- update CHANGES with recent changes
- export esacpe_html() and use it in directory indexing - update manual to include recent contributors
This commit is contained in:
parent
52a1560729
commit
a4b84ca096
|
@ -1,6 +1,10 @@
|
|||
$eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
|
||||
|
||||
changes since bozohttpd 20111118:
|
||||
o properly escape generated HTML
|
||||
o add authentication for redirections, from martin@netbsd.org
|
||||
o handle chained ssl certifications, from elric@netbsd.org
|
||||
o add basic support for gzipped files, from elric@netbsd.org
|
||||
o properly escape generated URIs
|
||||
|
||||
changes since bozohttpd 20100920:
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
.\" $NetBSD: bozohttpd.8,v 1.36 2013/03/02 16:45:31 ryoon Exp $
|
||||
.\" $NetBSD: bozohttpd.8,v 1.37 2013/07/11 07:44:19 mrg Exp $
|
||||
.\"
|
||||
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1997-2010 Matthew R. Green
|
||||
.\" Copyright (c) 1997-2013 Matthew R. Green
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
|
@ -26,7 +26,7 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd February 20, 2012
|
||||
.Dd June 11, 2013
|
||||
.Dt HTTPD 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -485,7 +485,7 @@ The focus has always been simplicity and security, with minimal features
|
|||
and regular code audits.
|
||||
This manual documents
|
||||
.Nm
|
||||
version 20100920.
|
||||
version 20130711.
|
||||
.Sh AUTHORS
|
||||
.Nm
|
||||
was written by Matthew R. Green
|
||||
|
@ -531,13 +531,17 @@ Alistair G. Crooks
|
|||
cleaned up many internal interfaces, made bozohttpd linkable as a
|
||||
library and provided the lua binding.
|
||||
.It
|
||||
Roland Dowdeswell
|
||||
.Aq elric@netbsd.org
|
||||
added support for serving gzipped files and better SSL handling
|
||||
.It
|
||||
Jun-ichiro itojun Hagino, KAME
|
||||
.Aq itojun@iijlab.net
|
||||
provided initial IPv6 support
|
||||
.It
|
||||
Martin Husemann
|
||||
.Aq martin@netbsd.org
|
||||
provided .bzabsredirect support
|
||||
provided .bzabsredirect support, and fixed various redirection issues
|
||||
.It
|
||||
Arto Huusko
|
||||
.Aq arto.huusko@pp2.inet.fi
|
||||
|
@ -555,6 +559,10 @@ Nicolas Jombart
|
|||
.Aq ecu@ipv42.net
|
||||
provided fixes for HTTP basic authorisation support
|
||||
.It
|
||||
Antti Kantee
|
||||
.Aq pooka@netbsd.org
|
||||
provided fixes for HTTP basic authorisation support
|
||||
.It
|
||||
Thomas Klausner
|
||||
.Aq wiz@danbala.ifoer.tuwien.ac.at
|
||||
provided many fixes and enhancements for the man page
|
||||
|
@ -563,6 +571,12 @@ Johnny Lam
|
|||
.Aq jlam@netbsd.org
|
||||
provided man page fixes
|
||||
.It
|
||||
Julio Merino
|
||||
.Aq jmmv@netbsd.org
|
||||
Added the
|
||||
.Fl P
|
||||
option.
|
||||
.It
|
||||
Luke Mewburn
|
||||
.Aq lukem@netbsd.org
|
||||
provided many various fixes, including cgi-bin fixes and enhancements,
|
||||
|
@ -590,6 +604,10 @@ provided the
|
|||
.Fl V
|
||||
option.
|
||||
.It
|
||||
Thor Lancelot Simon
|
||||
.Aq tls@netbsd.org
|
||||
enhanced cgi-bin support.
|
||||
.It
|
||||
Joerg Sonnenberger
|
||||
.Aq joerg@netbsd.org
|
||||
implemented If-Modified-Since support
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: bozohttpd.c,v 1.39 2013/06/27 13:11:11 martin Exp $ */
|
||||
/* $NetBSD: bozohttpd.c,v 1.40 2013/07/11 07:44:19 mrg Exp $ */
|
||||
|
||||
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
|
||||
|
||||
|
@ -109,7 +109,7 @@
|
|||
#define INDEX_HTML "index.html"
|
||||
#endif
|
||||
#ifndef SERVER_SOFTWARE
|
||||
#define SERVER_SOFTWARE "bozohttpd/20111118"
|
||||
#define SERVER_SOFTWARE "bozohttpd/20130711"
|
||||
#endif
|
||||
#ifndef DIRECT_ACCESS_FILE
|
||||
#define DIRECT_ACCESS_FILE ".bzdirect"
|
||||
|
@ -854,7 +854,7 @@ parse_http_date(const char *val, time_t *timestamp)
|
|||
* to be updated for any sort of parallel processing.
