Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CUPS XSS and HTTP header/body attacks via attribute injection #3367

Closed
michaelrsweet opened this issue Oct 7, 2009 · 4 comments
Closed

CUPS XSS and HTTP header/body attacks via attribute injection #3367

michaelrsweet opened this issue Oct 7, 2009 · 4 comments

Comments

@michaelrsweet
Copy link
Collaborator

@michaelrsweet michaelrsweet commented Oct 7, 2009

Version: 1.4-current
CUPS.org User: mike

From Aaron Sigel (Apple):

CUPS XSS via combination of attribute injection and HPP

http://127.0.0.1:631/admin/?kerberos=onmouseover=alert(1)&kerberos

Normally, just kerberos=onmouseover=alert(1) would result in an error, but since CUPS is vulnerable to HPP (HTTP Parameter Pollution), the kerberos error can be bypassed by adding an extra kerberos argument.

It turns out that it is publicly known that CUPS has HPP issues, but as far as I know, no actual exploits using HPP have been found against CUPS.

In this case, you can trigger the exploit shown above by mousing over the kerberos checkbox, but obviously more serious attacks are possible.

@michaelrsweet
Copy link
Collaborator Author

@michaelrsweet michaelrsweet commented Oct 7, 2009

CUPS.org User: mike

Attached patches for CUPS 1.3.x and 1.4.x...

@michaelrsweet
Copy link
Collaborator Author

@michaelrsweet michaelrsweet commented Nov 9, 2009

CUPS.org User: mike

Fixed in Subversion repository.

@michaelrsweet
Copy link
Collaborator Author

@michaelrsweet michaelrsweet commented Nov 9, 2009

"security-1.4v2.patch":

Index: cgi-bin/libcupscgi.exp

--- cgi-bin/libcupscgi.exp (.../easysw/current-1.4.x) (revision 1707)
+++ cgi-bin/libcupscgi.exp (.../branches/snowleopard/cups) (revision 1707)
@@ -1,4 +1,5 @@
_cgiCheckVariables
+_cgiClearVariables
_cgiCompileSearch
_cgiCopyTemplateFile
_cgiCopyTemplateLang

Index: cgi-bin/printers.c

--- cgi-bin/printers.c (.../easysw/current-1.4.x) (revision 1707)
+++ cgi-bin/printers.c (.../branches/snowleopard/cups) (revision 1707)
@@ -73,6 +73,7 @@
*/

cgiSetVariable("SECTION", "printers");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • See if we are displaying a printer or all printers...
    Index: cgi-bin/cgi.h

    --- cgi-bin/cgi.h (.../easysw/current-1.4.x) (revision 1707)
    +++ cgi-bin/cgi.h (.../branches/snowleopard/cups) (revision 1707)
    @@ -54,6 +54,7 @@
    extern void cgiAbort(const char _title, const char *stylesheet,
    const char *format, ...);
    extern int cgiCheckVariables(const char *names);
    +extern void cgiClearVariables(void);
    extern void *cgiCompileSearch(const char *query);
    extern void cgiCopyTemplateFile(FILE *out, const char *tmpl);
    extern void cgiCopyTemplateLang(const char *tmpl);
    Index: cgi-bin/template.c

    --- cgi-bin/template.c (.../easysw/current-1.4.x) (revision 1707)
    +++ cgi-bin/template.c (.../branches/snowleopard/cups) (revision 1707)
    @@ -675,6 +675,8 @@
    fputs(">", out);
    else if (_s == '"')
    fputs(""", out);

  • else if (*s == ''')

  •  fputs("'", out);
    

    else if (_s == '&')
    fputs("&", out);
    else
    @@ -695,7 +697,7 @@
    {
    while (_s)
    {

  • if (strchr("%&+ <>#=", *s) || *s & 128)

