lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
3,360 Commits 9 Branches 87 Tags 16 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
Glenn Strauss 1cf68f79eb [core] behavior change: stricter URL normalization 
behavior change: stricter URL normalization

Prior behavior can be obtained by configuring lighttpd.conf with:
      server.http-parseopts = (“url-normalize” => “disable” )
although this is not recommended.

This behavior change was pre-announced with the releases of
  lighttpd 1.4.52 (2018.11.28)
  lighttpd 1.4.53 (2019.01.27)

The recommended settings are:
      server.http-parseopts = (
        "header-strict"            => "enable",
        "host-strict"              => "enable",
        "host-normalize"           => "enable",
        "url-normalize"            => "enable",
        "url-normalize-unreserved" => "enable",
        "url-normalize-required"   => "enable",
        "url-ctrls-reject"         => "enable",
        "url-path-2f-decode"       => "enable",
        "url-path-backslash-trans" => "enable",
        "url-path-dotseg-remove"   => "enable",
        "url-query-20-plus"        => "enable"
      )

The lighttpd defaults with this commit are slightly less strict:
      server.http-parseopts = (
        "header-strict"            => "enable",
        "host-strict"              => "enable",
        "host-normalize"           => "enable",
        "url-normalize"            => "enable",
        "url-normalize-unreserved" => "enable",
       #"url-normalize-required"   => "enable",
        "url-ctrls-reject"         => "enable",
        "url-path-2f-decode"       => "enable",
       #"url-path-backslash-trans" => "enable",
        "url-path-dotseg-remove"   => "enable",
       #"url-query-20-plus"        => "enable"
      )
 2019-05-04 17:48:04 -04:00
Glenn Strauss 1b62dc325c [tests] test_request unit tests 
unit tests for request processing
collect existing request processing tests from Perl tests/*.t
(test_request.c runs *much* more quickly than Perl tests/*.t)
 2018-08-05 03:44:15 -04:00
Stefan Bühler d1a2356916 fix SQL injection / host name validation (thx Jann Horn) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2959 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-03-12 12:03:55 +00:00
Elan Ruusamäe c65ad47a55 - change s/// separator that it doesn't confuse vim 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2027 152afb58-edef-0310-8abb-c4023f1b3aa9
 2008-01-15 22:03:59 +00:00
Jan Kneschke 8b06b122b1 fixed by 1232, not 1209 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1870 152afb58-edef-0310-8abb-c4023f1b3aa9
 2007-06-15 14:15:37 +00:00
Jan Kneschke 9e4e4f7e1a fixed remote crash on duplicate header keys with line-wrapping (fixes #1230) 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1869 152afb58-edef-0310-8abb-c4023f1b3aa9
 2007-06-15 14:08:32 +00:00
Marcus Rückert b8df99f3db - a few more whitespace cleanups 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1374 152afb58-edef-0310-8abb-c4023f1b3aa9
 2006-10-05 00:09:51 +00:00
Jan Kneschke ac7db634f6 detect empty URIs in requests as bad request, status 400 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@773 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-10-02 21:50:51 +00:00
Xuefer 9be1abfb85 an unset header is now treat as empty_string "" to make the conditional logic correct. 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@757 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-09-29 14:42:35 +00:00
Jan Kneschke 3ebc17571a find perl at runtime 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@670 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-09-01 11:44:57 +00:00
Jan Kneschke 7988661090 added tests for keep-alive and setenv and passed a ARRAY ref instead of a HASH ref 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@654 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-08-31 12:55:44 +00:00
Jan Kneschke 0212534554 fixed detection of mimetype on uppercase extensions 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@632 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-08-27 16:35:57 +00:00
Jan Kneschke 877161c067 switch to LigtyTest module 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.3.x@394 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-06-26 10:27:41 +00:00
Jan Kneschke 7a25f1b5f5 Unified all tests to use the LighyTest framework 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.3.x@388 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-06-15 09:37:18 +00:00
Jan Kneschke 40e8c6714a seperated the tests for each section and let run-tests.pl use Test::Harness 
git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@72 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-03-02 11:27:02 +00:00