lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1562 lines
52 KiB

#include "first.h"
#include "base.h"
#include "array.h"
#include "buffer.h"
#include "fdevent.h"
#include "log.h"
#include "etag.h"
#include "http_chunk.h"
#include "http_header.h"
#include "response.h"
#include "sock_addr.h"
#include "stat_cache.h"
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <time.h>
#include "sys-strings.h"
#include "sys-socket.h"
#include <unistd.h>
int http_response_buffer_append_authority(server *srv, connection *con, buffer *o) {
if (!buffer_string_is_empty(con->uri.authority)) {
buffer_append_string_buffer(o, con->uri.authority);
} else {
/* get the name of the currently connected socket */
sock_addr our_addr;
socklen_t our_addr_len;
our_addr.plain.sa_family = 0;
our_addr_len = sizeof(our_addr);
if (-1 == getsockname(con->fd, (struct sockaddr *)&our_addr, &our_addr_len)
|| our_addr_len > (socklen_t)sizeof(our_addr)) {
con->http_status = 500;
log_error_write(srv, __FILE__, __LINE__, "ss",
"can't get sockname", strerror(errno));
return -1;
}
if (our_addr.plain.sa_family == AF_INET
&& our_addr.ipv4.sin_addr.s_addr == htonl(INADDR_LOOPBACK)) {
static char lhost[32];
static size_t lhost_len = 0;
if (0 != lhost_len) {
buffer_append_string_len(o, lhost, lhost_len);
}
else {
size_t olen = buffer_string_length(o);
if (0 == sock_addr_nameinfo_append_buffer(srv, o, &our_addr)) {
lhost_len = buffer_string_length(o) - olen;
if (lhost_len < sizeof(lhost)) {
memcpy(lhost, o->ptr+olen, lhost_len+1); /*(+1 for '\0')*/
}
else {
lhost_len = 0;
}
}
else {
lhost_len = sizeof("localhost")-1;
memcpy(lhost, "localhost", lhost_len+1); /*(+1 for '\0')*/
buffer_append_string_len(o, lhost, lhost_len);
}
}
} else if (!buffer_string_is_empty(con->server_name)) {
buffer_append_string_buffer(o, con->server_name);
} else
/* Lookup name: secondly try to get hostname for bind address */
if (0 != sock_addr_nameinfo_append_buffer(srv, o, &our_addr)) {
con->http_status = 500;
return -1;
}
{
unsigned short listen_port = sock_addr_get_port(&our_addr);
unsigned short default_port = 80;
if (buffer_is_equal_string(con->uri.scheme, CONST_STR_LEN("https"))) {
default_port = 443;
}
if (0 == listen_port) listen_port = srv->srvconf.port;
if (default_port != listen_port) {
buffer_append_string_len(o, CONST_STR_LEN(":"));
buffer_append_int(o, listen_port);
}
}
}
return 0;
}
int http_response_redirect_to_directory(server *srv, connection *con, int status) {
buffer *o = srv->tmp_buf;
buffer_copy_buffer(o, con->uri.scheme);
buffer_append_string_len(o, CONST_STR_LEN("://"));
if (0 != http_response_buffer_append_authority(srv, con, o)) {
return -1;
}
buffer_append_string_encoded(o, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI);
buffer_append_string_len(o, CONST_STR_LEN("/"));
fix buffer, chunk and http_chunk API * remove unused structs and functions (buffer_array, read_buffer) * change return type from int to void for many functions, as the return value (indicating error/success) was never checked, and the function would only fail on programming errors and not on invalid input; changed functions to use force_assert instead of returning an error. * all &#34;len&#34; parameters now are the real size of the memory to be read. the length of strings is given always without the terminating 0. * the &#34;buffer&#34; struct still counts the terminating 0 in -&gt;used, provide buffer_string_length() to get the length of a string in a buffer. unset config &#34;strings&#34; have used == 0, which is used in some places to distinguish unset values from &#34;&#34; (empty string) values. * most buffer usages should now use it as string container. * optimise