  • if (strchr("%@&+ <>#=", _s) || *s < ' ' || *s & 128)
    fprintf(out, "%%%02X", *s & 255);
    else
    putc(_s, out);
    Index: cgi-bin/ipp-var.c
    ===================================================================
    --- cgi-bin/ipp-var.c (.../easysw/current-1.4.x) (revision 1707)
    +++ cgi-bin/ipp-var.c (.../branches/snowleopard/cups) (revision 1707)
    @@ -1398,7 +1398,9 @@
    int ascending, /* Order of jobs (0 = descending) /
    first, /
    First job to show /
    count; /
    Number of jobs */

  • const char var; / Form variable */

  • const char var, / Form variable */

  •       _query,     /_ Query string */
    
  •       *section;   /* Section in web interface */
    

    void search; / Search data /
    char url[1024], /
    Printer URI /
    val[1024]; /
    Form variable */
    @@ -1442,11 +1444,14 @@

    • Get a list of matching job objects.
      */
  • if ((var = cgiGetVariable("QUERY")) != NULL &&

  • if ((query = cgiGetVariable("QUERY")) != NULL &&
    !cgiGetVariable("CLEAR"))

  •  search = cgiCompileSearch(var);
    
  •  search = cgiCompileSearch(query);
    

    else

  • {

  •  query  = NULL;
    

    search = NULL;

  • }

jobs = cgiGetIPPObjects(response, search);
count = cupsArrayCount(jobs);
@@ -1471,17 +1476,28 @@
if (first < 0)
first = 0;

  • sprintf(val, "%d", count);

- cgiSetVariable("TOTAL", val);

 if ((var = cgiGetVariable("ORDER")) != NULL)
   ascending = !strcasecmp(var, "asc");
 else
  • {
    ascending = !which_jobs || !strcasecmp(which_jobs, "not-completed");
  •  cgiSetVariable("ORDER", ascending ? "asc" : "dec");
    
  • }
  • section = cgiGetVariable("SECTION");
  • cgiClearVariables();
  • if (query)
  •  cgiSetVariable("QUERY", query);
    
  • cgiSetVariable("ORDER", ascending ? "asc" : "dec");
  • cgiSetVariable("SECTION", section);
  • sprintf(val, "%d", count);
  • cgiSetVariable("TOTAL", val);
  • if (which_jobs)

  •  cgiSetVariable("WHICH_JOBS", which_jobs);
    

    if (ascending)
    {
    for (i = 0, job = (ipp_attribute_t *)cupsArrayIndex(jobs, first);
    @@ -1502,7 +1518,7 @@
    */

    if (dest)

  •  snprintf(val, sizeof(val), "/%s/%s",  cgiGetVariable("SECTION"), dest);
    
  •  snprintf(val, sizeof(val), "/%s/%s", section, dest);
    

    else
    strlcpy(val, "/jobs/", sizeof(val));

Index: cgi-bin/help.c

--- cgi-bin/help.c (.../easysw/current-1.4.x) (revision 1707)
+++ cgi-bin/help.c (.../branches/snowleopard/cups) (revision 1707)
@@ -3,7 +3,7 @@
*

  • Online help CGI for the Common UNIX Printing System (CUPS).
  • * Copyright 2007-2008 by Apple Inc.
  • * Copyright 2007-2009 by Apple Inc.
  • Copyright 1997-2006 by Easy Software Products.
  • These coded instructions, statements, and computer programs are the
    @@ -63,6 +63,7 @@
    */

cgiSetVariable("SECTION", "help");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • Load the help index...
    @@ -102,7 +103,7 @@
    */

for (i = 0; i < argc; i ++)

  • fprintf(stderr, "argv[%d]="%s"\n", i, argv[i]);
  • fprintf(stderr, "DEBUG: argv[%d]="%s"\n", i, argv[i]);

if ((helpfile = getenv("PATH_INFO")) != NULL)
{
@@ -182,6 +183,12 @@
topic = cgiGetVariable("TOPIC");
si = helpSearchIndex(hi, query, topic, helpfile);

  • cgiClearVariables();
  • if (query)
  • cgiSetVariable("QUERY", query);
  • if (topic)
  • cgiSetVariable("TOPIC", topic);

fprintf(stderr, "DEBUG: query="%s", topic="%s"\n",
query ? query : "(null)", topic ? topic : "(null)");

