From: <ps...@us...> - 2009-02-02 15:25:31
|
Revision: 1364 http://znc.svn.sourceforge.net/znc/?rev=1364&view=rev Author: psychon Date: 2009-02-02 15:24:48 +0000 (Mon, 02 Feb 2009) Log Message: ----------- HTTPSock: Use TrimLeft() instead of a combination of Left() and LeftChomp() Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-02-02 15:23:03 UTC (rev 1363) +++ trunk/HTTPSock.cpp 2009-02-02 15:24:48 UTC (rev 1364) @@ -116,9 +116,7 @@ CString sFilePath = sFileName; if (!m_sDocRoot.empty()) { - while (sFilePath.Left(1) == "/") { - sFilePath.LeftChomp(1); - } + sFilePath.TrimLeft("/"); sFilePath = CDir::ChangeDir(m_sDocRoot, sFilePath, m_sDocRoot); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2009-02-05 15:33:52
|
Revision: 1373 http://znc.svn.sourceforge.net/znc/?rev=1373&view=rev Author: psychon Date: 2009-02-05 15:33:48 +0000 (Thu, 05 Feb 2009) Log Message: ----------- Make webadmin's debug output for ETags more readable Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-02-04 16:29:06 UTC (rev 1372) +++ trunk/HTTPSock.cpp 2009-02-05 15:33:48 UTC (rev 1373) @@ -186,7 +186,7 @@ } } - DEBUG("ETag: [" << sETag << "] / If-None-Match [" << m_sIfNoneMatch << "]"); + DEBUG("- ETag: [" << sETag << "] / If-None-Match [" << m_sIfNoneMatch << "]"); Close(Csock::CLT_AFTERWRITE); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2009-02-05 17:11:56
|
Revision: 1374 http://znc.svn.sourceforge.net/znc/?rev=1374&view=rev Author: psychon Date: 2009-02-05 17:11:45 +0000 (Thu, 05 Feb 2009) Log Message: ----------- HTTPSock: Don't transfer endless static files in PrintFile() This limits the max file size to 16 MiB and makes the read loop stop after it has read as many bytes as GetSize() said the file is long. This fixes an endless loop when trying to transfer endless files like /dev/zero. Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-02-05 15:33:48 UTC (rev 1373) +++ trunk/HTTPSock.cpp 2009-02-05 17:11:45 UTC (rev 1374) @@ -176,14 +176,31 @@ if (bNotModified) { PrintHeader(0, sContentType, 304, "Not Modified"); } else { + unsigned long long iSize = File.GetSize(); + + // Don't try to send files over 16 MiB, because it might block + // the whole process and use huge amounts of memory. + if (iSize > 16 * 1024 * 1024) { + DEBUG("- Abort: File is over 16 MiB big: " << iSize); + PrintErrorPage(500, "Internal Server Error", "File too big"); + return true; + } + char szBuf[4096]; - int iLen = 0; + unsigned long long iLen = 0; + int i; - PrintHeader(File.GetSize(), sContentType); + PrintHeader(iSize, sContentType); - while ((iLen = File.Read(szBuf, 4096)) > 0) { - Write(szBuf, iLen); + // while we haven't reached iSize and read() succeeds... + while (iLen < iSize && (i = File.Read(szBuf, sizeof(szBuf))) > 0) { + Write(szBuf, i); + iLen += i; } + + if (i < 0) { + DEBUG("- Error while reading file: " << strerror(errno)); + } } DEBUG("- ETag: [" << sETag << "] / If-None-Match [" << m_sIfNoneMatch << "]"); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2009-02-23 19:24:44
|
Revision: 1392 http://znc.svn.sourceforge.net/znc/?rev=1392&view=rev Author: psychon Date: 2009-02-23 19:24:41 +0000 (Mon, 23 Feb 2009) Log Message: ----------- Fix some "uninitialized variable" compiler warning Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-02-22 15:22:37 UTC (rev 1391) +++ trunk/HTTPSock.cpp 2009-02-23 19:24:41 UTC (rev 1392) @@ -188,7 +188,7 @@ char szBuf[4096]; unsigned long long iLen = 0; - int i; + int i = 0; PrintHeader(iSize, sContentType); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2009-03-03 17:33:07
|
Revision: 1408 http://znc.svn.sourceforge.net/znc/?rev=1408&view=rev Author: psychon Date: 2009-03-03 17:10:52 +0000 (Tue, 03 Mar 2009) Log Message: ----------- HTTPSock: Remove some code which makes no sense Thanks to sebastinas Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-03-03 11:09:44 UTC (rev 1407) +++ trunk/HTTPSock.cpp 2009-03-03 17:10:52 UTC (rev 1408) @@ -34,9 +34,6 @@ CHTTPSock::~CHTTPSock() {} void CHTTPSock::ReadData(const char* data, int len) { - string s; - s.append(data, len); - if (!m_bDone && m_bGotHeader && m_bPost) { m_sPostData.append(data, len); CheckPost(); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <seb...@us...> - 2009-03-04 18:19:39
|
Revision: 1409 http://znc.svn.sourceforge.net/znc/?rev=1409&view=rev Author: sebastinas Date: 2009-03-04 18:19:29 +0000 (Wed, 04 Mar 2009) Log Message: ----------- Swap some lines in CHTTPSock::ReadLine Copying sData and trimming it can be omitted if the function is left because m_bGotHeader is true. Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-03-03 17:10:52 UTC (rev 1408) +++ trunk/HTTPSock.cpp 2009-03-04 18:19:29 UTC (rev 1409) @@ -51,13 +51,13 @@ } void CHTTPSock::ReadLine(const CString& sData) { - CString sLine = sData; - sLine.TrimRight("\r\n"); - if (m_bGotHeader) { return; } + CString sLine = sData; + sLine.TrimRight("\r\n"); + CString sName = sLine.Token(0); if (sName.Equals("GET")) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2009-03-31 15:11:42
|
Revision: 1471 http://znc.svn.sourceforge.net/znc/?rev=1471&view=rev Author: psychon Date: 2009-03-31 15:11:32 +0000 (Tue, 31 Mar 2009) Log Message: ----------- Switch some code to use the new return type of GetSize() Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-03-31 12:38:02 UTC (rev 1470) +++ trunk/HTTPSock.cpp 2009-03-31 15:11:32 UTC (rev 1471) @@ -173,7 +173,7 @@ if (bNotModified) { PrintHeader(0, sContentType, 304, "Not Modified"); } else { - unsigned long long iSize = File.GetSize(); + off_t iSize = File.GetSize(); // Don't try to send files over 16 MiB, because it might block // the whole process and use huge amounts of memory. @@ -184,7 +184,7 @@ } char szBuf[4096]; - unsigned long long iLen = 0; + off_t iLen = 0; int i = 0; PrintHeader(iSize, sContentType); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2009-07-06 17:07:04
|
Revision: 1559 http://znc.svn.sourceforge.net/znc/?rev=1559&view=rev Author: psychon Date: 2009-07-06 17:07:03 +0000 (Mon, 06 Jul 2009) Log Message: ----------- Limit HTTP POST data size to 1MiB We need to have an upper limit of the size of HTTP POST data. With the current code you could just send 4 GiB of data to webadmin and ZNC would try to keep all of this in memory. This patch implements an upper limit for HTTP POST data of 1 MiB. Thanks to cnu for finding this. Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-07-06 16:36:03 UTC (rev 1558) +++ trunk/HTTPSock.cpp 2009-07-06 17:07:03 UTC (rev 1559) @@ -11,6 +11,8 @@ #include "HTTPSock.h" #include "znc.h" +#define MAX_POST_SIZE 1024 * 1024 + CHTTPSock::CHTTPSock(CModule *pMod) : CSocket(pMod) { Init(); } @@ -77,6 +79,8 @@ m_bLoggedIn = OnLogin(m_sUser, m_sPass); } else if (sName.Equals("Content-Length:")) { m_uPostLen = sLine.Token(1).ToULong(); + if (m_uPostLen > MAX_POST_SIZE) + PrintErrorPage(413, "Request Entity Too Large", "The request you sent was too large."); } else if (sName.Equals("If-None-Match:")) { // this is for proper client cache support (HTTP 304) on static files: m_sIfNoneMatch = sLine.Token(1, true); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2009-09-14 17:23:48
|
