Fossil SCM

When handling HTTP over SSH only strip the filename from the PATH for GET method as POST has a different mechanism for handling it.

andybradford 2025-10-17 14:31 trunk

Commit 7531b9452ee4e26e03626981e1d0fddb1b6c9f87304b016a7b0f35a97abd4c20

Parent 1ff0d0b0cf8c4b5…

1 file changed +3

M src/cgi.c

		--- src/cgi.c
		+++ src/cgi.c
		@@ -2290,10 +2290,11 @@
2290	2290	*/
2291	2291	void cgi_handle_ssh_http_request(const char *zIpAddr){
2292	2292	static int nCycles = 0;
2293	2293	static char *zCmd = 0;
2294	2294	char z, zToken;
	2295	+ char *zMethod;
2295	2296	int i;
2296	2297	size_t n;
2297	2298	char zLine[2000]; /* A single line of input. */
2298	2299
2299	2300	assert( !g.httpUseSSL );
		@@ -2340,10 +2341,11 @@
2340	2341	if( zToken==0 ){
2341	2342	malformed_request("malformed HTTP header");
2342	2343	}
2343	2344	}
2344	2345
	2346	+ zMethod = fossil_strdup(zToken);
2345	2347	if( fossil_strcmp(zToken,"GET")!=0 && fossil_strcmp(zToken,"POST")!=0
2346	2348	&& fossil_strcmp(zToken,"HEAD")!=0 ){
2347	2349	malformed_request("unsupported HTTP method");
2348	2350	}
2349	2351
		@@ -2357,10 +2359,11 @@
2357	2359	malformed_request("malformed URL in HTTP header");
2358	2360	}
2359	2361	n = strlen(g.zRepositoryName);
2360	2362	if( fossil_strncmp(g.zRepositoryName, zToken, n)==0
2361	2363	&& (zToken[n]=='/' \|\| zToken[n]==0)
	2364	+ && fossil_strcmp(zMethod,"GET")==0
2362	2365	){
2363	2366	zToken += n;
2364	2367	}
2365	2368	if( zToken && strlen(zToken)==0 ){
2366	2369	malformed_request("malformed URL in HTTP header");
2367	2370

	--- src/cgi.c
	+++ src/cgi.c
	@@ -2290,10 +2290,11 @@
2290	*/
2291	void cgi_handle_ssh_http_request(const char *zIpAddr){
2292	static int nCycles = 0;
2293	static char *zCmd = 0;
2294	char z, zToken;

2295	int i;
2296	size_t n;
2297	char zLine[2000]; /* A single line of input. */
2298
2299	assert( !g.httpUseSSL );
	@@ -2340,10 +2341,11 @@
2340	if( zToken==0 ){
2341	malformed_request("malformed HTTP header");
2342	}
2343	}
2344

2345	if( fossil_strcmp(zToken,"GET")!=0 && fossil_strcmp(zToken,"POST")!=0
2346	&& fossil_strcmp(zToken,"HEAD")!=0 ){
2347	malformed_request("unsupported HTTP method");
2348	}
2349
	@@ -2357,10 +2359,11 @@
2357	malformed_request("malformed URL in HTTP header");
2358	}
2359	n = strlen(g.zRepositoryName);
2360	if( fossil_strncmp(g.zRepositoryName, zToken, n)==0
2361	&& (zToken[n]=='/' \|\| zToken[n]==0)

2362	){
2363	zToken += n;
2364	}
2365	if( zToken && strlen(zToken)==0 ){
2366	malformed_request("malformed URL in HTTP header");
2367

	--- src/cgi.c
	+++ src/cgi.c
	@@ -2290,10 +2290,11 @@
2290	*/
2291	void cgi_handle_ssh_http_request(const char *zIpAddr){
2292	static int nCycles = 0;
2293	static char *zCmd = 0;
2294	char z, zToken;
2295	char *zMethod;
2296	int i;
2297	size_t n;
2298	char zLine[2000]; /* A single line of input. */
2299
2300	assert( !g.httpUseSSL );
	@@ -2340,10 +2341,11 @@
2341	if( zToken==0 ){
2342	malformed_request("malformed HTTP header");
2343	}
2344	}
2345
2346	zMethod = fossil_strdup(zToken);
2347	if( fossil_strcmp(zToken,"GET")!=0 && fossil_strcmp(zToken,"POST")!=0
2348	&& fossil_strcmp(zToken,"HEAD")!=0 ){
2349	malformed_request("unsupported HTTP method");
2350	}
2351
	@@ -2357,10 +2359,11 @@
2359	malformed_request("malformed URL in HTTP header");
2360	}
2361	n = strlen(g.zRepositoryName);
2362	if( fossil_strncmp(g.zRepositoryName, zToken, n)==0
2363	&& (zToken[n]=='/' \|\| zToken[n]==0)
2364	&& fossil_strcmp(zMethod,"GET")==0
2365	){
2366	zToken += n;
2367	}
2368	if( zToken && strlen(zToken)==0 ){
2369	malformed_request("malformed URL in HTTP header");
2370