Browse Source

[mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793)

new directive cgi.local-redir = [enable|disable]

*disable* RFC3875 6.2.2 local-redir by default.
(behavior change from when local-redir support added in lighttpd 1.4.40)

The reason for this behavior change is that CGI local-redir support
(RFC3875 6.2.2) is an optimization.  Absence of support may result in
additional latency in servicing a request due the additional round-trip
to the client, but that was the prior behavior (before lighttpd 1.4.40)
and is the behavior of web servers which do not support CGI local-redir.

However, enabling CGI local-redir by default may result in broken links
in the case where a user config (unaware of CGI local-redir behavior)
returns HTML pages containing *relative* paths (not root-relative paths)
which are relative to the location of the local-redir target document,
and the local-redir target document is located at a different URL-path
from the original CGI request.

x-ref:
  RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
  http://www.ietf.org/rfc/rfc3875
  "CGI local redirect not implemented correctly"
  https://redmine.lighttpd.net/issues/2108
  "1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLs"
  https://redmine.lighttpd.net/issues/2793
personal/stbuehler/mod-csrf
Glenn Strauss 4 years ago
parent
commit
57ab20ace5
  1. 9
      src/mod_cgi.c
  2. 1
      tests/lighttpd.conf

9
src/mod_cgi.c

@ -66,6 +66,7 @@ typedef struct {
typedef struct {
array *cgi;
unsigned short execute_x_only;
unsigned short local_redir;
unsigned short xsendfile_allow;
array *xsendfile_docroot;
} plugin_config;
@ -172,6 +173,7 @@ SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
{ "cgi.execute-x-only", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
{ "cgi.x-sendfile", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
{ "cgi.x-sendfile-docroot", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 3 */
{ "cgi.local-redir", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 4 */
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET}
};
@ -189,6 +191,7 @@ SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
s->cgi = array_init();
s->execute_x_only = 0;
s->local_redir = 0;
s->xsendfile_allow= 0;
s->xsendfile_docroot = array_init();
@ -196,6 +199,7 @@ SETDEFAULTS_FUNC(mod_fastcgi_set_defaults) {
cv[1].destination = &(s->execute_x_only);
cv[2].destination = &(s->xsendfile_allow);
cv[3].destination = s->xsendfile_docroot;
cv[4].destination = &(s->local_redir);
p->config_storage[i] = s;
@ -556,7 +560,7 @@ static int cgi_demux_response(server *srv, handler_ctx *hctx) {
* to same URL, since CGI should have handled it internally if it
* really wanted to do that internally)
*/
if (con->http_status >= 300 && con->http_status < 400) {
if (hctx->conf.local_redir && con->http_status >= 300 && con->http_status < 400) {
/*(con->parsed_response & HTTP_LOCATION)*/
size_t ulen = buffer_string_length(con->uri.path);
data_string *ds;
@ -1328,6 +1332,7 @@ static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p
PATCH(cgi);
PATCH(execute_x_only);
PATCH(local_redir);
PATCH(xsendfile_allow);
PATCH(xsendfile_docroot);
@ -1347,6 +1352,8 @@ static int mod_cgi_patch_connection(server *srv, connection *con, plugin_data *p
PATCH(cgi);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.execute-x-only"))) {
PATCH(execute_x_only);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.local-redir"))) {
PATCH(local_redir);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile"))) {
PATCH(xsendfile_allow);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("cgi.x-sendfile-docroot"))) {

1
tests/lighttpd.conf

@ -119,6 +119,7 @@ fastcgi.server = (
) ),
)
cgi.local-redir = "enable"
cgi.assign = (
".pl" => env.PERL,
".cgi" => env.PERL,

Loading…
Cancel
Save