Fossil SCM
Fixes to the automatic HTTPS redirector.
Commit
14ff7af42ece5597d604c381e27bb4585525860c6b74feb49a3ffedbb96825e9
Parent
f372e1897917761…
2 files changed
+1
-1
+11
-12
+1
-1
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -354,11 +354,11 @@ | ||
| 354 | 354 | /* |
| 355 | 355 | ** Do a redirect request to the URL given in the argument. |
| 356 | 356 | ** |
| 357 | 357 | ** The URL must be relative to the base of the fossil server. |
| 358 | 358 | */ |
| 359 | -NORETURN static void cgi_redirect_with_status( | |
| 359 | +NORETURN void cgi_redirect_with_status( | |
| 360 | 360 | const char *zURL, |
| 361 | 361 | int iStat, |
| 362 | 362 | const char *zStat |
| 363 | 363 | ){ |
| 364 | 364 | char *zLocation; |
| 365 | 365 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -354,11 +354,11 @@ | |
| 354 | /* |
| 355 | ** Do a redirect request to the URL given in the argument. |
| 356 | ** |
| 357 | ** The URL must be relative to the base of the fossil server. |
| 358 | */ |
| 359 | NORETURN static void cgi_redirect_with_status( |
| 360 | const char *zURL, |
| 361 | int iStat, |
| 362 | const char *zStat |
| 363 | ){ |
| 364 | char *zLocation; |
| 365 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -354,11 +354,11 @@ | |
| 354 | /* |
| 355 | ** Do a redirect request to the URL given in the argument. |
| 356 | ** |
| 357 | ** The URL must be relative to the base of the fossil server. |
| 358 | */ |
| 359 | NORETURN void cgi_redirect_with_status( |
| 360 | const char *zURL, |
| 361 | int iStat, |
| 362 | const char *zStat |
| 363 | ){ |
| 364 | char *zLocation; |
| 365 |
+11
-12
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -1355,13 +1355,14 @@ | ||
| 1355 | 1355 | /* |
| 1356 | 1356 | ** Redirect to the equivalent HTTPS request if the current connection is |
| 1357 | 1357 | ** insecure and if the redirect-to-https flag greater than or equal to |
| 1358 | 1358 | ** iLevel. iLevel is 1 for /login pages and 2 for every other page. |
| 1359 | 1359 | */ |
| 1360 | -void fossil_redirect_to_https_if_needed(int iLevel){ | |
| 1360 | +int fossil_redirect_to_https_if_needed(int iLevel){ | |
| 1361 | 1361 | if( fossil_wants_https(iLevel) ){ |
| 1362 | 1362 | const char *zQS = P("QUERY_STRING"); |
| 1363 | + char *zURL; | |
| 1363 | 1364 | if( P("redir")!=0 ){ |
| 1364 | 1365 | style_header("Insecure Connection"); |
| 1365 | 1366 | @ <h1>Unable To Establish An Encrypted Connection</h1> |
| 1366 | 1367 | @ <p>This website requires an encrypted connection. |
| 1367 | 1368 | @ The current connection is not encrypted |
| @@ -1370,19 +1371,22 @@ | ||
| 1370 | 1371 | @ the connection is still insecure even after the redirect.</p> |
| 1371 | 1372 | @ <p>This is probably some kind of configuration problem. Please |
| 1372 | 1373 | @ contact your sysadmin.</p> |
| 1373 | 1374 | @ <p>Sorry it did not work out.</p> |
| 1374 | 1375 | style_footer(); |
| 1375 | - return; | |
| 1376 | + cgi_reply(); | |
| 1377 | + return 1; | |
| 1376 | 1378 | } |
| 1377 | - if( zQS==0 ){ | |
| 1378 | - zQS = "?redir=1"; | |
| 1379 | + if( zQS==0 || zQS[0]==0 ){ | |
| 1380 | + zURL = mprintf("%s%T?redir=1", g.zHttpsURL, P("PATH_INFO")); | |
| 1379 | 1381 | }else if( zQS[0]!=0 ){ |
