httpd

matthew green Wed, 16 Jan 2019 23:47:19 -0800

Module Name:    src
Committed By:   mrg
Date:           Thu Jan 17 07:46:16 UTC 2019


Modified Files:
        src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c cgi-bozo.c
            daemon-bozo.c dir-index-bozo.c

Log Message:
- call this 20190116
- adjust the directory indexing again:
  - don't include "index.html" in html headers
  - additional escaping of names
  - re-add top/bottom borders
  - adds an aquamarine table header
  - Zebra-stripes table rows using CSS instead of code
  all from "Rajeev V. Pillai" <rajeev_v_pil...@yahoo.com>


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.77 -r1.78 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.107 -r1.108 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.46 -r1.47 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.35 src/libexec/httpd/CHANGES:1.36
--- src/libexec/httpd/CHANGES:1.35	Thu Jan 17 07:34:06 2019
+++ src/libexec/httpd/CHANGES	Thu Jan 17 07:46:16 2019
@@ -1,8 +1,9 @@
-$NetBSD: CHANGES,v 1.35 2019/01/17 07:34:06 mrg Exp $
+$NetBSD: CHANGES,v 1.36 2019/01/17 07:46:16 mrg Exp $
 
 changes in bozohttpd 20190116:
-	o  fix CGI '+' parameter handling, and a double free.  from
-	   rajeev_v_pil...@yahoo.com
+	o  fix CGI '+' parameter handling, some error checking, and a double
+	   free.  from rajeev_v_pil...@yahoo.com
+	o  more directory indexing clean up.  from rajeev_v_pil...@yahoo.com
 
 changes in bozohttpd 20181215:
 	o  fix .htpasswd bypass for authenticated users.  reported by JP,

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.77 src/libexec/httpd/bozohttpd.8:1.78
--- src/libexec/httpd/bozohttpd.8:1.77	Tue Jan  8 06:04:29 2019
+++ src/libexec/httpd/bozohttpd.8	Thu Jan 17 07:46:16 2019
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.77 2019/01/08 06:04:29 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.78 2019/01/17 07:46:16 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -597,7 +597,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20181215.
+version 20190116.
 .Sh AUTHORS
 .An -nosplit
 .Nm
@@ -632,7 +632,7 @@ provided cgi-bin support fixes, and more
 .Aq Mt a...@netbsd.org
 cleaned up many internal interfaces, made
 .Nm
-linkable as a library and provided the Lua binding.
+linkable as a library and provided the Lua binding
 .It
 .An DEGROOTE Arnaud
 .Aq Mt degro...@netbsd.org
@@ -688,7 +688,7 @@ provided many fixes and enhancements for
 fixed memory leaks, various issues with userdir support,
 information disclosure issues, added support for using CGI handlers
 with directory indexing, found several security issues and provided
-various other fixes.
+various other fixes
 .It
 .An Arnaud Lacombe
 .Aq Mt a...@netbsd.org
@@ -706,7 +706,7 @@ provided a cgi-bin fix
 .Aq Mt j...@netbsd.org
 Added the
 .Fl P
-option (pidfile support) and provided some man page fixes.
+option (pidfile support) and provided some man page fixes
 .It
 .An Luke Mewburn
 .Aq Mt lu...@netbsd.org
@@ -715,7 +715,8 @@ HTTP basic authorization support and muc
 .It
 .An Rajeev V. Pillai
 .Aq Mt rajeev_v_pil...@yahoo.com
-provided several fixes for virtual hosting and directory indexing
+provided several fixes for virtual hosting and directory indexing and
+fixes for CGI
 .It
 .An Jeremy C. Reed
 .Aq Mt r...@netbsd.org
@@ -737,11 +738,11 @@ provided minor compile fixes and a CGI c
 .Aq Mt rum...@ephemeral.org
 provided the
 .Fl V
-option.
+option
 .It
 .An Thor Lancelot Simon
 .Aq Mt t...@netbsd.org
-enhanced cgi-bin support.
+enhanced cgi-bin support
 .It
 .An Joerg Sonnenberger
 .Aq Mt jo...@netbsd.org
@@ -758,7 +759,7 @@ provided http authorization fixes
 .Aq Mt x...@kittenz.org
 provided chroot and change-to-user support, and other various fixes
 .It
-Coyote Point provided various CGI fixes.
+Coyote Point provided various CGI fixes
 .El
 .Pp
 There are probably others I have forgotten (let me know if you care)

