===================================================================
RCS file: /home/cvs/OpenXM/src/kan96xx/Doc/httpd-rpc.sm1,v
retrieving revision 1.2
retrieving revision 1.5
diff -u -p -r1.2 -r1.5
--- OpenXM/src/kan96xx/Doc/httpd-rpc.sm1	2002/10/24 02:12:34	1.2
+++ OpenXM/src/kan96xx/Doc/httpd-rpc.sm1	2002/10/24 07:45:03	1.5
@@ -1,4 +1,4 @@
-%% $OpenXM: OpenXM/src/kan96xx/Doc/httpd-rpc.sm1,v 1.1 2002/10/23 13:38:50 takayama Exp $
+%% $OpenXM: OpenXM/src/kan96xx/Doc/httpd-rpc.sm1,v 1.4 2002/10/24 05:42:00 takayama Exp $
 %% http server by sm1. Used for RPC.  Generic example.
 
 [(parse) (httpd.sm1) pushfile] extension pop
@@ -44,13 +44,16 @@ oxNoX 
        [
          ox.win.start.0 aload pop
          (iexplore)   %% Starting internet explorer (TM).
-         [(http://localhost:) httpd.port toString] cat
+         [(http://) [(sm1.socket) (gethostname) []] extension 
+          (:) httpd.port toString] cat
        ]
        [  ]
       3] extension
    }{
       %% On unix.
-      [(sleep 3 ; netscape http://localhost:) httpd.port toString ( & ) ] cat
+      [(sleep 3 ; netscape http://) 
+                 [(sm1.socket) (gethostname) []] extension 
+                (:) httpd.port toString ( & ) ] cat
       system
    } ifelse
 
@@ -63,7 +66,7 @@ oxNoX 
 /httpd_action {
   [/in-httpd /ff /httpd.com /httpd.result /sss
    /sss.engine /sss.web /err
-   /oxserver.vname
+   /oxserver.vname /scheck
   ] pushVariables
   [
   {
@@ -85,6 +88,20 @@ oxNoX 
           httpd.com metaCommand {
             httpd.textarea.valid {
 
+              %%% Security check
+              [(regionMatches) httpd.com 
+               httpd.refusedCommands] extension /scheck set
+              scheck 0 get -1 eq {
+              }{ 
+                httpd.refusedCommands scheck 2 get get message
+                (Command is refused.) message
+                [
+                 httpd.refusedCommands scheck 2 get get
+                 httpd.com
+                ]
+                 send-page-refused exit
+              } ifelse
+
               %%%  Executing command, here.
               oxasir.ccc 
               httpd.com cookedCommand 
@@ -215,7 +232,8 @@ oxNoX 
    /result arg1 def
    (HTTP/0.9 200 OK) sendln
    (Connection: close) sendln
-   (Content-Type: text/html) sendln
+   [(Content-length: ) result length toString ] cat sendln
+   (Content-Type: text/plain) sendln
    0 sendln
 
    result sendln
@@ -225,6 +243,32 @@ oxNoX 
   popVariables
 } def
 
+/send-page-refused {  
+  /arg1 set
+  [/in-send-page-refused /reason] pushVariables
+  [
+   /reason arg1 def
+   (HTTP/0.9 200 OK) sendln
+   (Connection: close) sendln
+   (Content-Type: text/html) sendln
+   0 sendln
+
+  (<H2> Your request is refused. </H2> <br> ) sendln
+  (Because your input contains the key word <font color="red">) sendln
+  reason 0 get sendln
+  ( </font> ) sendln
+  (<br> <br>) sendln
+  (Your input is <br> ) sendln
+  (<pre> ) sendln
+  reason 1 get sendln
+  (</pre> ) sendln
+
+   0 sendln
+   [(flush)] extension
+  ] pop
+  popVariables
+} def
+
 %% **** Overwrites the definition in httpd.sm1
 /httpd_startserver {
    (httpd server accessible outside localhost.) message
@@ -254,3 +298,11 @@ oxNoX 
   popVariables
   arg1
 } def
+/httpd.refusedCommands 
+   [(shell) (eval_str) (ox_) (sm1_) (m_) 
+    (connect) (load)  (bload) (bsave) 
+    (end) (quit) (output) (bload27) (open)
+    (plot) (ctrl) (debug) (error) (port) (bind) (accept)
+    (draw) 
+   ]
+def