[dev] [sw] Suckless web-framework from node_AT_lavabit.com on 2010-04-04 (dev mail list archive)

From: <node_AT_lavabit.com>
Date: Sun, 4 Apr 2010 00:46:40 -0400 (EDT)

This code is horrible

> #!/bin/sh
> # sw - 2010 - nibble <develsec.org>
>
> # Configuration
> TITLE="foo.org" # Site title
> SUBTITLE="" # Site subtitle
> SITE="site" # Site folder
# grep thinks the second argument is a file
> BL="^index.md$ ^images$" # Black list
BL="^index.md$\|^images$" # Black list
> BIN="/sw" # CGI location
> STYLE="/style.css" # Stylesheet location
> # External apps
> MDHANDLER="/usr/local/bin/md2html.awk" # md handler
>
> echo Content-type: text/html
> echo

# Two expensive subshells... not to mention testing for zero/non-zero
# length string is redundant when grep's $? is enough
> if [ -z "`echo ${REQUEST_URI} | grep -F "${BIN}"`" ] || \
> [ -n "`echo ${REQUEST_URI} | grep "[^a-zA-Z0-9_\./ ]\+"`" ]; then
echo "$REQUEST_URI" | if grep -Fvq "$BIN" || grep -q '[[:alnum:]_\./
]\+'; then
> echo "<script>window.location=\"${BIN}\";</script>"
> exit 1
> fi

# echo | blah is becoming rampant; let's not ignore it this time
> QUERY=`echo ${REQUEST_URI} | sed -e "s,.*${BIN}/*$.*$,\1,"`
  QUERY=`sed "s,.*$BIN/*$.*$,\1," <<-!
        $REQUEST_URI
        !

# Why heredoc instead of subshell?
# Compare: time for i in `seq 1 1000`; do echo str | grep pattern
>/dev/null; done
# ...with: time for i in `seq 1 1000`; do grep pattern >/dev/null <<-!
# str
# !
# done

> DIR="."
> FILE="index.md"
# No need for -[nz], ever
> if [ -n "${QUERY}" ]; then
  if [ "$QUERY" ]; then
> if [ -f "${SITE}/${QUERY}" ]; then
                # heredocs can also contain subshells... you save one
                # from `cmd | cmd`
> DIR=`dirname ${QUERY} | sed -e "s,/*$,,"`
> FILE=${QUERY}
> elif [ -d "${SITE}/${QUERY}" ]; then
> DIR=`echo ${QUERY} | sed -e "s,/*$,,"`
> FILE="$DIR/index.md"
> fi
> fi

> sw_menu() {
> BL=`echo ${BL} | sed -e "s/$ \+\|^$/ -e /g"`
> echo "<ul>"
> [ "${DIR}" != "." ] && echo "<li><a href=\"${BIN}/${DIR}/..\">..</a></li>"
        # Please don't use ls in scripts -- make them newline/special char
        # friendly. Also, it's quite possible that BL has characters
        # that the shell can misinterpret. Quote it.
> for i in `ls ${SITE}/${DIR} | grep -v ${BL}`; do
        cd "$SITE/$DIR"
        for i in *; do
        if grep -q "$BL\|\*" <<-!
                $i
                !
        then
                continue
        fi
> NAME=`echo ${i} | sed -e "s/\..*$//" -e "s/_/ /g" \
> -e "s/$[a-z]\?$$.*$/\u\1\2/"`
> echo "<li><a href=\"${BIN}/${DIR}/${i}\">${NAME}</a></li>"
> done
> echo "</ul>"
> }
<snip>
Received on Sun Apr 04 2010 - 04:46:40 UTC

This archive was generated by hypermail 2.2.0 : Sun Apr 04 2010 - 04:48:02 UTC