| ︙ | | |
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
|
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
|
-
+
|
return;
}
}
fputs(z, pLog);
}
/* Forward declaration */
static NORETURN void malformed_request(const char *zMsg);
static NORETURN void malformed_request(const char *zMsg, ...);
/*
** Checks the QUERY_STRING environment variable, sets it up
** via add_param_list() and, if found, applies its "skin"
** setting. Returns 0 if no QUERY_STRING is set, 1 if it is,
** and 2 if it sets the skin (in which case the cookie may
** still need flushing by the page, via cookie_render()).
|
| ︙ | | |
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
|
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
|
+
|
char *z;
const char *zType;
char *zSemi;
int len;
const char *zRequestUri = cgi_parameter("REQUEST_URI",0);
const char *zScriptName = cgi_parameter("SCRIPT_NAME",0);
const char *zPathInfo = cgi_parameter("PATH_INFO",0);
const char *zContentLength = 0;
#ifdef _WIN32
const char *zServerSoftware = cgi_parameter("SERVER_SOFTWARE",0);
#endif
#ifdef FOSSIL_ENABLE_JSON
const int noJson = P("no_json")!=0;
#endif
|
| ︙ | | |
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
|
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
|
-
+
+
+
+
+
+
+
+
+
|
cgi_setup_query_string();
z = (char*)P("REMOTE_ADDR");
if( z ){
g.zIpAddr = fossil_strdup(z);
}
len = atoi(PD("CONTENT_LENGTH", "0"));
zContentLength = P("CONTENT_LENGTH");
if( zContentLength==0 ){
len = 0;
if( sqlite3_stricmp(PD("REQUEST_METHOD",""),"POST")==0 ){
malformed_request("missing CONTENT_LENGTH on a POST method");
}
}else{
len = atoi(zContentLength);
}
zType = P("CONTENT_TYPE");
zSemi = zType ? strchr(zType, ';') : 0;
if( zSemi ){
g.zContentType = fossil_strndup(zType, (int)(zSemi-zType));
zType = g.zContentType;
}else{
g.zContentType = zType;
|
| ︙ | | |
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
|
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
|
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
|
vxprintf(pContent,zFormat,ap);
}
/*
** Send a reply indicating that the HTTP request was malformed
*/
static NORETURN void malformed_request(const char *zMsg){
cgi_set_status(501, "Not Implemented");
cgi_printf(
"<html><body><p>Bad Request: %s</p></body></html>\n", zMsg
);
static NORETURN void malformed_request(const char *zMsg, ...){
va_list ap;
char *z;
va_start(ap, zMsg);
z = vmprintf(zMsg, ap);
va_end(ap);
cgi_set_status(400, "Bad Request");
zContentType = "text/plain";
if( g.zReqType==0 ) g.zReqType = "WWW";
if( g.zReqType[0]=='C' && PD("SERVER_SOFTWARE",0)!=0 ){
const char *zServer = PD("SERVER_SOFTWARE","");
cgi_printf("Bad CGI Request from \"%s\": %s\n",zServer,z);
}else{
cgi_printf("Bad %s Request: %s\n", g.zReqType, z);
}
fossil_free(z);
cgi_reply();
fossil_exit(0);
}
/*
** Panic and die while processing a webpage.
*/
|
| ︙ | | |
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
|
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
|
+
-
+
-
+
+
-
+
|
*/
void cgi_handle_http_request(const char *zIpAddr){
char *z, *zToken;
int i;
const char *zScheme = "http";
char zLine[2000]; /* A single line of input. */
g.fullHttpReply = 1;
g.zReqType = "HTTP";
if( cgi_fgets(zLine, sizeof(zLine))==0 ){
malformed_request("missing HTTP header");
malformed_request("missing header");
}
blob_append(&g.httpHeader, zLine, -1);
cgi_trace(zLine);
zToken = extract_token(zLine, &z);
if( zToken==0 ){
malformed_request("malformed HTTP header");
}
if( fossil_strcmp(zToken,"GET")!=0
&& fossil_strcmp(zToken,"POST")!=0
&& fossil_strcmp(zToken,"HEAD")!=0
){
malformed_request("unsupported HTTP method");
malformed_request("unsupported HTTP method: \"%s\" - Fossil only supports"
"GET, POST, and HEAD", zToken);
}
cgi_setenv("GATEWAY_INTERFACE","CGI/1.0");
cgi_setenv("REQUEST_METHOD",zToken);
zToken = extract_token(z, &z);
if( zToken==0 ){
malformed_request("malformed URL in HTTP header");
malformed_request("malformed URI in the HTTP header");
}
cgi_setenv("REQUEST_URI", zToken);
cgi_setenv("SCRIPT_NAME", "");
for(i=0; zToken[i] && zToken[i]!='?'; i++){}
if( zToken[i] ) zToken[i++] = 0;
cgi_setenv("PATH_INFO", zToken);
cgi_setenv("QUERY_STRING", &zToken[i]);
|
| ︙ | | |
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
|
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
|
+
|
if( nCycles==0 ){
cgi_setenv("REMOTE_ADDR", zIpAddr);
g.zIpAddr = fossil_strdup(zIpAddr);
}
}else{
fossil_fatal("missing SSH IP address");
}
g.zReqType = "HTTP";
if( fgets(zLine, sizeof(zLine),g.httpIn)==0 ){
malformed_request("missing HTTP header");
}
cgi_trace(zLine);
zToken = extract_token(zLine, &z);
if( zToken==0 ){
malformed_request("malformed HTTP header");
|
| ︙ | | |