From 8ad3a500a9ce602fbf6d916680b5169fbe51de8e Mon Sep 17 00:00:00 2001
From: Jens Maus <mail@jens-maus.de>
Date: Tue, 13 Dec 2022 14:17:55 +0100
Subject: [PATCH] reworked QUERY_STRING management to further fix some
 potential security flaws.

---
 VERSION             |  2 +-
 www/backup.cgi      |  2 --
 www/config_js.cgi   |  2 --
 www/index.html      |  2 +-
 www/logfile.html    | 40 +++++++++++++++++++--------------------
 www/messages.html   | 38 ++++++++++++++++++-------------------
 www/querystring.tcl |  9 ---------
 www/save.cgi        |  2 --
 www/session.tcl     | 12 ++++++++++++
 www/syslog.cgi      | 46 ++++++++++++++++++---------------------------
 www/testmail.cgi    |  2 --
 www/testtcl.cgi     |  2 --
 12 files changed, 71 insertions(+), 88 deletions(-)
 delete mode 100644 www/querystring.tcl

diff --git a/VERSION b/VERSION
index 10c0880..6a126f4 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.7.4
+1.7.5
diff --git a/www/backup.cgi b/www/backup.cgi
index e10536a..243cd19 100644
--- a/www/backup.cgi
+++ b/www/backup.cgi
@@ -7,8 +7,6 @@
 #
 ###
 
-load tclrega.so
-source querystring.tcl
 source session.tcl
 
 puts "Content-Type: text/plain; charset=iso-8859-1"
diff --git a/www/config_js.cgi b/www/config_js.cgi
index ef116ff..0ca18c9 100644
--- a/www/config_js.cgi
+++ b/www/config_js.cgi
@@ -8,8 +8,6 @@
 # @license Public Domain
 ##
 
-load tclrega.so
-source querystring.tcl
 source session.tcl
 source /etc/config/addons/email/config.tcl
 
diff --git a/www/index.html b/www/index.html
index 59e266d..4dbe998 100644
--- a/www/index.html
+++ b/www/index.html
@@ -186,7 +186,7 @@
       </tr>
       <tr>
         <td>Version:</td>
-        <td align="right"><iframe width="55" height="25" scrolling="no" frameborder="0" src="VERSION.txt"></iframe></td>
+        <td align="right"><iframe width="70" height="25" scrolling="no" frameborder="0" src="VERSION.txt"></iframe></td>
       </tr>
       <tr>
         <td>Autoren:</td>
diff --git a/www/logfile.html b/www/logfile.html
index e645a59..ff8b520 100644
--- a/www/logfile.html
+++ b/www/logfile.html
@@ -1,20 +1,20 @@
-<!doctype html>
-<html>
-<head>
-<meta content="10;URL=/addons/email/logfile.html" http-equiv="Refresh">
-<meta http-equiv="expires" content="0">
-<title>Logfile</title>
-<link rel="stylesheet" type="text/css" href="style.css" />
-<script LANGUAGE="JavaScript">
-<!--
-function reload_main(){
-var uri=location.href; 
-location.href=uri;
-}
-//-->
-</script>
-</head>
-<body>
-<iframe name='logdisplay' src='/addons/email/log/email.log' width='100%' height='80' scrolling='yes' frameborder='0' style='background-color:transparent;border:0px solid #11cccc;padding:0px;'></iframe></td></tr>
-</body>
-</html>
+<!doctype html>
+<html>
+<head>
+<meta content="10;URL=/addons/email/logfile.html" http-equiv="Refresh">
+<meta http-equiv="expires" content="0">
+<title>Logfile</title>
+<link rel="stylesheet" type="text/css" href="style.css" />
+<script LANGUAGE="JavaScript">
+<!--
+function reload_main(){
+var uri=location.href; 
+location.href=uri;
+}
+//-->
+</script>
+</head>
+<body>
+<iframe name='logdisplay' src='/addons/email/log/email.log' width='100%' height='80' scrolling='yes' frameborder='0' style='background-color:transparent;border:0px solid #11cccc;padding:0px;'></iframe></td></tr>
+</body>
+</html>
diff --git a/www/messages.html b/www/messages.html
index 8bd4d89..8e0ba23 100644
--- a/www/messages.html
+++ b/www/messages.html
@@ -1,19 +1,19 @@
-<!doctype html>
-<html>
-<head>
-<meta content="10;URL=/addons/email/messages.html" http-equiv="Refresh"> 
-<meta http-equiv="expires" content="0">
-<title>Logfile</title>
-<script LANGUAGE="JavaScript">
-<!--
-function reload_main(){
-var uri=location.href; 
-location.href=uri;
-}
-//-->
-</script>
-</head>
-<body>
-<iframe name='logdisplay1' src='/addons/email/syslog.cgi?filter=msmtp' width='100%' height='80' scrolling='yes' frameborder='0' style='background-color:transparent;border:0px solid #11cccc;padding:0px;'></iframe></td></tr>
-</body>
-</html>
+<!doctype html>
+<html>
+<head>
+<meta content="10;URL=/addons/email/messages.html" http-equiv="Refresh"> 
+<meta http-equiv="expires" content="0">
+<title>Logfile</title>
+<script LANGUAGE="JavaScript">
+<!--
+function reload_main(){
+var uri=location.href; 
+location.href=uri;
+}
+//-->
+</script>
+</head>
+<body>
+<iframe name='logdisplay1' src='/addons/email/syslog.cgi' width='100%' height='80' scrolling='yes' frameborder='0' style='background-color:transparent;border:0px solid #11cccc;padding:0px;'></iframe></td></tr>
+</body>
+</html>
diff --git a/www/querystring.tcl b/www/querystring.tcl
deleted file mode 100644
index bd1f01f..0000000
--- a/www/querystring.tcl
+++ /dev/null
@@ -1,9 +0,0 @@
-catch {
-  set input $env(QUERY_STRING)
-  set pairs [split $input &]
-  foreach pair $pairs {
-    if {0 != [regexp "^(\[^=]*)=(.*)$" $pair dummy varname val]} {
-      set $varname $val
-    }
-  }
-}
diff --git a/www/save.cgi b/www/save.cgi
index 4e34b5a..c405399 100644
--- a/www/save.cgi
+++ b/www/save.cgi
@@ -34,9 +34,7 @@
 # @license Public Domain
 ##
 
