Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2803 152afb58-edef-0310-8abb-c4023f1b3aa9
This commit is contained in:
parent
cbf1baacc9
commit
e05f1b3eec
1
NEWS
1
NEWS
|
|
@ -7,6 +7,7 @@ NEWS
|
|||
* Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
|
||||
* Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
|
||||
* [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
|
||||
* Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
|
||||
|
||||
- 1.4.29 - 2011-07-03
|
||||
* Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@
|
|||
typedef struct {
|
||||
array *exclude_ext;
|
||||
unsigned short etags_used;
|
||||
unsigned short disable_pathinfo;
|
||||
} plugin_config;
|
||||
|
||||
typedef struct {
|
||||
|
|
@ -84,6 +85,7 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) {
|
|||
config_values_t cv[] = {
|
||||
{ "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
|
||||
{ "static-file.etags", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
|
||||
{ "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
|
||||
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||||
};
|
||||
|
||||
|
|
@ -97,9 +99,11 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) {
|
|||
s = calloc(1, sizeof(plugin_config));
|
||||
s->exclude_ext = array_init();
|
||||
s->etags_used = 1;
|
||||
s->disable_pathinfo = 0;
|
||||
|
||||
cv[0].destination = s->exclude_ext;
|
||||
cv[1].destination = &(s->etags_used);
|
||||
cv[2].destination = &(s->disable_pathinfo);
|
||||
|
||||
p->config_storage[i] = s;
|
||||
|
||||
|
|
@ -119,6 +123,7 @@ static int mod_staticfile_patch_connection(server *srv, connection *con, plugin_
|
|||
|
||||
PATCH(exclude_ext);
|
||||
PATCH(etags_used);
|
||||
PATCH(disable_pathinfo);
|
||||
|
||||
/* skip the first, the global context */
|
||||
for (i = 1; i < srv->config_context->used; i++) {
|
||||
|
|
@ -136,7 +141,9 @@ static int mod_staticfile_patch_connection(server *srv, connection *con, plugin_
|
|||
PATCH(exclude_ext);
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
|
||||
PATCH(etags_used);
|
||||
}
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) {
|
||||
PATCH(disable_pathinfo);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -375,6 +382,13 @@ URIHANDLER_FUNC(mod_staticfile_subrequest) {
|
|||
|
||||
mod_staticfile_patch_connection(srv, con, p);
|
||||
|
||||
if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) {
|
||||
if (con->conf.log_request_handling) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "s", "-- NOT handling file as static file, pathinfo forbidden");
|
||||
}
|
||||
return HANDLER_GO_ON;
|
||||
}
|
||||
|
||||
/* ignore certain extensions */
|
||||
for (k = 0; k < p->conf.exclude_ext->used; k++) {
|
||||
ds = (data_string *)p->conf.exclude_ext->data[k];
|
||||
|
|
|
|||
|
|
@ -149,6 +149,7 @@ $HTTP["host"] == "vvv.example.org" {
|
|||
$HTTP["host"] == "zzz.example.org" {
|
||||
server.document-root = env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/"
|
||||
server.name = "zzz.example.org"
|
||||
static-file.disable-pathinfo = "enable"
|
||||
}
|
||||
|
||||
$HTTP["host"] == "symlink.example.org" {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ BEGIN {
|
|||
|
||||
use strict;
|
||||
use IO::Socket;
|
||||
use Test::More tests => 44;
|
||||
use Test::More tests => 46;
|
||||
use LightyTest;
|
||||
|
||||
my $tf = LightyTest->new();
|
||||
|
|
@ -413,5 +413,21 @@ $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'HTTP-
|
|||
$t->{SLOWREQUEST} = 1;
|
||||
ok($tf->handle_http($t) == 0, 'GET, slow \\r\\n\\r\\n (#2105)');
|
||||
|
||||
print "\nPathinfo for static files\n";
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /image.jpg/index.php HTTP/1.0
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200, 'Content-Type' => 'image/jpeg' } ];
|
||||
ok($tf->handle_http($t) == 0, 'static file accepting pathinfo by default');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /image.jpg/index.php HTTP/1.0
|
||||
Host: zzz.example.org
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
|
||||
ok($tf->handle_http($t) == 0, 'static file with forbidden pathinfo');
|
||||
|
||||
ok($tf->stop_proc == 0, "Stopping lighttpd");
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,4 @@ srcdir=$1
|
|||
top_builddir=$2
|
||||
export SHELL srcdir top_builddir
|
||||
|
||||
$3
|
||||
exec $3
|
||||
|
|
|
|||
Loading…
Reference in New Issue