some buffer copying by &#34;moving&#34; data to other buffers * use (u)intmax_t for generic int-to-string functions * remove unused enum values: UNUSED_CHUNK, ENCODING_UNSET * converted BUFFER_APPEND_SLASH to inline function (no macro feature needed) * refactor: create chunkqueue_steal: moving (partial) chunks into another queue * http_chunk: added separate function to terminate chunked body instead of magic handling in http_chunk_append_mem(). http_chunk_append_* now handle empty chunks, and never terminate the chunked body. From: Stefan Bühler &lt;stbuehler@web.de&gt; git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2975 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
if (!buffer_string_is_empty(con->uri.query)) {
buffer_append_string_len(o, CONST_STR_LEN("?"));
buffer_append_string_buffer(o, con->uri.query);
}
if (status >= 300) {
http_header_response_set(con, HTTP_HEADER_LOCATION, CONST_STR_LEN("Location"), CONST_BUF_LEN(o));
con->http_status = status;
con->file_finished = 1;
}
else {
http_header_response_set(con, HTTP_HEADER_CONTENT_LOCATION, CONST_STR_LEN("Content-Location"), CONST_BUF_LEN(o));
}
return 0;
}
buffer * strftime_cache_get(server *srv, time_t last_mod) {
static int i;
struct tm *tm;
for (int j = 0; j < FILE_CACHE_MAX; ++j) {
if (srv->mtime_cache[j].mtime == last_mod)
return srv->mtime_cache[j].str; /* found cache-entry */
}
if (++i == FILE_CACHE_MAX) {
i = 0;
}
srv->mtime_cache[i].mtime = last_mod;
tm = gmtime(&(srv->mtime_cache[i].mtime));
buffer_clear(srv->mtime_cache[i].str);
buffer_append_strftime(srv->mtime_cache[i].str, "%a, %d %b %Y %H:%M:%S GMT", tm);
return srv->mtime_cache[i].str;
}
int http_response_handle_cachable(server *srv, connection *con, buffer *mtime) {
buffer *vb;
int head_or_get =
( HTTP_METHOD_GET == con->request.http_method
|| HTTP_METHOD_HEAD == con->request.http_method);
UNUSED(srv);
/*
* 14.26 If-None-Match
* [...]
* If none of the entity tags match, then the server MAY perform the
* requested method as if the If-None-Match header field did not exist,
* but MUST also ignore any If-Modified-Since header field(s) in the
* request. That is, if no entity tags match, then the server MUST NOT
* return a 304 (Not Modified) response.
*/
if ((vb = http_header_request_get(con, HTTP_HEADER_IF_NONE_MATCH, CONST_STR_LEN("If-None-Match")))) {
/*(weak etag comparison must not be used for ranged requests)*/
int range_request =
(con->conf.range_requests
&& (200 == con->http_status || 0 == con->http_status)
&& NULL != http_header_request_get(con, HTTP_HEADER_RANGE, CONST_STR_LEN("Range")));
if (etag_is_equal(con->physical.etag, vb->ptr, !range_request)) {
if (head_or_get) {
con->http_status = 304;
return HANDLER_FINISHED;
} else {
con->http_status = 412;
con->mode = DIRECT;
return HANDLER_FINISHED;
}
}
} else if (head_or_get
&& (vb = http_header_request_get(con, HTTP_HEADER_IF_MODIFIED_SINCE, CONST_STR_LEN("If-Modified-Since")))) {
/* last-modified handling */
size_t used_len;
char *semicolon;
if (NULL == (semicolon = strchr(vb->ptr, ';'))) {
used_len = buffer_string_length(vb);
} else {
used_len = semicolon - vb->ptr;
}
if (buffer_is_equal_string(mtime, vb->ptr, used_len)) {
if ('\0' == mtime->ptr[used_len]) con->http_status = 304;
return HANDLER_FINISHED;
} else {
char buf[sizeof("Sat, 23 Jul 2005 21:20:01 GMT")];
time_t t_header, t_file;
struct tm tm;
/* convert to timestamp */
if (used_len >= sizeof(buf)) return HANDLER_GO_ON;
memcpy(buf, vb->ptr, used_len);
buf[used_len] = '\0';
if (NULL == strptime(buf, "%a, %d %b %Y %H:%M:%S GMT", &tm)) {
/**
* parsing failed, let's get out of here
*/
return HANDLER_GO_ON;
}
tm.tm_isdst = 0;
t_header = mktime(&tm);
