Documentation Source Text

Check-in [f30335da5c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:The SCRIPT_FILENAME cgi parameter in althttpd is now a full pathname.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: f30335da5ccbde32b2a9aebaaa8a43221cfb447a0ef26d78a053ed521629b897
User & Date: drh 2018-02-05 00:32:16
Context
2018-02-05
00:38
Minor correction to the new path parser in althttpd.c. check-in: ec999fa7cd user: drh tags: trunk
00:32
The SCRIPT_FILENAME cgi parameter in althttpd is now a full pathname. check-in: f30335da5c user: drh tags: trunk
2018-02-01
14:44
Merge fixes from the release branch. check-in: 5279eb6057 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to misc/althttpd.c.

  1084   1084   ** is 0.
  1085   1085   ** 
  1086   1086   ** If the connection should be closed, this routine calls exit() and
  1087   1087   ** thus never returns.  If this routine does return it means that another
  1088   1088   ** HTTP request may appear on the wire.
  1089   1089   */
  1090   1090   void ProcessOneRequest(int forceClose){
  1091         -  int i, c;
         1091  +  int i, j, j0, c;
  1092   1092     char *z;                  /* Used to parse up a string */
  1093   1093     struct stat statbuf;      /* Information about the file to be retrieved */
  1094   1094     FILE *in;                 /* For reading from CGI scripts */
  1095   1095     char zLine[1000];         /* A buffer for input lines or forming names */
  1096   1096   
  1097   1097     /* Change directories to the root of the HTTP filesystem
  1098   1098     */
................................................................................
  1394   1394            zHome, getcwd(zBuf,999));
  1395   1395     }
  1396   1396   
  1397   1397     /* Locate the file in the filesystem.  We might have to append
  1398   1398     ** the name "index.html" in order to find it.  Any excess path
  1399   1399     ** information is put into the zPathInfo variable.
  1400   1400     */
  1401         -  zLine[0] = '.';
         1401  +  j = j0 = (int)strlen(zLine);
  1402   1402     i = 0;
  1403   1403     while( zScript[i] ){
  1404   1404       while( zScript[i] && zScript[i]!='/' ){
  1405         -      zLine[i+1] = zScript[i];
  1406         -      i++;
         1405  +      zLine[j] = zScript[i];
         1406  +      i++; j++;
  1407   1407       }
  1408         -    zLine[i+1] = 0;
         1408  +    zLine[j] = 0;
  1409   1409       if( stat(zLine,&statbuf)!=0 ){
  1410   1410         int stillSearching = 1;
  1411   1411         while( stillSearching && i>0 ){
  1412         -        while( i>0 && zLine[i]!='/' ){ i--; }
  1413         -        strcpy(&zLine[i], "/not-found.html");
         1412  +        while( j>0 && zLine[j-1]!='/' ){ j--; }
         1413  +        strcpy(&zLine[j], "/not-found.html");
  1414   1414           if( stat(zLine,&statbuf)==0 && S_ISREG(statbuf.st_mode)
  1415   1415               && access(zLine,R_OK)==0 ){
  1416         -          zRealScript = StrDup(&zLine[1]);
         1416  +          zRealScript = StrDup(&zLine[j0]);
  1417   1417             Redirect(zRealScript, 1, __LINE__); /* LOG: redirect to not-found */
  1418   1418             return;
  1419   1419           }else{
  1420         -          i--;
         1420  +          j--;
  1421   1421           }
  1422   1422         }
  1423   1423         if( stillSearching ) NotFound(__LINE__); /* LOG: URI not found */
  1424   1424         break;
  1425   1425       }
  1426   1426       if( S_ISREG(statbuf.st_mode) ){
  1427   1427         if( access(zLine,R_OK) ){
  1428   1428           NotFound(__LINE__);  /* LOG: File not readable */
  1429   1429         }
  1430         -      zRealScript = StrDup(&zLine[1]);
         1430  +      zRealScript = StrDup(&zLine[j0]);
  1431   1431         break;
  1432   1432       }
  1433   1433       if( zScript[i]==0 || zScript[i+1]==0 ){
  1434         -      strcpy(&zLine[i+1],"/index.html");
         1434  +      strcpy(&zLine[j],"/index.html");
  1435   1435         if( stat(zLine,&statbuf)!=0 || !S_ISREG(statbuf.st_mode) 
  1436   1436         || access(zLine,R_OK) ){
  1437         -        strcpy(&zLine[i+1],"/index.cgi");
         1437  +        strcpy(&zLine[j],"/index.cgi");
  1438   1438           if( stat(zLine,&statbuf)!=0 || !S_ISREG(statbuf.st_mode) 
  1439   1439           || access(zLine,R_OK) ){
  1440   1440             NotFound(__LINE__); /* LOG: URI is a directory w/o index.html */
  1441   1441           }
  1442   1442         }
  1443         -      zRealScript = StrDup(&zLine[1]);
         1443  +      zRealScript = StrDup(&zLine[j0]);
  1444   1444         if( zScript[i]==0 ){
  1445   1445           /* If the requested URL does not end with "/" but we had to
  1446   1446           ** append "index.html", then a redirect is necessary.  Otherwise
  1447   1447           ** none of the relative URLs in the delivered document will be
  1448   1448           ** correct. */
  1449   1449           Redirect(zRealScript,1,__LINE__); /* LOG: redirect to add trailing / */
  1450   1450           return;
  1451   1451         }
  1452   1452         break;
  1453   1453       }
  1454         -    zLine[i+1] = zScript[i];
  1455         -    i++;
         1454  +    zLine[j] = zScript[i];
         1455  +    i++; j++;
  1456   1456     }
  1457   1457     zFile = StrDup(zLine);
  1458   1458     zPathInfo = StrDup(&zScript[i]);
  1459   1459     lenFile = strlen(zFile);
  1460   1460     zDir = StrDup(zFile);
  1461   1461     for(i=strlen(zDir)-1; i>0 && zDir[i]!='/'; i--){};
  1462   1462     if( i==0 ){