<feed xmlns='http://www.w3.org/2005/Atom'>
<title>xavi/slcl/main.c, branch v0.3.1</title>
<subtitle>Small and lightweight cloud storage written in C99 and POSIX.1-2008.
</subtitle>
<id>https://gitea.privatedns.org/xavi/slcl/atom?h=v0.3.1</id>
<link rel='self' href='https://gitea.privatedns.org/xavi/slcl/atom?h=v0.3.1'/>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/'/>
<updated>2025-01-23T22:41:03+00:00</updated>
<entry>
<title>main.c: Require paths with leading '/' on sharing</title>
<updated>2025-01-23T22:41:03+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2025-01-23T22:24:22+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=3e618c2d0f1d489e13ed1f45b5a9068936c05743'/>
<id>urn:sha1:3e618c2d0f1d489e13ed1f45b5a9068936c05743</id>
<content type='text'>
When sharing, paths must be expressed as an absolute path e.g.:
/path/to/file .
</content>
</entry>
<entry>
<title>main.c: Forbid sharing non-existing files</title>
<updated>2025-01-23T22:37:39+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2025-01-23T22:21:44+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=9752843329a257542c34798d65e829a6cff7764b'/>
<id>urn:sha1:9752843329a257542c34798d65e829a6cff7764b</id>
<content type='text'>
So far, slcl would allow to share literally any directory or file, even
if they did not exist, as long as valid credentials were given.

Now, directories cannot be shared, since this is already restricted by
the web interface. This is now considered an invalid request.

On the other hand, attempting to share non-existing files shall now
return a 404 Not Found response to the user.
</content>
</entry>
<entry>
<title>Bump to libweb 0.4.0</title>
<updated>2024-08-22T00:28:25+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2024-08-22T00:21:15+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=78eff0cfa55606ade2ce494258739514c92994ca'/>
<id>urn:sha1:78eff0cfa55606ade2ce494258739514c92994ca</id>
<content type='text'>
Now, libweb (rightfully) forces applications to handle signals and
introduces handler_notify_close(3) to achieve the desired behaviour.

Additionally, libweb 0.4.0 introduces several bugfixes.
</content>
</entry>
<entry>
<title>main.c: Fix missing O_TRUNC</title>
<updated>2024-08-22T00:00:11+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2024-08-22T00:00:11+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=36dec4c1b495cd13542827e7ab98b7938adb1524'/>
<id>urn:sha1:36dec4c1b495cd13542827e7ab98b7938adb1524</id>
<content type='text'>
Otherwise, uploaded files meant to overwrite an existing file would not
be updated accordingly if their newer size was smaller.
</content>
</entry>
<entry>
<title>main.c: Improve relative path detection</title>
<updated>2024-02-20T20:24:17+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2024-02-20T20:24:17+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=8bcf0bf855c1cd7710aa6c04e8bf23c06248c88b'/>
<id>urn:sha1:8bcf0bf855c1cd7710aa6c04e8bf23c06248c88b</id>
<content type='text'>
Otherwise, the following resources would be considered valid:

- /user/../test
- /user/./test
- /user/a/.
- /user/a/./test
</content>
</entry>
<entry>
<title>main.c: Reject invalid /public/ requests</title>
<updated>2024-02-20T07:18:11+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2024-02-20T07:18:11+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=afc5cf0dfcb8c507315e40d71ee305fa130be6db'/>
<id>urn:sha1:afc5cf0dfcb8c507315e40d71ee305fa130be6db</id>
<content type='text'>
Otherwise:

- slcl would accept /public/ (i.e., without a file name) as a valid
resource. This would incorrectly map the public/ directory on the
database, making slcl to return -1 because public/ is not a regular
file.

- slcl would accept directory names (e.g.: /public/dir/), which is never
expected since slcl stores all public files into a single directory.
</content>
</entry>
<entry>
<title>main.c: Force valid cookie on check_length</title>
<updated>2024-02-19T23:17:40+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2024-02-19T23:17:40+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=b7f232366c03dad8afbbb8ed5ba44314e42b13fd'/>
<id>urn:sha1:b7f232366c03dad8afbbb8ed5ba44314e42b13fd</id>
<content type='text'>
Otherwise, a malicious user could send multipart/form-data requests
without a valid cookie.
</content>
</entry>
<entry>
<title>main.c: const-qualify name and dir</title>
<updated>2024-02-19T22:35:08+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2024-02-19T22:08:35+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=55008f2f648b2ebb275d04607961d6bd4b9768ec'/>
<id>urn:sha1:55008f2f648b2ebb275d04607961d6bd4b9768ec</id>
<content type='text'>
There was no reason why these should not be const-qualified. It was
probably missed during the implementation.
</content>
</entry>
<entry>
<title>main.c: URL-encode created directories</title>
<updated>2024-02-19T22:35:08+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2024-02-19T22:07:16+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=1f8aa578a489905ed2d7443cfcdb73a3ff8d48ea'/>
<id>urn:sha1:1f8aa578a489905ed2d7443cfcdb73a3ff8d48ea</id>
<content type='text'>
Otherwise, directories with special characters, such as "%", would not
be accessible when performing the redirection.
</content>
</entry>
<entry>
<title>main.c: Use fstat(2) on move_file</title>
<updated>2024-02-19T22:35:08+00:00</updated>
<author>
<name>Xavier Del Campo Romero</name>
<email>xavi.dcr@tutanota.com</email>
</author>
<published>2024-02-19T22:04:50+00:00</published>
<link rel='alternate' type='text/html' href='https://gitea.privatedns.org/xavi/slcl/commit/?id=a578ad6537320e562ce936bf70426ab2820ddaad'/>
<id>urn:sha1:a578ad6537320e562ce936bf70426ab2820ddaad</id>
<content type='text'>
This allows to reuse the same file descriptor to both open(2) and
fstat(2) the file.
</content>
</entry>
</feed>
