Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Modify althttpd.c to allow web content in the ".well-known" directory. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
10a66e4535685a63c86945da9bfe8be5 |
User & Date: | drh 2017-03-14 02:17:24.695 |
Context
2017-03-14
| ||
23:28 | Tighten and formalize the hack in althttpd that allows .well-known path prefixes on URIs. (check-in: adbefa195f user: drh tags: trunk) | |
02:17 | Modify althttpd.c to allow web content in the ".well-known" directory. (check-in: 10a66e4535 user: drh tags: trunk) | |
2017-03-10
| ||
16:37 | Add documentation for the SQLITE_MAX_MEMORY compile-time option. (check-in: 268f62bc5a user: drh tags: trunk) | |
Changes
Changes to misc/althttpd.c.
︙ | ︙ | |||
1296 1297 1298 1299 1300 1301 1302 1303 1304 | */ sanitizeString(zScript); /* Do not allow "/." or "/-" to to occur anywhere in the entity name. ** This prevents attacks involving ".." and also allows us to create ** files and directories whose names begin with "-" or "." which are ** invisible to the webserver. */ for(z=zScript; *z; z++){ | > > > | > > | 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 | */ sanitizeString(zScript); /* Do not allow "/." or "/-" to to occur anywhere in the entity name. ** This prevents attacks involving ".." and also allows us to create ** files and directories whose names begin with "-" or "." which are ** invisible to the webserver. ** ** Exception: Do allow "/.well-known/" so that the letencrypt --webroot ** option will work. */ for(z=zScript; *z; z++){ if( *z=='/' && (z[1]=='.' || z[1]=='-') && strncmp(z,"/.well-known/",13)!=0 ){ NotFound(__LINE__); /* LOG: Path element begins with "." or "-" */ } } /* Figure out what the root of the filesystem should be. If the ** HTTP_HOST parameter exists (stored in zHttpHost) then remove the ** port number from the end (if any), convert all characters to lower |
︙ | ︙ |