Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | When a server is pointing to a directory, allow *.fossil files to be served out of any subdirectory of that directory. For security, pathnames may not contain any characters except alphanumerics, "/", "-", and "_". |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
d04fa1e1438ec7428afccc76af1a00ce |
| User & Date: | drh 2011-03-18 02:51:51.863 |
References
|
2011-03-25
| ||
| 01:46 | • Fixed ticket [4a9072bcc0]: fossil server /directory plus 2 other changes artifact: bfc934c37f user: joerg | |
|
2011-03-19
| ||
| 06:28 | • New ticket [34cbc91257] problem serving fossil repos with old db schema from subdirectory. artifact: 4bde07c57f user: anonymous | |
Context
|
2011-03-19
| ||
| 18:14 | Enhancements to "fossil add" and "fossil rm" so that they work recursively on directories and ignore trailing / characters. Patches from Carles Pagès. check-in: 04ddad7ab8 user: drh tags: trunk | |
|
2011-03-18
| ||
| 02:51 | When a server is pointing to a directory, allow *.fossil files to be served out of any subdirectory of that directory. For security, pathnames may not contain any characters except alphanumerics, "/", "-", and "_". check-in: d04fa1e143 user: drh tags: trunk | |
| 02:13 | Allow up to two // characters at the beginning of a pathname since this is important on windows. check-in: f1173da7d5 user: drh tags: trunk | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
888 889 890 891 892 893 894 |
int i;
/* If the repository has not been opened already, then find the
** repository based on the first element of PATH_INFO and open it.
*/
zPathInfo = PD("PATH_INFO","");
if( !g.repositoryOpen ){
| | > > | | | | | | | > | > | | > > > > > > > > > > > > | | | | | | | | > > | 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 |
int i;
/* If the repository has not been opened already, then find the
** repository based on the first element of PATH_INFO and open it.
*/
zPathInfo = PD("PATH_INFO","");
if( !g.repositoryOpen ){
char *zRepo, *zToFree;
const char *zOldScript = PD("SCRIPT_NAME", "");
char *zNewScript;
int j, k;
i64 szFile;
i = 1;
while( 1 ){
while( zPathInfo[i] && zPathInfo[i]!='/' ){ i++; }
zRepo = zToFree = mprintf("%s%.*s.fossil",g.zRepositoryName,i,zPathInfo);
/* To avoid mischief, make sure the repository basename contains no
** characters other than alphanumerics, "-", "/", and "_".
*/
for(j=strlen(g.zRepositoryName)+1, k=0; k<i-1; j++, k++){
if( !fossil_isalnum(zRepo[j]) && zRepo[j]!='-' && zRepo[j]!='/' ){
zRepo[j] = '_';
}
}
if( zRepo[0]=='/' && zRepo[1]=='/' ){ zRepo++; j--; }
szFile = file_size(zRepo);
if( zPathInfo[i]=='/' && szFile<0 ){
assert( strcmp(&zRepo[j], ".fossil")==0 );
zRepo[j] = 0;
if( file_isdir(zRepo)==1 ){
fossil_free(zToFree);
i++;
continue;
}
zRepo[j] = '.';
}
if( szFile<1024 ){
if( zNotFound ){
cgi_redirect(zNotFound);
}else{
@ <h1>Not Found</h1>
cgi_set_status(404, "not found");
cgi_reply();
}
return;
}
break;
}
zNewScript = mprintf("%s%.*s", zOldScript, i, zPathInfo);
cgi_replace_parameter("PATH_INFO", &zPathInfo[i+1]);
zPathInfo += i;
cgi_replace_parameter("SCRIPT_NAME", zNewScript);
db_open_repository(zRepo);
if( g.fHttpTrace ){
|
| ︙ | ︙ |