-load tclrega.so
 source session.tcl
-source querystring.tcl
 
 puts "Content-Type: text/plain; charset=iso-8859-1"
 puts ""
diff --git a/www/session.tcl b/www/session.tcl
index cbd4e8d..ca1efdf 100644
--- a/www/session.tcl
+++ b/www/session.tcl
@@ -2,6 +2,18 @@
 
 load tclrega.so
 
+catch {
+  set input $env(QUERY_STRING)
+  set pairs [split $input &]
+  set sid ""
+  foreach pair $pairs {
+    if {0 != [regexp "^sid=(@.*@)$" $pair dummy val]} {
+      set sid $val
+      break
+    }
+  }
+}
+
 proc check_session sid {
   if {[regexp {@([0-9a-zA-Z]{10})@} $sid all sidnr]} {
     set res [lindex [rega_script "Write(system.GetSessionVarStr('$sidnr'));"] 1]
diff --git a/www/syslog.cgi b/www/syslog.cgi
index 49fbce1..67a1cfd 100755
--- a/www/syslog.cgi
+++ b/www/syslog.cgi
@@ -1,28 +1,18 @@
-#!/bin/tclsh
-
-set logfile "/var/log/messages"
-set filter *
-
-catch {
-  set input $env(QUERY_STRING)
-  set pairs [split $input &]
-  foreach pair $pairs {
-    if {0 != [regexp "^(\[^=]*)=(.*)$" $pair dummy varname val]} {
-      set $varname $val
-    }
-  }
-}
-
-puts "Content-Type: text/plain;Charset=ISO-8859-1"
-puts ""
-
-if {[catch {open "$logfile" r} fd]} {
-  puts "ERROR open($logfile) $fd"
-} else {
-  while {[gets $fd line] >= 0} {
-    if {[string match -nocase "*$filter*" $line]} {
-      puts $line
-    }
-  }
-  close $fd
-}
+#!/bin/tclsh
+
+set logfile "/var/log/messages"
+set filter "msmtp"
+
+puts "Content-Type: text/plain; charset=iso-8859-1"
+puts ""
+
+if {[catch {open "$logfile" r} fd]} {
+  puts "ERROR open($logfile) $fd"
+} else {
+  while {[gets $fd line] >= 0} {
+    if {[string match -nocase "*$filter*" $line]} {
+      puts $line
+    }
+  }
+  close $fd
+}
diff --git a/www/testmail.cgi b/www/testmail.cgi
index 8df303e..8b9c5f5 100755
--- a/www/testmail.cgi
+++ b/www/testmail.cgi
@@ -7,8 +7,6 @@
 # @license Public Domain
 ##
 
-load tclrega.so
-source querystring.tcl
 source session.tcl
 
 puts "Content-Type: text/plain; charset=iso-8859-1"
diff --git a/www/testtcl.cgi b/www/testtcl.cgi
index 577720e..de38010 100755
--- a/www/testtcl.cgi
+++ b/www/testtcl.cgi
@@ -7,8 +7,6 @@
 #
 ###
 
-load tclrega.so
-source querystring.tcl
 source session.tcl
 
 puts "Content-Type: text/plain; charset=iso-8859-1"