changed httpd-std.c to drop a query request not beginning with a slash when it's handled locally.
This commit is contained in:
parent
65f3c473f9
commit
bd40641e08
@ -465,7 +465,6 @@ static int get_server_root (
|
|||||||
if (qinfo->client->status & QSE_HTTPD_CLIENT_INTERCEPTED)
|
if (qinfo->client->status & QSE_HTTPD_CLIENT_INTERCEPTED)
|
||||||
{
|
{
|
||||||
/* transparent proxying */
|
/* transparent proxying */
|
||||||
|
|
||||||
if (loccfg->proxy.allow_intercept)
|
if (loccfg->proxy.allow_intercept)
|
||||||
{
|
{
|
||||||
root->type = QSE_HTTPD_SERVERSTD_ROOT_PROXY;
|
root->type = QSE_HTTPD_SERVERSTD_ROOT_PROXY;
|
||||||
@ -589,6 +588,7 @@ static int get_server_root (
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* local file system */
|
/* local file system */
|
||||||
|
|
||||||
root->type = QSE_HTTPD_SERVERSTD_ROOT_PATH;
|
root->type = QSE_HTTPD_SERVERSTD_ROOT_PATH;
|
||||||
root->u.path.val = loccfg->xcfg[XCFG_ROOT];
|
root->u.path.val = loccfg->xcfg[XCFG_ROOT];
|
||||||
root->u.path.rpl = loccfg->locname.len;
|
root->u.path.rpl = loccfg->locname.len;
|
||||||
|
@ -28,6 +28,7 @@ server-default {
|
|||||||
# document root
|
# document root
|
||||||
####################################################################
|
####################################################################
|
||||||
root = "/var/www";
|
root = "/var/www";
|
||||||
|
#root = "1.2.3.4:80";
|
||||||
|
|
||||||
# pseudonym to use in Via: for proxying
|
# pseudonym to use in Via: for proxying
|
||||||
#pseudonym = "my-host";
|
#pseudonym = "my-host";
|
||||||
|
@ -635,6 +635,10 @@ static int urs_prerewrite (qse_httpd_t* httpd, qse_httpd_client_t* client, qse_h
|
|||||||
host_ptr = QSE_MT("");
|
host_ptr = QSE_MT("");
|
||||||
proto = QSE_MT("");
|
proto = QSE_MT("");
|
||||||
}
|
}
|
||||||
|
else if (client->status & QSE_HTTPD_CLIENT_SECURE)
|
||||||
|
{
|
||||||
|
proto = QSE_MT("https://");
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
proto = QSE_MT("http://");
|
proto = QSE_MT("http://");
|
||||||
|
@ -2553,11 +2553,17 @@ static void merge_paths_to_buf (
|
|||||||
|
|
||||||
struct rsrc_tmp_t
|
struct rsrc_tmp_t
|
||||||
{
|
{
|
||||||
const qse_mchar_t* qpath;
|
const qse_mchar_t* qpath; /* query path in the request */
|
||||||
const qse_mchar_t* idxfile;
|
const qse_mchar_t* idxfile;
|
||||||
qse_mchar_t* xpath;
|
qse_mchar_t* xpath;
|
||||||
|
|
||||||
qse_size_t qpath_len;
|
qse_size_t qpath_len;
|
||||||
|
|
||||||
|
/* pointer to the first query path segment excluding the location name.
|
||||||
|
* for example, if a query path /a/b/c matches a location '/a',
|
||||||
|
* it points to '/b/c'. '/a' is replaced by the document root.
|
||||||
|
* and '/b/c' is concatenated to the document root. if the document
|
||||||
|
* root is '/var/www', the final path becomes /var/www/b/c'. */
|
||||||
const qse_mchar_t* qpath_rp;
|
const qse_mchar_t* qpath_rp;
|
||||||
|
|
||||||
qse_httpd_serverstd_root_t root;
|
qse_httpd_serverstd_root_t root;
|
||||||
@ -2616,7 +2622,7 @@ static int attempt_cgi (
|
|||||||
goto bingo;
|
goto bingo;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else if (tmp->qpath_rp[0] != QSE_MT('\0'))
|
||||||
{
|
{
|
||||||
/* inspect each segment from the head. */
|
/* inspect each segment from the head. */
|
||||||
const qse_mchar_t* ptr;
|
const qse_mchar_t* ptr;
|
||||||
@ -2828,6 +2834,16 @@ static int make_resource (
|
|||||||
/* handle the request locally */
|
/* handle the request locally */
|
||||||
QSE_ASSERT (tmp.root.type == QSE_HTTPD_SERVERSTD_ROOT_PATH);
|
QSE_ASSERT (tmp.root.type == QSE_HTTPD_SERVERSTD_ROOT_PATH);
|
||||||
|
|
||||||
|
if (tmp.qpath[0] != QSE_MT('/'))
|
||||||
|
{
|
||||||
|
/* this implementation doesn't accept a query path
|
||||||
|
* not beginning with a slash when handling the request
|
||||||
|
* locally. */
|
||||||
|
target->type = QSE_HTTPD_RSRC_ERROR;
|
||||||
|
target->u.error.code = 400;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*****************************************************************************
|
/*****************************************************************************
|
||||||
* BUG BUG BUG !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
|
* BUG BUG BUG !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1
|
||||||
* TODO: calling the realm query here is wrong especially if the prefix path is resolved to a cgi.
|
* TODO: calling the realm query here is wrong especially if the prefix path is resolved to a cgi.
|
||||||
@ -2844,6 +2860,16 @@ static int make_resource (
|
|||||||
/* default to the root directory. */
|
/* default to the root directory. */
|
||||||
if (!tmp.root.u.path.val) tmp.root.u.path.val = QSE_MT("/");
|
if (!tmp.root.u.path.val) tmp.root.u.path.val = QSE_MT("/");
|
||||||
|
|
||||||
|
/* query path /a/b/c
|
||||||
|
* location matched /a/b
|
||||||
|
* rpl is set to 4(/a/b). rpl, in fact, can't be larger than the query length.
|
||||||
|
* qpath_rp points to /c in /a/b/c
|
||||||
|
*
|
||||||
|
* query path /
|
||||||
|
* location matched /
|
||||||
|
* rpl is set to 1.
|
||||||
|
* qpath_rp points to an empty string (pointer a null character in the query path)
|
||||||
|
*/
|
||||||
tmp.qpath_rp = (tmp.root.u.path.rpl >= tmp.qpath_len)?
|
tmp.qpath_rp = (tmp.root.u.path.rpl >= tmp.qpath_len)?
|
||||||
&tmp.qpath[tmp.qpath_len]: &tmp.qpath[tmp.root.u.path.rpl];
|
&tmp.qpath[tmp.qpath_len]: &tmp.qpath[tmp.root.u.path.rpl];
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user