| Age | Commit message (Collapse) | Author |
|---|
|
Before this change if the cgi script hangs after writing headers
then the process will never be killed. Let's only cancel the timeout
if the process ends.
Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
After format string checks were activated in libubox the compiler
started to complain about multiple missuses in uhttpd. This fixes the
format strings without changing the behavior.
blobmsg_get_string() just checks if the parameter is not NULL and then
calls blobmsg_data() and casts the result.
I think non of these problem is security relevant.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
Map the "Origin:" header as $HTTP_ORIGIN environment variable for use by
request handling processes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This reverts commit ccd9717ba5d501b45fda957f0ea41c4660ef414c.
|
|
When a request handler accepting post data is too slow in consuming stdin,
uhttpd might deadlock with the master process stuck in a blocking write()
to the child and the child stuck with a blocking write() to the master.
Avoid this issue by putting the master side write end of the child pipe
into nonblocking mode right away and by raising the data_blocked flag
when attempts to write to the child yield EAGAIN.
Setting the flag ensures that client_poll_post_data() does not immediately
trigger a write attempt again, which effectively yields the master write
cycle so that the relay ustream has a chance to consume output of the
client process, thus solving the deadlock.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Mimic other web servers like Nginx or Apache and expose the parsed basic
auth information as HTTP_AUTH_USER and HTTP_AUTH_PASS environment variables
to CGI processes.
This also restores login-from-basic-auth functionality in LuCI.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
If a HTTP header variable has no corresponding value, then do not set it
to the empty string but to NULL, so that cgi.c will later skip it when
setting up the process environment.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
As uhttpd doesn't currently support PUT/DELETE/PATCH, allow passing the
commonly used X-HTTP-Method-Override header to CGI scripts.
This is an optional "protocol specific metadata" variable as per rfc
3875 section 4.1.18.
Signed-off-by: Karl Palsson <karlp@remake.is>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
usage
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
|
|
request anyway
|
|
|
|
|
|
client
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
