search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix permissions handling (CVE-2010-0825).
[emacs.git] / lisp / url / url-util.el
blobc0b2595a6e05076205015d1ed8cdcf36647c166c
1 ;;; url-util.el --- Miscellaneous helper routines for URL library
2
3 ;; Copyright (C) 1996, 1997, 1998, 1999, 2001, 2004, 2005, 2006, 2007,
4 ;; 2008, 2009, 2010 Free Software Foundation, Inc.
5
6 ;; Author: Bill Perry <wmperry@gnu.org>
7 ;; Keywords: comm, data, processes
8
9 ;; This file is part of GNU Emacs.
10 ;;
11 ;; GNU Emacs is free software: you can redistribute it and/or modify
12 ;; it under the terms of the GNU General Public License as published by
13 ;; the Free Software Foundation, either version 3 of the License, or
14 ;; (at your option) any later version.
15
16 ;; GNU Emacs is distributed in the hope that it will be useful,
17 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
18 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ;; GNU General Public License for more details.
20
21 ;; You should have received a copy of the GNU General Public License
22 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
23
24 ;;; Commentary:
25
26 ;;; Code:
27
28 (require 'url-parse)
29 (require 'url-vars)
30 (eval-when-compile (require 'cl))
31 (autoload 'timezone-parse-date "timezone")
32 (autoload 'timezone-make-date-arpa-standard "timezone")
33 (autoload 'mail-header-extract "mailheader")
34
35 (defvar url-parse-args-syntax-table
36 (copy-syntax-table emacs-lisp-mode-syntax-table)
37 "A syntax table for parsing sgml attributes.")
38
39 (modify-syntax-entry ?' "\"" url-parse-args-syntax-table)
40 (modify-syntax-entry ?` "\"" url-parse-args-syntax-table)
41 (modify-syntax-entry ?{ "(" url-parse-args-syntax-table)
42 (modify-syntax-entry ?} ")" url-parse-args-syntax-table)
43
44 ;;;###autoload
45 (defcustom url-debug nil
46 "*What types of debug messages from the URL library to show.
47 Debug messages are logged to the *URL-DEBUG* buffer.
48
49 If t, all messages will be logged.
50 If a number, all messages will be logged, as well shown via `message'.
51 If a list, it is a list of the types of messages to be logged."
52 :type '(choice (const :tag "none" nil)
53 (const :tag "all" t)
54 (checklist :tag "custom"
55 (const :tag "HTTP" :value http)
56 (const :tag "DAV" :value dav)
57 (const :tag "General" :value retrieval)
58 (const :tag "Filename handlers" :value handlers)
59 (symbol :tag "Other")))
60 :group 'url-hairy)
61
62 ;;;###autoload
63 (defun url-debug (tag &rest args)
64 (if quit-flag
65 (error "Interrupted!"))
66 (if (or (eq url-debug t)
67 (numberp url-debug)
68 (and (listp url-debug) (memq tag url-debug)))
69 (with-current-buffer (get-buffer-create "*URL-DEBUG*")
70 (goto-char (point-max))
71 (insert (symbol-name tag) " -> " (apply 'format args) "\n")
72 (if (numberp url-debug)
73 (apply 'message args)))))
74
75 ;;;###autoload
76 (defun url-parse-args (str &optional nodowncase)
77 ;; Return an assoc list of attribute/value pairs from an RFC822-type string
78 (let (
79 name ; From name=
80 value ; its value
81 results ; Assoc list of results
82 name-pos ; Start of XXXX= position
83 val-pos ; Start of value position
84 st
85 nd
86 )
87 (save-excursion
88 (save-restriction
89 (set-buffer (get-buffer-create " *urlparse-temp*"))
90 (set-syntax-table url-parse-args-syntax-table)
91 (erase-buffer)
92 (insert str)
93 (setq st (point-min)
94 nd (point-max))
95 (set-syntax-table url-parse-args-syntax-table)
96 (narrow-to-region st nd)
97 (goto-char (point-min))
98 (while (not (eobp))
99 (skip-chars-forward "; \n\t")
100 (setq name-pos (point))
101 (skip-chars-forward "^ \n\t=;")
102 (if (not nodowncase)
103 (downcase-region name-pos (point)))
104 (setq name (buffer-substring name-pos (point)))
105 (skip-chars-forward " \t\n")
106 (if (/= (or (char-after (point)) 0) ?=) ; There is no value
107 (setq value nil)
108 (skip-chars-forward " \t\n=")
109 (setq val-pos (point)
110 value
111 (cond
112 ((or (= (or (char-after val-pos) 0) ?\")
113 (= (or (char-after val-pos) 0) ?'))
