Fossil SCM
Fix the --files option on "fossil http" so that if a glob pattern does not begin with '*' then it will match beginning with the "/" of the PATH_INFO.
Commit
5ac65aa496508468844d380d23d329dc6d93300e8375c18eec21abb3a31bfa00
Parent
8429f8a3df60ba1…
1 file changed
+7
-2
+7
-2
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -1664,10 +1664,11 @@ | ||
| 1664 | 1664 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 1665 | 1665 | if( sqlite3_strglob("/[a-zA-Z]:/*", zPathInfo)==0 ) i = 4; |
| 1666 | 1666 | #endif |
| 1667 | 1667 | } |
| 1668 | 1668 | while( 1 ){ |
| 1669 | + size_t nBase = strlen(zBase); | |
| 1669 | 1670 | while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; } |
| 1670 | 1671 | |
| 1671 | 1672 | /* The candidate repository name is some prefix of the PATH_INFO |
| 1672 | 1673 | ** with ".fossil" appended */ |
| 1673 | 1674 | zRepo = zToFree = mprintf("%s%.*s.fossil",zBase,i,zPathInfo); |
| @@ -1684,11 +1685,11 @@ | ||
| 1684 | 1685 | ** that "-" never occurs immediately after a "/" and that "." is always |
| 1685 | 1686 | ** surrounded by two alphanumerics. Any character that does not |
| 1686 | 1687 | ** satisfy these constraints is converted into "_". |
| 1687 | 1688 | */ |
| 1688 | 1689 | szFile = 0; |
| 1689 | - for(j=strlen(zBase)+1, k=0; zRepo[j] && k<i-1; j++, k++){ | |
| 1690 | + for(j=nBase+1, k=0; zRepo[j] && k<i-1; j++, k++){ | |
| 1690 | 1691 | char c = zRepo[j]; |
| 1691 | 1692 | if( fossil_isalnum(c) ) continue; |
| 1692 | 1693 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 1693 | 1694 | /* Allow names to begin with "/X:/" on windows */ |
| 1694 | 1695 | if( c==':' && j==2 && sqlite3_strglob("/[a-zA-Z]:/*", zRepo)==0 ){ |
| @@ -1698,10 +1699,14 @@ | ||
| 1698 | 1699 | if( c=='/' ) continue; |
| 1699 | 1700 | if( c=='_' ) continue; |
| 1700 | 1701 | if( c=='-' && zRepo[j-1]!='/' ) continue; |
| 1701 | 1702 | if( c=='.' && fossil_isalnum(zRepo[j-1]) && fossil_isalnum(zRepo[j+1])){ |
| 1702 | 1703 | continue; |
| 1704 | + } | |
| 1705 | + if( c=='.' && strncmp(&zRepo[j-1],"/.well-known/",12)==0 && j==nBase+1){ | |
| 1706 | + /* We allow .well-known as the top-level directory for ACME */ | |
| 1707 | + continue; | |
| 1703 | 1708 | } |
| 1704 | 1709 | /* If we reach this point, it means that the request URI contains |
| 1705 | 1710 | ** an illegal character or character combination. Provoke a |
| 1706 | 1711 | ** "Not Found" error. */ |
| 1707 | 1712 | szFile = 1; |
| @@ -1757,11 +1762,11 @@ | ||
| 1757 | 1762 | ** designed to allow the delivery of a few static images or HTML |
| 1758 | 1763 | ** pages. |
| 1759 | 1764 | */ |
| 1760 | 1765 | if( pFileGlob!=0 |
| 1761 | 1766 | && file_isfile(zCleanRepo, ExtFILE) |
| 1762 | - && glob_match(pFileGlob, file_cleanup_fullpath(zRepo)) | |
| 1767 | + && glob_match(pFileGlob, file_cleanup_fullpath(zRepo+nBase)) | |
| 1763 | 1768 | && sqlite3_strglob("*.fossil*",zRepo)!=0 |
| 1764 | 1769 | && (zMimetype = mimetype_from_name(zRepo))!=0 |
| 1765 | 1770 | && strcmp(zMimetype, "application/x-fossil-artifact")!=0 |
| 1766 | 1771 | ){ |
| 1767 | 1772 | Blob content; |
| 1768 | 1773 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1664,10 +1664,11 @@ | |
| 1664 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 1665 | if( sqlite3_strglob("/[a-zA-Z]:/*", zPathInfo)==0 ) i = 4; |
| 1666 | #endif |
| 1667 | } |
| 1668 | while( 1 ){ |
| 1669 | while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; } |
| 1670 | |
| 1671 | /* The candidate repository name is some prefix of the PATH_INFO |
| 1672 | ** with ".fossil" appended */ |
| 1673 | zRepo = zToFree = mprintf("%s%.*s.fossil",zBase,i,zPathInfo); |
| @@ -1684,11 +1685,11 @@ | |
| 1684 | ** that "-" never occurs immediately after a "/" and that "." is always |
| 1685 | ** surrounded by two alphanumerics. Any character that does not |
