diff --git a/NEWS b/NEWS index cf622f5c..dbf28fda 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ NEWS * Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331) * Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. * [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled + * Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file - 1.4.29 - 2011-07-03 * Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259) diff --git a/src/mod_staticfile.c b/src/mod_staticfile.c index aa0742da..f5114dd3 100644 --- a/src/mod_staticfile.c +++ b/src/mod_staticfile.c @@ -26,6 +26,7 @@ typedef struct { array *exclude_ext; unsigned short etags_used; + unsigned short disable_pathinfo; } plugin_config; typedef struct { @@ -84,6 +85,7 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) { config_values_t cv[] = { { "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ { "static-file.etags", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ + { "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } }; @@ -97,9 +99,11 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) { s = calloc(1, sizeof(plugin_config)); s->exclude_ext = array_init(); s->etags_used = 1; + s->disable_pathinfo = 0; cv[0].destination = s->exclude_ext; cv[1].destination = &(s->etags_used); + cv[2].destination = &(s->disable_pathinfo); p->config_storage[i] = s; @@ -119,6 +123,7 @@ static int mod_staticfile_patch_connection(server *srv, connection *con, plugin_ PATCH(exclude_ext); PATCH(etags_used); + PATCH(disable_pathinfo); /* skip the first, the global context */ for (i = 1; i < srv->config_context->used; i++) { @@ -136,7 +141,9 @@ static int mod_staticfile_patch_connection(server *srv, connection *con, plugin_ PATCH(exclude_ext); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) { PATCH(etags_used); - } + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) { + PATCH(disable_pathinfo); + } } } @@ -375,6 +382,13 @@ URIHANDLER_FUNC(mod_staticfile_subrequest) { mod_staticfile_patch_connection(srv, con, p); + if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) { + if (con->conf.log_request_handling) { + log_error_write(srv, __FILE__, __LINE__, "s", "-- NOT handling file as static file, pathinfo forbidden"); + } + return HANDLER_GO_ON; + } + /* ignore certain extensions */ for (k = 0; k < p->conf.exclude_ext->used; k++) { ds = (data_string *)p->conf.exclude_ext->data[k]; diff --git a/tests/lighttpd.conf b/tests/lighttpd.conf index f93311d0..8608fdd6 100644 --- a/tests/lighttpd.conf +++ b/tests/lighttpd.conf @@ -149,6 +149,7 @@ $HTTP["host"] == "vvv.example.org" { $HTTP["host"] == "zzz.example.org" { server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/" server.name = "zzz.example.org" + static-file.disable-pathinfo = "enable" } $HTTP["host"] == "symlink.example.org" { diff --git a/tests/request.t b/tests/request.t index 5c2dfd5b..c4bd9581 100755 --- a/tests/request.t +++ b/tests/request.t @@ -8,7 +8,7 @@ BEGIN { use strict; use IO::Socket; -use Test::More tests => 44; +use Test::More tests => 46; use LightyTest; my $tf = LightyTest->new(); @@ -413,5 +413,21 @@ $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP- $t->{SLOWREQUEST} = 1; ok($tf->handle_http($t) == 0, 'GET, slow \\r\\n\\r\\n (#2105)'); +print "\nPathinfo for static files\n"; +$t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Content-Type' => 'image/jpeg' } ]; +ok($tf->handle_http($t) == 0, 'static file accepting pathinfo by default'); + +$t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; +ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo'); + ok($tf->stop_proc == 0, "Stopping lighttpd"); diff --git a/tests/wrapper.sh b/tests/wrapper.sh index 07cc784f..571594c6 100755 --- a/tests/wrapper.sh +++ b/tests/wrapper.sh @@ -6,4 +6,4 @@ srcdir=$1 top_builddir=$2 export SHELL srcdir top_builddir -$3 +exec $3