Dynamically get path to bash

bashlib.in

@@ -1,26 +1,20 @@
-#!/bin/bash
+#!@BASH@
 
 # Author:     darren chamberlain <[email protected]>
 # Co-Author:  Paul Bournival <[email protected]>
+# Co-Author:  Mikhail Novosyolov <[email protected]>
 #
 
-#######
-# Updated Oct 15 2004 by Tony Clayton <t ny-bashlib@clayt n.ca>
-#  * add safe_param() function with XSS and shell-invocation prevention
-#  * add extra "| tr -d '$`'" sanity check to name decoding to prevent shell
-#    invocation of param names.
-#  * ported function defs to be bash/ash compatible
-#######
-
 # bashlib is used by sourcing it at the beginning of scripts that
 # needs its functionality (by using the . or source commands).
 
 PATH=/bin:/usr/bin
 
 #
 # Set version number
+# Must be an integer because bash cannot compare float numbers
 #
-VERSION="0.05"
+VERSION="2"
 
 # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 # Initialization stuff begins here. These things run immediately, and
@@ -42,7 +36,7 @@ fi
 if [ -n "${QUERY_STRING}" ]; then 
   # name=value params, separated by either '&' or ';'
   if echo ${QUERY_STRING} | grep '=' >/dev/null ; then
-    for Q in $(@ECHO@ ${QUERY_STRING} | @TR@ ";&" "\012") ; do
+    for Q in $(echo ${QUERY_STRING} | @TR@ ";&" "\012") ; do
       #
       # Clear our local variables
       #
@@ -54,12 +48,12 @@ if [ -n "${QUERY_STRING}" ]; then
       # get the name of the key, and decode it
       #
       name=${Q%%=*}
-      name=$(@ECHO@ ${name} | \
+      name=$(echo ${name} | \
              @SED@ -e 's/%\(\)/\\\x/g' | \
              @TR@ "+" " ")
-      name=$(@ECHO@ ${name} | \
+      name=$(echo ${name} | \
              @TR@ -d ".-")
-      name=$(@PRINTF@ ${name} | @TR@ -d '$`')
+      name=$(printf ${name} | @TR@ -d '$`')
 
       #
       # get the value and decode it. This is tricky... printf chokes on
@@ -69,7 +63,7 @@ if [ -n "${QUERY_STRING}" ]; then
       # printf, and then remove it.
       #
       tmpvalue=${Q#*=}
-      tmpvalue=$(@ECHO@ ${tmpvalue} | \
+      tmpvalue=$(echo ${tmpvalue} | \
                  @SED@ -e 's/%\(..\)/\\\x\1 /g')
       #echo "Intermediate \$value: ${tmpvalue}" 1>&2
 
@@ -78,7 +72,7 @@ if [ -n "${QUERY_STRING}" ]; then
       # value
       #
       for i in ${tmpvalue}; do
-          g=$(@PRINTF@ ${i})
+          g=$(printf ${i})
           value="${value}${g}"
       done
       #value=$(echo ${value})
@@ -116,17 +110,17 @@ if [ -n "${HTTP_COOKIE}" ]; then
     # get the name of the key, and decode it
     #
     name=${Q%%=*}
-    name=$(@ECHO@ ${name} | \
+    name=$(echo ${name} | \
            @SED@ -e 's/%\(\)/\\\x/g' | \
            @TR@ "+" " ")
-    name=$(@ECHO@ ${name} | \
+    name=$(echo ${name} | \
            @TR@ -d ".-")
-    name=$(@PRINTF@ ${name})
+    name=$(printf ${name})
 
     # Decode the cookie value. See the parameter section above for
     # an explanation of what this is doing.
     tmpvalue=${Q#*=}
-    tmpvalue=$(@ECHO@ ${tmpvalue} | \
+    tmpvalue=$(echo ${tmpvalue} | \
                @SED@ -e 's/%\(..\)/\\\x\1 /g')
     #echo "Intermediate \$value: ${tmpvalue}" 1>&2
 
