Skip to content
Snippets Groups Projects
Commit ddcf54f1 authored by deuce's avatar deuce
Browse files

*MUST* always create the cgi_env list in case of a redirected 

CGI (ie: index.cgi)
Don't read POST data until just before a respond() as the behaviour
of POST data reading depends on the response tpye (ie: JS/CGI)

Added a few DEBUG log lines (environment variable adding).  It gets
pretty verbose, but what do you expect with DEBUG level logging?
parent 11ed31dd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 45 additions and 40 deletions
src/sbbs3/websrvr.c
+ 45
40
View file @ ddcf54f1
......@@ -507,6 +507,7 @@ static void add_env(http_session_t *session, const char *name,const char *value)
lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
return;
}
lprintf(LOG_DEBUG,"%04d Adding CGI environment variable %s=%s",session->socket,newname,value);
sprintf(p,"%s=%s",newname,value);
strListPush(&session->req.cgi_env,p);
free(p);
......@@ -1251,11 +1252,9 @@ static BOOL check_ars(http_session_t * session)
FREE_AND_NULL(ar);
if(authorized) {
if(session->req.dynamic==IS_CGI) {
add_env(session,"AUTH_TYPE","Basic");
/* Should use real name if set to do so somewhere ToDo */
add_env(session,"REMOTE_USER",session->user.alias);
}
add_env(session,"AUTH_TYPE","Basic");
/* Should use real name if set to do so somewhere ToDo */
add_env(session,"REMOTE_USER",session->user.alias);
return(TRUE);
}
......@@ -1572,13 +1571,11 @@ static BOOL parse_headers(http_session_t * session)
b64_decode(session->req.auth,sizeof(session->req.auth),p,strlen(p));
break;
case HEAD_LENGTH:
if(session->req.dynamic==IS_CGI)
add_env(session,"CONTENT_LENGTH",value);
add_env(session,"CONTENT_LENGTH",value);
content_len=atoi(value);
break;
case HEAD_TYPE:
if(session->req.dynamic==IS_CGI)
add_env(session,"CONTENT_TYPE",value);
add_env(session,"CONTENT_TYPE",value);
break;
case HEAD_IFMODIFIED:
session->req.if_modified_since=decode_date(value);
......@@ -1606,33 +1603,13 @@ static BOOL parse_headers(http_session_t * session)
default:
break;
}
if(session->req.dynamic==IS_CGI) {
sprintf(env_name,"HTTP_%s",head_line);
add_env(session,env_name,value);
}
sprintf(env_name,"HTTP_%s",head_line);
add_env(session,env_name,value);
}
}
if(content_len && session->req.dynamic != IS_CGI) {
if(content_len < (MAX_POST_LEN+1) && (session->req.post_data=malloc(content_len+1)) != NULL) {
session->req.post_len=recvbufsocket(session->socket,session->req.post_data,content_len);
if(session->req.post_len != content_len)
lprintf(LOG_DEBUG,"%04d !ERROR Browser said they sent %d bytes, but I got %d",session->socket,content_len,session->req.post_len);
if(session->req.post_len > content_len)
session->req.post_len = content_len;
session->req.post_data[session->req.post_len]=0;
if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
js_add_request_prop(session,"post_data",session->req.post_data);
js_parse_query(session,session->req.post_data);
}
}
else {
lprintf(LOG_CRIT,"%04d !ERROR Allocating %d bytes of memory",session->socket,content_len);
send_error(session,"413 Request entity too large");
return(FALSE);
}
}
if(session->req.dynamic==IS_CGI)
add_env(session,"SERVER_NAME",session->req.host[0] ? session->req.host : startup->host_name );
if(content_len)
session->req.post_len = content_len;
add_env(session,"SERVER_NAME",session->req.host[0] ? session->req.host : startup->host_name );
return TRUE;
}
......@@ -2089,15 +2066,13 @@ static BOOL check_request(http_session_t * session)
return(FALSE);
}
SAFECOPY(session->req.physical_path,path);
if(session->req.dynamic==IS_CGI) {
add_env(session,"SCRIPT_NAME",session->req.virtual_path);
add_env(session,"SCRIPT_FILENAME",session->req.physical_path);
}
add_env(session,"SCRIPT_NAME",session->req.virtual_path);
add_env(session,"SCRIPT_FILENAME",session->req.physical_path);
SAFECOPY(str,session->req.virtual_path);
last_slash=find_last_slash(str);
if(last_slash!=NULL)
*(last_slash+1)=0;
if(session->req.dynamic==IS_CGI && *(session->req.extra_path_info))
if(*(session->req.extra_path_info))
{
sprintf(str,"%s%s",startup->root_dir,session->req.extra_path_info);
add_env(session,"PATH_TRANSLATED",str);
......@@ -2364,6 +2339,8 @@ static BOOL exec_cgi(http_session_t *session)
char content_type[MAX_REQUEST_LINE+1];
int snt;
lprintf(LOG_DEBUG,"%04d Recieved invalid CGI headers, sending result as plain-text",session->socket);
/* free() the non-headers so they don't get sent, then recreate the list */
strListFreeStrings(session->req.dynamic_heads);
......@@ -3259,6 +3236,33 @@ static void respond(http_session_t * session)
session->req.finished=TRUE;
}
int read_post_data(http_session_t * session)
{
int i;
if(session->req.dynamic!=IS_CGI && session->req.post_len) {
i = session->req.post_len;
if(i < (MAX_POST_LEN+1) && (session->req.post_data=malloc(i+1)) != NULL) {
session->req.post_len=recvbufsocket(session->socket,session->req.post_data,i);
if(session->req.post_len != i)
lprintf(LOG_DEBUG,"%04d !ERROR Browser said they sent %d bytes, but I got %d",session->socket,i,session->req.post_len);
if(session->req.post_len > i)
session->req.post_len = i;
session->req.post_data[session->req.post_len]=0;
if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
js_add_request_prop(session,"post_data",session->req.post_data);
js_parse_query(session,session->req.post_data);
}
}
else {
lprintf(LOG_CRIT,"%04d !ERROR Allocating %d bytes of memory",session->socket,i);
send_error(session,"413 Request entity too large");
return(FALSE);
}
}
return(TRUE);
}
void http_session_thread(void* arg)
{
int i;
......@@ -3386,7 +3390,8 @@ void http_session_thread(void* arg)
if((session.http_ver<HTTP_1_0)||redirp!=NULL||parse_headers(&session)) {
if(check_request(&session)) {
if(session.req.send_location < MOVED_TEMP || session.req.virtual_path[0]!='/' || loop_count++ >= MAX_REDIR_LOOPS) {
respond(&session);
if(read_post_data(&session))
respond(&session);
}
else {
safe_snprintf(redir_req,sizeof(redir_req),"%s %s%s%s",methods[session.req.method]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment