Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit ddcf54f1 authored by deuce's avatar deuce

*MUST* always create the cgi_env list in case of a redirected

CGI (ie: index.cgi)
Don't read POST data until just before a respond() as the behaviour
of POST data reading depends on the response tpye (ie: JS/CGI)

Added a few DEBUG log lines (environment variable adding).  It gets
pretty verbose, but what do you expect with DEBUG level logging?
parent 11ed31dd
......@@ -507,6 +507,7 @@ static void add_env(http_session_t *session, const char *name,const char *value)
lprintf(LOG_WARNING,"%04d Cannot allocate memory for string", session->socket);
return;
}
lprintf(LOG_DEBUG,"%04d Adding CGI environment variable %s=%s",session->socket,newname,value);
sprintf(p,"%s=%s",newname,value);
strListPush(&session->req.cgi_env,p);
free(p);
......@@ -1251,11 +1252,9 @@ static BOOL check_ars(http_session_t * session)
FREE_AND_NULL(ar);
if(authorized) {
if(session->req.dynamic==IS_CGI) {
add_env(session,"AUTH_TYPE","Basic");
/* Should use real name if set to do so somewhere ToDo */
add_env(session,"REMOTE_USER",session->user.alias);
}
add_env(session,"AUTH_TYPE","Basic");
/* Should use real name if set to do so somewhere ToDo */
add_env(session,"REMOTE_USER",session->user.alias);
return(TRUE);
}
......@@ -1572,13 +1571,11 @@ static BOOL parse_headers(http_session_t * session)
b64_decode(session->req.auth,sizeof(session->req.auth),p,strlen(p));
break;
case HEAD_LENGTH:
if(session->req.dynamic==IS_CGI)
add_env(session,"CONTENT_LENGTH",value);
add_env(session,"CONTENT_LENGTH",value);
content_len=atoi(value);
break;
case HEAD_TYPE:
if(session->req.dynamic==IS_CGI)
add_env(session,"CONTENT_TYPE",value);
add_env(session,"CONTENT_TYPE",value);
break;
case HEAD_IFMODIFIED:
session->req.if_modified_since=decode_date(value);
......@@ -1606,33 +1603,13 @@ static BOOL parse_headers(http_session_t * session)
default:
break;
}
if(session->req.dynamic==IS_CGI) {
sprintf(env_name,"HTTP_%s",head_line);
add_env(session,env_name,value);
}
sprintf(env_name,"HTTP_%s",head_line);
add_env(session,env_name,value);
}
}
if(content_len && session->req.dynamic != IS_CGI) {
if(content_len < (MAX_POST_LEN+1) && (session->req.post_data=malloc(content_len+1)) != NULL) {
session->req.post_len=recvbufsocket(session->socket,session->req.post_data,content_len);
if(session->req.post_len != content_len)
lprintf(LOG_DEBUG,"%04d !ERROR Browser said they sent %d bytes, but I got %d",session->socket,content_len,session->req.post_len);
if(session->req.post_len > content_len)
session->req.post_len = content_len;
session->req.post_data[session->req.post_len]=0;
if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
js_add_request_prop(session,"post_data",session->req.post_data);
js_parse_query(session,session->req.post_data);
}
}
else {
lprintf(LOG_CRIT,"%04d !ERROR Allocating %d bytes of memory",session->socket,content_len);
send_error(session,"413 Request entity too large");
return(FALSE);
}
}
if(session->req.dynamic==IS_CGI)
add_env(session,"SERVER_NAME",session->req.host[0] ? session->req.host : startup->host_name );
if(content_len)
session->req.post_len = content_len;
add_env(session,"SERVER_NAME",session->req.host[0] ? session->req.host : startup->host_name );
return TRUE;
}
......@@ -2089,15 +2066,13 @@ static BOOL check_request(http_session_t * session)
return(FALSE);
}
SAFECOPY(session->req.physical_path,path);
if(session->req.dynamic==IS_CGI) {
add_env(session,"SCRIPT_NAME",session->req.virtual_path);
add_env(session,"SCRIPT_FILENAME",session->req.physical_path);
}
add_env(session,"SCRIPT_NAME",session->req.virtual_path);
add_env(session,"SCRIPT_FILENAME",session->req.physical_path);
SAFECOPY(str,session->req.virtual_path);
last_slash=find_last_slash(str);
if(last_slash!=NULL)
*(last_slash+1)=0;
if(session->req.dynamic==IS_CGI && *(session->req.extra_path_info))
if(*(session->req.extra_path_info))
{
sprintf(str,"%s%s",startup->root_dir,session->req.extra_path_info);
add_env(session,"PATH_TRANSLATED",str);
......@@ -2364,6 +2339,8 @@ static BOOL exec_cgi(http_session_t *session)
char content_type[MAX_REQUEST_LINE+1];
int snt;
lprintf(LOG_DEBUG,"%04d Recieved invalid CGI headers, sending result as plain-text",session->socket);
/* free() the non-headers so they don't get sent, then recreate the list */
strListFreeStrings(session->req.dynamic_heads);
......@@ -3259,6 +3236,33 @@ static void respond(http_session_t * session)
session->req.finished=TRUE;
}
int read_post_data(http_session_t * session)
{
int i;
if(session->req.dynamic!=IS_CGI && session->req.post_len) {
i = session->req.post_len;
if(i < (MAX_POST_LEN+1) && (session->req.post_data=malloc(i+1)) != NULL) {
session->req.post_len=recvbufsocket(session->socket,session->req.post_data,i);
if(session->req.post_len != i)
lprintf(LOG_DEBUG,"%04d !ERROR Browser said they sent %d bytes, but I got %d",session->socket,i,session->req.post_len);
if(session->req.post_len > i)
session->req.post_len = i;
session->req.post_data[session->req.post_len]=0;
if(session->req.dynamic==IS_SSJS || session->req.dynamic==IS_JS) {
js_add_request_prop(session,"post_data",session->req.post_data);
js_parse_query(session,session->req.post_data);
}
}
else {
lprintf(LOG_CRIT,"%04d !ERROR Allocating %d bytes of memory",session->socket,i);
send_error(session,"413 Request entity too large");
return(FALSE);
}
}
return(TRUE);
}
void http_session_thread(void* arg)
{
int i;
......@@ -3386,7 +3390,8 @@ void http_session_thread(void* arg)
if((session.http_ver<HTTP_1_0)||redirp!=NULL||parse_headers(&session)) {
if(check_request(&session)) {
if(session.req.send_location < MOVED_TEMP || session.req.virtual_path[0]!='/' || loop_count++ >= MAX_REDIR_LOOPS) {
respond(&session);
if(read_post_data(&session))
respond(&session);
}
else {
safe_snprintf(redir_req,sizeof(redir_req),"%s %s%s%s",methods[session.req.method]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment