[dev] [sw] Suckless web-framework

[node]

This code is horrible

> #!/bin/sh
> # sw - 2010 - nibble <develsec.org>
>
> # Configuration
> TITLE="foo.org"           # Site title
> SUBTITLE=""               # Site subtitle
> SITE="site"               # Site folder
# grep thinks the second argument is a file
> BL="^index.md$ ^images$"  # Black list
  BL="^index.md$\|^images$" # Black list
> BIN="/sw"                 # CGI location
> STYLE="/style.css"        # Stylesheet location
> # External apps
> MDHANDLER="/usr/local/bin/md2html.awk" # md handler
>
> echo Content-type: text/html
> echo

# Two expensive subshells... not to mention testing for zero/non-zero
# length string is redundant when grep's $? is enough
> if [ -z "`echo ${REQUEST_URI} | grep -F "${BIN}"`" ] || \
>    [ -n "`echo ${REQUEST_URI} | grep "[^a-zA-Z0-9_\./ ]\+"`" ]; then
  echo "$REQUEST_URI" | if grep -Fvq "$BIN" || grep -q '[[:alnum:]_\./
]\+'; then
>       echo "<script>window.location=\"${BIN}\";</script>"
>       exit 1
> fi

# echo | blah is becoming rampant; let's not ignore it this time
> QUERY=`echo ${REQUEST_URI} | sed -e "s,.*${BIN}/*\(.*\),\1,"`
  QUERY=`sed "s,.*$BIN/*\(.*\),\1," <<-!
        $REQUEST_URI
        !

# Why heredoc instead of subshell?
# Compare: time for i in `seq 1 1000`; do echo str | grep pattern
>/dev/null; done
# ...with: time for i in `seq 1 1000`; do grep pattern >/dev/null <<-!
#                                       str
#                                       !
#                                       done

> DIR="."
> FILE="index.md"
# No need for -[nz], ever
> if [ -n "${QUERY}" ]; then
  if [ "$QUERY" ]; then
>       if [ -f "${SITE}/${QUERY}" ]; then
                # heredocs can also contain subshells... you save one
                # from `cmd | cmd`
>               DIR=`dirname ${QUERY} | sed -e "s,/*$,,"`
>               FILE=${QUERY}
>       elif [ -d "${SITE}/${QUERY}" ]; then
>               DIR=`echo ${QUERY} | sed -e "s,/*$,,"`
>               FILE="$DIR/index.md"
>       fi
> fi

> sw_menu() {
>       BL=`echo ${BL} | sed -e "s/\( \+\|^\)/ -e /g"`
>       echo "<ul>"
>       [ "${DIR}" != "." ] && echo "<li><a 
> href=\"${BIN}/${DIR}/..\">..</a></li>"
        # Please don't use ls in scripts -- make them newline/special char
        # friendly. Also, it's quite possible that BL has characters
        # that the shell can misinterpret. Quote it.
>       for i in `ls ${SITE}/${DIR} | grep -v ${BL}`; do
        cd "$SITE/$DIR"
        for i in *; do
        if grep -q "$BL\|\*" <<-!
                $i
                !
        then
                continue
        fi
>               NAME=`echo ${i} | sed -e "s/\..*$//" -e "s/_/ /g" \
>                        -e "s/\([a-z]\?\)\(.*\)/\u\1\2/"`
>               echo "<li><a href=\"${BIN}/${DIR}/${i}\">${NAME}</a></li>"
>       done
>       echo "</ul>"
> }
<snip>