| 1686 | ** satisfy these constraints is converted into "_". |
| 1687 | */ |
| 1688 | szFile = 0; |
| 1689 | for(j=strlen(zBase)+1, k=0; zRepo[j] && k<i-1; j++, k++){ |
| 1690 | char c = zRepo[j]; |
| 1691 | if( fossil_isalnum(c) ) continue; |
| 1692 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 1693 | /* Allow names to begin with "/X:/" on windows */ |
| 1694 | if( c==':' && j==2 && sqlite3_strglob("/[a-zA-Z]:/*", zRepo)==0 ){ |
| @@ -1698,10 +1699,14 @@ | |
| 1698 | if( c=='/' ) continue; |
| 1699 | if( c=='_' ) continue; |
| 1700 | if( c=='-' && zRepo[j-1]!='/' ) continue; |
| 1701 | if( c=='.' && fossil_isalnum(zRepo[j-1]) && fossil_isalnum(zRepo[j+1])){ |
| 1702 | continue; |
| 1703 | } |
| 1704 | /* If we reach this point, it means that the request URI contains |
| 1705 | ** an illegal character or character combination. Provoke a |
| 1706 | ** "Not Found" error. */ |
| 1707 | szFile = 1; |
| @@ -1757,11 +1762,11 @@ | |
| 1757 | ** designed to allow the delivery of a few static images or HTML |
| 1758 | ** pages. |
| 1759 | */ |
| 1760 | if( pFileGlob!=0 |
| 1761 | && file_isfile(zCleanRepo, ExtFILE) |
| 1762 | && glob_match(pFileGlob, file_cleanup_fullpath(zRepo)) |
| 1763 | && sqlite3_strglob("*.fossil*",zRepo)!=0 |
| 1764 | && (zMimetype = mimetype_from_name(zRepo))!=0 |
| 1765 | && strcmp(zMimetype, "application/x-fossil-artifact")!=0 |
| 1766 | ){ |
| 1767 | Blob content; |
| 1768 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1664,10 +1664,11 @@ | |
| 1664 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 1665 | if( sqlite3_strglob("/[a-zA-Z]:/*", zPathInfo)==0 ) i = 4; |
| 1666 | #endif |
| 1667 | } |
| 1668 | while( 1 ){ |
| 1669 | size_t nBase = strlen(zBase); |
| 1670 | while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; } |
| 1671 | |
| 1672 | /* The candidate repository name is some prefix of the PATH_INFO |
| 1673 | ** with ".fossil" appended */ |
| 1674 | zRepo = zToFree = mprintf("%s%.*s.fossil",zBase,i,zPathInfo); |
| @@ -1684,11 +1685,11 @@ | |
| 1685 | ** that "-" never occurs immediately after a "/" and that "." is always |
| 1686 | ** surrounded by two alphanumerics. Any character that does not |
| 1687 | ** satisfy these constraints is converted into "_". |
| 1688 | */ |
| 1689 | szFile = 0; |
| 1690 | for(j=nBase+1, k=0; zRepo[j] && k<i-1; j++, k++){ |
| 1691 | char c = zRepo[j]; |
| 1692 | if( fossil_isalnum(c) ) continue; |
| 1693 | #if defined(_WIN32) || defined(__CYGWIN__) |
| 1694 | /* Allow names to begin with "/X:/" on windows */ |
| 1695 | if( c==':' && j==2 && sqlite3_strglob("/[a-zA-Z]:/*", zRepo)==0 ){ |
| @@ -1698,10 +1699,14 @@ | |
| 1699 | if( c=='/' ) continue; |
| 1700 | if( c=='_' ) continue; |
| 1701 | if( c=='-' && zRepo[j-1]!='/' ) continue; |
| 1702 | if( c=='.' && fossil_isalnum(zRepo[j-1]) && fossil_isalnum(zRepo[j+1])){ |
| 1703 | continue; |
| 1704 | } |
| 1705 | if( c=='.' && strncmp(&zRepo[j-1],"/.well-known/",12)==0 && j==nBase+1){ |
| 1706 | /* We allow .well-known as the top-level directory for ACME */ |
| 1707 | continue; |
| 1708 | } |
| 1709 | /* If we reach this point, it means that the request URI contains |
| 1710 | ** an illegal character or character combination. Provoke a |
| 1711 | ** "Not Found" error. */ |
| 1712 | szFile = 1; |
| @@ -1757,11 +1762,11 @@ | |
| 1762 | ** designed to allow the delivery of a few static images or HTML |
| 1763 | ** pages. |
| 1764 | */ |
| 1765 | if( pFileGlob!=0 |
| 1766 | && file_isfile(zCleanRepo, ExtFILE) |
| 1767 | && glob_match(pFileGlob, file_cleanup_fullpath(zRepo+nBase)) |
| 1768 | && sqlite3_strglob("*.fossil*",zRepo)!=0 |
| 1769 | && (zMimetype = mimetype_from_name(zRepo))!=0 |
| 1770 | && strcmp(zMimetype, "application/x-fossil-artifact")!=0 |
| 1771 | ){ |
| 1772 | Blob content; |
| 1773 |