114 (buffer-substring (1+ val-pos)
115 (condition-case ()
116 (prog2
117 (forward-sexp 1)
118 (1- (point))
119 (skip-chars-forward "\""))
120 (error
121 (skip-chars-forward "^ \t\n")
122 (point)))))
123 (t
124 (buffer-substring val-pos
125 (progn
126 (skip-chars-forward "^;")
127 (skip-chars-backward " \t")
128 (point)))))))
129 (setq results (cons (cons name value) results))
130 (skip-chars-forward "; \n\t"))
131 results))))
132
133 ;;;###autoload
134 (defun url-insert-entities-in-string (string)
135 "Convert HTML markup-start characters to entity references in STRING.
136 Also replaces the \" character, so that the result may be safely used as
137 an attribute value in a tag. Returns a new string with the result of the
138 conversion. Replaces these characters as follows:
139 & ==> &amp;
140 < ==> &lt;
141 > ==> &gt;
142 \" ==> &quot;"
143 (if (string-match "[&<>\"]" string)
144 (with-current-buffer (get-buffer-create " *entity*")
145 (erase-buffer)
146 (buffer-disable-undo (current-buffer))
147 (insert string)
148 (goto-char (point-min))
149 (while (progn
150 (skip-chars-forward "^&<>\"")
151 (not (eobp)))
152 (insert (cdr (assq (char-after (point))
153 '((?\" . "&quot;")
154 (?& . "&amp;")
155 (?< . "&lt;")
156 (?> . "&gt;")))))
157 (delete-char 1))
158 (buffer-string))
159 string))
160
161 ;;;###autoload
162 (defun url-normalize-url (url)
163 "Return a 'normalized' version of URL.
164 Strips out default port numbers, etc."
165 (let (type data retval)
166 (setq data (url-generic-parse-url url)
167 type (url-type data))
168 (if (member type '("www" "about" "mailto" "info"))
169 (setq retval url)
170 ;; FIXME all this does, and all this function seems to do in
171 ;; most cases, is remove any trailing "#anchor" part of a url.
172 (setf (url-target data) nil)
173 (setq retval (url-recreate-url data)))
174 retval))
175
176 ;;;###autoload
177 (defun url-lazy-message (&rest args)
178 "Just like `message', but is a no-op if called more than once a second.
179 Will not do anything if `url-show-status' is nil."
180 (if (or (null url-show-status)
181 (active-minibuffer-window)
182 (= url-lazy-message-time
183 (setq url-lazy-message-time (nth 1 (current-time)))))
184 nil
185 (apply 'message args)))
186
187 ;;;###autoload
188 (defun url-get-normalized-date (&optional specified-time)
189 "Return a 'real' date string that most HTTP servers can understand."
190 (let ((system-time-locale "C"))
191 (format-time-string "%a, %d %b %Y %T GMT"
192 (or specified-time (current-time)) t)))
193
194 ;;;###autoload
195 (defun url-eat-trailing-space (x)
196 "Remove spaces/tabs at the end of a string."
197 (let ((y (1- (length x)))
198 (skip-chars (list ? ?\t ?\n)))
199 (while (and (>= y 0) (memq (aref x y) skip-chars))
200 (setq y (1- y)))
201 (substring x 0 (1+ y))))
202
203 ;;;###autoload
204 (defun url-strip-leading-spaces (x)
205 "Remove spaces at the front of a string."
206 (let ((y (1- (length x)))
207 (z 0)
208 (skip-chars (list ? ?\t ?\n)))
209 (while (and (<= z y) (memq (aref x z) skip-chars))
210 (setq z (1+ z)))
211 (substring x z nil)))
212
213 ;;;###autoload
214 (defun url-pretty-length (n)
215 (cond
216 ((< n 1024)
217 (format "%d bytes" n))
218 ((< n (* 1024 1024))
219 (format "%dk" (/ n 1024.0)))
220 (t
221 (format "%2.2fM" (/ n (* 1024 1024.0))))))
222
223 ;;;###autoload
224 (defun url-display-percentage (fmt perc &rest args)
225 (when url-show-status
226 (if (null fmt)
227 (if (fboundp 'clear-progress-display)
228 (clear-progress-display))
229 (if (and (fboundp 'progress-display) perc)
230 (apply 'progress-display fmt perc args)
231 (apply 'message fmt args)))))
232
233 ;;;###autoload
234 (defun url-percentage (x y)
235 (if (fboundp 'float)
236 (round (* 100 (/ x (float y))))
237 (/ (* x 100) y)))
238
239 ;;;###autoload
240 (defalias 'url-basepath 'url-file-directory)
241
242 ;;;###autoload
243 (defun url-file-directory (file)
244 "Return the directory part of FILE, for a URL."
245 (cond
246 ((null file) "")
247 ((string-match (eval-when-compile (regexp-quote "?")) file)
248 (file-name-directory (substring file 0 (match-beginning 0))))
249 (t (file-name-directory file))))
250
251 ;;;###autoload
252 (defun url-file-nondirectory (file)
253 "Return the nondirectory part of FILE, for a URL."
254 (cond
255 ((null file) "")
256 ((string-match (eval-when-compile (regexp-quote "?")) file)
257 (file-name-nondirectory (substring file 0 (match-beginning 0))))
258 (t (file-name-nondirectory file))))
259
260 ;;;###autoload
261 (defun url-parse-query-string (query &optional downcase allow-newlines)
262 (let (retval pairs cur key val)
263 (setq pairs (split-string query "&"))
264 (while pairs
265 (setq cur (car pairs)
266 pairs (cdr pairs))
267 (if (not (string-match "=" cur))
268 nil ; Grace
269 (setq key (url-unhex-string (substring cur 0 (match-beginning 0))
270 allow-newlines))
271 (setq val (url-unhex-string (substring cur (match-end 0) nil)
272 allow-newlines))
273 (if downcase
274 (setq key (downcase key)))
275 (setq cur (assoc key retval))
276 (if cur
277 (setcdr cur (cons val (cdr cur)))
278 (setq retval (cons (list key val) retval)))))
279 retval))
280
281 (defun url-unhex (x)
282 (if (> x ?9)
283 (if (>= x ?a)
284 (+ 10 (- x ?a))
285 (+ 10 (- x ?A)))
286 (- x ?0)))
287
288 ;; Fixme: Is this definition better, and does it ever matter?
289
290 ;; (defun url-unhex-string (str &optional allow-newlines)
291 ;; "Remove %XX, embedded spaces, etc in a url.
292 ;; If optional second argument ALLOW-NEWLINES is non-nil, then allow the
293 ;; decoding of carriage returns and line feeds in the string, which is normally
294 ;; forbidden in URL encoding."
295 ;; (setq str (or str ""))
296 ;; (setq str (replace-regexp-in-string "%[[:xdigit:]]\\{2\\}"
297 ;; (lambda (match)
298 ;; (string (string-to-number
299 ;; (substring match 1) 16)))
300 ;; str t t))
301 ;; (if allow-newlines
302 ;; (replace-regexp-in-string "[\n\r]" (lambda (match)
303 ;; (format "%%%.2X" (aref match 0)))
304 ;; str t t)
305 ;; str))
306
307 ;;;###autoload
308 (defun url-unhex-string (str &optional allow-newlines)
309 "Remove %XX embedded spaces, etc in a URL.
310 If optional second argument ALLOW-NEWLINES is non-nil, then allow the
311 decoding of carriage returns and line feeds in the string, which is normally
312 forbidden in URL encoding."