Index: cgi-bin/admin.c

--- cgi-bin/admin.c (.../easysw/current-1.4.x) (revision 1707)
+++ cgi-bin/admin.c (.../branches/snowleopard/cups) (revision 1707)
@@ -122,6 +122,7 @@
*/

cgiSetVariable("SECTION", "admin");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • See if we have form data...
    @@ -191,7 +192,7 @@
    }
    else if (op && !strcmp(op, "redirect"))
    {
  • const char url; / Redirection URL... */
  • const char url; / Redirection URL... /
    char prefix[1024]; /
    URL prefix */

@@ -205,7 +206,50 @@
fprintf(stderr, "DEBUG: redirecting with prefix %s!\n", prefix);

 if ((url = cgiGetVariable("URL")) != NULL)
  •  printf("Location: %s%s\n\n", prefix, url);
    
  • {
  •  char encoded[1024],      /\* Encoded URL string */
    
  •       _ptr;           /_ Pointer into encoded string */
    
  •  ptr = encoded;
    
  •  if (*url != '/')
    
  •    *ptr++ = '/';
    
  •  for (; *url && ptr < (encoded + sizeof(encoded) - 4); url ++)
    
  •  {
    
  •    if (strchr("%@&+ <>#=", *url) || *url < ' ' || *url & 128)
    
  • {
  • /*
  • \* Percent-encode this character; safe because we have at least 4
    
  • \* bytes left in the array...
    
  • */
    
  • sprintf(ptr, "%%%02X", *url & 255);
    
  • ptr += 3;
    
  • }
  • else
  • *ptr++ = *url;
    
  •  }
    
  •  *ptr = '\0';
    
  •  if (*url)
    
  •  {
    
  •   /*
    
  •    \* URL was too long, just redirect to the admin page...
    
  • */
  • printf("Location: %s/admin\n\n", prefix);
  •  }
    
  •  else
    
  •  {
    
  •   /*
    
  •    \* URL is OK, redirect there...
    
  • */
  •    printf("Location: %s%s\n\n", prefix, encoded);
    
  •  }
    
  • }
    else
    printf("Location: %s/admin\n\n", prefix);
    }
    @@ -345,6 +389,31 @@
  • and classes and (re)show the add page...
    */
  • if (cgiGetVariable("EVENT_JOB_CREATED"))
  •  cgiSetVariable("EVENT_JOB_CREATED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_JOB_COMPLETED"))
  •  cgiSetVariable("EVENT_JOB_COMPLETED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_JOB_STOPPED"))
  •  cgiSetVariable("EVENT_JOB_STOPPED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_JOB_CONFIG_CHANGED"))
  •  cgiSetVariable("EVENT_JOB_CONFIG_CHANGED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_PRINTER_STOPPED"))
  •  cgiSetVariable("EVENT_PRINTER_STOPPED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_PRINTER_ADDED"))
  •  cgiSetVariable("EVENT_PRINTER_ADDED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_PRINTER_MODIFIED"))
  •  cgiSetVariable("EVENT_PRINTER_MODIFIED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_PRINTER_DELETED"))
  •  cgiSetVariable("EVENT_PRINTER_DELETED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_SERVER_STARTED"))
  •  cgiSetVariable("EVENT_SERVER_STARTED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_SERVER_STOPPED"))
  •  cgiSetVariable("EVENT_SERVER_STOPPED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_SERVER_RESTARTED"))
  •  cgiSetVariable("EVENT_SERVER_RESTARTED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_SERVER_AUDIT"))
  •  cgiSetVariable("EVENT_SERVER_AUDIT", "CHECKED");
    
    request = ippNewRequest(CUPS_GET_PRINTERS);
    response = cupsDoRequest(http, request, "/");