| 1380 | - zQS = mprintf("?%s&redir=1", zQS); | |
| 1382 | + zURL = mprintf("%s%T?%s&redir=1", g.zHttpsURL, P("PATH_INFO"), zQS); | |
| 1381 | 1383 | } |
| 1382 | - cgi_redirectf("%s%T%s", g.zHttpsURL, P("PATH_INFO"), zQS); | |
| 1384 | + cgi_redirect_with_status(zURL, 301, "Moved Permanently"); | |
| 1385 | + return 1; | |
| 1383 | 1386 | } |
| 1387 | + return 0; | |
| 1384 | 1388 | } |
| 1385 | 1389 | |
| 1386 | 1390 | /* |
| 1387 | 1391 | ** Preconditions: |
| 1388 | 1392 | ** |
| @@ -1651,20 +1655,15 @@ | ||
| 1651 | 1655 | ** payload, then pretend that the PATH_INFO is /xfer so that we always |
| 1652 | 1656 | ** invoke the sync page. */ |
| 1653 | 1657 | zPathInfo = "/xfer"; |
| 1654 | 1658 | } |
| 1655 | 1659 | |
| 1656 | - /* If the inbound request is unencrypted and if the redirect-to-https | |
| 1657 | - ** setting is 2 or more, then immediately redirect the equivalent HTTPS | |
| 1658 | - ** URI. | |
| 1659 | - */ | |
| 1660 | - fossil_redirect_to_https_if_needed(2); | |
| 1661 | - | |
| 1662 | 1660 | /* Use the first element of PATH_INFO as the page name |
| 1663 | 1661 | ** and deliver the appropriate page back to the user. |
| 1664 | 1662 | */ |
| 1665 | 1663 | set_base_url(0); |
| 1664 | + if( fossil_redirect_to_https_if_needed(2) ) return; | |
| 1666 | 1665 | if( zPathInfo==0 || zPathInfo[0]==0 |
| 1667 | 1666 | || (zPathInfo[0]=='/' && zPathInfo[1]==0) ){ |
| 1668 | 1667 | /* Second special case: If the PATH_INFO is blank, issue a redirect to |
| 1669 | 1668 | ** the home page identified by the "index-page" setting in the repository |
| 1670 | 1669 | ** CONFIG table, to "/index" if there no "index-page" setting. */ |
| 1671 | 1670 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1355,13 +1355,14 @@ | |
| 1355 | /* |
| 1356 | ** Redirect to the equivalent HTTPS request if the current connection is |
| 1357 | ** insecure and if the redirect-to-https flag greater than or equal to |
| 1358 | ** iLevel. iLevel is 1 for /login pages and 2 for every other page. |
| 1359 | */ |
| 1360 | void fossil_redirect_to_https_if_needed(int iLevel){ |
| 1361 | if( fossil_wants_https(iLevel) ){ |
| 1362 | const char *zQS = P("QUERY_STRING"); |
| 1363 | if( P("redir")!=0 ){ |
| 1364 | style_header("Insecure Connection"); |
| 1365 | @ <h1>Unable To Establish An Encrypted Connection</h1> |
| 1366 | @ <p>This website requires an encrypted connection. |
| 1367 | @ The current connection is not encrypted |
| @@ -1370,19 +1371,22 @@ | |
| 1370 | @ the connection is still insecure even after the redirect.</p> |
| 1371 | @ <p>This is probably some kind of configuration problem. Please |
| 1372 | @ contact your sysadmin.</p> |
| 1373 | @ <p>Sorry it did not work out.</p> |
| 1374 | style_footer(); |
| 1375 | return; |
| 1376 | } |
| 1377 | if( zQS==0 ){ |
| 1378 | zQS = "?redir=1"; |
| 1379 | }else if( zQS[0]!=0 ){ |
| 1380 | zQS = mprintf("?%s&redir=1", zQS); |
| 1381 | } |
| 1382 | cgi_redirectf("%s%T%s", g.zHttpsURL, P("PATH_INFO"), zQS); |
| 1383 | } |
| 1384 | } |
| 1385 | |
| 1386 | /* |
| 1387 | ** Preconditions: |
| 1388 | ** |
| @@ -1651,20 +1655,15 @@ | |
| 1651 | ** payload, then pretend that the PATH_INFO is /xfer so that we always |
| 1652 | ** invoke the sync page. */ |