Revision: 1627 http://znc.svn.sourceforge.net/znc/?rev=1627&view=rev Author: psychon Date: 2009-09-14 17:23:40 +0000 (Mon, 14 Sep 2009) Log Message: ----------- Webadmin: Don't include the ZNC version in the basic auth realm If you save a password in your browser that password is bound to the "realm" of the authentication. Since ZNC included its version number in this, all your saved passwords were rendered useless on upgrade. Avoid this by not including the version number in the HTTP authentication realm. Thanks to tylerdu for reporting this. Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2009-09-14 12:17:17 UTC (rev 1626) +++ trunk/HTTPSock.cpp 2009-09-14 17:23:40 UTC (rev 1627) @@ -360,7 +360,7 @@ } CString sPage = GetErrorPage(401, "Unauthorized", "You need to login to view this page."); - AddHeader("WWW-Authenticate", "Basic realm=\"" + CZNC::GetTag() + "\""); + AddHeader("WWW-Authenticate", "Basic realm=\"" + CZNC::GetTag(false) + "\""); PrintHeader(sPage.length(), "text/html", 401, "Unauthorized"); Write(sPage); Close(Csock::CLT_AFTERWRITE); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <cf...@us...> - 2010-01-24 16:05:46
|
Revision: 1719 http://znc.svn.sourceforge.net/znc/?rev=1719&view=rev Author: cflakes Date: 2010-01-24 16:05:21 +0000 (Sun, 24 Jan 2010) Log Message: ----------- Fix[1] HTTP Cache-Control headers for static files served by webadmin. [1] http://www.mnot.net/cache_docs/#CACHE-CONTROL Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2010-01-23 13:01:00 UTC (rev 1718) +++ trunk/HTTPSock.cpp 2010-01-24 16:05:21 UTC (rev 1719) @@ -166,7 +166,7 @@ sETag = "-" + CString(iMTime); // lighttpd style ETag AddHeader("ETag", "\"" + sETag + "\""); - AddHeader("Cache-Control", "private"); + AddHeader("Cache-Control", "public"); if (!m_sIfNoneMatch.empty()) { m_sIfNoneMatch.Trim("\\\"'"); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2010-03-16 09:23:38
|
Revision: 1835 http://znc.svn.sourceforge.net/znc/?rev=1835&view=rev Author: psychon Date: 2010-03-16 09:23:32 +0000 (Tue, 16 Mar 2010) Log Message: ----------- Really fix auth modules It turns out that there was still another Close() hiding in CHTTPSock which made stuff fail. However, just removing it fixes stuff. Thanks to DarthGandalf for noticing that my fix wasn't fixing the bug that was bugging him. Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2010-03-15 16:06:56 UTC (rev 1834) +++ trunk/HTTPSock.cpp 2010-03-16 09:23:32 UTC (rev 1835) @@ -65,7 +65,6 @@ GetPage(); m_sPostData.clear(); m_bDone = true; - Close(Csock::CLT_AFTERWRITE); } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2010-03-16 09:55:20
|
Revision: 1837 http://znc.svn.sourceforge.net/znc/?rev=1837&view=rev Author: psychon Date: 2010-03-16 09:55:10 +0000 (Tue, 16 Mar 2010) Log Message: ----------- CHTTPSock: Print warnings if one tries to send multiple pages Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2010-03-16 09:53:58 UTC (rev 1836) +++ trunk/HTTPSock.cpp 2010-03-16 09:55:10 UTC (rev 1837) @@ -132,6 +132,8 @@ void CHTTPSock::PrintPage(const CString& sPage) { if (!SentHeader()) { PrintHeader(sPage.length()); + } else { + DEBUG("PrintPage(): Header was already sent"); } Write(sPage); @@ -359,6 +361,7 @@ bool CHTTPSock::PrintErrorPage(unsigned int uStatusId, const CString& sStatusMsg, const CString& sMessage) { if (SentHeader()) { + DEBUG("PrintErrorPage(): Header was already sent"); return false; } @@ -385,6 +388,7 @@ } if (SentHeader()) { + DEBUG("ForceLogin(): Header was already sent!"); return false; } @@ -407,7 +411,7 @@ bool CHTTPSock::PrintHeader(off_t uContentLength, const CString& sContentType, unsigned int uStatusId, const CString& sStatusMsg) { if (SentHeader()) { - DEBUG("- Header already sent!"); + DEBUG("PrintHeader(): Header was already sent!"); return false; } @@ -457,6 +461,7 @@ bool CHTTPSock::Redirect(const CString& sURL) { if (SentHeader()) { + DEBUG("Redirect() - Header was already sent"); return false; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <cf...@us...> - 2010-05-01 18:36:12
|