@@ -135,7 +129,7 @@ if [ -n "${HTTP_COOKIE}" ]; then
     # value
     #
     for i in ${tmpvalue}; do
-        g=$(@PRINTF@ ${i})
+        g=$(printf ${i})
         value="${value}${g}"
     done
     #value=$(echo ${value})
@@ -153,11 +147,11 @@ fi
 # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 #
 # Shameless plug, advertises verion.
-version {
+version() {
   echo "bashlib, version ${VERSION}"
 }
 
-version_html {
+version_html() {
   echo -n "<a href=\"http://sevenroot.org/dlc/2000/12/bashlib\">bashlib</a>,"
   echo "version ${VERSION}"
 }
@@ -178,15 +172,17 @@ param() {
   if [ $# -eq 1 ]; then
     name=$1
     name=$(echo ${name} | @SED@ -e 's/FORM_//')
-    value=$(@ENV@ | @GREP@ "^FORM_${name}" | @SED@ -e 's/FORM_//' | @CUT@ -d= -f2-)
+    value=$(@ENV@ | @GREP@ "^FORM_${name}=" | @SED@ -e 's/FORM_//' | @CUT@ -d= -f2-)
   elif [ $# -gt 1 ]; then
     name=$1
     shift
     eval "export 'FORM_${name}=$*'"
   else
     value=$(@ENV@ | @GREP@ '^FORM_' | @SED@ -e 's/FORM_//' | @CUT@ -d= -f1)
   fi
-  echo ${value}
+  # "+" is URL-encoded as "%2B", web server replaces spaces with "+", replace back,
+  # otherwise safe_param() just removes the "+" sign and looses the space.
+  echo "${value}" | @SED@ -e 's/+/ /'
   unset name
   unset value
 }

configure.in

@@ -4,6 +4,7 @@ dnl $Id$
 dnl ----------------------------------------------------------------------
 dnl bashlib 
 dnl Copyright (C) 2002-2005 darren chamberlain <[email protected]>
+dnl Copyright (C) 2018-2024 Mikhail Novosyolov <[email protected]>
 dnl 
 dnl This program is free software; you can redistribute it and/or modify
 dnl it under the terms of the GNU General Public License as published by
@@ -28,17 +29,16 @@ bashlib_version=0.5
 
 AC_INIT(bashlib.in)
 
+AC_PATH_PROG(BASH,    bash,    "")
 AC_PATH_PROG(AWK,     awk,     "")
 AC_PATH_PROG(CAT,     cat,     "")
 AC_PATH_PROG(CUT,     cut,     "")
 AC_PATH_PROG(CP,      cp,      "")
-AC_PATH_PROG(ECHO,    echo,    "")
 AC_PATH_PROG(ENV,     env,     "")
 AC_PATH_PROG(GREP,    grep,    "")
 AC_PATH_PROG(GZIP,    gzip,    "")
 AC_PATH_PROG(INSTALL, install, "")
 AC_PATH_PROG(MKDIR,   mkdir,   "")
-AC_PATH_PROG(PRINTF,  printf,  "")
 AC_PATH_PROG(RM,      rm,      "")
 AC_PATH_PROG(SED,     sed,     "")
 AC_PATH_PROG(TAR,     tar,     "")

examples/bashlib.sourceforge.net_backup.html

@@ -0,0 +1,111 @@
+<html>
+  <head>
+    <title>bashlib - CGI programming with the bash shell</title>
+  </head>
+<body>
+    <div align="center">
+    <h1>bashlib - CGI programming with the bash shell</h1>
+     <font size="-1">
+     [ <a style="text-decoration:none" href="http://sourceforge.net/projects/bashlib">Project Page</a>
+     | <a style="text-decoration:none" href="#why">Why?</a>
+     | <a style="text-decoration:none" href="#news">bashlib news</a>
+     | <a style="text-decoration:none" href="#how">How it came about</a>
+     | <a style="text-decoration:none" href="#using">Using bashlib</a> ]<br>
+
+     [ <a style="text-decoration:none" href="./cvx.php">CVs eXtender</a>
+     | <a style="text-decoration:none" href="#dontlike">Something you don't like?</a>
+     | <a style="text-decoration:none" href="#download">Getting bashlib</a>
+     | <a style="text-decoration:none" href="#resources">Other Resources</a>
+     | <a style="text-decoration:none" href="mailto:[email protected]">Comments?</a> ]
+     </font>
+    </div>
+ <h2><a name="why">Why?</a></h2>
+  <p>bashlib is a shell script that makes CGI programming in the bash shell easier, or at least more tolerable. It contains a few functions that get called automatically and place form elements (from POSTs and GETs) and cookies in your environment. It also contains complete documentation on how to use these variables and how to set cookies manually.</p>
+ <h2><a name="news">Recent bashlib News</a></h2>
+  <p>The most recent version of bashlib will always be available from <a
+  href="src/bashlib-current.tar.gz">http://bashlib.sourceforge.net/src/bashlib-current.tar.gz</a> and will
+  be browsable at <a
+  href="src/bashlib-current/">http://bashlib.sourceforge.net/src/bashlib-current/</a>.</p>
+  <p>Version 0.4 (<a href="src/bashlib-0.4.tar.gz">download</a> or <a href="src/bashlib-0.4/">browse</a>) of bashlib, released March 12, 2002, is fully autoconfiscated.  To install it, run <code>./configure</code> as usual.  If you check out the CVS version, you'll need <code>autoconf</code> installed to create the configure script from configure.in.</p>
+  <p>I released version 0.3 (<a href="src/bashlib-0.3.tar.gz">download</a> or <a href="src/bashlib-0.3/">browse</a>)of bashlib on February 21, 2001. The only difference between 0.3 and 0.2 is that the tarball works. I've been testing it for a while, and it definitely seems stable enough for real use. The interface has changed a little; the sample below reflects these changes.</p>
+ <h2><a name="how">How this came about, and what it is useful for</a></h2>
+  <p>Things such as this are born of necessity. My ISP, while being incredibly useful in most ways, doesn't have a recent version of Perl available for their casual users (e.g., dial-up accounts, with web pages in http://www.isp.net/~mylogin/) -- Perl is a "value-added" service. This was a great source of frustration for me, since I am a Perl programmer by day. So, I began rooting (not literally) around for other methods of writing CGI scripts, and realized that the shell, which I spent most of my time using, was not only a great generaly purpose scripting environment, but also a good one for CGI scripts. This naturally led me to forms and cookies, and here we are today.</p>
+  <p>No, I really don't have this much free time. The current release is the result of about a days worth of work (on and off throughout the day), with some help. Well, that's not quite true -- 9 years of using Unix went into it as well.</p>
+ <h2><a name="using">Using bashlib</a></h2>
+  <p>Using bashlib is pretty straight-forward. More important, however, is knowing what to do with the variables once they come into your script and knowing how to write CGI scripts. (This script is not running here, for obvious reasons.)</p>
+  <pre>
+#!/bin/bash
+
+# this sources bashlib into your current environment
+. /usr/local/lib/bashlib
+
+echo "Content-type: text/html"
+echo ""
+
+# OK, so we've sent the header... now send some content
+echo "&lt;html&gt;&lt;title&gt;Crack This Server&lt;/title&gt;&lt;body&gt;"
+
+# print a "hello" if the username is filled out
+username=`param username`
+if [ -n "x$username" != "x" ] ; then
+    echo "&lt;h1&gt;Hello, $username&lt;/h1&gt;
+fi
+
+echo "&lt;h2&gt;Users on `/bin/hostname`&lt;/h2&gt;"
+echo "&lt;ul&gt;"
+