strptime(mtime->ptr, "%a, %d %b %Y %H:%M:%S GMT", &tm);
tm.tm_isdst = 0;
t_file = mktime(&tm);
if (t_file > t_header) return HANDLER_GO_ON;
con->http_status = 304;
return HANDLER_FINISHED;
}
}
return HANDLER_GO_ON;
}
void http_response_body_clear (connection *con, int preserve_length) {
con->response.send_chunked = 0;
if (con->response.htags & HTTP_HEADER_TRANSFER_ENCODING) {
http_header_response_unset(con, HTTP_HEADER_TRANSFER_ENCODING, CONST_STR_LEN("Transfer-Encoding"));
}
if (!preserve_length) { /* preserve for HEAD responses and no-content responses (204, 205, 304) */
con->response.content_length = -1;
if (con->response.htags & HTTP_HEADER_CONTENT_LENGTH) {
http_header_response_unset(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length"));
}
}
chunkqueue_reset(con->write_queue);
}
static int http_response_parse_range(server *srv, connection *con, buffer *path, stat_cache_entry *sce, const char *range) {
int multipart = 0;
int error;
off_t start, end;
const char *s, *minus;
static const char boundary[] = "fkj49sn38dcn3";
buffer *content_type = http_header_response_get(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"));
start = 0;
end = sce->st.st_size - 1;
con->response.content_length = 0;
for (s = range, error = 0;
!error && *s && NULL != (minus = strchr(s, '-')); ) {
char *err;
off_t la = 0, le;
*((const char **)&err) = s; /*(quiet clang --analyze)*/
if (s != minus) {
la = strtoll(s, &err, 10);
if (err != minus) {
/* should not have multiple range-unit in Range, but
* handle just in case multiple Range headers merged */
while (*s == ' ' || *s == '\t') ++s;
if (0 != strncmp(s, "bytes=", 6)) return -1;
s += 6;
if (s != minus) {
la = strtoll(s, &err, 10);
if (err != minus) return -1;
}
}
}
if (s == minus) {
/* -<stop> */
le = strtoll(s, &err, 10);
if (le == 0) {
/* RFC 2616 - 14.35.1 */
con->http_status = 416;
error = 1;
} else if (*err == '\0') {
/* end */
s = err;
end = sce->st.st_size - 1;
start = sce->st.st_size + le;
} else if (*err == ',') {
multipart = 1;
s = err + 1;
end = sce->st.st_size - 1;
start = sce->st.st_size + le;
} else {
error = 1;
}
} else if (*(minus+1) == '\0' || *(minus+1) == ',') {
/* <start>- */
/* ok */
if (*(err + 1) == '\0') {
s = err + 1;
end = sce->st.st_size - 1;
start = la;
} else if (*(err + 1) == ',') {
multipart = 1;
s = err + 2;
end = sce->st.st_size - 1;
start = la;
} else {
error = 1;
}
} else {
/* <start>-<stop> */
le = strtoll(minus+1, &err, 10);
/* RFC 2616 - 14.35.1 */
if (la > le) {
error = 1;
}
if (*err == '\0') {
/* ok, end*/
s = err;
end = le;
start = la;
} else if (*err == ',') {
multipart = 1;
s = err + 1;
end = le;
start = la;
} else {
/* error */
error = 1;
}
}
if (!error) {
if (start < 0) start = 0;
/* RFC 2616 - 14.35.1 */
if (end > sce->st.st_size - 1) end = sce->st.st_size - 1;
if (start > sce->st.st_size - 1) {
error = 1;
con->http_status = 416;
}
}
if (!error) {
if (multipart) {
/* write boundary-header */
buffer *b = srv->tmp_buf;
buffer_copy_string_len(b, CONST_STR_LEN("\r\n--"));
buffer_append_string_len(b, boundary, sizeof(boundary)-1);
/* write Content-Range */
buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Range: bytes "));
buffer_append_int(b, start);
buffer_append_string_len(b, CONST_STR_LEN("-"));
buffer_append_int(b, end);
buffer_append_string_len(b, CONST_STR_LEN("/"));
buffer_append_int(b, sce->st.st_size);
if (content_type) {
buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Type: "));
buffer_append_string_buffer(b, content_type);
}
/* write END-OF-HEADER */
buffer_append_string_len(b, CONST_STR_LEN("\r\n\r\n"));
con->response.content_length += buffer_string_length(b);
chunkqueue_append_mem(con->write_queue, CONST_BUF_LEN(b));