|
||||
*/
|
||||
char *
|
||||
escape_rfc3986(bozohttpd_t *httpd, const char *url)
|
||||
bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url)
|
||||
{
|
||||
static char *buf;
|
||||
static size_t buflen = 0;
|
||||
|
@ -965,7 +965,7 @@ handle_redirect(bozo_httpreq_t *request,
|
|||
url = urlbuf;
|
||||
} else
|
||||
urlbuf = NULL;
|
||||
url = escape_rfc3986(request->hr_httpd, url);
|
||||
url = bozo_escape_rfc3986(request->hr_httpd, url);
|
||||
|
||||
if (request->hr_query && strlen(request->hr_query))
|
||||
query = 1;
|
||||
|
@ -1083,7 +1083,7 @@ check_virtual(bozo_httpreq_t *request)
|
|||
/* found it, punch it */
|
||||
debug((httpd, DEBUG_OBESE, "found it punch it"));
|
||||
request->hr_virthostname =
|
||||
bozostrdup(httpd,d->d_name);
|
||||
bozostrdup(httpd, d->d_name);
|
||||
if (asprintf(&s, "%s/%s", httpd->virtbase,
|
||||
request->hr_virthostname) < 0)
|
||||
bozo_err(httpd, 1, "asprintf");
|
||||
|
@ -1739,12 +1739,20 @@ bozo_err(bozohttpd_t *httpd, int code, const char *fmt, ...)
|
|||
exit(code);
|
||||
}
|
||||
|
||||
/* this escape HTML tags */
|
||||
static void
|
||||
escape_html(bozo_httpreq_t *request)
|
||||
/*
|
||||
* this escapes HTML tags. returns allocated escaped
|
||||
* string if needed, or NULL on allocation failure or
|
||||
* lack of escape need.
|
||||
* call with NULL httpd in error paths, to avoid recursive
|
||||
* malloc failure. call with valid httpd in normal paths
|
||||
* to get automatic allocation failure handling.
|
||||
*/
|
||||
char *
|
||||
bozo_escape_html(bozohttpd_t *httpd, const char *url)
|
||||
{
|
||||
int i, j;
|
||||
char *url = request->hr_file, *tmp;
|
||||
char *tmp;
|
||||
size_t len;
|
||||
|
||||
for (i = 0, j = 0; url[i]; i++) {
|
||||
switch (url[i]) {
|
||||
|
@ -1759,16 +1767,17 @@ escape_html(bozo_httpreq_t *request)
|
|||
}
|
||||
|
||||
if (j == 0)
|
||||
return;
|
||||
return NULL;
|
||||
|
||||
if ((tmp = (char *) malloc(strlen(url) + j)) == 0)
|
||||
/*
|
||||
* ouch, but we are only called from an error context, and
|
||||
* most paths here come from malloc(3) failures anyway...
|
||||
* we could completely punt and just exit, but isn't returning
|
||||
* an not-quite-correct error better than nothing at all?
|
||||
*/
|
||||
return;
|
||||
/*
|
||||
* we need to handle being called from different
|
||||
* pathnames.
|
||||
*/
|
||||
len = strlen(url) + j;
|
||||
if (httpd)
|
||||
tmp = bozomalloc(httpd, len);
|
||||
else if ((tmp = malloc(len)) == 0)
|
||||
return NULL;
|
||||
|
||||
for (i = 0, j = 0; url[i]; i++) {
|
||||
switch (url[i]) {
|
||||
|
@ -1790,8 +1799,7 @@ escape_html(bozo_httpreq_t *request)
|
|||
}
|
||||
tmp[j] = 0;
|
||||
|
||||
free(request->hr_file);
|
||||
request->hr_file = tmp;
|
||||
return tmp;
|
||||
}
|
||||
|
||||
/* short map between error code, and short/long messages */
|
||||
|
@ -1865,14 +1873,19 @@ bozo_http_error(bozohttpd_t *httpd, int code, bozo_httpreq_t *request,
|
|||
portbuf[0] = '\0';
|
||||
|
||||
if (request && request->hr_file) {
|
||||
escape_html(request);
|
||||
char *file = NULL;
|
||||
|
||||
/* bozo_escape_html() failure here is just too bad. */
|
||||
file = bozo_escape_html(NULL, request->hr_file);
|
||||
if (file == NULL)
|
||||
file = request->hr_file;
|
||||
size = snprintf(httpd->errorbuf, BUFSIZ,
|
||||
"<html><head><title>%s</title></head>\n"
|
||||
"<body><h1>%s</h1>\n"
|
||||
"%s: <pre>%s</pre>\n"
|
||||
"<hr><address><a href=\"http://%s%s/\">%s%s</a></address>\n"
|
||||
"</body></html>\n",
|
||||
header, header, request->hr_file, reason,
|
||||
header, header, file, reason,
|
||||
hostname, portbuf, hostname, portbuf);
