From: Paul Hänsch Date: Mon, 4 Jan 2021 17:34:35 +0000 (+0100) Subject: Squashed 'cgilite/' changes from b8cec22..a1caf91 X-Git-Url: http://git.plutz.net/?p=serve0;a=commitdiff_plain;h=f2e63f9ef2a8af259d244f87709fd0a08c42b190 Squashed 'cgilite/' changes from b8cec22..a1caf91 a1caf91 include guard for main script, prevent double read of post data 147c722 mime types for streaming formats 1caf684 prevent line breaks in debug message 06a4763 try reading session key from post before trying cookie 1462517 escape CR and TAB in URLs 00ba4b0 avoid confusion regarding carriage return when escaping HTML (especially in textarea) 238f0f8 rudimentary debug function git-subtree-dir: cgilite git-subtree-split: a1caf91a5e6ab2d13790ec6a0c1eaf2b4030a0e8 --- diff --git a/cgilite.sh b/cgilite.sh index f03f747..f766ee2 100755 --- a/cgilite.sh +++ b/cgilite.sh @@ -18,6 +18,9 @@ # You should have received a copy of the GNU Affero General Public License # along with CGIlite. If not, see . +[ -n "$include_cgilite" ] && return 0 +# guard set after webserver part + # ksh and zsh workaround # set -o posix # ksh, not portable setopt -o OCTAL_ZEROES 2>&- @@ -119,11 +122,14 @@ if [ -z "$REQUEST_METHOD" ]; then exit 0 fi +include_cgilite="$0" + if [ "${REQUEST_METHOD}" = POST -a "${CONTENT_LENGTH:-0}" -gt 0 -a \ "${CONTENT_TYPE}" = "application/x-www-form-urlencoded" ]; then cgilite_post="$(head -c "$CONTENT_LENGTH")" fi +debug(){ [ $# -gt 0 ] && printf '%s\n' "$@" >&2 || tee -a /dev/stderr; } [ "${DEBUG+x}" ] && env >&2 cgilite_count(){ @@ -200,6 +206,7 @@ HTML(){ \'*) out="${out}'";; \[*) out="${out}[";; \]*) out="${out}]";; + "${CR}"*) out="${out} ";; "${BR}"*) out="${out} ";; *) out="${out}${str%"${str#?}"}";; esac @@ -222,6 +229,8 @@ URL(){ \[*) out="${out}%5B";; \]*) out="${out}%5D";; \ *) out="${out}%20";; + " "*) out="${out}%09";; + "${CR}"*) out="${out}%0D";; "${BR}"*) out="${out}%0A";; %*) out="${out}%25";; *) out="${out}${str%"${str#?}"}";; diff --git a/file.sh b/file.sh index 51ec245..04a8ef6 100755 --- a/file.sh +++ b/file.sh @@ -32,9 +32,14 @@ file_type(){ svg) printf 'image/svg+xml';; gif) printf 'image/gif';; webm) printf 'video/webm';; - mp4) printf 'video/mp4';; + mp4|m4v) printf 'video/mp4';; + m4a) printf 'audio/mp4';; ogg) printf 'audio/ogg';; xml) printf 'application/xml';; + m3u8) printf 'application/x-mpegURL';; + ts) printf 'video/MP2T';; + mpd) printf 'application/dash+xml';; + m4s) printf 'video/iso.segment';; *) printf 'application/octet-stream';; esac } diff --git a/session.sh b/session.sh index ee5c499..12788d3 100755 --- a/session.sh +++ b/session.sh @@ -57,7 +57,7 @@ update_session(){ local session sid time sig serverkey checksig IFS=- read -r sid time sig <<-END - $(COOKIE session) + $(POST session_key || COOKIE session) END serverkey="$(server_key)" @@ -68,7 +68,7 @@ update_session(){ -a "$time" -ge "$_DATE" \ -a "$(printf %s "$sid" |checkid)" ] 2>&- then - debug Setting up new session + debug "Setting up new session" sid="$(randomid)" fi @@ -78,6 +78,6 @@ update_session(){ printf %s\\n "${sid}-${time}-${sig}" } -SESSION_ID="$(update_session)" -SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly -SESSION_ID="${SESSION_ID%%-*}" +SESSION_KEY="$(update_session)" +SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly +SESSION_ID="${SESSION_KEY%%-*}"