@@ -502,6 +571,10 @@
* Do the request and get back a response...
*/

  • cgiClearVariables();
  • if (name)
  •  cgiSetVariable("PRINTER_NAME", name);
    
    if ((response = cupsDoRequest(http, request, "/")) != NULL)
    {
    /*
    @@ -2621,7 +2694,9 @@
    if ((val = cupsGetOption("DefaultAuthType", num_settings,
    settings)) != NULL && !strcasecmp(val, "Negotiate"))
    cgiSetVariable("KERBEROS", "CHECKED");
  • else
    #endif /* HAVE_GSSAPI */
  • cgiSetVariable("KERBEROS", "");

#ifdef HAVE_DNSSD
cgiSetVariable("HAVE_DNSSD", "1");

Index: cgi-bin/var.c

--- cgi-bin/var.c (.../easysw/current-1.4.x) (revision 1707)
+++ cgi-bin/var.c (.../branches/snowleopard/cups) (revision 1707)
@@ -15,6 +15,7 @@

  • Contents:
    *

  • cgiCheckVariables() - Check for the presence of "required" variables.

    • cgiClearVariables() - Clear all form variables.
    • cgiGetArray() - Get an element from a form array...
    • cgiGetFile() - Get the file (if any) that was submitted in the form.
    • cgiGetSize() - Get the size of a form array value.
      @@ -135,6 +136,31 @@

    /*

  • * 'cgiClearVariables()' - Clear all form variables.

  • */
    +
    +void
    +cgiClearVariables(void)
    +{

  • int i, j; /* Looping vars */

  • _cgi_var_t v; / Current variable */

  • for (v = form_vars, i = form_count; i > 0; v ++, i --)
  • {
  • _cupsStrFree(v->name);
  • for (j = 0; j < v->nvalues; j ++)
  •  if (v->values[j])
    
  •    _cupsStrFree(v->values[j]);
    
  • }
  • form_count = 0;
  • cgi_unlink_file();
    +}

+/*

  • 'cgiGetArray()' - Get an element from a form array...
    */

@@ -151,7 +177,7 @@
if (element < 0 || element >= var->nvalues)
return (NULL);

  • return (var->values[element]);
  • return (_cupsStrRetain(var->values[element]));
    }

@@ -206,7 +232,7 @@
var->values[var->nvalues - 1]));
#endif /* DEBUG */

  • return ((var == NULL) ? NULL : var->values[var->nvalues - 1]);
  • return ((var == NULL) ? NULL : _cupsStrRetain(var->values[var->nvalues - 1]));
    }

@@ -337,9 +363,9 @@
var->nvalues = element + 1;
}
else if (var->values[element])

  •  free((char *)var->values[element]);
    
  •  _cupsStrFree((char *)var->values[element]);
    
  • var->values[element] = strdup(value);
  • var->values[element] = _cupsStrAlloc(value);
    }
    }

@@ -384,7 +410,7 @@
{
for (i = size; i < var->nvalues; i ++)
if (var->values[i])

  •    free((void *)(var->values[i]));
    
  •    _cupsStrFree((void *)(var->values[i]));
    

    }

    var->nvalues = size;
    @@ -417,9 +443,9 @@
    {
    for (i = 0; i < var->nvalues; i ++)
    if (var->values[i])

  •    free((char *)var->values[i]);
    
  •    _cupsStrFree((char *)var->values[i]);
    
  • var->values[0] = strdup(value);

  • var->values[0] = _cupsStrAlloc(value);
    var->nvalues = 1;
    }
    }
    @@ -465,10 +491,10 @@
    if ((var->values = calloc(element + 1, sizeof(char *))) == NULL)
    return;

  • var->name = strdup(name);

  • var->name = _cupsStrAlloc(name);
    var->nvalues = element + 1;
    var->avalues = element + 1;

  • var->values[element] = strdup(value);

  • var->values[element] = _cupsStrAlloc(value);

form_count ++;
}

Index: cgi-bin/jobs.c

--- cgi-bin/jobs.c (.../easysw/current-1.4.x) (revision 1707)
+++ cgi-bin/jobs.c (.../branches/snowleopard/cups) (revision 1707)
@@ -57,6 +57,7 @@
*/

cgiSetVariable("SECTION", "jobs");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • Connect to the HTTP server...
    Index: cgi-bin/classes.c

