Fossil SCM
Improvements to the HTTP request over SSH infrastructure so that it works better on platforms that have restrictions on what commands SSH is allowed to run.
Commit
be76a57b7a811018f24a9bb22cf8255643ef1657c5cd071a973ab43730c4ef25
Parent
196cb7722377ef1…
2 files changed
+10
+1
-1
+10
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -2291,10 +2291,11 @@ | ||
| 2291 | 2291 | void cgi_handle_ssh_http_request(const char *zIpAddr){ |
| 2292 | 2292 | static int nCycles = 0; |
| 2293 | 2293 | static char *zCmd = 0; |
| 2294 | 2294 | char *z, *zToken; |
| 2295 | 2295 | int i; |
| 2296 | + size_t n; | |
| 2296 | 2297 | char zLine[2000]; /* A single line of input. */ |
| 2297 | 2298 | |
| 2298 | 2299 | assert( !g.httpUseSSL ); |
| 2299 | 2300 | #ifdef FOSSIL_ENABLE_JSON |
| 2300 | 2301 | if( nCycles==0 ){ json_bootstrap_early(); } |
| @@ -2353,10 +2354,19 @@ | ||
| 2353 | 2354 | |
| 2354 | 2355 | zToken = extract_token(z, &z); |
| 2355 | 2356 | if( zToken==0 ){ |
| 2356 | 2357 | malformed_request("malformed URL in HTTP header"); |
| 2357 | 2358 | } |
| 2359 | + n = strlen(g.zRepositoryName); | |
| 2360 | + if( fossil_strncmp(g.zRepositoryName, zToken, n)==0 | |
| 2361 | + && (zToken[n]=='/' || zToken[n]==0) | |
| 2362 | + ){ | |
| 2363 | + zToken += n; | |
| 2364 | + } | |
| 2365 | + if( zToken && strlen(zToken)==0 ){ | |
| 2366 | + malformed_request("malformed URL in HTTP header"); | |
| 2367 | + } | |
| 2358 | 2368 | if( nCycles==0 ){ |
| 2359 | 2369 | cgi_setenv("REQUEST_URI", zToken); |
| 2360 | 2370 | cgi_setenv("SCRIPT_NAME", ""); |
| 2361 | 2371 | } |
| 2362 | 2372 | |
| 2363 | 2373 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -2291,10 +2291,11 @@ | |
| 2291 | void cgi_handle_ssh_http_request(const char *zIpAddr){ |
| 2292 | static int nCycles = 0; |
| 2293 | static char *zCmd = 0; |
| 2294 | char *z, *zToken; |
| 2295 | int i; |
| 2296 | char zLine[2000]; /* A single line of input. */ |
| 2297 | |
| 2298 | assert( !g.httpUseSSL ); |
| 2299 | #ifdef FOSSIL_ENABLE_JSON |
| 2300 | if( nCycles==0 ){ json_bootstrap_early(); } |
| @@ -2353,10 +2354,19 @@ | |
| 2353 | |
| 2354 | zToken = extract_token(z, &z); |
| 2355 | if( zToken==0 ){ |
| 2356 | malformed_request("malformed URL in HTTP header"); |
| 2357 | } |
| 2358 | if( nCycles==0 ){ |
| 2359 | cgi_setenv("REQUEST_URI", zToken); |
| 2360 | cgi_setenv("SCRIPT_NAME", ""); |
| 2361 | } |
| 2362 | |
| 2363 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -2291,10 +2291,11 @@ | |
| 2291 | void cgi_handle_ssh_http_request(const char *zIpAddr){ |
| 2292 | static int nCycles = 0; |
| 2293 | static char *zCmd = 0; |
| 2294 | char *z, *zToken; |
| 2295 | int i; |
| 2296 | size_t n; |
| 2297 | char zLine[2000]; /* A single line of input. */ |
| 2298 | |
| 2299 | assert( !g.httpUseSSL ); |
| 2300 | #ifdef FOSSIL_ENABLE_JSON |
| 2301 | if( nCycles==0 ){ json_bootstrap_early(); } |
| @@ -2353,10 +2354,19 @@ | |
| 2354 | |
| 2355 | zToken = extract_token(z, &z); |
| 2356 | if( zToken==0 ){ |
| 2357 | malformed_request("malformed URL in HTTP header"); |
| 2358 | } |
| 2359 | n = strlen(g.zRepositoryName); |
| 2360 | if( fossil_strncmp(g.zRepositoryName, zToken, n)==0 |
| 2361 | && (zToken[n]=='/' || zToken[n]==0) |
| 2362 | ){ |
| 2363 | zToken += n; |
| 2364 | } |
| 2365 | if( zToken && strlen(zToken)==0 ){ |
| 2366 | malformed_request("malformed URL in HTTP header"); |
| 2367 | } |
| 2368 | if( nCycles==0 ){ |
| 2369 | cgi_setenv("REQUEST_URI", zToken); |
| 2370 | cgi_setenv("SCRIPT_NAME", ""); |
| 2371 | } |
| 2372 | |
| 2373 |
+1
-1
| --- src/checkout.c | ||
| +++ src/checkout.c | ||
| @@ -556,11 +556,11 @@ | ||
| 556 | 556 | } |
| 557 | 557 | } |
| 558 | 558 | } |
| 559 | 559 | |
| 560 | 560 | /* Construct a subpath on the URL if necessary */ |
| 561 | - if( g.url.isSsh || g.url.isFile ){ | |
| 561 | + if( g.url.isFile ){ | |
| 562 | 562 | g.url.subpath = mprintf("/sqlar/%t/%t.sqlar", zVers, zDest); |
| 563 | 563 | }else{ |
| 564 | 564 | g.url.subpath = mprintf("%s/sqlar/%t/%t.sqlar", g.url.path, zVers, zDest); |
| 565 | 565 | } |
| 566 | 566 | |
| 567 | 567 |
| --- src/checkout.c | |
| +++ src/checkout.c | |
| @@ -556,11 +556,11 @@ | |
| 556 | } |
| 557 | } |
| 558 | } |
| 559 | |
| 560 | /* Construct a subpath on the URL if necessary */ |
| 561 | if( g.url.isSsh || g.url.isFile ){ |
| 562 | g.url.subpath = mprintf("/sqlar/%t/%t.sqlar", zVers, zDest); |
| 563 | }else{ |
| 564 | g.url.subpath = mprintf("%s/sqlar/%t/%t.sqlar", g.url.path, zVers, zDest); |
| 565 | } |
| 566 | |
| 567 |
| --- src/checkout.c | |
| +++ src/checkout.c | |
| @@ -556,11 +556,11 @@ | |
| 556 | } |
| 557 | } |
| 558 | } |
| 559 | |
| 560 | /* Construct a subpath on the URL if necessary */ |
| 561 | if( g.url.isFile ){ |
| 562 | g.url.subpath = mprintf("/sqlar/%t/%t.sqlar", zVers, zDest); |
| 563 | }else{ |
| 564 | g.url.subpath = mprintf("%s/sqlar/%t/%t.sqlar", g.url.path, zVers, zDest); |
| 565 | } |
| 566 | |
| 567 |