1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
|
if( g.fAnyTrace ){
fprintf(stderr,"/***** sigpipe received by subprocess %d ****\n", getpid());
}
#endif
db_panic_close();
exit(1);
}
/*
** Preconditions:
**
** * Environment variables are set up according to the CGI standard.
**
** If the repository is known, it has already been opened. If unknown,
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
|
if( g.fAnyTrace ){
fprintf(stderr,"/***** sigpipe received by subprocess %d ****\n", getpid());
}
#endif
db_panic_close();
exit(1);
}
/*
** Return true if it is appropriate to redirect requests to HTTPS.
**
** Redirect to https is appropriate if all of the above are true:
** (1) The redirect-to-https flag has a valud of iLevel or greater.
** (2) The current connection is http, not https or ssh
** (3) The sslNotAvailable flag is clear
*/
int fossil_wants_https(int iLevel){
if( g.sslNotAvailable ) return 0;
if( db_get_int("redirect-to-https",0)<iLevel ) return 0;
if( P("HTTPS")!=0 ) return 0;
return 1;
}
/*
** Redirect to the equivalent HTTPS request if the current connection is
** insecure and if the redirect-to-https flag greater than or equal to
** iLevel. iLevel is 1 for /login pages and 2 for every other page.
*/
void fossil_redirect_to_https_if_needed(int iLevel){
if( fossil_wants_https(iLevel) ){
const char *zQS = P("QUERY_STRING");
if( P("redir")!=0 ){
style_header("Insecure Connection");
@ <h1>Unable To Establish An Encrypted Connection</h1>
@ <p>This website requires an encrypted connection.
@ The current connection is not encrypted
@ across the entire route between your browser and the server.
@ An attempt was made to redirect to %h(g.zHttpsURL) but
@ the connection is still insecure even after the redirect.</p>
@ <p>This is probably some kind of configuration problem. Please
@ contact your sysadmin.</p>
@ <p>Sorry it did not work out.</p>
style_footer();
return;
}
if( zQS==0 ){
zQS = "?redir=1";
}else if( zQS[0]!=0 ){
zQS = mprintf("?%s&redir=1", zQS);
}
cgi_redirectf("%s%T%s", g.zHttpsURL, P("PATH_INFO"), zQS);
}
}
/*
** Preconditions:
**
** * Environment variables are set up according to the CGI standard.
**
** If the repository is known, it has already been opened. If unknown,
|
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
|
if( g.zContentType &&
strncmp(g.zContentType, "application/x-fossil", 20)==0 ){
/* Special case: If the content mimetype shows that it is "fossil sync"
** payload, then pretend that the PATH_INFO is /xfer so that we always
** invoke the sync page. */
zPathInfo = "/xfer";
}
/* Use the first element of PATH_INFO as the page name
** and deliver the appropriate page back to the user.
*/
set_base_url(0);
if( zPathInfo==0 || zPathInfo[0]==0
|| (zPathInfo[0]=='/' && zPathInfo[1]==0) ){
|
>
>
>
>
>
>
|
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
|
if( g.zContentType &&
strncmp(g.zContentType, "application/x-fossil", 20)==0 ){
/* Special case: If the content mimetype shows that it is "fossil sync"
** payload, then pretend that the PATH_INFO is /xfer so that we always
** invoke the sync page. */
zPathInfo = "/xfer";
}
/* If the inbound request is unencrypted and if the redirect-to-https
** setting is 2 or more, then immediately redirect the equivalent HTTPS
** URI.
*/
fossil_redirect_to_https_if_needed(2);
/* Use the first element of PATH_INFO as the page name
** and deliver the appropriate page back to the user.
*/
set_base_url(0);
if( zPathInfo==0 || zPathInfo[0]==0
|| (zPathInfo[0]=='/' && zPathInfo[1]==0) ){
|