|
||||
if (size >= (int)BUFSIZ) {
|
||||
bozo_warn(httpd,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: bozohttpd.h,v 1.24 2013/06/27 10:01:31 martin Exp $ */
|
||||
/* $NetBSD: bozohttpd.h,v 1.25 2013/07/11 07:44:19 mrg Exp $ */
|
||||
|
||||
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
|
||||
|
||||
|
@ -193,7 +193,8 @@ int bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
|
|||
int bozo_check_special_files(bozo_httpreq_t *, const char *);
|
||||
char *bozo_http_date(char *, size_t);
|
||||
void bozo_print_header(bozo_httpreq_t *, struct stat *, const char *, const char *);
|
||||
char *escape_rfc3986(bozohttpd_t *httpd, const char *url);
|
||||
char *bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url);
|
||||
char *bozo_escape_html(bozohttpd_t *httpd, const char *url);
|
||||
|
||||
char *bozodgetln(bozohttpd_t *, int, ssize_t *, ssize_t (*)(bozohttpd_t *, int, void *, size_t));
|
||||
char *bozostrnsep(char **, const char *, ssize_t *);
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
/* $NetBSD: content-bozo.c,v 1.7 2011/11/18 09:51:31 mrg Exp $ */
|
||||
/* $NetBSD: content-bozo.c,v 1.8 2013/07/11 07:44:19 mrg Exp $ */
|
||||
|
||||
/* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1997-2011 Matthew R. Green
|
||||
* Copyright (c) 1997-2013 Matthew R. Green
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
@ -73,6 +73,7 @@ static bozo_content_map_t static_content_map[] = {
|
|||
{ ".z", 2, "unknown", "x-pack", "x-pack", NULL },
|
||||
{ ".bz2", 4, "application/x-bzip2", "x-bzip2", "x-bzip2", NULL },
|
||||
{ ".ogg", 4, "application/x-ogg", "", "", NULL },
|
||||
{ ".mkv", 4, "video/x-matroska", "", "", NULL },
|
||||
{ ".xbel", 5, "text/xml", "", "", NULL },
|
||||
{ ".xml", 4, "text/xml", "", "", NULL },
|
||||
{ ".xsl", 4, "text/xml", "", "", NULL },
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: dir-index-bozo.c,v 1.15 2012/07/19 09:53:06 mrg Exp $ */
|
||||
/* $NetBSD: dir-index-bozo.c,v 1.16 2013/07/11 07:44:19 mrg Exp $ */
|
||||
|
||||
/* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */
|
||||
|
||||
|
@ -127,7 +127,7 @@ bozo_dir_index(bozo_httpreq_t *request, const char *dirname, int isindex)
|
|||
j--; de++) {
|
||||
int nostat = 0;
|
||||
char *name = (*de)->d_name;
|
||||
char *urlname;
|
||||
char *urlname, *htmlname;
|
||||
|
||||
if (strcmp(name, ".") == 0 ||
|
||||
(strcmp(name, "..") != 0 &&
|
||||
|
@ -140,21 +140,26 @@ bozo_dir_index(bozo_httpreq_t *request, const char *dirname, int isindex)
|
|||
|
||||
l = 0;
|
||||
|
||||
urlname = escape_rfc3986(httpd, name);
|
||||
urlname = bozo_escape_rfc3986(httpd, name);
|
||||
htmlname = bozo_escape_html(httpd, name);
|
||||
if (htmlname == NULL)
|
||||
htmlname = name;
|
||||
if (strcmp(name, "..") == 0) {
|
||||
bozo_printf(httpd, "<a href=\"../\">");
|
||||
l += bozo_printf(httpd, "Parent Directory");
|
||||
} else if (S_ISDIR(sb.st_mode)) {
|
||||
bozo_printf(httpd, "<a href=\"%s/\">", urlname);
|
||||
l += bozo_printf(httpd, "%s/", name);
|
||||
l += bozo_printf(httpd, "%s/", htmlname);
|
||||
} else if (strchr(name, ':') != NULL) {
|
||||
/* RFC 3986 4.2 */
|
||||
bozo_printf(httpd, "<a href=\"./%s\">", urlname);
|
||||
l += bozo_printf(httpd, "%s", name);
|
||||
l += bozo_printf(httpd, "%s", htmlname);
|
||||
} else {
|
||||
bozo_printf(httpd, "<a href=\"%s\">", urlname);
|
||||
l += bozo_printf(httpd, "%s", name);
|
||||
l += bozo_printf(httpd, "%s", htmlname);
|
||||
}
|
||||
if (htmlname != name)
|
||||
free(htmlname);
|
||||
bozo_printf(httpd, "</a>");
|
||||
|
||||
/* NAMELEN spaces */
|
||||
|
|
Loading…
Reference in New Issue