From 569a688db94c78b96d48230723b424bfa1af8b03 Mon Sep 17 00:00:00 2001
From: Rob van Son <r.j.j.h.vanson@gmail.com>
Date: Mon, 10 Feb 2014 14:14:23 +0100
Subject: [PATCH] Added USEFAT and spaces to filenames

---
 BinaryMapFile.xmr                |  0
 CGIscriptor.html                 |  0
 CGIscriptor.pl                   | 11 ++++++++++-
 CGIservlet.html                  |  0
 CGIservlet.pl                    |  8 +++++++-
 CGIservletSETUP.pl               |  1 +
 Hello.html                       |  0
 JavaScript/CGIscriptorSession.js |  0
 JavaScript/ChangePasswordPage.js |  0
 JavaScript/CreateUserPage.js     |  0
 JavaScript/LoginPage.js          |  0
 JavaScript/PlainPage.js          |  0
 JavaScript/sha.js                |  0
 Private/.Passwords/admin         |  0
 Private/.Passwords/test          |  0
 Private/.Passwords/testchallenge |  0
 Private/.Passwords/testip        |  0
 Private/.SkeletonDir/index.html  |  0
 Private/ChangePassword.html      |  0
 Private/CreateUser.html          |  0
 Private/Login.html               |  0
 Private/index.html               |  0
 Private/manual.html              |  0
 PrivateTutorial.html             |  0
 README.txt                       |  0
 Test/TestUpload.html             |  0
 Test/test.html                   |  0
 gpl.html                         |  0
 index.html                       |  0
 29 files changed, 18 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 BinaryMapFile.xmr
 mode change 100644 => 100755 CGIscriptor.html
 mode change 100644 => 100755 CGIservlet.html
 mode change 100644 => 100755 Hello.html
 mode change 100644 => 100755 JavaScript/CGIscriptorSession.js
 mode change 100644 => 100755 JavaScript/ChangePasswordPage.js
 mode change 100644 => 100755 JavaScript/CreateUserPage.js
 mode change 100644 => 100755 JavaScript/LoginPage.js
 mode change 100644 => 100755 JavaScript/PlainPage.js
 mode change 100644 => 100755 JavaScript/sha.js
 mode change 100644 => 100755 Private/.Passwords/admin
 mode change 100644 => 100755 Private/.Passwords/test
 mode change 100644 => 100755 Private/.Passwords/testchallenge
 mode change 100644 => 100755 Private/.Passwords/testip
 mode change 100644 => 100755 Private/.SkeletonDir/index.html
 mode change 100644 => 100755 Private/ChangePassword.html
 mode change 100644 => 100755 Private/CreateUser.html
 mode change 100644 => 100755 Private/Login.html
 mode change 100644 => 100755 Private/index.html
 mode change 100644 => 100755 Private/manual.html
 mode change 100644 => 100755 PrivateTutorial.html
 mode change 100644 => 100755 README.txt
 mode change 100644 => 100755 Test/TestUpload.html
 mode change 100644 => 100755 Test/test.html
 mode change 100644 => 100755 gpl.html
 mode change 100644 => 100755 index.html

diff --git a/BinaryMapFile.xmr b/BinaryMapFile.xmr
old mode 100644
new mode 100755
diff --git a/CGIscriptor.html b/CGIscriptor.html
old mode 100644
new mode 100755
diff --git a/CGIscriptor.pl b/CGIscriptor.pl
index 756b32f..ba4cf3d 100755
--- a/CGIscriptor.pl
+++ b/CGIscriptor.pl
@@ -61,6 +61,7 @@ ENDOFPREHELPTEXT1
 ############################################################################
 #
 # Changes (document ALL changes with date, name and email here):
+# 10 Feb  2014 - Added use of FAT fs and spaces in filenames
 # 06 Feb  2014 - Corrected behavior of ACCEPT.lis and REJECT.lis
 # 05 Apr  2013 - Renamed COOKIE_JAR to HTTP_COOKIE, added support for 
 #                CGI::Cookie in case $ENV{HTTP_COOKIE} is undefined (untested)
@@ -332,6 +333,8 @@ $ServerScriptContentClass = $ServerScriptContentType =~ m!/! ?
 $ShellScriptContentType = "text/osshell"; # OS shell scripts 
 #                                         # (Server Side perl ``-execution)
 #
+# Run from FAT file systems (Windows) based on environment variable
+$useFAT = $ENV{'USEFAT'};
 # Accessible file patterns, block any request that doesn't match.
 # Matches any file with the extension .(s)htm(l), .txt, or .xmr 
 # (\. is used in regexp)
@@ -550,7 +553,7 @@ if !  -e "$YOUR_HTML_FILES".$BinaryMapFile
 # THIS IS A SECURITY FEATURE
 # (this is also used to parse filenames in SRC= features, note the 
 # '-quotes, they are essential)
-$FileAllowedChars = '\w\.\~\/\:\*\?\-'; # Covers Unix and Mac, but NO spaces
+$FileAllowedChars = '\w\.\~\/\:\*\?\-\ '; # Covers Unix and Mac, including spaces
 #
 # Maximum size of the Query (number of characters clients can send
 # covers both GET & POST combined)
@@ -4927,6 +4930,12 @@ sub ProcessFile  # ($file_path)
         push(@OpenFiles, $file_path);
         $_ = <$FileHandle>;  # Read first line
     }
+    elsif( -e "$file_path"  && -r _ && -T _ && -f _ && $useFAT )
+    {
+        open($FileHandle, $file_path) || dieHandler(17, "<h2>File not found</h2>\n");
+        push(@OpenFiles, $file_path);
+        $_ = <$FileHandle>;  # Read first line
+    }
     else
     { 
         print "<h2>File not found</h2>\n";
diff --git a/CGIservlet.html b/CGIservlet.html
old mode 100644
new mode 100755
diff --git a/CGIservlet.pl b/CGIservlet.pl
index 1544df0..379199a 100755
--- a/CGIservlet.pl
+++ b/CGIservlet.pl
@@ -510,6 +510,7 @@ my $welcome   = '/index.html';  # Default path
 my $MaxBrood  = 32;          # Maximum number of running children
 my $MaxTime  = 36000;        # Maximum time a child may run in seconds
 my $MaxLength = 2**15;       # Maximum Request Length 
+my $UseFAT = 0;	# Run on FAT systems (Windows) such as thumb drives (default: NO)
 my $Secure = 1;			# Block browsing directories and text files or not
 my %UserEnv = ();
 
