| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
application/x-www-form-urlencoded-data is (or should be) always text, so
it is preferrable to define struct http_post member "data" as a null-
terminated string.
For applications already making this assumption, this change should now
remove the need for string duplication.
|
| | |
|
| |
|
|
|
| |
Whereas slcl, the project where slweb started, ignored this field, some
applications might require it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now, slweb accepts requests such as:
--boundary
Content-Disposition: form-data; name="field1"
value1
--boundary
Content-Disposition: form-data; name="field2"
value2
--boundary
Content-Disposition: form-data; name="field3"; filename="example.txt"
The following breaking changes have been introduced:
Member "dir" from struct http_post was a leftover from the days where
slcl and slweb were one project. It did not make sense for slweb, since
it should not decide which Content-Disposition names are allowed. In
other words, "dir" was only relevant in the scope of slcl.
Member "n" from struct http_post used to have two meanings:
- The length of a URL-encoded request.
- The number of files on a multipart/form-data request.
Since "npairs" had to be introduced to struct http_post, it did not make
sense to keep this dual meaning any more. Therefore, "n" has been
restricted to the former, whereas a new member, called "nfiles", has
been introduced for the latter.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to C99 7.19.1p3:
BUFSIZ is a macro that expands to an integer constant expression that is
the size of the buffer used by the setbuf function.
In other words, this means BUFSIZ is the most optimal length for a
buffer that reads a file into memory in chunks using fread(3).
Note: the number of bytes sent to the client might be less than BUFSIZ,
so this would act as a bottleneck, no matter how large the buffer passed
to fread(3) is.
|
| |
|
|
|
| |
Port numbers are unsigned by definition. Fortunately, this was a minor
issues since server_init was doing an implicit cast to unsigned short.
|
| |
|
|
|
| |
Even if the feature is unsupported by the application, slweb requires
`length` to be a valid function pointer.
|
| |
|
|
|
| |
Otherwise, fatal errors coming from the h->cfg.length would be
unnoticed, causing slweb to attempt to send a response.
|
| |
|
|
|
| |
Both functions were in fact identical, so there was no reason to keep
two definitions rather than one.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Despite designed around portability and minimalism, I feel slweb no
longer aligns with the philosophical views from the suckless project.
Therefore, I think it was appropriate to unlink its branding from it.
|
| |
|
|
| |
A recent commit introduced a "clean" target to its Makefile.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Since slweb is meant as a library, it is advisable to keep public header
files under their own directory in order to avoid name clashing i.e.,
#include "something.h"
Now becomes:
#include "slweb/something.h"
|
| |
|
|
|
|
| |
This project was forked off slcl, a "suckless" cloud solution, so that
its HTTP/1.1 server implementation could be reused by other
applications.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This should allow for easier packaging if extra linker flags are
required.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
slcl used to provide a hardcoded stylesheet. However, it would be
desirable for some admins to provide a custom stylesheet without having
to rebuild the application.
Now, slcl creates a default stylesheet, namely style.css, into the
target directory, that can be later modified by admins.
While this might contradict the suckless philosophy a bit, hopefully
some admins might find this new feature useful.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the distance between '*' on a wildcard expression was larger than
the string to compare with, this would cause an out-of-bounds read
because `n` was not being limited to the strlen(3) from the input
string.
Example:
- s="c", p="*cc*", casecmp=false
Here, the distance between the first and second '*' is 2 bytes, which is
longer than the input string itself (1 byte, not counting the
terminating null byte '\0').
|
| |
|
|
|
|
|
| |
- '.' or '..' must not be used for filenames.
- Filenames must not contain forward slashes ('/').
- Filenames must not contain asterisks ('*') to avoid confusion with
wildcard expressions.
|
| |
|
|
|
| |
HTTP headers are case-insensitive, so the implementation must accept
Content-Diposition, content-disposition or any other variation.
|
| | |
|
| |
|
|
|
| |
Otherwise, client requests to resources such as '/me & you', '/?' or
'/??preview=1' would fail.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
server.c kept an array of all of its active clients, calling realloc(3)
everytime its size had to be modified. However, reallocating this array
had the undesired consequence of moving other active clients to other
memory locations.
