More changing formatting to use stralloc.

Specifically, change the www_last10 HTML rendering logic
to use stralloc and strftime().  This eliminates a lot of
duplication.

It would be easier to test this with a unit test if the
logic of reading the last10 entries from a file were
separated from the HTML rendering logic.  An area for
future enhancement.

Also start in on www_email.c, which is the last bastion
of significant realloc() use for page generation.  An
explicit goal is to get rid of unsafe string handling
functions such as strcpy, strcat, sprintf, etc.

Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
This commit is contained in:
Dan Cross 2018-10-13 14:28:56 +00:00 committed by Andrew Pamment
parent 0ade566c11
commit 42eb413c91
2 changed files with 44 additions and 127 deletions

View File

@ -141,72 +141,20 @@ int www_send_email(struct user_record *user, char *recipient, char *subject, cha
} }
char *www_new_email() { char *www_new_email() {
char *page; stralloc page = EMPTY_STRALLOC;
int max_len;
int len;
char buffer[4096];
page = (char *)malloz(4096); stralloc_copys(&page, "<div class=\"content-header\"><h2>New Email</h2></div>\n");
max_len = 4096; stralloc_cats(&page, "<form action=\"");
len = 0; stralloc_cats(&page, conf.www_url);
stralloc_cats(&page, "email/\" method=\"POST\" onsubmit=\"return validate()\" enctype=\"application/x-www-form-urlencoded\">\n");
stralloc_cats(&page, "To : <input type=\"text\" name=\"recipient\" id=\"recipient\" /><br />\n");
stralloc_cats(&page, "Subject : <input type=\"text\" name=\"subject\" id=\"subject\" /><br />\n");
stralloc_cats(&page, "<textarea name=\"body\" wrap=\"hard\" rows=\"25\" cols=\"79\" id=\"body\"></textarea>\n<br />");
stralloc_cats(&page, "<input type=\"submit\" name=\"submit\" value=\"Send\" />\n<br />");
stralloc_cats(&page, "</form>\n");
stralloc_0(&page);
sprintf(buffer, "<div class=\"content-header\"><h2>New Email</h2></div>\n"); return page.s;
if (len + strlen(buffer) > max_len - 1) {
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
sprintf(buffer, "<form action=\"%semail/\" method=\"POST\" onsubmit=\"return validate()\" enctype=\"application/x-www-form-urlencoded\">\n", conf.www_url);
if (len + strlen(buffer) > max_len - 1) {
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
sprintf(buffer, "To : <input type=\"text\" name=\"recipient\" id=\"recipient\" /><br />\n");
if (len + strlen(buffer) > max_len - 1) {
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
sprintf(buffer, "Subject : <input type=\"text\" name=\"subject\" id=\"subject\" /><br />\n");
if (len + strlen(buffer) > max_len - 1) {
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
sprintf(buffer, "<textarea name=\"body\" wrap=\"hard\" rows=\"25\" cols=\"79\" id=\"body\"></textarea>\n<br />");
if (len + strlen(buffer) > max_len - 1) {
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
sprintf(buffer, "<input type=\"submit\" name=\"submit\" value=\"Send\" />\n<br />");
if (len + strlen(buffer) > max_len - 1) {
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
sprintf(buffer, "</form>\n");
if (len + strlen(buffer) > max_len - 1) {
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
return page;
} }
char *www_email_display(struct user_record *user, int email) { char *www_email_display(struct user_record *user, int email) {