    --- cgi-bin/classes.c (.../easysw/current-1.4.x) (revision 1707)
    +++ cgi-bin/classes.c (.../branches/snowleopard/cups) (revision 1707)
    @@ -72,6 +72,7 @@
    */

cgiSetVariable("SECTION", "classes");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • See if we are displaying a printer or all classes...
@michaelrsweet
Copy link
Collaborator Author

@michaelrsweet michaelrsweet commented Nov 9, 2009

"security-1.3v2.patch":

Index: cgi-bin/printers.c

--- cgi-bin/printers.c (.../easysw/current-1.3.x) (revision 1707)
+++ cgi-bin/printers.c (.../branches/leopard/cups) (revision 1707)
@@ -72,6 +72,7 @@
*/

cgiSetVariable("SECTION", "printers");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • See if we are displaying a printer or all printers...
    Index: cgi-bin/cgi.h

    --- cgi-bin/cgi.h (.../easysw/current-1.3.x) (revision 1707)
    +++ cgi-bin/cgi.h (.../branches/leopard/cups) (revision 1707)
    @@ -54,6 +54,7 @@
    extern void cgiAbort(const char _title, const char *stylesheet,
    const char *format, ...);
    extern int cgiCheckVariables(const char *names);
    +extern void cgiClearVariables(void);
    extern void *cgiCompileSearch(const char *query);
    extern void cgiCopyTemplateFile(FILE *out, const char *tmpl);
    extern void cgiCopyTemplateLang(const char *tmpl);
    Index: cgi-bin/template.c

    --- cgi-bin/template.c (.../easysw/current-1.3.x) (revision 1707)
    +++ cgi-bin/template.c (.../branches/leopard/cups) (revision 1707)
    @@ -639,6 +639,8 @@
    fputs(">", out);
    else if (_s == '"')
    fputs(""", out);

  • else if (*s == ''')

  •  fputs("&#39;", out);
    

    else if (_s == '&')
    fputs("&", out);
    else
    @@ -659,7 +661,7 @@
    {
    while (_s)
    {

  • if (strchr("%&+ <>#=", *s) || *s & 128)

  • if (strchr("%@&+ <>#=", _s) || *s < ' ' || *s & 128)
    fprintf(out, "%%%02X", *s & 255);
    else
    putc(_s, out);
    Index: cgi-bin/ipp-var.c
    ===================================================================
    --- cgi-bin/ipp-var.c (.../easysw/current-1.3.x) (revision 1707)
    +++ cgi-bin/ipp-var.c (.../branches/leopard/cups) (revision 1707)
    @@ -1220,7 +1220,9 @@
    int ascending, /* Order of jobs (0 = descending) /
    first, /
    First job to show /
    count; /
    Number of jobs */

  • const char var; / Form variable */

  • const char var, / Form variable */

  •       _query,     /_ Query string */
    
  •       *section;   /* Section in web interface */
    

    void search; / Search data /
    char url[1024], /
    URL for prev/next/this /
    *urlptr, /
    Position in URL */
    @@ -1265,10 +1267,13 @@

    • Get a list of matching job objects.
      */
  • if ((var = cgiGetVariable("QUERY")) != NULL)

  •  search = cgiCompileSearch(var);
    
  • if ((query = cgiGetVariable("QUERY")) != NULL)

  •  search = cgiCompileSearch(query);
    

    else

  • {

  •  query  = NULL;
    

    search = NULL;

  • }

jobs = cgiGetIPPObjects(response, search);
count = cupsArrayCount(jobs);
@@ -1293,17 +1298,28 @@
if (first < 0)
first = 0;

  • sprintf(url, "%d", count);

