Fossil SCM
Continuing work on the /aux page. Now working for static content.
Commit
77a72fb96402f4062f8a5366e5fa3f5323af4a01870bf1eefc7c3c631107c228
Parent
72f8e77612638e9…
2 files changed
+37
-24
+3
-2
+37
-24
| --- src/auxwww.c | ||
| +++ src/auxwww.c | ||
| @@ -78,49 +78,62 @@ | ||
| 78 | 78 | zFailReason = "auxroot is not a directory"; |
| 79 | 79 | goto aux_not_found; |
| 80 | 80 | } |
| 81 | 81 | zPath = mprintf("%s/%s", g.zAuxRoot, zName); |
| 82 | 82 | nRoot = (int)strlen(g.zAuxRoot); |
| 83 | - for(i=nRoot+1; zPath[i]; i++){ | |
| 84 | - char c = zPath[i]; | |
| 85 | - if( (c=='.' || c=='-') && zPath[i-1]=='/' ){ | |
| 86 | - zFailReason = "path element begins with '.' or '-'"; | |
| 87 | - goto aux_not_found; | |
| 88 | - } | |
| 89 | - if( !fossil_isalnum(c) && c!='_' && c!='-' && c!='.' ){ | |
| 90 | - zFailReason = "illegal character in path"; | |
| 91 | - goto aux_not_found; | |
| 92 | - } | |
| 93 | - if( c=='/' ){ | |
| 94 | - int isDir, isFile; | |
| 95 | - zPath[i] = 0; | |
| 96 | - isDir = file_isdir(zPath, ExtFILE); | |
| 97 | - isFile = isDir==2 ? file_isfile(zPath, ExtFILE) : 0; | |
| 98 | - zPath[i] = c; | |
| 99 | - if( isDir==0 ){ | |
| 100 | - zFailReason = "path does not match any file or script"; | |
| 101 | - goto aux_not_found; | |
| 102 | - } | |
| 103 | - if( isFile!=0 ){ | |
| 104 | - zScript = mprintf("%.*s", i, zPath); | |
| 105 | - nScript = i; | |
| 106 | - break; | |
| 83 | + if( file_isfile(zPath, ExtFILE) ){ | |
| 84 | + nScript = (int)strlen(zPath); | |
| 85 | + zScript = zPath; | |
| 86 | + }else{ | |
| 87 | + for(i=nRoot+1; zPath[i]; i++){ | |
| 88 | + char c = zPath[i]; | |
| 89 | + if( (c=='.' || c=='-') && zPath[i-1]=='/' ){ | |
| 90 | + zFailReason = "path element begins with '.' or '-'"; | |
| 91 | + goto aux_not_found; | |
| 92 | + } | |
| 93 | + if( !fossil_isalnum(c) && c!='_' && c!='-' && c!='.' ){ | |
| 94 | + zFailReason = "illegal character in path"; | |
| 95 | + goto aux_not_found; | |
| 96 | + } | |
| 97 | + if( c=='/' ){ | |
| 98 | + int isDir, isFile; | |
| 99 | + zPath[i] = 0; | |
| 100 | + isDir = file_isdir(zPath, ExtFILE); | |
| 101 | + isFile = isDir==2 ? file_isfile(zPath, ExtFILE) : 0; | |
| 102 | + zPath[i] = c; | |
| 103 | + if( isDir==0 ){ | |
| 104 | + zFailReason = "path does not match any file or script"; | |
| 105 | + goto aux_not_found; | |
| 106 | + } | |
| 107 | + if( isFile!=0 ){ | |
| 108 | + zScript = mprintf("%.*s", i, zPath); | |
| 109 | + nScript = i; | |
| 110 | + break; | |
| 111 | + } | |
| 107 | 112 | } |
| 108 | 113 | } |
| 109 | 114 | } |
| 110 | 115 | if( nScript==0 ){ |
| 111 | 116 | zFailReason = "path does not match any file or script"; |
| 112 | 117 | goto aux_not_found; |
| 113 | 118 | } |
| 114 | 119 | if( !file_isexe(zScript, ExtFILE) ){ |
| 120 | + const char *zMime; | |
| 115 | 121 | /* File is not executable. Must be a regular file. In that case, |
| 116 | 122 | ** disallow extra path elements */ |
| 117 | 123 | if( zPath[nScript]!=0 ){ |
| 118 | 124 | zFailReason = "extra path elements after filename"; |
| 119 | 125 | goto aux_not_found; |
