

      g.zBaseURL = mprintf("http://%s%.*s", z, i, zCur);
      g.zTop = &g.zBaseURL[7+strlen(z)];
      g.zHttpsURL = mprintf("https://%s%.*s", z, i, zCur);
    }
    fossil_free(z);
  }

  zRU  = PD("REQUEST_URI","");
  nTop = strlen( g.zTop );
  g.zRelReqURI = strncmp(zRU,g.zTop,nTop) ? "" : zRU+nTop;
  if(g.zRelReqURI[0]=='/') g.zRelReqURI++;
  g.zRelReqURI = fossil_strdup( g.zRelReqURI );

  /* Try to record the base URL as a CONFIG table entry with a name
  ** of the form:  "baseurl:BASE".  This keeps a record of how the
  ** the repository is used as a server, to help in answering questions
  ** like "where is the CGI script that references this repository?"
  **
  ** This is just a logging hint.  So don't worry if it cannot be done.
  ** Don't try this if the repository database is not writable, for

  }else{
    va_list ap;
    va_start(ap, zFormat);
    local_zCurrentPage = vmprintf(zFormat, ap);
    va_end(ap);
  }
}

/* Use this for the $base_href_suffix variable if it is not NULL.
** If it is NULL then use g.zRelReqURI
*/
static const char *local_zBaseHrefSuffix = 0;

/*
** Set the desired $base_href_suffix to something other than g.zRelReqURI
*/
void style_set_base_href_suffix(const char *zFormat, ...){
  fossil_free( (char*)local_zBaseHrefSuffix );
  if( zFormat==0 ){
    local_zBaseHrefSuffix = 0;
  }else{
    char *z;
    va_list ap;

    va_start(ap, zFormat);
    z = vmprintf(zFormat, ap);
    va_end(ap);
    local_zBaseHrefSuffix = escape_quotes( z );
    if( local_zBaseHrefSuffix!=z ) fossil_free( z );
  }
}

/*
** Create a TH1 variable containing the URL for the stylesheet.
**
** The name of the new variable will be "stylesheet_url".
**
** The value will be a URL for accessing the appropriate stylesheet.

** Default HTML page header text through <body>.  If the repository-specific
** header template lacks a <body> tag, then all of the following is
** prepended.
*/
static const char zDfltHeader[] = 
@ <html>
@ <head>

@ <meta charset="UTF-8">
@ <base href="$baseurl/$base_href_suffix" />
@ <meta http-equiv="Content-Security-Policy" content="$default_csp" />
@ <meta name="viewport" content="width=device-width, initial-scale=1.0">
@ <title>$<project_name>: $<title></title>
@ <link rel="alternate" type="application/rss+xml" title="RSS Feed" \
@  href="$home/timeline.rss" />
@ <link rel="stylesheet" href="$stylesheet_url" type="text/css" />
@ </head>
@ <body class="$current_feature wpn-$webpagename">
;

/*
** Returns the default page header.
*/
const char *get_default_header(){
  return zDfltHeader;

  if( zTitle ) Th_Store("title", zTitle);
  Th_Store("baseurl", g.zBaseURL);
  Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL);
  Th_Store("home", g.zTop);
  Th_Store("index_page", db_get("index-page","/home"));
  if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath);
  Th_Store("current_page", local_zCurrentPage);
  if( !local_zBaseHrefSuffix ) style_set_base_href_suffix("%s",g.zRelReqURI);
  Th_Store("base_href_suffix", local_zBaseHrefSuffix);
  Th_Store("webpagename", escape_quotes(g.zPath));
  Th_Store("csrf_token", g.zCsrfToken);
  Th_Store("release_version", RELEASE_VERSION);
  Th_Store("manifest_version", MANIFEST_VERSION);
  Th_Store("manifest_date", MANIFEST_DATE);
  Th_Store("compiler_name", COMPILER_NAME);
  Th_Store("mainmenu", style_get_mainmenu());
  stylesheet_url_var();

  if( isAuth ){
  #if !defined(_WIN32)
    @ uid=%d(getuid()), gid=%d(getgid())<br />
  #endif
    @ g.zBaseURL = %h(g.zBaseURL)<br />
    @ g.zHttpsURL = %h(g.zHttpsURL)<br />
    @ g.zRelReqURI = %h(g.zRelReqURI)<br />
    @ g.zTop = %h(g.zTop)<br />
    @ g.zPath = %h(g.zPath)<br />
    @ g.userUid = %d(g.userUid)<br />
    @ g.zLogin = %h(g.zLogin)<br />
    @ g.isHuman = %d(g.isHuman)<br />
    @ g.javascriptHyperlink = %d(g.javascriptHyperlink)<br />
    if( g.nRequest ){

    }
    if( g.perm.Hyperlink ){
      style_submenu_element("History", "%R/whistory?name=%T", zPageName);
    }
  }
  if( !isPopup ){
    style_set_current_page("%T?name=%T", g.zPath, zPageName);

    /* Overriding of base href disabled as part of 'base-href-fix' branch
    ** To bring back the old behavior uncomment the following call
    ** style_set_base_href_suffix("%T?name=%T", g.zPath, zPageName);
    */
    wiki_page_header(WIKITYPE_UNKNOWN, zPageName, "");
    if( !noSubmenu ){
      wiki_standard_submenu(submenuFlags);
    }
  }
  if( zBody[0]==0 ){
    @ <i>This page has been deleted</i>

  }
  if( !isSandbox && P("cancel")!=0 ){
    manifest_destroy(pWiki);
    cgi_redirectf("wiki?name=%T", zPageName);
    return;
  }
  style_set_current_page("%T?name=%T", g.zPath, zPageName);

  /* Overriding of base href disabled as part of 'base-href-fix' branch
  ** To bring back the old behavior uncomment the following call
  ** style_set_base_href_suffix("%T?name=%T", g.zPath, zPageName);
  */
  style_set_current_feature("wiki");
  style_header("Append Comment To: %s", zPageName);
  if( !goodCaptcha ){
    @ <p class="generalError">Error: Incorrect security code.</p>
  }
  if( isSandbox ){
    @ <p class="generalError">Error: the Sandbox page may not