- cgiSetVariable("TOTAL", url);

 if ((var = cgiGetVariable("ORDER")) != NULL)
   ascending = !strcasecmp(var, "asc");
 else
  • {
    ascending = !which_jobs || !strcasecmp(which_jobs, "not-completed");
  •  cgiSetVariable("ORDER", ascending ? "asc" : "dec");
    
  • }
  • section = cgiGetVariable("SECTION");
  • cgiClearVariables();
  • if (query)
  •  cgiSetVariable("QUERY", query);
    
  • cgiSetVariable("ORDER", ascending ? "asc" : "dec");
  • cgiSetVariable("SECTION", section);
  • sprintf(url, "%d", count);
  • cgiSetVariable("TOTAL", url);
  • if (which_jobs)

  •  cgiSetVariable("WHICH_JOBS", which_jobs);
    

    if (ascending)
    {
    for (i = 0, job = (ipp_attribute_t *)cupsArrayIndex(jobs, first);
    @@ -1325,11 +1341,10 @@

    urlend = url + sizeof(url);

  • if ((var = cgiGetVariable("QUERY")) != NULL)

  • if (query != NULL)
    {
    if (dest)

  •    snprintf(url, sizeof(url), "/%s/%s?QUERY=", cgiGetVariable("SECTION"),
    
  •        dest);
    
  •    snprintf(url, sizeof(url), "/%s/%s?QUERY=", section, dest);
    

    else
    strlcpy(url, "/jobs/?QUERY=", sizeof(url));

@@ -1344,7 +1359,7 @@
else
{
if (dest)

  •    snprintf(url, sizeof(url), "/%s/%s?", cgiGetVariable("SECTION"), dest);
    
  •    snprintf(url, sizeof(url), "/%s/%s?", section, dest);
    
    else
    strlcpy(url, "/jobs/?", sizeof(url));

Index: cgi-bin/admin.c

--- cgi-bin/admin.c (.../easysw/current-1.3.x) (revision 1707)
+++ cgi-bin/admin.c (.../branches/leopard/cups) (revision 1707)
@@ -104,6 +104,7 @@
*/

cgiSetVariable("SECTION", "admin");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • See if we have form data...
    @@ -134,16 +135,61 @@

    if (getenv("HTTPS"))

  •    snprintf(prefix, sizeof(prefix), "https://%s:%s",
    
  •        getenv("SERVER_NAME"), getenv("SERVER_PORT"));
    
  • snprintf(prefix, sizeof(prefix), "https://%s:%s",

  •    getenv("SERVER_NAME"), getenv("SERVER_PORT"));
    

    else

  •    snprintf(prefix, sizeof(prefix), "http://%s:%s",
    
  •        getenv("SERVER_NAME"), getenv("SERVER_PORT"));
    
  • snprintf(prefix, sizeof(prefix), "http://%s:%s",

  •    getenv("SERVER_NAME"), getenv("SERVER_PORT"));
    
  •  fprintf(stderr, "DEBUG: redirecting with prefix %s!\n", prefix);
    
    • if ((url = cgiGetVariable("URL")) != NULL)
  •    printf("Location: %s%s\n\n", prefix, url);
    
  •  {
    
  • char encoded[1024], /* Encoded URL string */

  •   _ptr;           /_ Pointer into encoded string */
    
  • ptr = encoded;

  • if (*url != '/')

  • *ptr++ = '/';
    
  • for (; *url && ptr < (encoded + sizeof(encoded) - 4); url ++)

  • {

  • if (strchr("%@&+ <>#=", *url) || *url < ' ' || *url & 128)
    
  • {
    
  •  /*
    
  •   \* Percent-encode this character; safe because we have at least 4
    
  •   \* bytes left in the array...
    
  •   */
    
  •   sprintf(ptr, "%%%02X", *url & 255);
    
  •   ptr += 3;
    
  • }
    
  • else
    
  •   *ptr++ = *url;
    
  • }

  • *ptr = '\0';
  • if (*url)
  • {
  • /*
  • \* URL was too long, just redirect to the admin page...
    
