Squashed 'cgilite/' changes from b8cec22..a1caf91

a1caf91 include guard for main script, prevent double read of post data
147c722 mime types for streaming formats
1caf684 prevent line breaks in debug message
06a4763 try reading session key from post before trying cookie
1462517 escape CR and TAB in URLs
00ba4b0 avoid confusion regarding carriage return when escaping HTML (especially in textarea)
238f0f8 rudimentary debug function

git-subtree-dir: cgilite
git-subtree-split: a1caf91a5e6ab2d13790ec6a0c1eaf2b4030a0e8

diff --git a/cgilite.sh b/cgilite.sh
index f03f74732165e4d672418d3718ecc228db4ac53d..f766ee2a425591245926952a5b961dde86cac4ee 100755 (executable)
--- a/cgilite.sh
+++ b/cgilite.sh
@@ -18,6 +18,9 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with CGIlite.  If not, see <http://www.gnu.org/licenses/>. 
 
+[ -n "$include_cgilite" ] && return 0
+# guard set after webserver part
+
 # ksh and zsh workaround
 # set -o posix # ksh, not portable
 setopt -o OCTAL_ZEROES 2>&-
@@ -119,11 +122,14 @@ if [ -z "$REQUEST_METHOD" ]; then
   exit 0
 fi
 
+include_cgilite="$0"
+
 if [ "${REQUEST_METHOD}" = POST -a "${CONTENT_LENGTH:-0}" -gt 0 -a \
      "${CONTENT_TYPE}" = "application/x-www-form-urlencoded" ]; then
   cgilite_post="$(head -c "$CONTENT_LENGTH")"
 fi
 
+debug(){ [ $# -gt 0 ] && printf '%s\n' "$@" >&2 || tee -a /dev/stderr; }
 [ "${DEBUG+x}" ] && env >&2
 
 cgilite_count(){
@@ -200,6 +206,7 @@ HTML(){
       \'*) out="${out}&#x27;";;
       \[*) out="${out}&#x5B;";;
       \]*) out="${out}&#x5D;";;
+      "${CR}"*) out="${out}&#x0D;";;
       "${BR}"*) out="${out}&#x0A;";;
       *) out="${out}${str%"${str#?}"}";;
     esac
@@ -222,6 +229,8 @@ URL(){
       \[*) out="${out}%5B";;
       \]*) out="${out}%5D";;
       \ *) out="${out}%20";;
+      "        "*) out="${out}%09";;
+      "${CR}"*) out="${out}%0D";;
       "${BR}"*) out="${out}%0A";;
       %*) out="${out}%25";;
       *) out="${out}${str%"${str#?}"}";;

diff --git a/file.sh b/file.sh
index 51ec245f2678602a12882d71d39173ff9acd98b1..04a8ef617c9f755a4dcb7c3cf3adeeca69683f27 100755 (executable)
--- a/file.sh
+++ b/file.sh
@@ -32,9 +32,14 @@ file_type(){
     svg)       printf 'image/svg+xml';;
     gif)       printf 'image/gif';;
     webm)      printf 'video/webm';;
-    mp4)       printf 'video/mp4';;
+    mp4|m4v)   printf 'video/mp4';;
+    m4a)       printf 'audio/mp4';;
     ogg)       printf 'audio/ogg';;
     xml)       printf 'application/xml';;
+    m3u8)      printf 'application/x-mpegURL';;
+    ts)        printf 'video/MP2T';;
+    mpd)       printf 'application/dash+xml';;
+    m4s)       printf 'video/iso.segment';;
     *)         printf 'application/octet-stream';;
   esac
 }

diff --git a/session.sh b/session.sh
index ee5c4993a72df047fe0fc67b3c384f2b5733be48..12788d3eb534292349b8146ac1c50db80118398b 100755 (executable)
--- a/session.sh
+++ b/session.sh
@@ -57,7 +57,7 @@ update_session(){
   local session sid time sig serverkey checksig
 
   IFS=- read -r sid time sig <<-END
-       $(COOKIE session)
+       $(POST session_key || COOKIE session)
        END
   serverkey="$(server_key)"
   
@@ -68,7 +68,7 @@ update_session(){
     -a "$time" -ge "$_DATE" \
     -a "$(printf %s "$sid" |checkid)" ] 2>&-
   then
-    debug Setting up new session
+    debug "Setting up new session"
     sid="$(randomid)"
   fi
 
@@ -78,6 +78,6 @@ update_session(){
   printf %s\\n "${sid}-${time}-${sig}"
 }
 
-SESSION_ID="$(update_session)"
-SET_COOKIE 0 session="$SESSION_ID" Path=/ SameSite=Strict HttpOnly
-SESSION_ID="${SESSION_ID%%-*}"
+SESSION_KEY="$(update_session)"
+SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
+SESSION_ID="${SESSION_KEY%%-*}"