Fossil SCM

Additional restrictions on the names of files served by "fossil server DIRECTORY": (1) only alphanumerics, "_", "-", "/", and "." characters are allowed in the pathname. (2) A "-" may not occur after a "/". (3) Every "." must be surrounded on both sides alphanumerics. This check-in also updates the changelog for the 1.25 release.

drh 2012-12-01 04:37 trunk

Commit c71e096800109b95711c3586f8ebf380226751b8

Parent 4a5e972e2c7f98c…

2 files changed +19 -11 +6 -3

~ src/main.c ~ www/changes.wiki

M src/main.c

+19 -11

		--- src/main.c
		+++ src/main.c
		@@ -1282,24 +1282,32 @@
1282	1282	while( 1 ){
1283	1283	while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; }
1284	1284	zRepo = zToFree = mprintf("%s%.*s.fossil",g.zRepositoryName,i,zPathInfo);
1285	1285
1286	1286	/* To avoid mischief, make sure the repository basename contains no
1287		- ** characters other than alphanumerics, "-", "/", "_", and "." beside
1288		- ** "/" or ".".
	1287	+ ** characters other than alphanumerics, "/", "_", "-", and ".", and
	1288	+ ** that "-" never occurs immediately after a "/" and that "." is always
	1289	+ ** surrounded by two alphanumerics. Any character that does not
	1290	+ ** satisfy these constraints is converted into "_".
1289	1291	*/
	1292	+ szFile = 0;
1290	1293	for(j=strlen(g.zRepositoryName)+1, k=0; zRepo[j] && k<i-1; j++, k++){
1291	1294	char c = zRepo[j];
1292		- if( !fossil_isalnum(c) && c!='-' && c!='/'
1293		- && (c!='.' \|\| zRepo[j+1]=='/' \|\| zRepo[j-1]=='/' \|\| zRepo[j+1]=='.')
1294		- ){
1295		- zRepo[j] = '_';
1296		- }
1297		- }
1298		- if( zRepo[0]=='/' && zRepo[1]=='/' ){ zRepo++; j--; }
1299		-
1300		- szFile = file_size(zRepo);
	1295	+ if( fossil_isalnum(c) ) continue;
	1296	+ if( c=='/' ) continue;
	1297	+ if( c=='_' ) continue;
	1298	+ if( c=='-' && zRepo[j-1]!='/' ) continue;
	1299	+ if( c=='.' && fossil_isalnum(zRepo[j-1]) && fossil_isalnum(zRepo[j+1])){
	1300	+ continue;
	1301	+ }
	1302	+ szFile = 1;
	1303	+ break;
	1304	+ }
	1305	+ if( szFile==0 ){
	1306	+ if( zRepo[0]=='/' && zRepo[1]=='/' ){ zRepo++; j--; }
	1307	+ szFile = file_size(zRepo);
	1308	+ }
1301	1309	if( szFile<0 ){
1302	1310	const char *zMimetype;
1303	1311	assert( fossil_strcmp(&zRepo[j], ".fossil")==0 );
1304	1312	zRepo[j] = 0;
1305	1313	if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){
1306	1314

	--- src/main.c
	+++ src/main.c
	@@ -1282,24 +1282,32 @@
1282	while( 1 ){
1283	while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; }
1284	zRepo = zToFree = mprintf("%s%.*s.fossil",g.zRepositoryName,i,zPathInfo);
1285
1286	/* To avoid mischief, make sure the repository basename contains no
1287	** characters other than alphanumerics, "-", "/", "_", and "." beside
1288	** "/" or ".".


1289	*/

1290	for(j=strlen(g.zRepositoryName)+1, k=0; zRepo[j] && k<i-1; j++, k++){
1291	char c = zRepo[j];
1292	if( !fossil_isalnum(c) && c!='-' && c!='/'
1293	&& (c!='.' \|\| zRepo[j+1]=='/' \|\| zRepo[j-1]=='/' \|\| zRepo[j+1]=='.')
1294	){
1295	zRepo[j] = '_';
1296	}
1297	}
1298	if( zRepo[0]=='/' && zRepo[1]=='/' ){ zRepo++; j--; }
1299
1300	szFile = file_size(zRepo);





1301	if( szFile<0 ){
1302	const char *zMimetype;
1303	assert( fossil_strcmp(&zRepo[j], ".fossil")==0 );
1304	zRepo[j] = 0;
1305	if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){
1306

	--- src/main.c
	+++ src/main.c
	@@ -1282,24 +1282,32 @@
1282	while( 1 ){
1283	while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; }
1284	zRepo = zToFree = mprintf("%s%.*s.fossil",g.zRepositoryName,i,zPathInfo);
1285
1286	/* To avoid mischief, make sure the repository basename contains no
1287	** characters other than alphanumerics, "/", "_", "-", and ".", and
1288	** that "-" never occurs immediately after a "/" and that "." is always
1289	** surrounded by two alphanumerics. Any character that does not
1290	** satisfy these constraints is converted into "_".
1291	*/
1292	szFile = 0;
1293	for(j=strlen(g.zRepositoryName)+1, k=0; zRepo[j] && k<i-1; j++, k++){
1294	char c = zRepo[j];
1295	if( fossil_isalnum(c) ) continue;
1296	if( c=='/' ) continue;
1297	if( c=='_' ) continue;
1298	if( c=='-' && zRepo[j-1]!='/' ) continue;
1299	if( c=='.' && fossil_isalnum(zRepo[j-1]) && fossil_isalnum(zRepo[j+1])){
1300	continue;
1301	}
1302	szFile = 1;
1303	break;
1304	}
1305	if( szFile==0 ){
1306	if( zRepo[0]=='/' && zRepo[1]=='/' ){ zRepo++; j--; }
1307	szFile = file_size(zRepo);
1308	}
1309	if( szFile<0 ){
1310	const char *zMimetype;
1311	assert( fossil_strcmp(&zRepo[j], ".fossil")==0 );
1312	zRepo[j] = 0;
1313	if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){
1314

M www/changes.wiki

+6 -3

		--- www/changes.wiki
		+++ www/changes.wiki
		@@ -28,11 +28,14 @@
28	28	* Correctly deal with BOMs in check-in comments. Also attempt to convert
29	29	check-in comments to UTF8 from other encodings.
30	30	* Allow the deletion of multiple stash entries using multiple arguments
31	31	to the "fossil stash rm" command.
32	32	* Enhance the "fossil server DIRECTORY" command to serve static content
33		- files contained in DIRECTORY.
	33	+ files contained in DIRECTORY. For security, only files with a
	34	+ recognized suffix (such as .html, .jpg, *.txt, etc) will be delivered
	35	+ as static content, and *.fossil files are not on the list of recognized
	36	+ suffixes. There are additional restrictions on the names of the files.
34	37	* Allow the "fossil ui" command to specify a directory as long as the
35	38	the --notfound option is used.
36	39	* Add a configuration option that causes timeline messages to be rendered
37	40	as text/x-fossil-plain (which is the same as text/plain except that
38	41	hyperlinks inside of <nowiki>[...]</nowiki> are decorated.)
		@@ -68,12 +71,12 @@
68	71	a single sync.
69	72	* Show much less output during a sync operation, unless the --verbose
70	73	option is used.
71	74	* Set the action= attribute of <form> elements using javascript,
72	75	as an addition defense against spam-bots.
73		- * Disallow invalid UTF8 characters (such as overlength characters or
74		- characters in the surrogate pair range) in filename.
	76	+ * Disallow invalid UTF8 characters (such as characters in the surrogate
	77	+ pair range) in filenames.
75	78	* Judge the UserAgent strings issued by the NetSurf webbrowser to be
76	79	coming from a human, not from a bot.
77	80	* Add the zlib sources to the Fossil source tree (under compat/zlib) and
78	81	use those sources when compiling on (windows) systems that do not have
79	82	a zlib library installed by default.
80	83

	--- www/changes.wiki
	+++ www/changes.wiki
	@@ -28,11 +28,14 @@
28	* Correctly deal with BOMs in check-in comments. Also attempt to convert
29	check-in comments to UTF8 from other encodings.
30	* Allow the deletion of multiple stash entries using multiple arguments
31	to the "fossil stash rm" command.
32	* Enhance the "fossil server DIRECTORY" command to serve static content
33	files contained in DIRECTORY.



34	* Allow the "fossil ui" command to specify a directory as long as the
35	the --notfound option is used.
36	* Add a configuration option that causes timeline messages to be rendered
37	as text/x-fossil-plain (which is the same as text/plain except that
38	hyperlinks inside of <nowiki>[...]</nowiki> are decorated.)
	@@ -68,12 +71,12 @@
68	a single sync.
69	* Show much less output during a sync operation, unless the --verbose
70	option is used.
71	* Set the action= attribute of <form> elements using javascript,
72	as an addition defense against spam-bots.
73	* Disallow invalid UTF8 characters (such as overlength characters or
74	characters in the surrogate pair range) in filename.
75	* Judge the UserAgent strings issued by the NetSurf webbrowser to be
76	coming from a human, not from a bot.
77	* Add the zlib sources to the Fossil source tree (under compat/zlib) and
78	use those sources when compiling on (windows) systems that do not have
79	a zlib library installed by default.
80

	--- www/changes.wiki
	+++ www/changes.wiki
	@@ -28,11 +28,14 @@
28	* Correctly deal with BOMs in check-in comments. Also attempt to convert
29	check-in comments to UTF8 from other encodings.
30	* Allow the deletion of multiple stash entries using multiple arguments
31	to the "fossil stash rm" command.
32	* Enhance the "fossil server DIRECTORY" command to serve static content
33	files contained in DIRECTORY. For security, only files with a
34	recognized suffix (such as .html, .jpg, *.txt, etc) will be delivered
35	as static content, and *.fossil files are not on the list of recognized
36	suffixes. There are additional restrictions on the names of the files.
37	* Allow the "fossil ui" command to specify a directory as long as the
38	the --notfound option is used.
39	* Add a configuration option that causes timeline messages to be rendered
40	as text/x-fossil-plain (which is the same as text/plain except that
41	hyperlinks inside of <nowiki>[...]</nowiki> are decorated.)
	@@ -68,12 +71,12 @@
71	a single sync.
72	* Show much less output during a sync operation, unless the --verbose
73	option is used.
74	* Set the action= attribute of <form> elements using javascript,
75	as an addition defense against spam-bots.
76	* Disallow invalid UTF8 characters (such as characters in the surrogate
77	pair range) in filenames.
78	* Judge the UserAgent strings issued by the NetSurf webbrowser to be
79	coming from a human, not from a bot.
80	* Add the zlib sources to the Fossil source tree (under compat/zlib) and
81	use those sources when compiling on (windows) systems that do not have
82	a zlib library installed by default.
83

Fossil SCM

Keyboard Shortcuts