}
chunkqueue_append_file(con->write_queue, path, start, end - start + 1);
con->response.content_length += end - start + 1;
}
}
/* something went wrong */
if (error) return -1;
if (multipart) {
/* add boundary end */
buffer *b = srv->tmp_buf;
buffer_copy_string_len(b, "\r\n--", 4);
buffer_append_string_len(b, boundary, sizeof(boundary)-1);
buffer_append_string_len(b, "--\r\n", 4);
con->response.content_length += buffer_string_length(b);
chunkqueue_append_mem(con->write_queue, CONST_BUF_LEN(b));
/* set header-fields */
buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("multipart/byteranges; boundary="));
buffer_append_string_len(srv->tmp_buf, boundary, sizeof(boundary)-1);
/* overwrite content-type */
http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(srv->tmp_buf));
} else {
/* add Content-Range-header */
buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("bytes "));
buffer_append_int(srv->tmp_buf, start);
buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("-"));
buffer_append_int(srv->tmp_buf, end);
buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("/"));
buffer_append_int(srv->tmp_buf, sce->st.st_size);
http_header_response_set(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Content-Range"), CONST_BUF_LEN(srv->tmp_buf));
}
/* ok, the file is set-up */
return 0;
}
void http_response_send_file (server *srv, connection *con, buffer *path) {
stat_cache_entry *sce = NULL;
buffer *mtime = NULL;
buffer *vb;
[mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076) handle X-Sendfile and X-LIGHTTPD-send-file w/ http_response_xsendfile() if host is configured ( &#34;x-sendfile&#34; = &#34;enable&#34; ) Note: X-Sendfile path is url-decoded for consistency, like X-Sendfile2 (response headers should be url-encoded to avoid tripping over chars allowed in filesystem but which might change response header parsing semantics) Note: deprecated: &#34;allow-x-send-file&#34;; use &#34;x-sendfile&#34; Note: deprecated: X-LIGHTTPD-send-file header; use X-Sendfile header Note: deprecated: X-Sendfile2 header; use X-Sendfile header For now, X-Sendfile2 is still handled internally by mod_fastcgi. Since http_response_send_file() supports HTTP Range requests, X-Sendfile2 is effectively obsolete. However, any code, e.g. PHP, currently using X-Sendfile2 is probably manually generating 206 Partial Content status and Range response headers. A future version of lighttpd might *remove* X-Sendfile2. Existing code should be converted to use X-Sendfile, which is easily done by removing all the special logic around using X-Sendfile2, since the 206 Partial Content status and Range response headers are handled in http_response_send_file(). x-ref: &#34;mod_fastcgi + X-Sendfile -&gt; mod_staticfile&#34; https://redmine.lighttpd.net/issues/799 &#34;Feature Request: New option &#34;x-send-file-docroot&#34;&#34; https://redmine.lighttpd.net/issues/851 &#34;X-Sendfile handoff to mod-static-file in 1.4.x&#34; https://redmine.lighttpd.net/issues/2017 &#34;X-sendfile should be able to set content-type&#34; https://redmine.lighttpd.net/issues/2076
6 years ago
int allow_caching = (0 == con->http_status || 200 == con->http_status);
if (HANDLER_ERROR == stat_cache_get_entry(srv, con, path, &sce)) {
con->http_status = (errno == ENOENT) ? 404 : 403;
log_error_write(srv, __FILE__, __LINE__, "sbsb",
"not a regular file:", con->uri.path,
"->", path);
return;
}
if (!con->conf.follow_symlink
&& 0 != stat_cache_path_contains_symlink(srv, path)) {
con->http_status = 403;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- access denied due symlink restriction");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", path);