313 (setq str (or str ""))
314 (let ((tmp "")
315 (case-fold-search t))
316 (while (string-match "%[0-9a-f][0-9a-f]" str)
317 (let* ((start (match-beginning 0))
318 (ch1 (url-unhex (elt str (+ start 1))))
319 (code (+ (* 16 ch1)
320 (url-unhex (elt str (+ start 2))))))
321 (setq tmp (concat
322 tmp (substring str 0 start)
323 (cond
324 (allow-newlines
325 (char-to-string code))
326 ((or (= code ?\n) (= code ?\r))
327 " ")
328 (t (char-to-string code))))
329 str (substring str (match-end 0)))))
330 (setq tmp (concat tmp str))
331 tmp))
332
333 (defconst url-unreserved-chars
334 '(
335 ?a ?b ?c ?d ?e ?f ?g ?h ?i ?j ?k ?l ?m ?n ?o ?p ?q ?r ?s ?t ?u ?v ?w ?x ?y ?z
336 ?A ?B ?C ?D ?E ?F ?G ?H ?I ?J ?K ?L ?M ?N ?O ?P ?Q ?R ?S ?T ?U ?V ?W ?X ?Y ?Z
337 ?0 ?1 ?2 ?3 ?4 ?5 ?6 ?7 ?8 ?9
338 ?- ?_ ?. ?! ?~ ?* ?' ?\( ?\))
339 "A list of characters that are _NOT_ reserved in the URL spec.
340 This is taken from RFC 2396.")
341
342 ;;;###autoload
343 (defun url-hexify-string (string)
344 "Return a new string that is STRING URI-encoded.
345 First, STRING is converted to utf-8, if necessary. Then, for each
346 character in the utf-8 string, those found in `url-unreserved-chars'
347 are left as-is, all others are represented as a three-character
348 string: \"%\" followed by two lowercase hex digits."
349 ;; To go faster and avoid a lot of consing, we could do:
350 ;;
351 ;; (defconst url-hexify-table
352 ;; (let ((map (make-vector 256 nil)))
353 ;; (dotimes (byte 256) (aset map byte
354 ;; (if (memq byte url-unreserved-chars)
355 ;; (char-to-string byte)
356 ;; (format "%%%02x" byte))))
357 ;; map))
358 ;;
359 ;; (mapconcat (curry 'aref url-hexify-table) ...)
360 (mapconcat (lambda (byte)
361 (if (memq byte url-unreserved-chars)
362 (char-to-string byte)
363 (format "%%%02x" byte)))
364 (if (multibyte-string-p string)
365 (encode-coding-string string 'utf-8)
366 string)
367 ""))
368
369 ;;;###autoload
370 (defun url-file-extension (fname &optional x)
371 "Return the filename extension of FNAME.
372 If optional argument X is t, then return the basename
373 of the file with the extension stripped off."
374 (if (and fname
375 (setq fname (url-file-nondirectory fname))
376 (string-match "\\.[^./]+$" fname))
377 (if x (substring fname 0 (match-beginning 0))
378 (substring fname (match-beginning 0) nil))
379 ;;
380 ;; If fname has no extension, and x then return fname itself instead of
381 ;; nothing. When caching it allows the correct .hdr file to be produced
382 ;; for filenames without extension.
383 ;;
384 (if x
385 fname
386 "")))
387
388 ;;;###autoload
389 (defun url-truncate-url-for-viewing (url &optional width)
390 "Return a shortened version of URL that is WIDTH characters wide or less.
391 WIDTH defaults to the current frame width."
392 (let* ((fr-width (or width (frame-width)))
393 (str-width (length url))
394 (fname nil)
395 (modified 0)
396 (urlobj nil))
397 ;; The first thing that can go are the search strings
398 (if (and (>= str-width fr-width)
399 (string-match "?" url))
400 (setq url (concat (substring url 0 (match-beginning 0)) "?...")
401 str-width (length url)))
402 (if (< str-width fr-width)
403 nil ; Hey, we are done!
404 (setq urlobj (url-generic-parse-url url)
405 fname (url-filename urlobj)
406 fr-width (- fr-width 4))
407 (while (and (>= str-width fr-width)
408 (string-match "/" fname))
409 (setq fname (substring fname (match-end 0) nil)
410 modified (1+ modified))
411 (setf (url-filename urlobj) fname)
412 (setq url (url-recreate-url urlobj)
413 str-width (length url)))
414 (if (> modified 1)
415 (setq fname (concat "/.../" fname))
416 (setq fname (concat "/" fname)))
417 (setf (url-filename urlobj) fname)
418 (setq url (url-recreate-url urlobj)))
419 url))
420
421 ;;;###autoload
422 (defun url-view-url (&optional no-show)
423 "View the current document's URL.
424 Optional argument NO-SHOW means just return the URL, don't show it in
425 the minibuffer.
426
427 This uses `url-current-object', set locally to the buffer."
428 (interactive)
429 (if (not url-current-object)
430 nil
431 (if no-show
432 (url-recreate-url url-current-object)
433 (message "%s" (url-recreate-url url-current-object)))))
434
435 (eval-and-compile
436 (defvar url-get-url-filename-chars "-%.?@a-zA-Z0-9()_/:~=&"
437 "Valid characters in a URL.")
438 )
439
440 (defun url-get-url-at-point (&optional pt)
441 "Get the URL closest to point, but don't change position.
442 Has a preference for looking backward when not directly on a symbol."
443 ;; Not at all perfect - point must be right in the name.
444 (save-excursion
445 (if pt (goto-char pt))
446 (let (start url)
447 (save-excursion
448 ;; first see if you're just past a filename
449 (if (not (eobp))
450 (if (looking-at "[] \t\n[{}()]") ; whitespace or some parens
451 (progn
452 (skip-chars-backward " \n\t\r({[]})")
453 (if (not (bobp))
454 (backward-char 1)))))
455 (if (and (char-after (point))
456 (string-match (eval-when-compile
457 (concat "[" url-get-url-filename-chars "]"))
458 (char-to-string (char-after (point)))))
459 (progn
460 (skip-chars-backward url-get-url-filename-chars)
461 (setq start (point))
462 (skip-chars-forward url-get-url-filename-chars))
463 (setq start (point)))
464 (setq url (buffer-substring-no-properties start (point))))
465 (if (and url (string-match "^(.*)\\.?$" url))
466 (setq url (match-string 1 url)))
467 (if (and url (string-match "^URL:" url))
468 (setq url (substring url 4 nil)))
469 (if (and url (string-match "\\.$" url))
470 (setq url (substring url 0 -1)))
471 (if (and url (string-match "^www\\." url))
472 (setq url (concat "http://" url)))
473 (if (and url (not (string-match url-nonrelative-link url)))
474 (setq url nil))
475 url)))
476
477 (defun url-generate-unique-filename (&optional fmt)
478 "Generate a unique filename in `url-temporary-directory'."
479 ;; This variable is obsolete, but so is this function.
480 (let ((tempdir (with-no-warnings url-temporary-directory)))
481 (if (not fmt)
482 (let ((base (format "url-tmp.%d" (user-real-uid)))
483 (fname "")
484 (x 0))
485 (setq fname (format "%s%d" base x))
486 (while (file-exists-p
487 (expand-file-name fname tempdir))
488 (setq x (1+ x)
489 fname (concat base (int-to-string x))))
490 (expand-file-name fname tempdir))
491 (let ((base (concat "url" (int-to-string (user-real-uid))))
492 (fname "")
493 (x 0))
494 (setq fname (format fmt (concat base (int-to-string x))))
495 (while (file-exists-p
496 (expand-file-name fname tempdir))
497 (setq x (1+ x)
498 fname (format fmt (concat base (int-to-string x)))))
499 (expand-file-name fname tempdir)))))
500 (make-obsolete 'url-generate-unique-filename 'make-temp-file "23.1")
501
502 (defun url-extract-mime-headers ()
503 "Set `url-current-mime-headers' in current buffer."
504 (save-excursion
505 (goto-char (point-min))
506 (unless url-current-mime-headers
507 (set (make-local-variable 'url-current-mime-headers)
508 (mail-header-extract)))))
509
510 (defun url-make-private-file (file)
511 "Make FILE only readable and writable by the current user.
512 Creates FILE and its parent directories if they do not exist."
513 (let ((dir (file-name-directory file)))
514 (when dir
515 ;; For historical reasons.
516 (make-directory dir t)))
517 ;; Based on doc-view-make-safe-dir.
518 (condition-case nil
519 (let ((umask (default-file-modes)))
520 (unwind-protect
521 (progn
522 (set-default-file-modes #o0600)
523 (with-temp-buffer
524 (write-region (point-min) (point-max)
525 file nil 'silent nil 'excl)))
526 (set-default-file-modes umask)))
527 (file-already-exists
528 (if (file-symlink-p file)
529 (error "Danger: `%s' is a symbolic link" file))
530 (set-file-modes file #o0600))))
531
532 (provide 'url-util)
533
534 ;; arch-tag: 24352abc-5a5a-412e-90cd-313b26bed5c9
535 ;;; url-util.el ends here
Emacs repository mirror