Potentially, this would result in dangling pointers from other
components that also kept pointers to struct server_client instances
e.g.: handler.c.
For this reason, the array-based approach has been completely dropped,
in favour of a doubly-linked list.
|
| |
|
|
|
|
|
| |
wildcard_cmp would otherwise fail with the following use cases:
s = "mymi", p = "*mi*"
s = "mymi", p = "*mi"
|
| |
|
|
|
| |
These statements had no effect since it was always executed when
n == 0.
|
| |
|
|
| |
The new search feature will require them.
|
| |
|
|
| |
Future commits will make use of this function outside handler.c.
|
| |
|
|
|
| |
dynstr has been recently modified so as to allow building also from
make(1).
|
| |
|
|
|
|
|
|
|
| |
Under some circumstances, clients could cause SIGPIPE to slcl. Since
this signal was not handled by server.c (i.e., via sigaction(3)), slcl
would crash without any error messages printed to stderr.
In such situation, SIGPIPE should not be usually considered a fatal
error, so it is preferrable to close the connection and keep working.
|
| |
|
|
|
|
|
|
|
| |
Given the following contrived example request:
/example%FB%DC&arg%DE1=examplevalue%AA
slcl must decode each token separately, so that percent-encoded
characters '&', '=' or '?' do not get accidently intepreted.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, write_body_mem and write_body_mem would silently fail,
causing undefined behaviour.
Notes:
The return value for write_ctx_free is currently assigned to that of
fclose(3), which can be either 0 on success or EOF on failure.
However, it makes sense for write_body_mem and write_body_mem to simply
check against non-zero.
Also, it would not be sensible to return EOF to caller functions, which
expect either 0 (success), -1 (fatal error) or 1 (input error).
|
| |
|
|
|
| |
According to POSIX.1-2008, .c and .o are already included by the default
.SUFFIX rule, among other suffixes.
|
| |
|
|
|
|
|
|
|
|
|
| |
Considering http.h defined HTTP/1.1-only responses such as "303 See
Other", as well as incoming HTTP/1.1-only features (e.g.: byte serving),
it did not make much sense to keep a somewhat broken compatibility
against HTTP/1.0.
Unfortunately, this breaks support with some existing clients such
as lynx(1), even if HTTP/1.0 was already deprecated many years ago.
However, even lynx(1) can be configured to support HTTP/1.1.
|
| |
|
|
|
|
| |
select(2) has a number of well-known issues (e.g.: FD_SETSIZE limiting
the maximum amount of file descriptors to watch) that are mostly solved
by poll(2) and thus can be used as a drop-in replacement.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now, http_payload includes a list of human-readable parameters that can
be read (but not modified) by users. Given the following example link:
/test?key1=value1&key2=value2
This will generate two parameters, with the following values:
{
.args =
{
[0] = {.key = "key1", .value = "value1"},
[1] = {.key = "key2", .value = "value2"}
},
.n_args = 2
}
As expected, if any URL parameters are given, struct http_payload member
"resource" is accordingly trimmed so as not to include any parameters.
Therefore, considering the example above:
{.args = {...}, .resource = "/test"}
Limitations:
- Since the definition of struct http_arg is both shared by http.h
(as a read-only pointer within struct http_payload) and http.c
(as a read/write pointer within struct ctx), its members (namely key
and value) must remain as read/write pointers, even if they must not
be modified by users of http.h.
|
| |
|
|
|
| |
This way, the default rule for .c.o can be used, simplifying the
Makefile a bit more.
|
| |
|
|
|
| |
This allows using the default compiler defined by make(1) (i.e.,
c99(1)), thus improving POSIX compatibility.
|
| |
|
|
| |
As required by strncasecmp(3).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far, slcl would just close the connection with a client when the
Content-Length of an incoming request exceeded the user quota, without
any meaningful information given back to the user.
Now, slcl responds with a HTML file with meaningful information about
the error.
Limitations:
- While this commits has been successfully tested on ungoogled-chromium,
LibreWolf (and I assume Firefox and any other derivates too) does not
seem to receive the response from the server.
- However, this issue only occurred during local testing, but not
on remote instances.
|