  • */
    
  • printf("Location: %s/admin\n\n", prefix);
    
  • }
  • else
  • {
  • /*
  • \* URL is OK, redirect there...
    
  • */
    
  • printf("Location: %s%s\n\n", prefix, encoded);
    
  • }
  •  }
    
    else
  •    printf("Location: %s/admin\n\n", prefix);
    
  • printf("Location: %s/admin\n\n", prefix);
    }
    else if (!strcmp(op, "start-printer"))
    do_printer_op(http, IPP_RESUME_PRINTER, cgiText(_("Start Printer")));
    @@ -293,6 +339,31 @@
  • and classes and (re)show the add page...
    */
  • if (cgiGetVariable("EVENT_JOB_CREATED"))
  •  cgiSetVariable("EVENT_JOB_CREATED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_JOB_COMPLETED"))
  •  cgiSetVariable("EVENT_JOB_COMPLETED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_JOB_STOPPED"))
  •  cgiSetVariable("EVENT_JOB_STOPPED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_JOB_CONFIG_CHANGED"))
  •  cgiSetVariable("EVENT_JOB_CONFIG_CHANGED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_PRINTER_STOPPED"))
  •  cgiSetVariable("EVENT_PRINTER_STOPPED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_PRINTER_ADDED"))
  •  cgiSetVariable("EVENT_PRINTER_ADDED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_PRINTER_MODIFIED"))
  •  cgiSetVariable("EVENT_PRINTER_MODIFIED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_PRINTER_DELETED"))
  •  cgiSetVariable("EVENT_PRINTER_DELETED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_SERVER_STARTED"))
  •  cgiSetVariable("EVENT_SERVER_STARTED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_SERVER_STOPPED"))
  •  cgiSetVariable("EVENT_SERVER_STOPPED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_SERVER_RESTARTED"))
  •  cgiSetVariable("EVENT_SERVER_RESTARTED", "CHECKED");
    
  • if (cgiGetVariable("EVENT_SERVER_AUDIT"))
  •  cgiSetVariable("EVENT_SERVER_AUDIT", "CHECKED");
    
    request = ippNewRequest(CUPS_GET_PRINTERS);
    response = cupsDoRequest(http, request, "/");

@@ -450,6 +521,10 @@
* Do the request and get back a response...
*/

  • cgiClearVariables();
  • if (name)
  •  cgiSetVariable("PRINTER_NAME", name);
    
    if ((response = cupsDoRequest(http, request, "/")) != NULL)
    {
    /*
    @@ -2336,7 +2411,9 @@
    if ((val = cupsGetOption("DefaultAuthType", num_settings,
    settings)) != NULL && !strcasecmp(val, "Negotiate"))
    cgiSetVariable("KERBEROS", "CHECKED");
  • else
    #endif /* HAVE_GSSAPI */
  • cgiSetVariable("KERBEROS", "");

cupsFreeOptions(num_settings, settings);

Index: cgi-bin/help.c

--- cgi-bin/help.c (.../easysw/current-1.3.x) (revision 1707)
+++ cgi-bin/help.c (.../branches/leopard/cups) (revision 1707)
@@ -63,6 +63,7 @@
*/

cgiSetVariable("SECTION", "help");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • Load the help index...
    @@ -102,7 +103,7 @@
    */

for (i = 0; i < argc; i ++)

  • fprintf(stderr, "argv[%d]="%s"\n", i, argv[i]);
  • fprintf(stderr, "DEBUG: argv[%d]="%s"\n", i, argv[i]);

if ((helpfile = getenv("PATH_INFO")) != NULL)
{
@@ -179,6 +180,12 @@
topic = cgiGetVariable("TOPIC");
si = helpSearchIndex(hi, query, topic, helpfile);

  • cgiClearVariables();
  • if (query)
  • cgiSetVariable("QUERY", query);
  • if (topic)
  • cgiSetVariable("TOPIC", topic);

fprintf(stderr, "DEBUG: query="%s", topic="%s"\n",
query ? query : "(null)", topic ? topic : "(null)");

