Commit Graph

200 Commits

Author SHA1 Message Date
Stefan Bühler d1a2356916 fix SQL injection / host name validation (thx Jann Horn)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2959 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-03-12 12:03:55 +00:00
Stefan Bühler d7c90814c3 [tests] add cleanup.sh to cmake test runs, reset SLOWREQUEST in request.t
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2932 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:12 +00:00
Stefan Bühler a4640b457e [tests] use list for perl exec to skip the sh wrapper
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2903 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-09-06 16:44:41 +00:00
Stefan Bühler 95dc1ed79e [tests] add mod_simplevhost tests
* next commit fixes the bug

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2897 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:15:01 +00:00
Stefan Bühler f0a2c0f293 [mod_user] add test cases to check handling of encoded ~ as %7E (#2124)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2881 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 10:07:45 +00:00
Stefan Bühler c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2870 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-04-29 13:08:25 +00:00
Stefan Bühler 543bd249fb fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
See:
 http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-21#section-5
 > it makes sense to ignore the If-Modified-Since when entity tags are
 > understood and available for the selected representation.

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2865 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-01-22 13:08:21 +00:00
Stefan Bühler 6200764f05 tests: check different combination of empty values, leading/trailing spaces and commas in the Connection header
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2859 152afb58-edef-0310-8abb-c4023f1b3aa9
2012-11-21 12:01:42 +00:00
Cyril Brulebois 4f4bcdd3c3 tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi)
In case the proxy instance goes wrong, the clean-up doesn't kill the
real instance. So close both instances explicitly in the clean-up
phase.

Signed-off-by: Cyril Brulebois <kibi@debian.org>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2857 152afb58-edef-0310-8abb-c4023f1b3aa9
2012-11-09 14:23:25 +00:00
Cyril Brulebois 0c6a564543 Fix non-ANSI function declarations.
The proper way to declare a function taking no parameters isn't:
  foo bar();

But this instead:
  foo bar(void);

Signed-off-by: Cyril Brulebois <kibi@debian.org>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2843 152afb58-edef-0310-8abb-c4023f1b3aa9
2012-08-31 14:11:41 +00:00
Stefan Bühler 7187271fb6 [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2833 152afb58-edef-0310-8abb-c4023f1b3aa9
2012-04-19 13:02:11 +00:00
Stefan Bühler 6c9dff7cda [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2806 152afb58-edef-0310-8abb-c4023f1b3aa9
2011-11-29 22:27:11 +00:00
Stefan Bühler e05f1b3eec Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2803 152afb58-edef-0310-8abb-c4023f1b3aa9
2011-08-30 22:13:59 +00:00
Stefan Bühler bf0d57d505 two additional test cases for absolute http(s) uris in the request line
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2787 152afb58-edef-0310-8abb-c4023f1b3aa9
2011-04-04 22:39:48 +00:00
Stefan Bühler 1eef447d32 [tests] Add path traversal check with $HTTP['url']
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2777 152afb58-edef-0310-8abb-c4023f1b3aa9
2011-02-10 07:56:11 +00:00
Stefan Bühler 48fea28651 Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2696 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-11-29 14:13:13 +00:00
Stefan Bühler 6ecb86159c Fix accesslog escape segfault (#1551)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2664 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-10-16 18:56:04 +00:00
Stefan Bühler 8c83976dbe mod_fastcgi: Add "X-Sendfile2" - supporting multiple ranged files (fixes #2008)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2651 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-10-14 17:32:38 +00:00
Peter Colberg 8b6dae4139 Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg <peter@colberg.org>)
* This patch may "break" some configs, if they do stupid things. Like setting
  ssl.pemfile to a not existing file in a "non-socket/non-ssl" block.
  Fix them! :)

From: Peter Colberg <peter@colberg.org>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2648 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-10-14 13:39:59 +00:00
Stefan Bühler 83145e8ba6 mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn't exist or is not a regular file (fixes #985, thx lucas aerbeydt)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2647 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-10-12 21:49:09 +00:00
Stefan Bühler fd13e94427 mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2639 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-10-11 21:54:50 +00:00
Stefan Bühler ce74fd521c tests: Rename env-var to select tests to RUNTESTS
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2637 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-10-11 20:32:40 +00:00
Stefan Bühler d21c645bfa mod_compress: match partial+full content-type (fixes #1552)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2634 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-10-11 19:27:55 +00:00
Stefan Bühler 17d0c36eed Read hostname from absolute uris in the request line (fixes #1937)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2631 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-10-11 18:31:25 +00:00
Stefan Bühler 0eff441bb6 tests: fix endless loop if connect fails without the child dying
Found as make check on ubuntu hardy hanged itself, as perl-base
dependencies were broken and didn't require /etc/protocols but it
needed the file.


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2610 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-08-08 12:51:05 +00:00
Stefan Bühler 64c2e93336 Cleanup tree: remove .cvsignore and ChangeLog (deprecated by NEWS)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2600 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-07-23 21:55:00 +00:00
Stefan Bühler b3ba9f0fb9 tests: use breakage log
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2555 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-07-01 16:16:40 +00:00
Stefan Bühler 5865a2e3f2 Removed sendfile.php from dist
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2543 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-06-19 19:18:26 +00:00
Stefan Bühler b2108c436c Remove X-Sendfile-Range feature; it will be replaced with something more powerful (#2005, #2008)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2542 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-06-19 19:06:39 +00:00
Stefan Bühler 60e745695a Fix 100% cpu usage if time() < 0 (thx to gaspa and cate, fixes #1964)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2532 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-06-11 14:04:57 +00:00
Stefan Bühler ad1e80e5af Add X-Sendfile-Range feature (fixes #2005)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2531 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-06-11 12:35:00 +00:00
Stefan Bühler 59eaedf353 [tests] Remove index.html~ from repository, create it on the fly for tests
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2530 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-06-11 12:34:54 +00:00
Stefan Bühler 3af67d1392 Ignore multiple "If-None-Match" headers (only use first one, fixes #753)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2528 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-06-11 10:18:36 +00:00
Stefan Bühler 57066345e4 Workaround broken operating systems: check for trailing '/' in filenames (fixes #1989)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2510 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-06-07 19:07:31 +00:00
Stefan Bühler b8b4fe19c8 Finally removed spawn-fcgi
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2423 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-04-03 22:41:02 +00:00
Stefan Bühler ce39062dd2 Fix workaround for incorrect path info/scriptname if fastcgi prefix is "/" (fixes #729)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2421 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-04-01 17:35:17 +00:00
Stefan Bühler b06a8648df [tests] Fix mod-rewrite test (skipped too many tests if php wasn't running)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2393 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-02-10 19:47:15 +00:00
Stefan Bühler fdcb6f60f4 Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2384 152afb58-edef-0310-8abb-c4023f1b3aa9
2009-02-04 10:27:42 +00:00
Stefan Bühler 36f74e5d23 Revert url decoding+simplifying before matching of mod_rewrite/mod_redirect
- Lot of regressions (we forgot to reencode the result)
  - Generic problem: after decode and rewrite "a?b?c": which '?' was the path?query seperator?
  - Possible solution: only decode printable characters (without '?'), and encode the result; do not encode the '%' of a not decoded character.
  - Still a problem with path simplifying, it seems many people use urls like this: http://server1/http%3a//server2/xxx
    and rewrite the path into the querystring.
  - Probably only usable with an extra config option

  => Do NOT use rewrite/redirect to protect specific urls.


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2362 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-12-07 15:22:42 +00:00
Stefan Bühler 454aefc51a [cmake] Add basic cmake support
- Not distributed yet (so only available in svn checkout)


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2359 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-12-05 22:30:32 +00:00
Stefan Bühler 34172dfb09 [tests] Fix tests/mod-compress.conf distribution
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2358 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-12-05 22:27:51 +00:00
Elan Ruusamäe c6c2bf8308 - Add possibility to disable methods in mod_compress (#1773)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2325 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-10-03 10:05:33 +00:00
Stefan Bühler 80a4f7a721 Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2324 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-10-01 20:08:23 +00:00
Stefan Bühler 124d8cd555 Fix make dist (remove dummydir)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2293 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-08-20 10:12:20 +00:00
Stefan Bühler 24804542d2 [tests] fix skip in mod-rewrite
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2284 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-08-19 00:11:52 +00:00
Stefan Bühler 3cb2c1c39c [tests] Added env var TESTS to select only a subset of tests
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2279 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-08-02 16:24:33 +00:00
Stefan Bühler 5547928112 Decode url before matching in mod_rewrite (#1720)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2278 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-08-02 16:24:31 +00:00
Stefan Bühler 0c8ebbeb60 [tests] Fix fastcgi php finding
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2249 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-07-30 17:40:09 +00:00
Stefan Bühler 2bd973108d [tests] remove env TODO test: don't use undefined env vars
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2244 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-07-29 21:22:36 +00:00
Stefan Bühler 3bb07cad07 [tests] Fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2243 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-07-29 21:22:28 +00:00