+# for each user in the passwd file, print their login and full name
+# bold them if they are the current user
+for user in $(cat /etc/passwd | awk -F: '{print $1 "\t" $5}') ; do
+    echo "&lt;li&gt;"
+    if [ "$username" = "$user" ] ; then
+        echo "&lt;strong&gt;$user&lt;/strong&gt;"
+    else
+        echo "$user"
+    fi
+    echo "&lt;/li&gt;"
+done
+echo "&lt;/ul&gt;"
+echo "&lt;/body&gt;&lt;/html&gt;"
+  </pre>
+
+<!-- Other Resources -->
+
+ <h2><a name="resources">Other Resoruces</a></h2>
+  <ul>
+  <li>I recommend checking out <a
+  href="http://bashish.sourceforge.net/">bashish</a> if you use bash often; it is dedicated to the configuration of bash. Although it isn't helpful for CGI programming in bash, it makes day to day usage of bash quite nice. To quote:</li>
+  <blockquote>
+Bashish is a theme engine for the console.<br />
+It lets you customize title, prompt, background, foreground, colors, font and a lot of other things.<br />
+Bashish is also very configurable, you can turn on and off nearly all features.<br />
+  </blockquote>
+  <li><a href="http://txt2regex.sourceforge.net/">^txt2regex$</a> is a Regular Expression "wizard", all written with bash2 builtins, that converts human sentences to RegExs. with a simple interface, you just answer to questions and build your own RegEx for a large variety of programs, like awk, ed, emacs, grep, perl, php, procmail, python, sed and vim. there are more than 20 supported programs. it's bash so download and run, no compilation needed.</li>
+  <li>For folks who do a lot of command-line-based web work, <a href="http://surfaw.sourceforge.net">surfaw</a> might be useful:</li>
+  <blockquote>
+    Surfraw (Shell Users' Revolutionary Front Rage Against the Web) provides a Unix command line interface to a variety of popular Web search engines and sites, including Google, Altavista, Babelfish, Raging, DejaNews, Research Index, Yahoo!, WeatherNews, Slashdot, freshmeat, and many others.
+  </blockquote>
+ <li>The <a href="http://www.linuxdoc.org/HOWTO/Bash-Prog-Intro-HOWTO.html">BASH Programming - Introduction HOW-TO</a> and <a href="http://linuxdoc.org/HOWTO/Adv-Bash-Scr-HOWTO/index.html">Advanced Bash-Scripting HOWTO: A guide to shell scripting, using Bash</a> are very, very useful.</li>
+ <li>I just came across Prentice Hall's 1996 book <a href="http://vig.prenhall.com/catalog/academic/product/1,4096,0134514947,00.html">Portable Shell Programming</a>, and it is wonderful. All the examples are pure Bourne shell, so they are (naturally) portable, and also very informative.</li>
+ <li>And, finally, while it's not free, David Tansley's <a
+ href="http://204.179.152.61/book/0,3828,0201674726,00.html">Linux &amp; Unix Shell Programming</a> is a wonderful resource (get it from <a href="http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0201674726&vm=">fatbrain</a>).</li>
+  </ul>
+
+<!-- Something you don't like? -->
+
+ <h2><a name="dontlike">Something you don't like?</h2>
+  <p>OK, so there's probably something in here you think should be different, could be better, etc. Well, drop me a line (email me at <a href="mailto:[email protected]">[email protected]</a>) and let me know. You can write it out in words ("bashlib should uuencode GIFs on the fly"), provide a patch (via <tt>diff -u</tt>), or rewrite the whole thing (try to keep it in shell, though). All reasonable emails will be read, and probably answered as well.</p>
+
+<!-- Getting bashlib -->
+
+ <h2><a name="download">Getting bashlib</a></h2>
+  <p>bashlib is a pretty short script (as libraries go), and all versions can be browsed <a href="./src/">here</a>. It is available for download from <a href="//sourceforge.net/">Sourceforge</a> at <a href="//bashlib.sourceforge.net/src/bashlib-0.4.tar.gz">http</a>.</p>
+  <p>bashlib is also available from anonymous <a href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/bashlib/">CVS</a>. The CVS repository can be checked out through anonymous (pserver) CVS. When prompted for a password for anonymous, simply press the Enter key.</p>
+<pre>
+cvs -d:pserver:[email protected]:/cvsroot/bashlib login 
+cvs -z3 -d:pserver:[email protected]:/cvsroot/bashlib co bashlib
+</pre>
+  <div align="center">
+    <a href="//sourceforge.net/"><img src="http://sourceforge.net/sflogo.php?group_id=9721&type=1" width="88" height="31" border="0" alt="SourceForge Logo"></a>
+  </div>
+</body></html>