}
return;
}
/* we only handle regular files */
if (!S_ISREG(sce->st.st_mode)) {
con->http_status = 403;
if (con->conf.log_file_not_found) {
log_error_write(srv, __FILE__, __LINE__, "sbsb",
"not a regular file:", con->uri.path,
"->", sce->name);
}
return;
}
/*(Note: O_NOFOLLOW affects only the final path segment,
* the target file, not any intermediate symlinks along path)*/
const int fd = (0 != sce->st.st_size)
? fdevent_open_cloexec(path->ptr, con->conf.follow_symlink, O_RDONLY, 0)
: -1;
if (fd < 0 && 0 != sce->st.st_size) {
con->http_status = (errno == ENOENT) ? 404 : 403;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "sbs", "file open failed:", path, strerror(errno));
}
return;
}
/* mod_compress might set several data directly, don't overwrite them */
/* set response content-type, if not set already */
if (NULL == http_header_response_get(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"))) {
stat_cache_content_type_get(srv, con, path, sce);
if (buffer_string_is_empty(sce->content_type)) {
/* we are setting application/octet-stream, but also announce that
* this header field might change in the seconds few requests
*
* This should fix the aggressive caching of FF and the script download
* seen by the first installations
*/
http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("application/octet-stream"));
allow_caching = 0;
} else {
http_header_response_set(con, HTTP_HEADER_CONTENT_TYPE, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type));
}
}
if (con->conf.range_requests) {
http_header_response_append(con, HTTP_HEADER_OTHER, CONST_STR_LEN("Accept-Ranges"), CONST_STR_LEN("bytes"));
}
if (allow_caching) {
if (con->etag_flags != 0 && !buffer_string_is_empty(stat_cache_etag_get(sce, con->etag_flags))) {
if (NULL == http_header_response_get(con, HTTP_HEADER_ETAG, CONST_STR_LEN("ETag"))) {
/* generate e-tag */
etag_mutate(con->physical.etag, sce->etag);
http_header_response_set(con, HTTP_HEADER_ETAG, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag));
}
}
/* prepare header */
if (NULL == (mtime = http_header_response_get(con, HTTP_HEADER_LAST_MODIFIED, CONST_STR_LEN("Last-Modified")))) {
mtime = strftime_cache_get(srv, sce->st.st_mtime);
http_header_response_set(con, HTTP_HEADER_LAST_MODIFIED, CONST_STR_LEN("Last-Modified"), CONST_BUF_LEN(mtime));
}
if (HANDLER_FINISHED == http_response_handle_cachable(srv, con, mtime)) {
if (fd >= 0) close(fd);
return;
}
}
if (fd < 0) { /* 0-length file */
con->http_status = 200;
con->file_finished = 1;
return;
}
if (con->conf.range_requests
[mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076) handle X-Sendfile and X-LIGHTTPD-send-file w/ http_response_xsendfile() if host is configured ( &#34;x-sendfile&#34; = &#34;enable&#34; ) Note: X-Sendfile path is url-decoded for consistency, like X-Sendfile2 (response headers should be url-encoded to avoid tripping over chars allowed in filesystem but which might change response header parsing semantics) Note: deprecated: &#34;allow-x-send-file&#34;; use &#34;x-sendfile&#34; Note: deprecated: X-LIGHTTPD-send-file header; use X-Sendfile header Note: deprecated: X-Sendfile2 header; use X-Sendfile header For now, X-Sendfile2 is still handled internally by mod_fastcgi. Since http_response_send_file() supports HTTP Range requests, X-Sendfile2 is effectively obsolete. However, any code, e.g. PHP, currently using X-Sendfile2 is probably manually generating 206 Partial Content status and Range response headers. A future version of lighttpd might *remove* X-Sendfile2. Existing code should be converted to use X-Sendfile, which is easily done by removing all the special logic around using X-Sendfile2, since the 206 Partial Content status and Range response headers are handled in http_response_send_file(). x-ref: &#34;mod_fastcgi + X-Sendfile -&gt; mod_staticfile&#34; https://redmine.lighttpd.net/issues/799 &#34;Feature Request: New option &#34;x-send-file-docroot&#34;&#34; https://redmine.lighttpd.net/issues/851 &#34;X-Sendfile handoff to mod-static-file in 1.4.x&#34; https://redmine.lighttpd.net/issues/2017 &#34;X-sendfile should be able to set content-type&#34; https://redmine.lighttpd.net/issues/2076
6 years ago
&& (200 == con->http_status || 0 == con->http_status)
&& NULL != (vb = http_header_request_get(con, HTTP_HEADER_RANGE, CONST_STR_LEN("Range")))
&& NULL == http_header_response_get(con, HTTP_HEADER_CONTENT_ENCODING, CONST_STR_LEN("Content-Encoding"))) {
buffer *range = vb;
int do_range_request = 1;
/* check if we have a conditional GET */
if (NULL != (vb = http_header_request_get(con, HTTP_HEADER_OTHER, CONST_STR_LEN("If-Range")))) {
/* if the value is the same as our ETag, we do a Range-request,
* otherwise a full 200 */
if (vb->ptr[0] == '"') {
/**
* client wants a ETag
*/
if (!con->physical.etag) {
do_range_request = 0;
} else if (!buffer_is_equal(vb, con->physical.etag)) {
do_range_request = 0;
}
} else if (!mtime) {
/**
* we don't have a Last-Modified and can match the If-Range:
*
* sending all
*/
do_range_request = 0;
} else if (!buffer_is_equal(vb, mtime)) {
do_range_request = 0;
}
}
if (do_range_request
&& !buffer_string_is_empty(range)
&& 0 == strncmp(range->ptr, "bytes=", 6)) {
/* support only "bytes" byte-unit */
/* content prepared, I'm done */
con->file_finished = 1;
if (0 == http_response_parse_range(srv, con, path, sce, range->ptr+6)) {
con->http_status = 206;
}
close(fd);
return;
}
}
/* if we are still here, prepare body */
/* we add it here for all requests
* the HEAD request will drop it afterwards again
*/
if (0 == http_chunk_append_file_fd(srv, con, path, fd, sce->st.st_size)) {
con->http_status = 200;
con->file_finished = 1;
}
else {
con->http_status = 500;
}
}
[mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076) handle X-Sendfile and X-LIGHTTPD-send-file w/ http_response_xsendfile() if host is configured ( &#34;x-sendfile&#34; = &#34;enable&#34; ) Note: X-Sendfile path is url-decoded for consistency, like X-Sendfile2 (response headers should be url-encoded to avoid tripping over chars allowed in filesystem but which might change response header parsing semantics) Note: deprecated: &#34;allow-x-send-file&#34;; use &#34;x-sendfile&#34; Note: deprecated: X-LIGHTTPD-send-file header; use X-Sendfile header Note: deprecated: X-Sendfile2 header; use X-Sendfile header For now, X-Sendfile2 is still handled internally by mod_fastcgi. Since http_response_send_file() supports HTTP Range requests, X-Sendfile2 is effectively obsolete. However, any code, e.g. PHP, currently using X-Sendfile2 is probably manually generating 206 Partial Content status and Range response headers. A future version of lighttpd might *remove* X-Sendfile2. Existing code should be converted to use X-Sendfile, which is easily done by removing all the special logic around using X-Sendfile2, since the 206 Partial Content status and Range response headers are handled in http_response_send_file(). x-ref: &#34;mod_fastcgi + X-Sendfile -&gt; mod_staticfile&#34; https://redmine.lighttpd.net/issues/799 &#34;Feature Request: New option &#34;x-send-file-docroot&#34;&#34; https://redmine.lighttpd.net/issues/851 &#34;X-Sendfile handoff to mod-static-file in 1.4.x&#34; https://redmine.lighttpd.net/issues/2017 &#34;X-sendfile should be able to set content-type&#34; https://redmine.lighttpd.net/issues/2076