Index: cgi-bin/var.c

--- cgi-bin/var.c (.../easysw/current-1.3.x) (revision 1707)
+++ cgi-bin/var.c (.../branches/leopard/cups) (revision 1707)
@@ -15,6 +15,7 @@

  • Contents:
    *
  • cgiCheckVariables() - Check for the presence of "required" variables.
  • * cgiClearVariables() - Clear all form variables.
  • cgiGetArray() - Get an element from a form array...
  • cgiGetFile() - Get the file (if any) that was submitted in the form.
  • cgiGetSize() - Get the size of a form array value.
    @@ -135,6 +136,31 @@

/*

  • * 'cgiClearVariables()' - Clear all form variables.
  • */
    +
    +void
    +cgiClearVariables(void)
    +{
  • int i, j; /* Looping vars */
  • _cgi_var_t v; / Current variable */
    +
    +
  • for (v = form_vars, i = form_count; i > 0; v ++, i --)
  • {
  • _cupsStrFree(v->name);
  • for (j = 0; j < v->nvalues; j ++)
  •  if (v->values[j])
    
  •    _cupsStrFree(v->values[j]);
    
  • }
    +
  • form_count = 0;
    +
  • cgi_unlink_file();
    +}
    +
    +
    +/*
  • 'cgiGetArray()' - Get an element from a form array...
    */

@@ -154,7 +180,7 @@
if (element < 0 || element >= var->nvalues)
return (NULL);

  • return (var->values[element]);
  • return (_cupsStrAlloc(var->values[element]));
    }

@@ -209,7 +235,7 @@
var->values[var->nvalues - 1]);
#endif /* DEBUG */

  • return ((var == NULL) ? NULL : var->values[var->nvalues - 1]);
  • return ((var == NULL) ? NULL : _cupsStrAlloc(var->values[var->nvalues - 1]));
    }

@@ -341,9 +367,9 @@
var->nvalues = element + 1;
}
else if (var->values[element])

  •  free((char *)var->values[element]);
    
  •  _cupsStrFree((char *)var->values[element]);
    
  • var->values[element] = strdup(value);
  • var->values[element] = _cupsStrAlloc(value);
    }
    }

@@ -388,7 +414,7 @@
{
for (i = size; i < var->nvalues; i ++)
if (var->values[i])

  •    free((void *)(var->values[i]));
    
  •    _cupsStrFree((void *)(var->values[i]));
    

    }

    var->nvalues = size;
    @@ -421,9 +447,9 @@
    {
    for (i = 0; i < var->nvalues; i ++)
    if (var->values[i])

  •    free((char *)var->values[i]);
    
  •    _cupsStrFree((char *)var->values[i]);
    
  • var->values[0] = strdup(value);

  • var->values[0] = _cupsStrAlloc(value);
    var->nvalues = 1;
    }
    }
    @@ -470,10 +496,10 @@
    if ((var->values = calloc(element + 1, sizeof(char *))) == NULL)
    return;

  • var->name = strdup(name);

  • var->name = _cupsStrAlloc(name);
    var->nvalues = element + 1;
    var->avalues = element + 1;

  • var->values[element] = strdup(value);

  • var->values[element] = _cupsStrAlloc(value);

form_count ++;
}

Index: cgi-bin/jobs.c

--- cgi-bin/jobs.c (.../easysw/current-1.3.x) (revision 1707)
+++ cgi-bin/jobs.c (.../branches/leopard/cups) (revision 1707)
@@ -57,6 +57,7 @@
*/

cgiSetVariable("SECTION", "jobs");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • Connect to the HTTP server...
    Index: cgi-bin/classes.c

    --- cgi-bin/classes.c (.../easysw/current-1.3.x) (revision 1707)
    +++ cgi-bin/classes.c (.../branches/leopard/cups) (revision 1707)
    @@ -69,6 +69,7 @@
    */

cgiSetVariable("SECTION", "classes");

  • cgiSetVariable("REFRESH_PAGE", "");

/*

  • See if we are displaying a printer or all classes...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant