summaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* [mod_evhost] mod-evhost.t tests (#1194)Glenn Strauss2016-10-204-1/+117
| | | | | | | | (thx Daniel-Brandt) x-ref: "Partial matching in mod_evhost patterns" https://redmine.lighttpd.net/issues/1194
* [cmake] build fcgi-auth, fcgi-responder for testsGlenn Strauss2016-10-181-0/+12
| | | | | | | | | | | | | | | | Aside: must have cmake enable building openssl for tests to pass due to tests/lighttpd.conf including config options requiring openssl algorithms in mod_secdownload.c: (secdownload.algorithm = "hmac-sha1") (secdownload.algorithm = "hmac-sha256") $ cmake -L . $ cmake -DWITH_OPENSSL:BOOL=ON . $ make -j 4 -k $ make test x-ref: https://blog.lighttpd.net/articles/2006/12/25/1-5-0-goes-cmake/
* [autobuild] skip two new tests if no fcgi-authGlenn Strauss2016-09-231-1/+1
|
* [mod_auth] structured data, register auth schemesGlenn Strauss2016-09-221-6/+6
| | | | | | - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
* [mod_fastcgi] allow authorizer, responder for same path/ext (#321)Glenn Strauss2016-09-191-4/+2
| | | | | | | | allow authorizer and responder to be configured for same path or ext x-ref: "mod_fastcgi authorizers cannot protect fastcgi responders" https://redmine.lighttpd.net/issues/321
* [tests] test coverage for issues (#321, #322)Christoph Kreutzer2016-09-194-14/+39
| | | | | | | | | | | | FastCGI Authorizer support with FastCGI Responders x-ref: "mod_fastcgi authorizers cannot protect fastcgi responders" http://redmine.lighttpd.net/issues/321 x-ref: "FastCGI Authorizer support for Variable-name variable passing" http://redmine.lighttpd.net/issues/322
* [core] better DragonFlyBSD support (fixes #2746)Glenn Strauss2016-08-201-1/+1
| | | | | | | | (thx xenu) x-ref: "[PATCH] better DragonFlyBSD support; fix crash" https://redmine.lighttpd.net/issues/2746
* [core] check if client half-closed TCP if POLLHUP (#2743)Glenn Strauss2016-08-061-0/+1
| | | | | | | | | | | | Check if client half-closed TCP connection if POLLHUP is received. This more robustly handles if client called shutdown(fd, SHUT_WR). This patch reverts commit:ab05eb7c which should now be handled properly. (Time will tell.) x-ref: "1.4.40/41 mod_proxy, mod_scgi may trigger POLLHUP on *BSD,Darwin" https://redmine.lighttpd.net/issues/2743
* revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738)Glenn Strauss2016-07-231-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reverts part of commit:dbdab5db which swapped REQUEST_URI, REDIRECT_URI x-ref: "mediawiki redirect loop if REQUEST_URI not orig req in 1.4.40" https://redmine.lighttpd.net/issues/2738 Explanation: REQUEST_URI and REDIRECT_URI are not part of CGI standard environment. The reason for their existence is that PATH_INFO in CGI environment may be different from the path in the current request. The main reason for this potential difference is that the URI path is normalized to a path in the filesystem and tested against the filesystem to determine which part is SCRIPT_NAME and which part is PATH_INFO. In case-insensitive filesystems, the URI might be lowercased before testing against the filesystem, leading to loss of case-sensitive submission in any resulting PATH_INFO. Also, duplicated slashes "///" and directory references "/." and "/.." are removed, including prior path component in the case of "/..". This might be undesirable when the information after the SCRIPT_NAME is virtual information and there target script needs the virtual path preserved as-is. In that case, the target script can re-parse REQUEST_URI (or REDIRECT_URI, as appropriate) to obtain the unmodified information from the URI. con->request.uri is equivalent to con->request.orig_uri unless the request has been internally rewritten (e.g. by mod_rewrite, mod_magnet, others), in which case con->request.orig_uri is the request made by the client, and con->request.uri is the current URI being processed. Historical REQUEST_URI (environment variable) lighttpd inconsistencies - mod_cml set REQUEST_URI to con->request.orig_uri - mod_cgi set REQUEST_URI to con->request.orig_uri - mod_fastcgi set REQUEST_URI to con->request.orig_uri - mod_scgi set REQUEST_URI to con->request.orig_uri - mod_ssi set REQUEST_URI to current con->request.uri - mod_magnet set MAGNET_ENV_REQUEST_URI to current con->request.uri and MAGNET_ENV_REQUEST_ORIG_URI to con->request.orig_uri Historical REDIRECT_URI (environment variable) previously set only in mod_fastcgi and mod_scgi, and set to con->request.uri Since lighttpd 1.4.40 provides REDIRECT_URI with