| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
| |
(thx Lars Bingchong)
empty env var must be set to blank string and not left unset
(regression in lighttpd 1.4.56 - lighttpd 1.4.64)
x-ref:
https://stackoverflow.com/a/52913064/1338888
|
|
|
|
| |
remove mod_ssi Perl tests now performed by src/t/test_mod_ssi
|
|
|
|
|
| |
reduce directories under tests
(because automake is sloooow and the fewer dirs, the better)
|
|
|
|
|
|
| |
also remove some now-redundant tests from request.t
and reduce scripts and directories under tests
(because automake is sloooow and the fewer dirs, the better)
|
| |
|
|
|
|
|
|
|
| |
quiet some automake noise during build
(can use 'make -s' to quiet more)
In doc/ and tests/docroot/, add GNUMAKEFLAGS=--no-print-directory -s
|
| |
|
|
|
|
| |
Range requests must be HTTP/1.1 or later (not HTTP/1.0)
|
|
|
|
| |
including limiting use of php in tests to mod-fastcgi.t
|
|
|
|
|
|
|
| |
lighttpd tests do not depend on CGI.pm.
remove *unused* file tests/docroot/www/404.fcgi
which used CGI::Fast, which depends on CGI.pm.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Loosen local redirect handling in mod_cgi to skip handling as local
redirect if the Location matches con->uri.path, since if the request
is intended to redirect back to the same CGI using the same request
method, path info, and query string, the CGI would logically just
return the final intended response. Loosening this handling avoids a
problem with applications (potentially) accessible through multiple
gateways, where the application is not aware of this specific handling
of Location in the Common Gateway Interface (CGI/1.1), the application
sends abs-path in the Location response header instead of absoluteURI,
and the application expects the client to receive this Location response
header instead of the server to process as a CGI local redirect.
One example of such an application is LuCI,
which sends Set-Cookie with Location: /abs-path
https://github.com/openwrt/luci
(Note that this loose check for matching con->uri.path is not perfect
and might not match if the CGI returned a path with a different case
and the server is on a case-insensitive filesystem, or if the path
returned by the CGI is rewritten elsewhere to a different con->uri.path
before getting to mod_cgi.)
RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
http://www.ietf.org/rfc/rfc3875
x-ref:
"CGI local-redir handling conflicts with LuCI redirect w/ Set-Cookie"
https://redmine.lighttpd.net/issues/2779
"CGI local redirect not implemented correctly"
https://redmine.lighttpd.net/issues/2108
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reverts part of commit:dbdab5db which swapped REQUEST_URI, REDIRECT_URI
x-ref:
"mediawiki redirect loop if REQUEST_URI not orig req in 1.4.40"
https://redmine.lighttpd.net/issues/2738
Explanation:
REQUEST_URI and REDIRECT_URI are not part of CGI standard environment.
The reason for their existence is that PATH_INFO in CGI environment may
be different from the path in the current request. The main reason for
this potential difference is that the URI path is normalized to a path
in the filesystem and tested against the filesystem to determine which
part is SCRIPT_NAME and which part is PATH_INFO. In case-insensitive
filesystems, the URI might be lowercased before testing against the
filesystem, leading to loss of case-sensitive submission in any
resulting PATH_INFO. Also, duplicated slashes "///" and directory
references "/." and "/.." are removed, including prior path component in
the case of "/..". This might be undesirable when the information after
the SCRIPT_NAME is virtual information and there target script needs the
virtual path preserved as-is. In that case, the target script can
re-parse REQUEST_URI (or REDIRECT_URI, as appropriate) to obtain the
unmodified information from the URI.
con->request.uri is equivalent to con->request.orig_uri unless the
request has been internally rewritten (e.g. by mod_rewrite, mod_magnet,
others), in which case con->request.orig_uri is the request made by the
client, and con->request.uri is the current URI being processed.