6 years ago
static void http_response_xsendfile (server *srv, connection *con, buffer *path, const array *xdocroot) {
[mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076) handle X-Sendfile and X-LIGHTTPD-send-file w/ http_response_xsendfile() if host is configured ( &#34;x-sendfile&#34; = &#34;enable&#34; ) Note: X-Sendfile path is url-decoded for consistency, like X-Sendfile2 (response headers should be url-encoded to avoid tripping over chars allowed in filesystem but which might change response header parsing semantics) Note: deprecated: &#34;allow-x-send-file&#34;; use &#34;x-sendfile&#34; Note: deprecated: X-LIGHTTPD-send-file header; use X-Sendfile header Note: deprecated: X-Sendfile2 header; use X-Sendfile header For now, X-Sendfile2 is still handled internally by mod_fastcgi. Since http_response_send_file() supports HTTP Range requests, X-Sendfile2 is effectively obsolete. However, any code, e.g. PHP, currently using X-Sendfile2 is probably manually generating 206 Partial Content status and Range response headers. A future version of lighttpd might *remove* X-Sendfile2. Existing code should be converted to use X-Sendfile, which is easily done by removing all the special logic around using X-Sendfile2, since the 206 Partial Content status and Range response headers are handled in http_response_send_file(). x-ref: &#34;mod_fastcgi + X-Sendfile -&gt; mod_staticfile&#34; https://redmine.lighttpd.net/issues/799 &#34;Feature Request: New option &#34;x-send-file-docroot&#34;&#34; https://redmine.lighttpd.net/issues/851 &#34;X-Sendfile handoff to mod-static-file in 1.4.x&#34; https://redmine.lighttpd.net/issues/2017 &#34;X-sendfile should be able to set content-type&#34; https://redmine.lighttpd.net/issues/2076
6 years ago
const int status = con->http_status;
int valid = 1;
/* reset Content-Length, if set by backend
* Content-Length might later be set to size of X-Sendfile static file,
* determined by open(), fstat() to reduces race conditions if the file
* is modified between stat() (stat_cache_get_entry()) and open(). */
if (con->response.htags & HTTP_HEADER_CONTENT_LENGTH) {
http_header_response_unset(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length"));
[mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076) handle X-Sendfile and X-LIGHTTPD-send-file w/ http_response_xsendfile() if host is configured ( &#34;x-sendfile&#34; = &#34;enable&#34; ) Note: X-Sendfile path is url-decoded for consistency, like X-Sendfile2 (response headers should be url-encoded to avoid tripping over chars allowed in filesystem but which might change response header parsing semantics) Note: deprecated: &#34;allow-x-send-file&#34;; use &#34;x-sendfile&#34; Note: deprecated: X-LIGHTTPD-send-file header; use X-Sendfile header Note: deprecated: X-Sendfile2 header; use X-Sendfile header For now, X-Sendfile2 is still handled internally by mod_fastcgi. Since http_response_send_file() supports HTTP Range requests, X-Sendfile2 is effectively obsolete. However, any code, e.g. PHP, currently using X-Sendfile2 is probably manually generating 206 Partial Content status and Range response headers. A future version of lighttpd might *remove* X-Sendfile2. Existing code should be converted to use X-Sendfile, which is easily done by removing all the special logic around using X-Sendfile2, since the 206 Partial Content status and Range response headers are handled in http_response_send_file(). x-ref: &#34;mod_fastcgi + X-Sendfile -&gt; mod_staticfile&#34; https://redmine.lighttpd.net/issues/799 &#34;Feature Request: New option &#34;x-send-file-docroot&#34;&#34; https://redmine.lighttpd.net/issues/851 &#34;X-Sendfile handoff to mod-static-file in 1.4.x&#34; https://redmine.lighttpd.net/issues/2017 &#34;X-sendfile should be able to set content-type&#34; https://redmine.lighttpd.net/issues/2076