| 1653 | zPathInfo = "/xfer"; |
| 1654 | } |
| 1655 | |
| 1656 | /* If the inbound request is unencrypted and if the redirect-to-https |
| 1657 | ** setting is 2 or more, then immediately redirect the equivalent HTTPS |
| 1658 | ** URI. |
| 1659 | */ |
| 1660 | fossil_redirect_to_https_if_needed(2); |
| 1661 | |
| 1662 | /* Use the first element of PATH_INFO as the page name |
| 1663 | ** and deliver the appropriate page back to the user. |
| 1664 | */ |
| 1665 | set_base_url(0); |
| 1666 | if( zPathInfo==0 || zPathInfo[0]==0 |
| 1667 | || (zPathInfo[0]=='/' && zPathInfo[1]==0) ){ |
| 1668 | /* Second special case: If the PATH_INFO is blank, issue a redirect to |
| 1669 | ** the home page identified by the "index-page" setting in the repository |
| 1670 | ** CONFIG table, to "/index" if there no "index-page" setting. */ |
| 1671 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1355,13 +1355,14 @@ | |
| 1355 | /* |
| 1356 | ** Redirect to the equivalent HTTPS request if the current connection is |
| 1357 | ** insecure and if the redirect-to-https flag greater than or equal to |
| 1358 | ** iLevel. iLevel is 1 for /login pages and 2 for every other page. |
| 1359 | */ |
| 1360 | int fossil_redirect_to_https_if_needed(int iLevel){ |
| 1361 | if( fossil_wants_https(iLevel) ){ |
| 1362 | const char *zQS = P("QUERY_STRING"); |
| 1363 | char *zURL; |
| 1364 | if( P("redir")!=0 ){ |
| 1365 | style_header("Insecure Connection"); |
| 1366 | @ <h1>Unable To Establish An Encrypted Connection</h1> |
| 1367 | @ <p>This website requires an encrypted connection. |
| 1368 | @ The current connection is not encrypted |
| @@ -1370,19 +1371,22 @@ | |
| 1371 | @ the connection is still insecure even after the redirect.</p> |
| 1372 | @ <p>This is probably some kind of configuration problem. Please |
| 1373 | @ contact your sysadmin.</p> |
| 1374 | @ <p>Sorry it did not work out.</p> |
| 1375 | style_footer(); |
| 1376 | cgi_reply(); |
| 1377 | return 1; |
| 1378 | } |
| 1379 | if( zQS==0 || zQS[0]==0 ){ |
| 1380 | zURL = mprintf("%s%T?redir=1", g.zHttpsURL, P("PATH_INFO")); |
| 1381 | }else if( zQS[0]!=0 ){ |
| 1382 | zURL = mprintf("%s%T?%s&redir=1", g.zHttpsURL, P("PATH_INFO"), zQS); |
| 1383 | } |
| 1384 | cgi_redirect_with_status(zURL, 301, "Moved Permanently"); |
| 1385 | return 1; |
| 1386 | } |
| 1387 | return 0; |
| 1388 | } |
| 1389 | |
| 1390 | /* |
| 1391 | ** Preconditions: |
| 1392 | ** |
| @@ -1651,20 +1655,15 @@ | |
| 1655 | ** payload, then pretend that the PATH_INFO is /xfer so that we always |
| 1656 | ** invoke the sync page. */ |
| 1657 | zPathInfo = "/xfer"; |
| 1658 | } |
| 1659 | |
| 1660 | /* Use the first element of PATH_INFO as the page name |
| 1661 | ** and deliver the appropriate page back to the user. |
| 1662 | */ |
| 1663 | set_base_url(0); |
| 1664 | if( fossil_redirect_to_https_if_needed(2) ) return; |
| 1665 | if( zPathInfo==0 || zPathInfo[0]==0 |
| 1666 | || (zPathInfo[0]=='/' && zPathInfo[1]==0) ){ |
| 1667 | /* Second special case: If the PATH_INFO is blank, issue a redirect to |
| 1668 | ** the home page identified by the "index-page" setting in the repository |
| 1669 | ** CONFIG table, to "/index" if there no "index-page" setting. */ |
| 1670 |