| 120 | 126 | } |
| 127 | + zMime = mimetype_from_name(zScript); | |
| 128 | + if( zMime==0 ) zMime = "application/octet-stream"; | |
| 129 | + cgi_set_content_type(zMime); | |
| 130 | + blob_read_from_file(cgi_output_blob(), zScript, ExtFILE); | |
| 131 | + return; | |
| 121 | 132 | } |
| 133 | + /* If we reach this point, that means we are dealing with an executable | |
| 134 | + ** file name zScript. Run that file as CGI. */ | |
| 122 | 135 | login_check_credentials(); |
| 123 | 136 | |
| 124 | 137 | aux_not_found: |
| 125 | 138 | fossil_free(zPath); |
| 126 | 139 | cgi_set_status(404, "Not Found"); |
| 127 | 140 |
| --- src/auxwww.c | |
| +++ src/auxwww.c | |
| @@ -78,49 +78,62 @@ | |
| 78 | zFailReason = "auxroot is not a directory"; |
| 79 | goto aux_not_found; |
| 80 | } |
| 81 | zPath = mprintf("%s/%s", g.zAuxRoot, zName); |
| 82 | nRoot = (int)strlen(g.zAuxRoot); |
| 83 | for(i=nRoot+1; zPath[i]; i++){ |
| 84 | char c = zPath[i]; |
| 85 | if( (c=='.' || c=='-') && zPath[i-1]=='/' ){ |
| 86 | zFailReason = "path element begins with '.' or '-'"; |
| 87 | goto aux_not_found; |
| 88 | } |
| 89 | if( !fossil_isalnum(c) && c!='_' && c!='-' && c!='.' ){ |
| 90 | zFailReason = "illegal character in path"; |
| 91 | goto aux_not_found; |
| 92 | } |
| 93 | if( c=='/' ){ |
| 94 | int isDir, isFile; |
| 95 | zPath[i] = 0; |
| 96 | isDir = file_isdir(zPath, ExtFILE); |
| 97 | isFile = isDir==2 ? file_isfile(zPath, ExtFILE) : 0; |
| 98 | zPath[i] = c; |
| 99 | if( isDir==0 ){ |
| 100 | zFailReason = "path does not match any file or script"; |
| 101 | goto aux_not_found; |
| 102 | } |
| 103 | if( isFile!=0 ){ |
| 104 | zScript = mprintf("%.*s", i, zPath); |
| 105 | nScript = i; |
| 106 | break; |
| 107 | } |
| 108 | } |
| 109 | } |
| 110 | if( nScript==0 ){ |
| 111 | zFailReason = "path does not match any file or script"; |
| 112 | goto aux_not_found; |
| 113 | } |
| 114 | if( !file_isexe(zScript, ExtFILE) ){ |
| 115 | /* File is not executable. Must be a regular file. In that case, |
| 116 | ** disallow extra path elements */ |
| 117 | if( zPath[nScript]!=0 ){ |
| 118 | zFailReason = "extra path elements after filename"; |
| 119 | goto aux_not_found; |
| 120 | } |
| 121 | } |
| 122 | login_check_credentials(); |
| 123 | |
| 124 | aux_not_found: |
| 125 | fossil_free(zPath); |
| 126 | cgi_set_status(404, "Not Found"); |
| 127 |
| --- src/auxwww.c | |
| +++ src/auxwww.c | |
| @@ -78,49 +78,62 @@ | |
| 78 | zFailReason = "auxroot is not a directory"; |
| 79 | goto aux_not_found; |
| 80 | } |
| 81 | zPath = mprintf("%s/%s", g.zAuxRoot, zName); |
| 82 | nRoot = (int)strlen(g.zAuxRoot); |
| 83 | if( file_isfile(zPath, ExtFILE) ){ |
| 84 | nScript = (int)strlen(zPath); |
| 85 | zScript = zPath; |
| 86 | }else{ |
| 87 | for(i=nRoot+1; zPath[i]; i++){ |
| 88 | char c = zPath[i]; |
| 89 | if( (c=='.' || c=='-') && zPath[i-1]=='/' ){ |
| 90 | zFailReason = "path element begins with '.' or '-'"; |
| 91 | goto aux_not_found; |
| 92 | } |
| 93 | if( !fossil_isalnum(c) && c!='_' && c!='-' && c!='.' ){ |
| 94 | zFailReason = "illegal character in path"; |
| 95 | goto aux_not_found; |