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.107 src/libexec/httpd/bozohttpd.c:1.108
--- src/libexec/httpd/bozohttpd.c:1.107	Sat Dec 15 12:52:36 2018
+++ src/libexec/httpd/bozohttpd.c	Thu Jan 17 07:46:16 2019
@@ -1,9 +1,9 @@
-/*	$NetBSD: bozohttpd.c,v 1.107 2018/12/15 12:52:36 leot Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.108 2019/01/17 07:46:16 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181215"
+#define SERVER_SOFTWARE		"bozohttpd/20190116"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.46 src/libexec/httpd/cgi-bozo.c:1.47
--- src/libexec/httpd/cgi-bozo.c:1.46	Thu Jan 17 07:34:06 2019
+++ src/libexec/httpd/cgi-bozo.c	Thu Jan 17 07:46:16 2019
@@ -1,9 +1,9 @@
-/*	$NetBSD: cgi-bozo.c,v 1.46 2019/01/17 07:34:06 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.47 2019/01/17 07:46:16 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/daemon-bozo.c
diff -u src/libexec/httpd/daemon-bozo.c:1.20 src/libexec/httpd/daemon-bozo.c:1.21
--- src/libexec/httpd/daemon-bozo.c:1.20	Thu Jan 17 07:34:06 2019
+++ src/libexec/httpd/daemon-bozo.c	Thu Jan 17 07:46:16 2019
@@ -1,9 +1,9 @@
-/*	$NetBSD: daemon-bozo.c,v 1.20 2019/01/17 07:34:06 mrg Exp $	*/
+/*	$NetBSD: daemon-bozo.c,v 1.21 2019/01/17 07:46:16 mrg Exp $	*/
 
 /*	$eterna: daemon-bozo.c,v 1.24 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.29 src/libexec/httpd/dir-index-bozo.c:1.30
--- src/libexec/httpd/dir-index-bozo.c:1.29	Tue Dec  4 02:52:42 2018
+++ src/libexec/httpd/dir-index-bozo.c	Thu Jan 17 07:46:16 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.29 2018/12/04 02:52:42 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.30 2019/01/17 07:46:16 mrg Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -56,8 +56,8 @@ bozo_dir_index(bozo_httpreq_t *request, 
 	struct dirent **de, **deo;
 	DIR *dp;
 	char buf[MAXPATHLEN];
-	char *file = NULL, *printname = NULL;
-	int k, j, i;
+	char *file = NULL, *printname = NULL, *p;
+	int k, j;
 
 	if (!isindex || !httpd->dir_indexing)
 		return 0;
@@ -106,20 +106,39 @@ bozo_dir_index(bozo_httpreq_t *request, 
 #else
 	printname = bozostrdup(httpd, request, request->hr_file);
 #endif /* !NO_USER_SUPPORT */
+	if ((p = strstr(printname, httpd->index_html)) != NULL) {
+		if (strcmp(printname, httpd->index_html) == 0)
+			strcpy(printname, "/");	/* is ``slashdir'' */
+		else
+			*p = '\0';		/* strip unwanted ``index_html'' */
+	}
+	if ((p = bozo_escape_html(httpd, printname)) != NULL) {
+		free(printname);
+		printname = p;
+	}
 
-	bozo_printf(httpd, "<!DOCTYPE html>\r\n");
-	bozo_printf(httpd, "<html><head><meta charset=\"utf-8\"/>\r\n");
-	bozo_printf(httpd, "<style type=\"text/css\">tr.o {background:#f4f4f4;}</style>\r\n");
+	bozo_printf(httpd,
+		"<!DOCTYPE html>\r\n"
+		"<html><head><meta charset=\"utf-8\"/>\r\n"
+		"<style type=\"text/css\">\r\n"
+		"table {\r\n"
+		"\tborder-top: 1px solid black;\r\n"
+		"\tborder-bottom: 1px solid black;\r\n"
+		"}\r\n"
+		"th { background: aquamarine; }\r\n"
+		"tr:nth-child(even) { background: lavender; }\r\n"
+		"</style>\r\n");
 	bozo_printf(httpd, "<title>Index of %s</title></head>\r\n",
 		printname);
 	bozo_printf(httpd, "<body><h1>Index of %s</h1>\r\n",
 		printname);
-	bozo_printf(httpd, "<table>\r\n<thead>\r\n");
-	bozo_printf(httpd, "<tr class=\"o\"><th>Name<th>Last modified<th align=right>Size\r\n");
-	bozo_printf(httpd, "<tbody>\r\n");
+	bozo_printf(httpd,
+		"<table cols=3>\r\n<thead>\r\n"
+		"<tr><th>Name<th>Last modified<th align=right>Size\r\n"
+		"<tbody>\r\n");
 
-	for (j = k = scandir(dirpath, &de, NULL, alphasort), deo = de, i = 1;
-	    j--; de++, i++) {
+	for (j = k = scandir(dirpath, &de, NULL, alphasort), deo = de;
+	    j--; de++) {
 		int nostat = 0;
 		char *name = (*de)->d_name;
 		char *urlname, *htmlname;
@@ -137,7 +156,7 @@ bozo_dir_index(bozo_httpreq_t *request, 
 		htmlname = bozo_escape_html(httpd, name);
 		if (htmlname == NULL)
 			htmlname = name;
-		bozo_printf(httpd, "<tr class=\"%s\"><td>", (i & 1) ? "o" : "e");
+		bozo_printf(httpd, "<tr><td>");
 		if (strcmp(name, "..") == 0) {
 			bozo_printf(httpd, "<a href=\"../\">");
 			bozo_printf(httpd, "Parent Directory");

CVS commit: src/libexec/httpd

Reply via email to