Merge commit 'f2e63f9ef2a8af259d244f87709fd0a08c42b190'

diff --combined cgilite/cgilite.sh
index f03f74732165e4d672418d3718ecc228db4ac53d,f766ee2a425591245926952a5b961dde86cac4ee..f766ee2a425591245926952a5b961dde86cac4ee
--- 1/cgilite/cgilite.sh
--- 2/cgilite.sh
+++ b/cgilite/cgilite.sh
@@@ -18,6 -18,9 +18,9 @@@
  # You should have received a copy of the GNU Affero General Public License
  # along with CGIlite.  If not, see <http://www.gnu.org/licenses/>. 
  
+ [ -n "$include_cgilite" ] && return 0
+ # guard set after webserver part
+ 
  # ksh and zsh workaround
  # set -o posix # ksh, not portable
  setopt -o OCTAL_ZEROES 2>&-
@@@ -119,11 -122,14 +122,14 @@@ if [ -z "$REQUEST_METHOD" ]; the
    exit 0
  fi
  
+ include_cgilite="$0"
+ 
  if [ "${REQUEST_METHOD}" = POST -a "${CONTENT_LENGTH:-0}" -gt 0 -a \
       "${CONTENT_TYPE}" = "application/x-www-form-urlencoded" ]; then
    cgilite_post="$(head -c "$CONTENT_LENGTH")"
  fi
  
+ debug(){ [ $# -gt 0 ] && printf '%s\n' "$@" >&2 || tee -a /dev/stderr; }
  [ "${DEBUG+x}" ] && env >&2
  
  cgilite_count(){
@@@ -200,6 -206,7 +206,7 @@@ HTML()
        \'*) out="${out}&#x27;";;
        \[*) out="${out}&#x5B;";;
        \]*) out="${out}&#x5D;";;
+       "${CR}"*) out="${out}&#x0D;";;
        "${BR}"*) out="${out}&#x0A;";;
        *) out="${out}${str%"${str#?}"}";;
      esac
@@@ -222,6 -229,8 +229,8 @@@ URL()
        \[*) out="${out}%5B";;
        \]*) out="${out}%5D";;
        \ *) out="${out}%20";;
+       "       "*) out="${out}%09";;
+       "${CR}"*) out="${out}%0D";;
        "${BR}"*) out="${out}%0A";;
        %*) out="${out}%25";;
        *) out="${out}${str%"${str#?}"}";;

diff --combined cgilite/file.sh
index 51ec245f2678602a12882d71d39173ff9acd98b1,04a8ef617c9f755a4dcb7c3cf3adeeca69683f27..04a8ef617c9f755a4dcb7c3cf3adeeca69683f27
--- 1/cgilite/file.sh
--- 2/file.sh
+++ b/cgilite/file.sh
@@@ -32,9 -32,14 +32,14 @@@ file_type()
      svg)       printf 'image/svg+xml';;
      gif)       printf 'image/gif';;
      webm)      printf 'video/webm';;
-     mp4)       printf 'video/mp4';;
+     mp4|m4v)   printf 'video/mp4';;
+     m4a)       printf 'audio/mp4';;
      ogg)       printf 'audio/ogg';;
      xml)       printf 'application/xml';;
+     m3u8)      printf 'application/x-mpegURL';;
+     ts)        printf 'video/MP2T';;
+     mpd)       printf 'application/dash+xml';;
+     m4s)       printf 'video/iso.segment';;
      *)         printf 'application/octet-stream';;
    esac
  }

diff --combined cgilite/session.sh
index ee5c4993a72df047fe0fc67b3c384f2b5733be48,12788d3eb534292349b8146ac1c50db80118398b..12788d3eb534292349b8146ac1c50db80118398b
--- 1/cgilite/session.sh
--- 2/session.sh
+++ b/cgilite/session.sh
@@@ -57,7 -57,7 +57,7 @@@ update_session()
    local session sid time sig serverkey checksig
  
    IFS=- read -r sid time sig <<-END
-       $(COOKIE session)
+       $(POST session_key || COOKIE session)
        END
    serverkey="$(server_key)"
    
@@@ -68,7 -68,7 +68,7 @@@
      -a "$time" -ge "$_DATE" \
      -a "$(printf %s "$sid" |checkid)" ] 2>&-
    then
-     debug Setting up new session
+     debug "Setting up new session"
      sid="$(randomid)"
    fi
  
@@@ -78,6 -78,6 +78,6 @@@
    printf %s\\n "${sid}-${time}-${sig}"
  }
  
- SESSION_ID="$(update_session)"
- SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly
- SESSION_ID="${SESSION_ID%%-*}"
+ SESSION_KEY="$(update_session)"
+ SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
+ SESSION_ID="${SESSION_KEY%%-*}"