Historical REQUEST_URI (environment variable) lighttpd inconsistencies
- mod_cml set REQUEST_URI to con->request.orig_uri
- mod_cgi set REQUEST_URI to con->request.orig_uri
- mod_fastcgi set REQUEST_URI to con->request.orig_uri
- mod_scgi set REQUEST_URI to con->request.orig_uri
- mod_ssi set REQUEST_URI to current con->request.uri
- mod_magnet set MAGNET_ENV_REQUEST_URI to current con->request.uri
and MAGNET_ENV_REQUEST_ORIG_URI to con->request.orig_uri
Historical REDIRECT_URI (environment variable) previously set only in
mod_fastcgi and mod_scgi, and set to con->request.uri
Since lighttpd 1.4.40 provides REDIRECT_URI with con->request.orig_uri,
changes were made to REQUEST_URI for consistency, with the hope that
there would be little impact to existing configurations since the
request uri and original request uri are the same unless there has been
an internal redirect. It turns out that various PHP frameworks use
REQUEST_URI and require that it be the original URI requested by client.
Therefore, this change is being reverted, and lighttpd will set
REQUEST_URI to con->request.orig_uri in mod_cgi, mod_fastcgi, mod_scgi
as was done in lighttpd 1.4.39 and earlier. Similarly, REDIRECT_URI
also has the prior behavior in mod_fastcgi and mod_scgi, and added to
mod_cgi.
A future release of lighttpd might change mod_ssi to be consistent with
the other modules in setting REQUEST_URI to con->request.orig_uri and to
add REDIRECT_URI, when an internal redirect has occurred.
|
|
|
|
|
|
|
|
|
| |
RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
http://www.ietf.org/rfc/rfc3875
x-ref:
"CGI local redirect not implemented correctly"
https://redmine.lighttpd.net/issues/2108
|
|
|
|
|
| |
CGI.pm is no longer shipped as part of Perl core distribution
(and is easily replaced)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
allow double-quotes, single-quotes or no quote on SSI param values
remove use of PCRE from mod_ssi
fix misspelling of 'unknow' to be 'unknown'
x-ref:
"mod_ssi doesn't accept single quotes"
https://redmine.lighttpd.net/issues/1768
|
|
|
|
| |
bug introduced in 8e3c6bf7 when statement parser was replaced
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
server.error-handler preserves HTTP status error code when error page
is static, and allows dynamic handlers to change HTTP status code
when error page is provided by dynamic handler. server.error-handler
intercepts all HTTP status codes >= 400 except when the content is
generated by a dynamic handler (cgi, ssi, fastcgi, scgi, proxy, lua).
The request method is unconditionally changed to GET for the request
to service the error handler, and the original request method is
later restored (for logging purposes). request body from the
original request, if present, is discarded.
server.error-handler is somewhat similar to server.error-handler-404,
but server.error-handler-404 is now deprecated, intercepts only 404
and 403 HTTP status codes, and returns 200 OK for static error pages,
a source of confusion for some admins. On the other hand, the new
server.error-handler, when set, will intercept all HTTP status error
codes >= 400. server.error-handler takes precedence over
server.error-handler-404 when both are set.
NOTE: a major difference between server.error-handler and the
now-deprecated server.error-handler-404 is that the values of the
non-standard CGI environment variables REQUEST_URI and REDIRECT_URI
have been swapped. Since REDIRECT_STATUS is the original HTTP
status code, REDIRECT_URI is now the original request, and REQUEST_URI
is the current request (e.g. the URI/URL to the error handler).
The prior behavior -- which reversed REQUEST_URI and REDIRECT_URI values
from those described above -- is preserved for server.error-handler-404.
Additionally, REDIRECT_STATUS is now available to mod_magnet, which
continues to have access to request.uri and request.orig_uri.
See further discussion at https://redmine.lighttpd.net/issues/2702
and https://redmine.lighttpd.net/issues/1828
github: closes #36
|
|
|
|
|
|
|
|
| |
config cleanups
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3019 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2990 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2985 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2651 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2543 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
powerful (#2005, #2008)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2542 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2532 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2531 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2530 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2293 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2178 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2061 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2044 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1954 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1948 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1901 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
- added optional fastcgi handler
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1898 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1895 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1894 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1892 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1887 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1871 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1374 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@754 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@752 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@667 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
configfiles
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@661 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
HASH ref
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@654 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@612 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@604 152afb58-edef-0310-8abb-c4023f1b3aa9
|