con->request.orig_uri, changes were made to REQUEST_URI for consistency, with the hope that there would be little impact to existing configurations since the request uri and original request uri are the same unless there has been an internal redirect. It turns out that various PHP frameworks use REQUEST_URI and require that it be the original URI requested by client. Therefore, this change is being reverted, and lighttpd will set REQUEST_URI to con->request.orig_uri in mod_cgi, mod_fastcgi, mod_scgi as was done in lighttpd 1.4.39 and earlier. Similarly, REDIRECT_URI also has the prior behavior in mod_fastcgi and mod_scgi, and added to mod_cgi. A future release of lighttpd might change mod_ssi to be consistent with the other modules in setting REQUEST_URI to con->request.orig_uri and to add REDIRECT_URI, when an internal redirect has occurred.
* [mod_auth] fix Digest auth to be better than Basic (fixes #1844)Glenn Strauss2016-07-161-21/+28
| | | | | | | | | | | | | Make Digest authentication more compliant with RFC. Excerpt from https://www.rfc-editor.org/rfc/rfc7616.txt Section 5.13: The bottom line is that any compliant implementation will be relatively weak by cryptographic standards, but any compliant implementation will be far superior to Basic Authentication. x-ref: "Serious security problem in Digest Authentication" https://redmine.lighttpd.net/issues/1844
* [mod_cgi] handle local redirect response (fixes #2108)Glenn Strauss2016-07-142-1/+13
| | | | | | | | | RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response http://www.ietf.org/rfc/rfc3875 x-ref: "CGI local redirect not implemented correctly" https://redmine.lighttpd.net/issues/2108
* [tests] remove some tests duplicated in mod-cgi.tGlenn Strauss2016-07-141-26/+2
|
* [mod_access] new directive url.access-allow (fixes #1421)Glenn Strauss2016-07-132-1/+22
| | | | | | | | | | | | url.access-allow is list of allowed url suffixes (e.g. file extensions) If url.access-allow has been set, then deny any URL that does not match the explicitly listed suffixes. (thx japc) x-ref: "access_allow directive for lighttpd" https://redmine.lighttpd.net/issues/1421
* [tests] remove dependency on CGI.pmGlenn Strauss2016-07-023-28/+28
| | | | | CGI.pm is no longer shipped as part of Perl core distribution (and is easily replaced)
* [cygwin] fix mod_proxy and mod_fastcgi ioctl useGlenn Strauss2016-06-231-0/+4
| | | | | | | | | | | cygwin does not support ioctl on sockets, returning EOPTNOTSUPP (would be better if cygwin used Windows ioctlsocket() instead) Windows uses signed (socklen_t), so add some casts to quiet warnings Windows path handling is convoluted, so disable one tests in mod_fastcgi since trailing spaces are removed from URL for _WIN32 and __CYGWIN__ in response.c
* [build] update Makefile.am EXTRA_DIST w/ new filesGlenn Strauss2016-06-211-0/+2
|
* [mod_ssi] more flexible quoting (fixes #1768)Glenn Strauss2016-05-142-1/+4
| | | | | | | | | | | | allow double-quotes, single-quotes or no quote on SSI param values remove use of PCRE from mod_ssi fix misspelling of 'unknow' to be 'unknown' x-ref: "mod_ssi doesn't accept single quotes" https://redmine.lighttpd.net/issues/1768
* [mod_ssi] fix SSI statement parserGlenn Strauss2016-05-143-3/+12
| | | | bug introduced in 8e3c6bf7 when statement parser was replaced
* [mod_auth] skip blank lines and comment lines (fixes #2327)Glenn Strauss2016-04-281-0/+2
| | | | | | x-ref: "Ignore comments and empty lines in ht{digest,passwd} files" https://redmine.lighttpd.net/issues/2327
* [core] server.error-handler new directive for error pages (fixes #2702)Glenn Strauss2016-04-253-3/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | server.error-handler preserves HTTP status error code when error page is static, and allows dynamic handlers to change HTTP status code when error page is provided by dynamic handler. server.error-handler intercepts all HTTP status codes >= 400 except when the content is generated by a dynamic handler (cgi, ssi, fastcgi, scgi, proxy, lua). The request method is unconditionally changed to GET for the request to service the error handler, and the original request method is later restored (for logging purposes). request body from the original request, if present, is discarded. server.error-handler is somewhat similar to server.error-handler-404, but server.error-handler-404 is now deprecated, intercepts only 404 and 403 HTTP status codes, and returns 200 OK for static error pages, a source of confusion for some admins. On the other hand, the new server.error-handler, when set, will intercept all HTTP status error codes >= 400. server.error-handler takes precedence over server.error-handler-404 when both are set. NOTE: a major difference between server.error-handler and the now-deprecated server.error-handler-404 is that the values of the non-standard CGI environment variables REQUEST_URI and REDIRECT_URI have been swapped. Since REDIRECT_STATUS is the original HTTP status code, REDIRECT_URI is now the original request, and REQUEST_URI is the current request (e.g. the URI/URL to the error handler). The prior behavior -- which reversed REQUEST_URI and REDIRECT_URI values from those described above -- is preserved for server.error-handler-404. Additionally, REDIRECT_STATUS is now available to mod_magnet, which continues to have access to request.uri and request.orig_uri. See further discussion at https://redmine.lighttpd.net/issues/2702 and https://redmine.lighttpd.net/issues/1828 github: closes #36
* [core] never evaluate else branches until the previous branches are aready ↵Glenn Strauss2016-02-212-2/+21
| | | | | | | | | | | | | | | | | | (fixes #2598) The first condition which evaluates true in any if-else... condition chain short-circuits the chain, and any remaining conditions in the chain are marked false. Previous conditions in if-else condition chaining must be evaluatable (to true or false) -- must not remain in unset (not yet evaluatable) state -- prior to evaluating later conditions. Since any true condition short-circuits remaining conditions, all prev conditions must be false prior to evaluating later conditions. From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3081 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] do not half-close socket before having received the response (fixes ↵Stefan Bühler2015-12-041-1/+0
| | | | | | | | #2688) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3058 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] test apr-md5 in mod-auth.tStefan Bühler2015-12-042-4/+22
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3057 152afb58-edef-0310-8abb-c4023f1b3aa9
* mod-auth.t: no crypt md5 for darwinKyle J. McKay2015-12-041-0/+1
| | | | | | | | Darwin's crypt does not support the '$...' extensions. Signed-off-by: Kyle J. McKay git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3056 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_secdownload] add required algorithm option; old behaviour available as ↵Stefan Bühler2015-11-222-13/+136
| | | | | | | | | | "md5", new options "hmac-sha1" and "hmac-sha256" Differential Revision: https://review.lighttpd.net/D7 From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3054 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] encode path with ENCODING_REL_URI in redirect to directory (fixes ↵Stefan Bühler2015-11-072-40/+57
| | | | | | | | #2661, thx gstrauss) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3052 152afb58-edef-0310-8abb-c4023f1b3aa9
* [scons] various improvementsStefan Bühler2015-08-292-40/+85
| | | | | | | | | | | | | | - don't generate files in src/ - move all build stuff to sconsbuild/ - have different output directories for static/ and fullstatic/, so we can use that directory for the test suite - each build type (dynamic, static, fullstatic) has its own check target - read CFLAGS, LDFLAGS and LIBS from environment (LIBS are appended after all other dependencies) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3030 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] fix warning about newline in filenameStefan Bühler2015-08-221-0/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3021 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] search for perl in PATH instead of /usr/bin; whitespace + test ↵Stefan Bühler2015-08-2229-1185/+1200
| | | | | | | | config cleanups From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3019 152afb58-edef-0310-8abb-c4023f1b3aa9
* [cmake] lowercase commands, whitespace cleanup, remove clutter in else(...), ↵Stefan Bühler2015-08-221-4/+4
| | | | | | | | endif(...), endforeach(...) From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3013 152afb58-edef-0310-8abb-c4023f1b3aa9
* parse If-None-Match for ETag validation (fixes #2578)Stefan Bühler2015-07-051-1/+101
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2994 152afb58-edef-0310-8abb-c4023f1b3aa9
* add some until now missing files to dist tarballStefan Bühler2015-06-212-48/+75
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2990 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] fix undefined index warning in sendfile.phpStefan Bühler2015-02-081-1/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2985 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] improve valgrind and strace TRACEME, disable condition logging in ↵Stefan Bühler2015-02-083-5/+5
| | | | | | | | | | | | normal configs - condition logging is way too noisy and rarely useful - increate timeout to wait for port bind; if the process dies we fail early anyway From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2978 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix SQL injection / host name validation (thx Jann Horn)lighttpd-1.4.35Stefan Bühler2014-03-121-1/+17
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2959 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] add cleanup.sh to cmake test runs, reset SLOWREQUEST in request.tStefan Bühler2014-01-102-0/+2
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2932 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] use list for perl exec to skip the sh wrapperlighttpd-1.4.33Stefan Bühler2013-09-061-8/+13
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2903 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] add mod_simplevhost testsStefan Bühler2013-08-305-22/+98
| | | | | | | | * next commit fixes the bug From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2897 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_user] add test cases to check handling of encoded ~ as %7E (#2124)Stefan Bühler2013-06-291-1/+15
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2881 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl ↵Stefan Bühler2013-04-292-1/+20
| | | | | | for SHA1). This doesn't use any salt, md5 with salt is probably better. git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2870 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix handling of If-Modified-Since if If-None-Match is present (don't return ↵Stefan Bühler2013-01-221-5/+5
| | | | | | | | | | | 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. See: http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-21#section-5 > it makes sense to ignore the If-Modified-Since when entity tags are > understood and available for the selected representation. git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2865 152afb58-edef-0310-8abb-c4023f1b3aa9
* tests: check different combination of empty values, leading/trailing spaces ↵Stefan Bühler2012-11-212-2/+58
| | | | | | and commas in the Connection header git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2859 152afb58-edef-0310-8abb-c4023f1b3aa9
* tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx ↵Cyril Brulebois2012-11-091-0/+2
| | | | | | | | | | | | kibi) In case the proxy instance goes wrong, the clean-up doesn't kill the real instance. So close both instances explicitly in the clean-up phase. Signed-off-by: Cyril Brulebois <kibi@debian.org> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2857 152afb58-edef-0310-8abb-c4023f1b3aa9
* Fix non-ANSI function declarations.Cyril Brulebois2012-08-312-2/+2
| | | | | | | | | | | | The proper way to declare a function taking no parameters isn't: foo bar(); But this instead: foo bar(void); Signed-off-by: Cyril Brulebois <kibi@debian.org> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2843 152afb58-edef-0310-8abb-c4023f1b3aa9
* [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific ↵Stefan Bühler2012-04-192-2/+33
| | | | | | workaround, add fastcgi test case (fixes #889) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2833 152afb58-edef-0310-8abb-c4023f1b3aa9
* [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)Stefan Bühler2011-11-291-1/+9
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2806 152afb58-edef-0310-8abb-c4023f1b3aa9
* Add static-file.disable-pathinfo option to prevent handling of urls like ↵Stefan Bühler2011-08-303-2/+19
| | | | | | .../secret.php/image.jpg as static file git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2803 152afb58-edef-0310-8abb-c4023f1b3aa9
* two additional test cases for absolute http(s) uris in the request lineStefan Bühler2011-04-041-1/+16
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2787 152afb58-edef-0310-8abb-c4023f1b3aa9
* [tests] Add path traversal check with $HTTP['url']Stefan Bühler2011-02-102-1/+27
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2777 152afb58-edef-0310-8abb-c4023f1b3aa9
* Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)Stefan Bühler2009-11-293-35/+68
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2696 152afb58-edef-0310-8abb-c4023f1b3aa9
View Lorry Controller Status