/* 
  (c) steve at steve dash parker dot org
  Released under GPL version 2 (http://www.gnu.org/copyleft/gpl.html)
   This program is free software; you can redistribute it and/or modify
   it under the terms of Version 2 of the the GNU General Public License
   as published by the Free Software Foundation. Any later versions of
   the GPL will be evaluated as they are released, and this software may
   or may not be re-released under those terms also.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

  See the included file COPYING for more details.
*/

/*
*	This is the same as hex2env.c, but it
*	includes extras to convert some stuff into
*	HTML. For example, "<" becomes "&lt;" - this
*	is useful for avoiding user-inputted exploits.
*		
*	This was written for an HTML form-based input, so 
*	that if someone enters: <a href="http://steve-parker.org/">steve</a>
*	and I post its contents online, then their link is not
*	posted on my site as a link. Ie, it removes their formatting,
*	but not their text.
*	
*	I've probably missed a few.
*/

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char ** argv)
{
  int i;
  char c;
  char param[2][4096];
  int k=0;
  int p=0; 
  int inc;

  for (i=0; i<strlen(argv[1]); i++)
  {
    c=argv[1][i];
    inc=1;
    switch(c) 
    {
     case '+': c=' ';
      break;
     case '=':
         if (p==0) 
             {
                // first '=' ie name=val but val can contain '='!
                param[p][k]='\0';
                //printf("lhs='%s'.\n", param[0]);
                p=1; k=0; inc=0;
             }
            break;
     case '&':
           param[p][k]='\0';
       //    setenv(param[0], param[1], 1);
                //printf("rhs='%s'.\n", param[1]);
           printf("%s=\"%s\"", param[0], param[1]);
           k=0; p=0; c='\n';
          break;
     case '%':
        i++;
        if (argv[1][i] > 64)
          c=((argv[1][i]-55)*16);
        else
          if (argv[1][i] > 47)
            c=((argv[1][i]-48)*16);
            
        i++;
        if (argv[1][i] > 64)
          c+=(argv[1][i]-55);
        else
          if (argv[1][i] > 47)
            c+=(argv[1][i]-48);

        break;
             

       } // switch
/* This is the start of the new bit which sorts HTML formatting */
  if (inc==1)
  {
      //printf("Adding %c...\n", c);
      if (c == '"') {
        param[p][k++]='&'; 
        param[p][k++]='q'; 
        param[p][k++]='u'; 
        param[p][k++]='o'; 
        param[p][k++]='t'; 
        param[p][k++]=';'; 
      }
      else if (c == '>') {
        param[p][k++]='&'; 
        param[p][k++]='g'; 
        param[p][k++]='t'; 
        param[p][k++]=';'; 
      }
      else if (c == '<') {
        param[p][k++]='&'; 
        param[p][k++]='l'; 
        param[p][k++]='t'; 
        param[p][k++]=';'; 
      }
      else 
        param[p][k++]=c;
   }
  }
/* This is the end of the new bit which sorts HTML formatting */
           //setenv(param[0], param[1], 1);
           param[p][k]='\0';
           printf("%s=\"%s\"\n", param[0], param[1]);
           //printf("setenv %s %s\n", param[0], param[1]);
return 0;
}