summaryrefslogtreecommitdiff
path: root/cgi.c
AgeCommit message (Collapse)Author
2018-11-28cgi: escape url in 403 error outputJo-Philipp Wich
Escape the untrusted request URL input in the permission denied HTML output. This fixes certain XSS vulnerabilities which can be leveraged to further exploit the system. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-10-25cgi: allow conf.cgi_docroot_path to be NULLJo-Philipp Wich
The check_cgi_path() function would segfault if we ever support running uhttpd without any CGI prefix. Add a check to prevent running uh_patch_match() when the prefix is unset. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-03-28properly handle return codesJohn Crispin
Signed-off-by: John Crispin <blogic@openwrt.org>
2014-06-08cgi: add _GNU_SOURCE define to fix build error on muslFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-03-22cgi: compare the physical path instead of the url to detect quirky urlsFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-19add support for deferring script requests, limit maximum number of script ↵Felix Fietkau
calls to 3, maximum number of connections to 100 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-13relicense to ISCFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-01-06de-constify the url parameter for the handler, it becomes invalid after the ↵Felix Fietkau
request anyway
2013-01-04add lua plugin supportFelix Fietkau
2013-01-03use pipes instead of a socketpair, EOF handling is broken with socketsFelix Fietkau
2013-01-02constify, fix typesFelix Fietkau
2013-01-01add preliminary cgi support, needs fixing for close handlingFelix Fietkau