examples/promo-codes.sh

@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+# CGI script
+# Does not work with FastCGI (fcgi) because it requires additional communication, see https://unix.stackexchange.com/a/241694
+set -e
+set -f
+#set -u # BAH01215: ./bashlib: line 82: value: unbound variable
+
+# https://stackoverflow.com/questions/3919755/how-to-parse-query-string-from-a-bash-cgi-script
+
+# source bashlib https://github.com/mikhailnov/bashlib
+. ./bashlib 2>/dev/null || . bashlib || ( echo "Failed to source bashlib!" ; exit 1 )
+
+# get file with promo codes
+for file in './promo_codes_1.txt' '/var/www/domain.tld/promo_codes_1.txt'
+do
+	[ -f "$file" ] && file_codes="$file" && break
+done
+
+do_redirect_back(){
+code_error_type="${code_error_type:-неверный}"
+echo -n "
+<head><meta charset=\"utf-8\"></head>
+<body><center>
+Ошибка: вы ввели ${code_error_type} промо-код!
+<br>
+<form><input type=\"button\" value=\"Вернуться назад\" onclick=\"history.back()\"></form>
+</center></body>"
+}
+
+do_redirect_forward(){
+redir_URL='https://domain.tld/page2'
+echo -n "
+<head>
+<meta charset=\"utf-8\">
+<meta http-equiv=\"refresh\" content=\"0;${redir_URL}\">
+</head>
+<body>
+Вы будете перенаправлены на страницу записи. Если она не открылась, перейдите по <a href=\"${redir_URL}\">ссылке</a>.
+</body>"
+}
+
+write_used_code(){
+	# used codes will be converted to empty lines
+	# TODO: check if this file is writable and redirect back in case of error
+	sed -e "s/${code}//g" -i "$file_codes"
+}
+
+code="$(param code)"
+if grep -q "$code" "$file_codes"
+	then write_used_code && do_redirect_forward # don't redirect if failed to write_used_code
+	else do_redirect_back
+fi

examples/write-to-file.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Example request:
+# http://localhost/cgi-bin/r8168.cgi?rev=0x00&probe=b0cdd5070e
+
+# https://github.com/mikhailnov/bashlib, https://abf.io/import/bashlib
+. bashlib ||{ echo "Failed to source bashlib!" ; exit 1 ;}
+
+readonly file="/var/www/r8168.list"
+readonly lock="/var/www/r8168.lock"
+readonly rev="$(safe_param rev)"
+readonly probe="$(safe_param probe)"
+
+# possible values: 0x15, 0x09
+if ! [[ "$rev" =~ ^0x..$ ]]; then
+	echo "Status: 400 Bad request"
+	echo "Content-Type: text/plain; charset=utf-8"
+	echo ""
+	echo "Incorrect value of rev"
+	exit 1
+fi
+
+if [ ${#probe} -gt 20 ] || ! [[ "$probe" =~ ^[a-zA-Z0-9]+$ ]]; then
+	echo "Status: 400 Bad request"
+	echo "Content-Type: text/plain; charset=utf-8"
+	echo ""
+	echo "Incorrect value of probe"
+	exit 1
+fi
+
+set -e
+echo "$rev;$probe" | flock "$lock" tee -a "$file" >/dev/null
+echo "Status: 200 OK"
+echo "Content-Type: text/plain; charset=utf-8"
+echo ""
+echo "OK"