lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

47 lines
1.2 KiB

#!/usr/bin/env perl
revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738) reverts part of commit:dbdab5db which swapped REQUEST_URI, REDIRECT_URI x-ref: "mediawiki redirect loop if REQUEST_URI not orig req in 1.4.40" https://redmine.lighttpd.net/issues/2738 Explanation: REQUEST_URI and REDIRECT_URI are not part of CGI standard environment. The reason for their existence is that PATH_INFO in CGI environment may be different from the path in the current request. The main reason for this potential difference is that the URI path is normalized to a path in the filesystem and tested against the filesystem to determine which part is SCRIPT_NAME and which part is PATH_INFO. In case-insensitive filesystems, the URI might be lowercased before testing against the filesystem, leading to loss of case-sensitive submission in any resulting PATH_INFO. Also, duplicated slashes "///" and directory references "/." and "/.." are removed, including prior path component in the case of "/..". This might be undesirable when the information after the SCRIPT_NAME is virtual information and there target script needs the virtual path preserved as-is. In that case, the target script can re-parse REQUEST_URI (or REDIRECT_URI, as appropriate) to obtain the unmodified information from the URI. con->request.uri is equivalent to con->request.orig_uri unless the request has been internally rewritten (e.g. by mod_rewrite, mod_magnet, others), in which case con->request.orig_uri is the request made by the client, and con->request.uri is the current URI being processed. Historical REQUEST_URI (environment variable) lighttpd inconsistencies - mod_cml set REQUEST_URI to con->request.orig_uri - mod_cgi set REQUEST_URI to con->request.orig_uri - mod_fastcgi set REQUEST_URI to con->request.orig_uri - mod_scgi set REQUEST_URI to con->request.orig_uri - mod_ssi set REQUEST_URI to current con->request.uri - mod_magnet set MAGNET_ENV_REQUEST_URI to current con->request.uri and MAGNET_ENV_REQUEST_ORIG_URI to con->request.orig_uri Historical REDIRECT_URI (environment variable) previously set only in mod_fastcgi and mod_scgi, and set to con->request.uri Since lighttpd 1.4.40 provides REDIRECT_URI with con->request.orig_uri, changes were made to REQUEST_URI for consistency, with the hope that there would be little impact to existing configurations since the request uri and original request uri are the same unless there has been an internal redirect. It turns out that various PHP frameworks use REQUEST_URI and require that it be the original URI requested by client. Therefore, this change is being reverted, and lighttpd will set REQUEST_URI to con->request.orig_uri in mod_cgi, mod_fastcgi, mod_scgi as was done in lighttpd 1.4.39 and earlier. Similarly, REDIRECT_URI also has the prior behavior in mod_fastcgi and mod_scgi, and added to mod_cgi. A future release of lighttpd might change mod_ssi to be consistent with the other modules in setting REQUEST_URI to con->request.orig_uri and to add REDIRECT_URI, when an internal redirect has occurred.
6 years ago
my $request_uri = $ENV{'REQUEST_URI'};
if ($request_uri =~ m/^\/dynamic\/200\// ) {
print "Status: 200\n",
"Content-Type: text/plain\n",
"\n",
"found here\n";
}
elsif ($request_uri =~ m|^/dynamic/302/| ) {
print "Status: 302\n",
"Location: http://www.example.org/\n",
"\n";
}
elsif ($request_uri =~ m/^\/dynamic\/404\// ) {
print "Status: 404\n",
"Content-Type: text/plain\n",
"\n",
"Not found here\n";
}
elsif ($request_uri =~ m/^\/send404\.pl/ ) {
print "Status: 404\n",
"Content-Type: text/plain\n",
"\n",
"Not found here (send404)\n";
}
elsif ($request_uri =~ m/^\/dynamic\/nostatus\// ) {
print ("found here\n");
}
revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738) reverts part of commit:dbdab5db which swapped REQUEST_URI, REDIRECT_URI x-ref: "mediawiki redirect loop if REQUEST_URI not orig req in 1.4.40" https://redmine.lighttpd.net/issues/2738 Explanation: REQUEST_URI and REDIRECT_URI are not part of CGI standard environment. The reason for their existence is that PATH_INFO in CGI environment may be different from the path in the current request. The main reason for this potential difference is that the URI path is normalized to a path in the filesystem and tested against the filesystem to determine which part is SCRIPT_NAME and which part is PATH_INFO. In case-insensitive filesystems, the URI might be lowercased before testing against the filesystem, leading to loss of case-sensitive submission in any resulting PATH_INFO. Also, duplicated slashes "///" and directory references "/." and "/.." are removed, including prior path component in the case of "/..". This might be undesirable when the information after the SCRIPT_NAME is virtual information and there target script needs the virtual path preserved as-is. In that case, the target script can re-parse REQUEST_URI (or REDIRECT_URI, as appropriate) to obtain the unmodified information from the URI. con->request.uri is equivalent to con->request.orig_uri unless the request has been internally rewritten (e.g. by mod_rewrite, mod_magnet, others), in which case con->request.orig_uri is the request made by the client, and con->request.uri is the current URI being processed. Historical REQUEST_URI (environment variable) lighttpd inconsistencies - mod_cml set REQUEST_URI to con->request.orig_uri - mod_cgi set REQUEST_URI to con->request.orig_uri - mod_fastcgi set REQUEST_URI to con->request.orig_uri - mod_scgi set REQUEST_URI to con->request.orig_uri - mod_ssi set REQUEST_URI to current con->request.uri - mod_magnet set MAGNET_ENV_REQUEST_URI to current con->request.uri and MAGNET_ENV_REQUEST_ORIG_URI to con->request.orig_uri Historical REDIRECT_URI (environment variable) previously set only in mod_fastcgi and mod_scgi, and set to con->request.uri Since lighttpd 1.4.40 provides REDIRECT_URI with con->request.orig_uri, changes were made to REQUEST_URI for consistency, with the hope that there would be little impact to existing configurations since the request uri and original request uri are the same unless there has been an internal redirect. It turns out that various PHP frameworks use REQUEST_URI and require that it be the original URI requested by client. Therefore, this change is being reverted, and lighttpd will set REQUEST_URI to con->request.orig_uri in mod_cgi, mod_fastcgi, mod_scgi as was done in lighttpd 1.4.39 and earlier. Similarly, REDIRECT_URI also has the prior behavior in mod_fastcgi and mod_scgi, and added to mod_cgi. A future release of lighttpd might change mod_ssi to be consistent with the other modules in setting REQUEST_URI to con->request.orig_uri and to add REDIRECT_URI, when an internal redirect has occurred.
6 years ago
elsif ($request_uri =~ m/^\/dynamic\/redirect_status\// ) {
print "Status: $ENV{'REDIRECT_STATUS'}\n",
"Content-Type: text/plain\n",
"\n",
"REDIRECT_STATUS\n";
[core] server.error-handler new directive for error pages (fixes #2702) server.error-handler preserves HTTP status error code when error page is static, and allows dynamic handlers to change HTTP status code when error page is provided by dynamic handler. server.error-handler intercepts all HTTP status codes >= 400 except when the content is generated by a dynamic handler (cgi, ssi, fastcgi, scgi, proxy, lua). The request method is unconditionally changed to GET for the request to service the error handler, and the original request method is later restored (for logging purposes). request body from the original request, if present, is discarded. server.error-handler is somewhat similar to server.error-handler-404, but server.error-handler-404 is now deprecated, intercepts only 404 and 403 HTTP status codes, and returns 200 OK for static error pages, a source of confusion for some admins. On the other hand, the new server.error-handler, when set, will intercept all HTTP status error codes >= 400. server.error-handler takes precedence over server.error-handler-404 when both are set. NOTE: a major difference between server.error-handler and the now-deprecated server.error-handler-404 is that the values of the non-standard CGI environment variables REQUEST_URI and REDIRECT_URI have been swapped. Since REDIRECT_STATUS is the original HTTP status code, REDIRECT_URI is now the original request, and REQUEST_URI is the current request (e.g. the URI/URL to the error handler). The prior behavior -- which reversed REQUEST_URI and REDIRECT_URI values from those described above -- is preserved for server.error-handler-404. Additionally, REDIRECT_STATUS is now available to mod_magnet, which continues to have access to request.uri and request.orig_uri. See further discussion at https://redmine.lighttpd.net/issues/2702 and https://redmine.lighttpd.net/issues/1828 github: closes #36
7 years ago
}
elsif ($ENV{PATH_INFO} eq "/internal-redir" ) {
# (not actually 404 error, but use separate script from cgi.pl for testing)
print "Status: 200\r\n\r\n";
}
else {
print "Status: 500\n",
"Content-Type: text/plain\n",
"\n",
"huh\n";
};