Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-11-28 | cgi: escape url in 403 error output | Jo-Philipp Wich | |
Escape the untrusted request URL input in the permission denied HTML output. This fixes certain XSS vulnerabilities which can be leveraged to further exploit the system. Signed-off-by: Jo-Philipp Wich <jo@mein.io> | |||
2016-10-25 | cgi: allow conf.cgi_docroot_path to be NULL | Jo-Philipp Wich | |
The check_cgi_path() function would segfault if we ever support running uhttpd without any CGI prefix. Add a check to prevent running uh_patch_match() when the prefix is unset. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> | |||
2015-03-28 | properly handle return codes | John Crispin | |
Signed-off-by: John Crispin <blogic@openwrt.org> | |||
2014-06-08 | cgi: add _GNU_SOURCE define to fix build error on musl | Felix Fietkau | |
Signed-off-by: Felix Fietkau <nbd@openwrt.org> | |||
2014-03-22 | cgi: compare the physical path instead of the url to detect quirky urls | Felix Fietkau | |
Signed-off-by: Felix Fietkau <nbd@openwrt.org> | |||
2013-01-19 | add support for deferring script requests, limit maximum number of script ↵ | Felix Fietkau | |
calls to 3, maximum number of connections to 100 Signed-off-by: Felix Fietkau <nbd@openwrt.org> | |||
2013-01-13 | relicense to ISC | Felix Fietkau | |
Signed-off-by: Felix Fietkau <nbd@openwrt.org> | |||
2013-01-06 | de-constify the url parameter for the handler, it becomes invalid after the ↵ | Felix Fietkau | |
request anyway | |||
2013-01-04 | add lua plugin support | Felix Fietkau | |
2013-01-03 | use pipes instead of a socketpair, EOF handling is broken with sockets | Felix Fietkau | |
2013-01-02 | constify, fix types | Felix Fietkau | |
2013-01-01 | add preliminary cgi support, needs fixing for close handling | Felix Fietkau | |