| 96 | } |
| 97 | if( c=='/' ){ |
| 98 | int isDir, isFile; |
| 99 | zPath[i] = 0; |
| 100 | isDir = file_isdir(zPath, ExtFILE); |
| 101 | isFile = isDir==2 ? file_isfile(zPath, ExtFILE) : 0; |
| 102 | zPath[i] = c; |
| 103 | if( isDir==0 ){ |
| 104 | zFailReason = "path does not match any file or script"; |
| 105 | goto aux_not_found; |
| 106 | } |
| 107 | if( isFile!=0 ){ |
| 108 | zScript = mprintf("%.*s", i, zPath); |
| 109 | nScript = i; |
| 110 | break; |
| 111 | } |
| 112 | } |
| 113 | } |
| 114 | } |
| 115 | if( nScript==0 ){ |
| 116 | zFailReason = "path does not match any file or script"; |
| 117 | goto aux_not_found; |
| 118 | } |
| 119 | if( !file_isexe(zScript, ExtFILE) ){ |
| 120 | const char *zMime; |
| 121 | /* File is not executable. Must be a regular file. In that case, |
| 122 | ** disallow extra path elements */ |
| 123 | if( zPath[nScript]!=0 ){ |
| 124 | zFailReason = "extra path elements after filename"; |
| 125 | goto aux_not_found; |
| 126 | } |
| 127 | zMime = mimetype_from_name(zScript); |
| 128 | if( zMime==0 ) zMime = "application/octet-stream"; |
| 129 | cgi_set_content_type(zMime); |
| 130 | blob_read_from_file(cgi_output_blob(), zScript, ExtFILE); |
| 131 | return; |
| 132 | } |
| 133 | /* If we reach this point, that means we are dealing with an executable |
| 134 | ** file name zScript. Run that file as CGI. */ |
| 135 | login_check_credentials(); |
| 136 | |
| 137 | aux_not_found: |
| 138 | fossil_free(zPath); |
| 139 | cgi_set_status(404, "Not Found"); |
| 140 |
+3
-2
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -2302,11 +2302,11 @@ | ||
| 2302 | 2302 | noJail = find_option("nojail",0,0)!=0; |
| 2303 | 2303 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2304 | 2304 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2305 | 2305 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2306 | 2306 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| 2307 | - g.zAuxRoot = find_option("auxroot",0,0); | |
| 2307 | + g.zAuxRoot = find_option("auxroot",0,1); | |
| 2308 | 2308 | zInFile = find_option("in",0,1); |
| 2309 | 2309 | if( zInFile ){ |
| 2310 | 2310 | backoffice_disable(); |
| 2311 | 2311 | g.httpIn = fossil_fopen(zInFile, "rb"); |
| 2312 | 2312 | if( g.httpIn==0 ) fossil_fatal("cannot open \"%s\" for reading", zInFile); |
| @@ -2397,10 +2397,11 @@ | ||
| 2397 | 2397 | Th_InitTraceLog(); |
| 2398 | 2398 | login_set_capabilities("sx", 0); |
| 2399 | 2399 | g.useLocalauth = 1; |
| 2400 | 2400 | g.httpIn = stdin; |
| 2401 | 2401 | g.httpOut = stdout; |
| 2402 | + g.zAuxRoot = find_option("auxroot",0,1); | |
| 2402 | 2403 | find_server_repository(2, 0); |
| 2403 | 2404 | g.cgiOutput = 1; |
| 2404 | 2405 | g.fNoHttpCompress = 1; |
| 2405 | 2406 | g.fullHttpReply = 1; |
| 2406 | 2407 | zIpAddr = cgi_ssh_remote_addr(0); |
| @@ -2544,11 +2545,11 @@ | ||
| 2544 | 2545 | #endif |
| 2545 | 2546 | |
| 2546 | 2547 | if( g.zErrlog==0 ){ |
| 2547 | 2548 | g.zErrlog = "-"; |
| 2548 | 2549 | } |
| 2549 | - g.zAuxRoot = find_option("auxroot",0,0); | |
| 2550 | + g.zAuxRoot = find_option("auxroot",0,1); | |