6 years ago
con->response.content_length = -1;
}
buffer_urldecode_path(path);
if (!buffer_is_valid_UTF8(path)) {
log_error_write(srv, __FILE__, __LINE__, "sb",
"X-Sendfile invalid UTF-8 after url-decode:", path);
if (con->http_status < 400) {
con->http_status = 502;
con->mode = DIRECT;
}
return;
}
[mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076) handle X-Sendfile and X-LIGHTTPD-send-file w/ http_response_xsendfile() if host is configured ( &#34;x-sendfile&#34; = &#34;enable&#34; ) Note: X-Sendfile path is url-decoded for consistency, like X-Sendfile2 (response headers should be url-encoded to avoid tripping over chars allowed in filesystem but which might change response header parsing semantics) Note: deprecated: &#34;allow-x-send-file&#34;; use &#34;x-sendfile&#34; Note: deprecated: X-LIGHTTPD-send-file header; use X-Sendfile header Note: deprecated: X-Sendfile2 header; use X-Sendfile header For now, X-Sendfile2 is still handled internally by mod_fastcgi. Since http_response_send_file() supports HTTP Range requests, X-Sendfile2 is effectively obsolete. However, any code, e.g. PHP, currently using X-Sendfile2 is probably manually generating 206 Partial Content status and Range response headers. A future version of lighttpd might *remove* X-Sendfile2. Existing code should be converted to use X-Sendfile, which is easily done by removing all the special logic around using X-Sendfile2, since the 206 Partial Content status and Range response headers are handled in http_response_send_file(). x-ref: &#34;mod_fastcgi + X-Sendfile -&gt; mod_staticfile&#34; https://redmine.lighttpd.net/issues/799 &#34;Feature Request: New option &#34;x-send-file-docroot&#34;&#34; https://redmine.lighttpd.net/issues/851 &#34;X-Sendfile handoff to mod-static-file in 1.4.x&#34; https://redmine.lighttpd.net/issues/2017 &#34;X-sendfile should be able to set content-type&#34; https://redmine.lighttpd.net/issues/2076
6 years ago
buffer_path_simplify(path, path);
if (con->conf.force_lowercase_filenames) {
buffer_to_lower(path);
}
/* check that path is under xdocroot(s)
* - xdocroot should have trailing slash appended at config time
* - con->conf.force_lowercase_filenames is not a server-wide setting,
* and so can not be definitively applied to xdocroot at config time*/
if (xdocroot->used) {
size_t i, xlen = buffer_string_length(path);
for (i = 0; i < xdocroot->used; ++i) {
data_string *ds = (data_string *)xdocroot->data[i];
size_t dlen = buffer_string_length(ds->value);
if (dlen <= xlen
&& (!con->conf.force_lowercase_filenames
? 0 == memcmp(path->ptr, ds->value->ptr, dlen)
: 0 == strncasecmp(path->ptr, ds->value->ptr, dlen))) {
break;
}
}
if (i == xdocroot->used) {
log_error_write(srv, __FILE__, __LINE__, "SBs",
"X-Sendfile (", path,
") not under configured x-sendfile-docroot(s)");
con->http_status = 403;
valid = 0;
}
}
if (valid) http_response_send_file(srv, con, path);
if (con->http_status >= 400 && status < 300) {
con->mode = DIRECT;
} else if (0 != status && 200 != status) {
con->http_status = status;
}
}
static void http_response_xsendfile2(server *srv, connection *con, const buffer *value, const array *xdocroot) {
const char *pos = value->ptr;
buffer *b = srv->tmp_buf;
const int status = con->http_status;
/* reset Content-Length, if set by backend */
if (con->response.htags & HTTP_HEADER_CONTENT_LENGTH) {
http_header_response_unset(con, HTTP_HEADER_CONTENT_LENGTH, CONST_STR_LEN("Content-Length"));
con->response.content_length = -1;
}
while (<