Revision: 1961 http://znc.svn.sourceforge.net/znc/?rev=1961&view=rev Author: cflakes Date: 2010-05-01 18:36:05 +0000 (Sat, 01 May 2010) Log Message: ----------- We now trim all leading and trailing spaces from parameter values passed into webadmin/webmods. This makes sense in almost every case, be it that users accidentally hit the space bar or try to outsmart ZNC by entering nothing but spaces into a textbox. By doing the latter, it was possible to trick ZNC into not starting up again. Thanks to Redirect_ for bringing this to our attention. Another commit that will fix the underlying problem while writing to the config file will follow. Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2010-05-01 14:33:15 UTC (rev 1960) +++ trunk/HTTPSock.cpp 2010-05-01 18:36:05 UTC (rev 1961) @@ -325,6 +325,7 @@ CString CHTTPSock::GetParam(const CString& sName, const map<CString, VCString>& msvsParams, const CString& sFilter) { CString sRet = GetRawParam(sName, msvsParams); + sRet.Trim(); for (size_t i = 0; i < sFilter.length(); i++) { sRet.Replace(CString(sFilter.at(i)), ""); @@ -347,6 +348,7 @@ if (it != msvsParams.end()) { for (unsigned int a = 0; a < it->second.size(); a++) { CString sParam = it->second[a]; + sParam.Trim(); for (size_t i = 0; i < sFilter.length(); i++) { sParam.Replace(CString(sFilter.at(i)), ""); @@ -372,6 +374,7 @@ if (it != msvsParams.end()) { for (unsigned int a = 0; a < it->second.size(); a++) { CString sParam = it->second[a]; + sParam.Trim(); for (size_t i = 0; i < sFilter.length(); i++) { sParam.Replace(CString(sFilter.at(i)), ""); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <cf...@us...> - 2010-06-21 12:51:43
|
Revision: 2036 http://znc.svn.sourceforge.net/znc/?rev=2036&view=rev Author: cflakes Date: 2010-06-21 12:51:37 +0000 (Mon, 21 Jun 2010) Log Message: ----------- Revert unintended change from revision 2029 and added a comment so it won't happen again. Revision Links: -------------- http://znc.svn.sourceforge.net/znc/?rev=2029&view=rev Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2010-06-20 15:47:07 UTC (rev 2035) +++ trunk/HTTPSock.cpp 2010-06-21 12:51:37 UTC (rev 2036) @@ -43,7 +43,12 @@ bool CHTTPSock::SendCookie(const CString& sKey, const CString& sValue) { if (!sKey.empty() && !sValue.empty()) { - m_msResponseCookies[sKey] = sValue; + if (m_msRequestCookies.find(sKey) == m_msRequestCookies.end() || + m_msRequestCookies[sKey].StrCmp(sValue) != 0) + { + // only queue a Set-Cookie to be sent if the client didn't send a Cookie header of the same name+value. + m_msResponseCookies[sKey] = sValue; + } return true; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2010-09-27 18:52:51
|
Revision: 2149 http://znc.svn.sourceforge.net/znc/?rev=2149&view=rev Author: psychon Date: 2010-09-27 18:52:44 +0000 (Mon, 27 Sep 2010) Log Message: ----------- CHTTPSock: Fix for latest commit We have to grab the contents of the read buffer before we do DisableReadLine(). Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2010-09-27 18:51:55 UTC (rev 2148) +++ trunk/HTTPSock.cpp 2010-09-27 18:52:44 UTC (rev 2149) @@ -115,7 +115,6 @@ m_sIfNoneMatch = sLine.Token(1, true); } else if (sLine.empty()) { m_bGotHeader = true; - DisableReadLine(); if (m_bPost) { m_sPostData = GetInternalReadBuffer(); @@ -123,6 +122,8 @@ } else { GetPage(); } + + DisableReadLine(); } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ps...@us...> - 2011-01-03 15:21:36
|
Revision: 2246 http://znc.svn.sourceforge.net/znc/?rev=2246&view=rev Author: psychon Date: 2011-01-03 15:21:30 +0000 (Mon, 03 Jan 2011) Log Message: ----------- HTTPSock: Send Last-Modified headers for static files Modified Paths: -------------- trunk/HTTPSock.cpp Modified: trunk/HTTPSock.cpp =================================================================== --- trunk/HTTPSock.cpp 2011-01-03 15:21:09 UTC (rev 2245) +++ trunk/HTTPSock.cpp 2011-01-03 15:21:30 UTC (rev 2246) @@ -221,6 +221,7 @@ if (iMTime > 0 && !m_bHTTP10Client) { sETag = "-" + CString(iMTime); // lighttpd style ETag + AddHeader("Last-Modified", GetDate(iMTime)); AddHeader("ETag", "\"" + sETag + "\""); AddHeader("Cache-Control", "public"); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |