| Age | Commit message (Collapse) | Author |
|---|
|
From Kyle Thompson <jmp AT giga DOT moe>.
Tweaks by me.
OK benno@
|
|
From Sunil Nimmagadda <sunil At nimmagadda DOT net>
OK benno@
|
|
indexes as per RFC 3986:
A path segment that contains a colon character (e.g., "this:that")
cannot be used as the first segment of a relative-path reference, as
it would be mistaken for a scheme name. Such a segment must be
preceded by a dot-segment (e.g., "./this:that") to make a relative-
path reference.
While here add a "/" to the end of directory names, this saves us one
redirect round trip.
Found the hard way & "functionality wise, OK" ajacoutot@
RFC pointer & OK benno@
|
|
url_decode(). No functional change.
|
|
Problem pointed out by remco AT d-compu.dyndns.org some time ago.
Input / OK reyk@
|
|
|
|
needed by its ancestor. jsg@, include-what-you-use, and some manual
review helped to cleanup the headers (take iwyu with a grain of salt).
Based on common practice, httpd.h now also includes the necessary
headers for itself.
OK florian@
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
|
|
file path does not exist rather than returning "500 internal server error".
ok reyk
|
|
strip number
Strip number path components from the beginning of the
request URI before looking up the stripped-down URI at
the document root.
reviewed with much patience and OK by reyk@
|
|
shorter, newer, and the recommendation. From James Jerkins.
Exclude the charset for now because it is not explicitly handled by httpd.
OK validator.w3.org (This document was successfully checked as HTML5!)
|
|
*Do* pull it in when in_{port,addr}_h is needed and <netinet/in.h> isn't.
ok reyk@
|
|
reflect reality.
OK benno@
|
|
from Max Fillinger
|
|
ok millert@
|
|
error. Traditionally, web servers responsed with the request path on
40x errors which could be abused to inject JavaScript etc. Instead of
sanitizing the path, we just don't reprint it. Also modify the style
a little bit but keep Comic Sans.
With input from Jonas Lindemann and doug@
|
|
loop that could eat all CPU. I thought that the previous (correct)
commit fixed it which wasn't the case. But this one is obvious.
ok florian@
|
|
descriptor of the file I/O bufferevent. This fixes a potential event flood.
OK florian@
|
|
OK chrisz@
|
|
OK reyk@
|
|
ok reyk@
|
|
has been appended. This allows to use a fastcgi target as the default
index, for example index.php.
OK florian@
|
|
support. Instead of calling server_close from server_write, we have
to proceed to the next connection by calling the error handler.
OK jsg@
|
|
This fixes sending of large files. Previously, httpd was reading the
input file too quickly and could run out of memory when filling the
input buffer.
Found by jsg@
OK florian@
|
|
|
|
The secrect plan is to add it later using the ressl wrapper library.
|
|
ok florian@
|
|
tricky because we couldn't guarantee a sane state after
server_response_http() so fail hard afterwards and close the connection.
ok doug@
|
|
SCRIPT_FILENAME CGI param with a prepended root. This fixes php-fpm
that expects SCRIPT_FILENAME and also works with slowcgi if you
configure the root correctly. For example, if SCRIPT_NAME and
REQUEST_URI are /php/index.php, root is /htdocs, SCRIPT_FILENAME will
be /htdocs/php/index.php. As tested and discussed with florian@
|
|
|
|
file system is not filling in d_type properly. Using st_mode from the
stat call fixes the problem, eg. S_ISDIR(st.st_mode) instead of
dp->d_type == DT_DIR. Pointed out by pelikan@
|
|
- DPRINTF instead of log_info for internal debugging.
- submit QUERY_STRING, if it exists
- use a proper function to create an HTTP header.
- use server_file_error() to detect EOF and fastcgi stream errors.
- disable keep-alive/persist for now until we have a reliable way to
get the content length from the cgi response or support chunked
encoding.
"Cool, jep" florian@
|
|
|
|
either files or the fastcgi socket (and there's no need to use a union yet).
|
|
request. This fixes fd accounting with persistent connections and
reduces the complexity of the implementation.
ok benno@
|
|
The option "directory auto index" implements basic directory listing
and is turned off by default.
ok deraadt@
|
|
|
|
responses. To accomplish this, add some semantics to retrieve the
server host name of a connection: either IP, IP:PORT (if not 80) or
[IP6]:PORT, or Host value (if valid).
|
|
docroot only only when it's needed. Suggested by deraadt@.
|
|
OK florian@
|
|
|
|
|
|
|
|
|
|
|
|
permissions. We also have to redirect with 301 if a directory name
was requested without the trailing slash.
|
|
|
|
relayd but had to be adjusted for httpd. It now handles single-pass
HTTP connections, persistent connections with multiple requests, and
body-less HEAD requests. With input from benno@
|
|
|
