From: Paul Hänsch Date: Mon, 4 Jan 2021 17:34:35 +0000 (+0100) Subject: Merge commit 'f2e63f9ef2a8af259d244f87709fd0a08c42b190' X-Git-Url: http://git.plutz.net/?a=commitdiff_plain;h=0437fb0d2660c436ee3753b793ed224fa7e36db6;hp=-c;p=serve0 Merge commit 'f2e63f9ef2a8af259d244f87709fd0a08c42b190' --- 0437fb0d2660c436ee3753b793ed224fa7e36db6 diff --combined cgilite/cgilite.sh index f03f747,f766ee2..f766ee2 --- a/cgilite/cgilite.sh +++ b/cgilite/cgilite.sh @@@ -18,6 -18,9 +18,9 @@@ # You should have received a copy of the GNU Affero General Public License # along with CGIlite. If not, see . + [ -n "$include_cgilite" ] && return 0 + # guard set after webserver part + # ksh and zsh workaround # set -o posix # ksh, not portable setopt -o OCTAL_ZEROES 2>&- @@@ -119,11 -122,14 +122,14 @@@ if [ -z "$REQUEST_METHOD" ]; the exit 0 fi + include_cgilite="$0" + if [ "${REQUEST_METHOD}" = POST -a "${CONTENT_LENGTH:-0}" -gt 0 -a \ "${CONTENT_TYPE}" = "application/x-www-form-urlencoded" ]; then cgilite_post="$(head -c "$CONTENT_LENGTH")" fi + debug(){ [ $# -gt 0 ] && printf '%s\n' "$@" >&2 || tee -a /dev/stderr; } [ "${DEBUG+x}" ] && env >&2 cgilite_count(){ @@@ -200,6 -206,7 +206,7 @@@ HTML() \'*) out="${out}'";; \[*) out="${out}[";; \]*) out="${out}]";; + "${CR}"*) out="${out} ";; "${BR}"*) out="${out} ";; *) out="${out}${str%"${str#?}"}";; esac @@@ -222,6 -229,8 +229,8 @@@ URL() \[*) out="${out}%5B";; \]*) out="${out}%5D";; \ *) out="${out}%20";; + " "*) out="${out}%09";; + "${CR}"*) out="${out}%0D";; "${BR}"*) out="${out}%0A";; %*) out="${out}%25";; *) out="${out}${str%"${str#?}"}";; diff --combined cgilite/file.sh index 51ec245,04a8ef6..04a8ef6 --- a/cgilite/file.sh +++ b/cgilite/file.sh @@@ -32,9 -32,14 +32,14 @@@ file_type() svg) printf 'image/svg+xml';; gif) printf 'image/gif';; webm) printf 'video/webm';; - mp4) printf 'video/mp4';; + mp4|m4v) printf 'video/mp4';; + m4a) printf 'audio/mp4';; ogg) printf 'audio/ogg';; xml) printf 'application/xml';; + m3u8) printf 'application/x-mpegURL';; + ts) printf 'video/MP2T';; + mpd) printf 'application/dash+xml';; + m4s) printf 'video/iso.segment';; *) printf 'application/octet-stream';; esac } diff --combined cgilite/session.sh index ee5c499,12788d3..12788d3 --- a/cgilite/session.sh +++ b/cgilite/session.sh @@@ -57,7 -57,7 +57,7 @@@ update_session() local session sid time sig serverkey checksig IFS=- read -r sid time sig <<-END - $(COOKIE session) + $(POST session_key || COOKIE session) END serverkey="$(server_key)" @@@ -68,7 -68,7 +68,7 @@@ -a "$time" -ge "$_DATE" \ -a "$(printf %s "$sid" |checkid)" ] 2>&- then - debug Setting up new session + debug "Setting up new session" sid="$(randomid)" fi @@@ -78,6 -78,6 +78,6 @@@ printf %s\\n "${sid}-${time}-${sig}" } - SESSION_ID="$(update_session)" - SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly - SESSION_ID="${SESSION_ID%%-*}" + SESSION_KEY="$(update_session)" + SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly + SESSION_ID="${SESSION_KEY%%-*}"