@@ -690,9 +691,13 @@ while ($_ = shift(@ARGV))
 		$Secure = !$Secure;	# Toggle blocking directory browsing and ASCII file access
     }
     elsif(/\-n/is)            # Do NOT extract Remote host
-    { 
+    {
 		$NONAME = 1;
     }
+    elsif(/\-\-USEFAT/is)            # Set USEFAT environment variable
+    {
+		$UseFAT = 1;
+    }
     else        # perform unreliable magick without switches
     { 
         if(/^[0-9]+$/ && $_ > 1024)     # A (large) number must be a port
@@ -746,6 +751,7 @@ $ENV{'CGI_HOME'} = $textroot;
 $ENV{'SERVER_ROOT'} = $textroot;                # Server Root Directory
 $ENV{'DOCUMENT_ROOT'} = $textroot;              # Server Root Directory
 $ENV{'SCRIPT_NAME'} = $doarg.$execarg.$evalarg;  # Combine executable arguments
+$ENV{'USEFAT'} = $UseFAT;  # Flag use of FAT filesystem
 
 $FrozenEnv{'SERVER_SOFTWARE'} = $ENV{'SERVER_SOFTWARE'};
 $FrozenEnv{'GATEWAY_INTERFACE'} = $ENV{'GATEWAY_INTERFACE'};
diff --git a/CGIservletSETUP.pl b/CGIservletSETUP.pl
index 415c86a..ad147b9 100755
--- a/CGIservletSETUP.pl
+++ b/CGIservletSETUP.pl
@@ -65,6 +65,7 @@ $execarg   = '';          # `command \'$textroot$Path\' \'$QueryString\'`
 #$MaxBrood  = 32;		# Maximum number of running children
 #$MaxTime  = 36000;           # Maximum time a child may run in seconds
 #$MaxLength = 2**15;          # Maximum Request Length 
+#$UseFAT = 0;	# Run on FAT systems (Windows) such as thumb drives (default: NO)
 
 # If one of the following lists contains any client addresses or names, all others are
 # blocked (be carefull, your site will be inaccessible if you misspell them).
diff --git a/Hello.html b/Hello.html
old mode 100644
new mode 100755
diff --git a/JavaScript/CGIscriptorSession.js b/JavaScript/CGIscriptorSession.js
old mode 100644
new mode 100755
diff --git a/JavaScript/ChangePasswordPage.js b/JavaScript/ChangePasswordPage.js
old mode 100644
new mode 100755
diff --git a/JavaScript/CreateUserPage.js b/JavaScript/CreateUserPage.js
old mode 100644
new mode 100755
diff --git a/JavaScript/LoginPage.js b/JavaScript/LoginPage.js
old mode 100644
new mode 100755
diff --git a/JavaScript/PlainPage.js b/JavaScript/PlainPage.js
old mode 100644
new mode 100755
diff --git a/JavaScript/sha.js b/JavaScript/sha.js
old mode 100644
new mode 100755
diff --git a/Private/.Passwords/admin b/Private/.Passwords/admin
old mode 100644
new mode 100755
diff --git a/Private/.Passwords/test b/Private/.Passwords/test
old mode 100644
new mode 100755
diff --git a/Private/.Passwords/testchallenge b/Private/.Passwords/testchallenge
old mode 100644
new mode 100755
diff --git a/Private/.Passwords/testip b/Private/.Passwords/testip
old mode 100644
new mode 100755
diff --git a/Private/.SkeletonDir/index.html b/Private/.SkeletonDir/index.html
old mode 100644
new mode 100755
diff --git a/Private/ChangePassword.html b/Private/ChangePassword.html
old mode 100644
new mode 100755
diff --git a/Private/CreateUser.html b/Private/CreateUser.html
old mode 100644
new mode 100755
diff --git a/Private/Login.html b/Private/Login.html
old mode 100644
new mode 100755
diff --git a/Private/index.html b/Private/index.html
old mode 100644
new mode 100755
diff --git a/Private/manual.html b/Private/manual.html
old mode 100644
new mode 100755
diff --git a/PrivateTutorial.html b/PrivateTutorial.html
old mode 100644
new mode 100755
diff --git a/README.txt b/README.txt
old mode 100644
new mode 100755
diff --git a/Test/TestUpload.html b/Test/TestUpload.html
old mode 100644
new mode 100755
diff --git a/Test/test.html b/Test/test.html
old mode 100644
new mode 100755
diff --git a/gpl.html b/gpl.html
old mode 100644
new mode 100755
diff --git a/index.html b/index.html
old mode 100644
new mode 100755
-- 
2.11.4.GIT