| 2550 | 2551 | zFileGlob = find_option("files-urlenc",0,1); |
| 2551 | 2552 | if( zFileGlob ){ |
| 2552 | 2553 | char *z = mprintf("%s", zFileGlob); |
| 2553 | 2554 | dehttpize(z); |
| 2554 | 2555 | zFileGlob = z; |
| 2555 | 2556 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2302,11 +2302,11 @@ | |
| 2302 | noJail = find_option("nojail",0,0)!=0; |
| 2303 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2304 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2305 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2306 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| 2307 | g.zAuxRoot = find_option("auxroot",0,0); |
| 2308 | zInFile = find_option("in",0,1); |
| 2309 | if( zInFile ){ |
| 2310 | backoffice_disable(); |
| 2311 | g.httpIn = fossil_fopen(zInFile, "rb"); |
| 2312 | if( g.httpIn==0 ) fossil_fatal("cannot open \"%s\" for reading", zInFile); |
| @@ -2397,10 +2397,11 @@ | |
| 2397 | Th_InitTraceLog(); |
| 2398 | login_set_capabilities("sx", 0); |
| 2399 | g.useLocalauth = 1; |
| 2400 | g.httpIn = stdin; |
| 2401 | g.httpOut = stdout; |
| 2402 | find_server_repository(2, 0); |
| 2403 | g.cgiOutput = 1; |
| 2404 | g.fNoHttpCompress = 1; |
| 2405 | g.fullHttpReply = 1; |
| 2406 | zIpAddr = cgi_ssh_remote_addr(0); |
| @@ -2544,11 +2545,11 @@ | |
| 2544 | #endif |
| 2545 | |
| 2546 | if( g.zErrlog==0 ){ |
| 2547 | g.zErrlog = "-"; |
| 2548 | } |
| 2549 | g.zAuxRoot = find_option("auxroot",0,0); |
| 2550 | zFileGlob = find_option("files-urlenc",0,1); |
| 2551 | if( zFileGlob ){ |
| 2552 | char *z = mprintf("%s", zFileGlob); |
| 2553 | dehttpize(z); |
| 2554 | zFileGlob = z; |
| 2555 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2302,11 +2302,11 @@ | |
| 2302 | noJail = find_option("nojail",0,0)!=0; |
| 2303 | allowRepoList = find_option("repolist",0,0)!=0; |
| 2304 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 2305 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 2306 | g.fNoHttpCompress = find_option("nocompress",0,0)!=0; |
| 2307 | g.zAuxRoot = find_option("auxroot",0,1); |
| 2308 | zInFile = find_option("in",0,1); |
| 2309 | if( zInFile ){ |
| 2310 | backoffice_disable(); |
| 2311 | g.httpIn = fossil_fopen(zInFile, "rb"); |
| 2312 | if( g.httpIn==0 ) fossil_fatal("cannot open \"%s\" for reading", zInFile); |
| @@ -2397,10 +2397,11 @@ | |
| 2397 | Th_InitTraceLog(); |
| 2398 | login_set_capabilities("sx", 0); |
| 2399 | g.useLocalauth = 1; |
| 2400 | g.httpIn = stdin; |
| 2401 | g.httpOut = stdout; |
| 2402 | g.zAuxRoot = find_option("auxroot",0,1); |
| 2403 | find_server_repository(2, 0); |
| 2404 | g.cgiOutput = 1; |
| 2405 | g.fNoHttpCompress = 1; |
| 2406 | g.fullHttpReply = 1; |
| 2407 | zIpAddr = cgi_ssh_remote_addr(0); |
| @@ -2544,11 +2545,11 @@ | |
| 2545 | #endif |
| 2546 | |
| 2547 | if( g.zErrlog==0 ){ |
| 2548 | g.zErrlog = "-"; |
| 2549 | } |
| 2550 | g.zAuxRoot = find_option("auxroot",0,1); |
| 2551 | zFileGlob = find_option("files-urlenc",0,1); |
| 2552 | if( zFileGlob ){ |
| 2553 | char *z = mprintf("%s", zFileGlob); |
| 2554 | dehttpize(z); |
| 2555 | zFileGlob = z; |
| 2556 |