View File

@ -1,88 +1,57 @@
#if defined(ENABLE_WWW) #if defined(ENABLE_WWW)
#include <string.h>
#include <time.h> #include <time.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h>
#include "bbs.h" #include "bbs.h"
extern struct bbs_config conf; extern struct bbs_config conf;
char *www_last10() { char *www_last10() {
char *page; size_t n = 0;
int max_len; stralloc page = EMPTY_STRALLOC;
int len;
char buffer[4096];
struct last10_callers callers[10]; struct last10_callers callers[10];
int i, z;
struct tm l10_time;
FILE *fptr = fopen("last10v2.dat", "rb"); FILE *fptr = fopen("last10v2.dat", "rb");
if (fptr != NULL) { if (fptr != NULL) {
for ( ; n < 10; ++n)
for (i = 0; i < 10; i++) { if (fread(&callers[n], sizeof(callers[n]), 1, fptr) != sizeof(callers[n]))
if (fread(&callers[i], sizeof(struct last10_callers), 1, fptr) < 1) {
break; break;
}
}
fclose(fptr); fclose(fptr);
} else {
i = 0;
} }
page = (char *)malloz(4096); stralloc_copys(&page, "<div class=\"content-header\"><h2>Last 10 Callers</h2></div>\n");
max_len = 4096; stralloc_cats(&page, "<div class=\"div-table\">\n");
len = 0; for (size_t i = 0; i < n; ++i) {
struct tm called;
char buffer[32];
sprintf(buffer, "<div class=\"content-header\"><h2>Last 10 Callers</h2></div>\n"); stralloc_cats(&page, "<div class=\"last10-row\"><div class=\"last10-name\">");
if (len + strlen(buffer) > max_len - 1) { stralloc_cats(&page, callers[i].name);
max_len += 4096; stralloc_cats(&page, "</div><div class=\"last10-location\">");
page = (char *)realloc(page, max_len); stralloc_cats(&page, callers[i].location);
} stralloc_cats(&page, "</div>");
strcat(page, buffer); stralloc_cats(&page, "<div class=\"last10-date\">");
len += strlen(buffer);
sprintf(buffer, "<div class=\"div-table\">\n"); localtime_r(&callers[i].time, &called);
if (len + strlen(buffer) > max_len - 1) { if (conf.date_style == 1)
max_len += 4096; strftime(buffer, sizeof buffer, "%H:%M %m-%d-%y", &called);
page = (char *)realloc(page, max_len); else
} strftime(buffer, sizeof buffer, "%H:%M %d-%m-%y", &called);
strcat(page, buffer); stralloc_cats(&page, buffer);
len += strlen(buffer); stralloc_cats(&page, "</div>\n");
if (callers[i].calls == 1) {
for (z = 0; z < i; z++) { stralloc_cats(&page, "<div class=\"last10-new\"><img src=\"");
localtime_r(&callers[z].time, &l10_time); stralloc_cats(&page, conf.www_url);
if (conf.date_style == 1) { stralloc_cats(&page, "static/newuser.png\" /></div>");
if (callers[z].calls == 1) {
sprintf(buffer, "<div class=\"last10-row\"><div class=\"last10-name\">%s</div><div class=\"last10-location\">%s</div><div class=\"last10-date\">%.2d:%.2d %.2d-%.2d-%.2d</div><div class=\"last10-new\"><img src=\"%sstatic/newuser.png\" /></div></div>\n", callers[z].name, callers[z].location, l10_time.tm_hour, l10_time.tm_min, l10_time.tm_mon + 1, l10_time.tm_mday, l10_time.tm_year - 100, conf.www_url);
} else {
sprintf(buffer, "<div class=\"last10-row\"><div class=\"last10-name\">%s</div><div class=\"last10-location\">%s</div><div class=\"last10-date\">%.2d:%.2d %.2d-%.2d-%.2d</div></div>\n", callers[z].name, callers[z].location, l10_time.tm_hour, l10_time.tm_min, l10_time.tm_mon + 1, l10_time.tm_mday, l10_time.tm_year - 100);
}
} else {
if (callers[z].calls == 1) {
sprintf(buffer, "<div class=\"last10-row\"><div class=\"last10-name\">%s</div><div class=\"last10-location\">%s</div><div class=\"last10-date\">%.2d:%.2d %.2d-%.2d-%.2d</div><div class=\"last10-new\"><img src=\"%sstatic/newuser.png\" /></div></div>\n", callers[z].name, callers[z].location, l10_time.tm_hour, l10_time.tm_min, l10_time.tm_mday, l10_time.tm_mon + 1, l10_time.tm_year - 100, conf.www_url);
} else {
sprintf(buffer, "<div class=\"last10-row\"><div class=\"last10-name\">%s</div><div class=\"last10-location\">%s</div><div class=\"last10-date\">%.2d:%.2d %.2d-%.2d-%.2d</div></div>\n", callers[z].name, callers[z].location, l10_time.tm_hour, l10_time.tm_min, l10_time.tm_mday, l10_time.tm_mon + 1, l10_time.tm_year - 100);
}
} }
if (len + strlen(buffer) > max_len - 1) { stralloc_cats(&page, "</div>\n");
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
} }
stralloc_cats(&page, "</div>\n");
stralloc_0(&page);
sprintf(buffer, "</div>\n"); return page.s;
if (len + strlen(buffer) > max_len - 1) {
max_len += 4096;
page = (char *)realloc(page, max_len);
}
strcat(page, buffer);
len += strlen(buffer);
return page;
} }
#endif #endif