aboutsummaryrefslogtreecommitdiff
path: root/CMakeLists.txt
Commit message (Collapse)AuthorAgeFilesLines
* Bump libweb to 0.3.0Xavier Del Campo Romero2024-02-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | The following commits fix a couple of security issues on libweb. Because of afe0681c0b26bb64bad55d7e86770f346cfa043e, slcl had to be updated to set up its struct http_cfg_post. commit afe0681c0b26bb64bad55d7e86770f346cfa043e Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Mon Feb 19 23:00:56 2024 +0100 Limit maximum multipart/form-data pairs and files A malicious user could inject an infinite number of empty files or key/value pairs into a request in order to exhaust the device's resources. commit 9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Mon Feb 19 22:49:09 2024 +0100 html.c: Avoid half-init objects on html_node_add_attr The previous implementation would leave half-initialised objects if one of the calls to strdup(3) failed. Now, n->attrs is only modified when all previous memory allocations were successful.
* CMakeLists.txt: Bump version to 0.2.0v0.2.0Xavier Del Campo Romero2024-02-121-1/+1
|
* Bump libweb to 0.2.0Xavier Del Campo Romero2024-02-121-1/+1
|
* CMakeLists.txt: Fix wrong parameters for projectXavier Del Campo Romero2023-11-231-1/+1
| | | | When VERSION is given, LANGUAGES becomes mandatory.
* CMakeLists.txt: set project VERSIONXavier Del Campo Romero2023-10-251-1/+1
|
* CMake: Find system libweb or dynstr if availableXavier Del Campo Romero2023-10-251-1/+11
| | | | | So far, slcl's build system would always build libweb and dynstr. However, this is discouraged by distribution packagers.
* CMakeLists.txt: Fix wrong library nameXavier Del Campo Romero2023-10-141-1/+1
|
* Apply slweb renaming to libwebXavier Del Campo Romero2023-10-111-2/+2
|
* CMakeLists.txt: Install targetsXavier Del Campo Romero2023-09-271-0/+8
|
* Reduce minimum required major version for OpenSSLXavier Del Campo Romero2023-09-161-1/+1
| | | | | slcl has been successfully tested with OpenSSL 2.0 on an OpenBSD 7.3 host.
* CMakeLists.txt: Set project language to CXavier Del Campo Romero2023-08-021-1/+1
| | | | | Otherwise, CMake by default tests the system C++ compiler, but this is not a requirement for slcl.
* Adapt build system to slwebXavier Del Campo Romero2023-07-211-7/+2
| | | | | Now, slweb is a library slcl depends on, which includes the HTTP/1.1 server implementation, as well as other utilities.
* Allow admins to define their own stylesheetXavier Del Campo Romero2023-07-111-0/+1
| | | | | | | | | | | | slcl used to provide a hardcoded stylesheet. However, it would be desirable for some admins to provide a custom stylesheet without having to rebuild the application. Now, slcl creates a default stylesheet, namely style.css, into the target directory, that can be later modified by admins. While this might contradict the suckless philosophy a bit, hopefully some admins might find this new feature useful.
* Split wildcard_cmp into its own componentXavier Del Campo Romero2023-06-061-0/+1
| | | | Future commits will make use of this function outside handler.c.
* Move decode_hex into its own fileXavier Del Campo Romero2023-03-091-0/+1
| | | | | | | - Error detection against strotul(3) has been improved, as done in other places. - New function encode_hex has been implemented, which will be used by future commits.
* Implement user quotaXavier Del Campo Romero2023-03-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This feature allows admins to set a specific quota for each user, in MiB. This feature is particularly useful for shared instances, where unlimited user storage might be unfeasible or even dangerous for the server. Also, a nice HTML5 <progress> element has been added to the site that shows how much of the quota has been consumed. If no quota is set, slcl falls back to the default behaviour i.e., assume unlimited storage. Limitations: - While HTTP does specify a Content-Length, which determines the length of the whole request, it does not specify how many files are involved or their individual sizes. - Because of this, if multiple files are uploaded simultaneously, the whole request would be dropped if user quota is exceeded, even if not all files exceeded it. - Also, Content-Length adds the length of some HTTP boilerplate (e.g.: boundaries), but slcl must rely on this before accepting the whole request. In other words, this means some requests might be rejected by slcl because of the extra bytes caused by such boilerplate. - When the quota is exceeded, slcl must close the connection so that the rest of the transfer is cancelled. Unfortunately, this means no HTML can be sent back to the customer to inform about the situation.
* Add cftwXavier Del Campo Romero2023-03-061-0/+1
| | | | | | | | | | | POSIX functions ftw(3) and nftw(3) do not allow passing an opaque pointer to the callback they call, so it forces the use of statically allocated data. ctfw (from "custom ftw") is a custom implementation that solves this, while also removing unneeded stuff. This function will be used by future commits.
* Initial commitXavier Del Campo Romero2023-02-281-0/+18