Merge commit 'f2e63f9ef2a8af259d244f87709fd0a08c42b190'

diff --git a/cgilite/cgilite.sh b/cgilite/cgilite.sh
index f03f74732165e4d672418d3718ecc228db4ac53d..f766ee2a425591245926952a5b961dde86cac4ee 100755 (executable)
--- a/cgilite/cgilite.sh
+++ b/cgilite/cgilite.sh
@@ -18,6 +18,9 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with CGIlite.  If not, see <http://www.gnu.org/licenses/>. 
 
+[ -n "$include_cgilite" ] && return 0
+# guard set after webserver part
+
 # ksh and zsh workaround
 # set -o posix # ksh, not portable
 setopt -o OCTAL_ZEROES 2>&-
@@ -119,11 +122,14 @@ if [ -z "$REQUEST_METHOD" ]; then
   exit 0
 fi
 
+include_cgilite="$0"
+
 if [ "${REQUEST_METHOD}" = POST -a "${CONTENT_LENGTH:-0}" -gt 0 -a \
      "${CONTENT_TYPE}" = "application/x-www-form-urlencoded" ]; then
   cgilite_post="$(head -c "$CONTENT_LENGTH")"
 fi
 
+debug(){ [ $# -gt 0 ] && printf '%s\n' "$@" >&2 || tee -a /dev/stderr; }
 [ "${DEBUG+x}" ] && env >&2
 
 cgilite_count(){
@@ -200,6 +206,7 @@ HTML(){
       \'*) out="${out}&#x27;";;
       \[*) out="${out}&#x5B;";;
       \]*) out="${out}&#x5D;";;
+      "${CR}"*) out="${out}&#x0D;";;
       "${BR}"*) out="${out}&#x0A;";;
       *) out="${out}${str%"${str#?}"}";;
     esac
@@ -222,6 +229,8 @@ URL(){
       \[*) out="${out}%5B";;
       \]*) out="${out}%5D";;
       \ *) out="${out}%20";;
+      "        "*) out="${out}%09";;
+      "${CR}"*) out="${out}%0D";;
       "${BR}"*) out="${out}%0A";;
       %*) out="${out}%25";;
       *) out="${out}${str%"${str#?}"}";;

diff --git a/cgilite/file.sh b/cgilite/file.sh
index 51ec245f2678602a12882d71d39173ff9acd98b1..04a8ef617c9f755a4dcb7c3cf3adeeca69683f27 100755 (executable)
--- a/cgilite/file.sh
+++ b/cgilite/file.sh
@@ -32,9 +32,14 @@ file_type(){
     svg)       printf 'image/svg+xml';;
     gif)       printf 'image/gif';;
     webm)      printf 'video/webm';;
-    mp4)       printf 'video/mp4';;
+    mp4|m4v)   printf 'video/mp4';;
+    m4a)       printf 'audio/mp4';;
     ogg)       printf 'audio/ogg';;
     xml)       printf 'application/xml';;
+    m3u8)      printf 'application/x-mpegURL';;
+    ts)        printf 'video/MP2T';;
+    mpd)       printf 'application/dash+xml';;
+    m4s)       printf 'video/iso.segment';;
     *)         printf 'application/octet-stream';;
   esac
 }

diff --git a/cgilite/session.sh b/cgilite/session.sh
index ee5c4993a72df047fe0fc67b3c384f2b5733be48..12788d3eb534292349b8146ac1c50db80118398b 100755 (executable)
--- a/cgilite/session.sh
+++ b/cgilite/session.sh
@@ -57,7 +57,7 @@ update_session(){
   local session sid time sig serverkey checksig
 
   IFS=- read -r sid time sig <<-END
-       $(COOKIE session)
+       $(POST session_key || COOKIE session)
        END
   serverkey="$(server_key)"
   
@@ -68,7 +68,7 @@ update_session(){
     -a "$time" -ge "$_DATE" \
     -a "$(printf %s "$sid" |checkid)" ] 2>&-
   then
-    debug Setting up new session
+    debug "Setting up new session"
     sid="$(randomid)"
   fi
 
@@ -78,6 +78,6 @@ update_session(){
   printf %s\\n "${sid}-${time}-${sig}"
 }
 
-SESSION_ID="$(update_session)"
-SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly
-SESSION_ID="${SESSION_ID%%-*}"
+SESSION_KEY="$(update_session)"
+SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
+SESSION_ID="${SESSION_KEY%%-*}"