Commit Graph

6 Commits (1dd58c5ad802ebca61e399d3b8846111de2e7ed8)

Author SHA1 Message Date
Glenn Strauss 77c01f9817 [core] buffer_append_path_len()
concatenate paths, placing single '/' between strings

reverts broken commit:b9402283

(thx avij)
4 years ago
Glenn Strauss e8e59396d3 [core] reject decoded url-path without leading '/'
buffer_simplify_path() no longer prepends '/' if '/' is missing.
Callers must check for leading '/' depending on use, such as in
concatenation with others paths, or direct use accessing filesystem

Note: lighttpd 1.4.50 provides the server.http-parseopts directive.
Recommended settings unless specific use requires looser settings:
  server.http-parseopts = (
    "header-strict"            => "enable",
    "host-strict"              => "enable",
    "host-normalize"           => "enable",
    "url-normalize"            => "enable",
    "url-normalize-unreserved" => "enable",
    "url-normalize-required"   => "enable",
    "url-ctrls-reject"         => "enable",
    "url-path-2f-decode"       => "enable",
    "url-path-dotseg-remove"   => "enable",
    "url-query-20-plus"        => "enable"


As noted in the link above, mod_access should be preferred instead
of mod_rewrite for access controls to URLs.
4 years ago
Glenn Strauss aba45f68d8 [core] perf: simpler buffer_string_space() (tests) 4 years ago
Glenn Strauss c98d89a4bb [tests] #undef NDEBUG before assert.h in t/test_* 5 years ago
Glenn Strauss 2e385a1a53 [core] fix buffer_to_upper()
fix buffer_to_upper() and case-insensitive filesystem detection
5 years ago
Glenn Strauss 6ccccaaa38 [tests] move src/test_*.c to src/t/ 5 years ago