| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This write-only named pipe is meant to inform other processes about
files that have been added/removed to/from the user/ directory.
The syntax is line-oriented and is described below.
For added files:
+<space ...><path><LF>
For removed files:
-<space ...><path><LF>
Paths shall always be absolute.
Examples:
+ /home/test/db/user/alice/a picture.jpg
- /home/test/db/user/bob/essay.txt
As reported above, this feature has been made completely optional so as
not to introduce breaking changes. A new command line option, namely -m,
is required to enable this feature.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent commits from libweb brought a few breaking changes. The one below
affected slcl, so it had to be updated according to the new interface:
commit 98f5f52461b0c1ab1ee3331722bd32e2db9e1d41
Author: Xavier Del Campo <xavier.delcampo@midokura.com>
Date: Thu Nov 16 12:23:08 2023 +0100
Split handler_loop from handler_listen
Some applications might set up a struct handler object to listen on any
port i.e., 0, but still need a way to determine which port number was
eventually selected by the implementation.
Therefore, handler_listen has been reduced to the server initialization
bit, whereas the main loop has been split into its own function, namely
handler_loop.
Because of these changes, it no longer made sense for libweb to write
the selected port to standard output, as this is something now
applications can do on their own.
|
| |
|
|
|
|
|
|
|
|
| |
When a user attempts to upload a file into a non-existing directory,
slcl would not check whether the directory exists. Then, rename(3) would
fail and slcl would treat this as a fatal error, effectively closing
itself.
Since this is an example of ill-formed user input, it must be treated as
a non-fatal error, and instead slcl should return a bad request page.
|
| |
|
|
|
|
| |
The new signature allows callers to distinguish decoding errors from
fatal errors. This is important for slcl to avoid crashing when
ill-formed data is received from a client.
|
| |
|
|
|
|
|
|
|
|
| |
According to C99 7.19.1p3:
BUFSIZ is a macro that expands to an integer constant expression that is
the size of the buffer used by the setbuf function.
In other words, this means BUFSIZ is the most optimal length for a
buffer that reads a file into memory in chunks using fread(3).
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
slweb now assumes application/x-www-form-urlencoded-data as text, so it
now returns a null-terminated string on struct http_post member "data".
This removes the need for slcl to call strdup(3) in order to obtain a
null-terminated string.
|
| |
|
|
|
|
|
|
|
| |
For historical reasons, slweb used to check for a name called "dir" on
multipart/form-data POST requests. However, stricly speaking this is
application logic, so it has been now moved from slweb to slcl.
This has resulted in a couple of breaking changes in slweb that had to
be updated on slcl.
|
| |
|
|
|
| |
Malformed POST requests might include no payload data. However, this is
not considered a fatal error, but wrong user input.
|
| |
|
|
|
| |
slweb puts its header files into its own directory in order to avoid
potential name clashing.
|
| |
|
|
|
|
|
|
|
|
| |
When a user enters a search term that is too generic, slcl would
generate a long list of search results, where this generation could have
a big impact on the server performance and its available resources.
Therefore, it is reasonable to limit the number of search results to an
arbitrary limit, so that users are forced to enter a more specific
search term in order to achieve more relevant results.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far, cftw would search through all directories and files recursively,
until all objects are processed. However, it is interesting for the user
callback to be able to stop this process under specific circumstances.
Now, cftw will pass a pointer to a bool, initialised to false by
default, that can be optionally assigned to true by the user
callback.
Future commits will make use of this feature. For example, this will be
used to limit the number of search results when a user enters a search
term that is too generic and would otherwise generate a large amount of
search results.
|
| |
|
|
|
|
| |
Search terms cannot use the same strict rules used for filenames or
directory names, as otherwise examples such as "*folder*/*IMG*" would
not work.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
slcl used to provide a hardcoded stylesheet. However, it would be
desirable for some admins to provide a custom stylesheet without having
to rebuild the application.
Now, slcl creates a default stylesheet, namely style.css, into the
target directory, that can be later modified by admins.
While this might contradict the suckless philosophy a bit, hopefully
some admins might find this new feature useful.
|
| |
|
|
|
|
|
| |
- Relative paths must not be used for filenames or directory names,
such as "..", "." or "dir/..".
- Paths with asterisks ('*') must not be allowed, to avoid confusion
with wildcard expressions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following workflow has been implemented:
- A new checkbox for each object inside a directory is shown.
- When one or more objects are selected, the user submits a request
through a HTML5 form.
- Then, slcl will ask the user for confirmation, listing the selected
objects, while reminding the user about the effects.
- The user confirms the selection.
- slcl removes the selected objects. All objects from non-empty
directories are removed, too.
- Finally, slcl redirects the user to the directory the request was
made from.
|
| |
|
|
|
|
|
|
| |
This provides a few benefits:
- This will allow searching for directories by name.
- Future commits will allow to remove files and directories, so this
change was also required for cftw.
|
| |
|
|
|
|
|
|
| |
When search_fn fails, it must free `r` before `results`, as the former
is assigned based on the latter - otherwise, it would lead to undefined
behaviour.
So far, only memory allocation errors would make search_fn to fail.
|
| |
|
|
|
|
|
|
|
|
|
| |
C99 ยง5.1.2.2.1 only defines the following declarations for main:
- int main(void)
- int main(int argc, char *argv[])
While the use of equivalent types (e.g.: char **argv) is allowed, const
char ** would not be considered equivalent, and thus an invalid
declaration depending on the implementation.
|
| |
|
|
|
|
| |
This new feature adds a HTML form on each directory listing that allows
to search files recursively, starting from the current user directory.
Wildcard patterns are also allowed.
|
| |
|
|
| |
Future commits will make use of this function outside handler.c.
|
| |
|
|
|
|
|
|
|
| |
Given the following contrived example request:
/example%FB%DC&arg%DE1=examplevalue%AA
slcl must decode each token separately, so that percent-encoded
characters '&', '=' or '?' do not get accidently intepreted.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When using HTTP "Content-Disposition: attachment;", users are forced to
download files in order to use them, whereas others might prefer to open
them in the browser.
Therefore, now that URL parameters are supported by http.h, previews can
be forced by adding "preview=1" or "preview=true" (case-insensitive) as
a URL parameters. Any other parameters are ignored by slcl.
For users, a "Preview" link has been added next to the "Share" button
for each file.
|
| | |
|
| |
|
|
|
| |
This allows using the default compiler defined by make(1) (i.e.,
c99(1)), thus improving POSIX compatibility.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far, slcl would just close the connection with a client when the
Content-Length of an incoming request exceeded the user quota, without
any meaningful information given back to the user.
Now, slcl responds with a HTML file with meaningful information about
the error.
Limitations:
- While this commits has been successfully tested on ungoogled-chromium,
LibreWolf (and I assume Firefox and any other derivates too) does not
seem to receive the response from the server.
- However, this issue only occurred during local testing, but not
on remote instances.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- When a non-empty username and an empty password was given, slcl would
crash due to a double free(3). This happened because append_form would
grow the form list before sanitizing the input and, since the output
pointer was not updated to the caller function, the latter would attempt
to free a now-old pointer.
- Additionally, some compilers such as clang complained about the
potential use of an uninitialized variable when calling forms_free.
- Also, it was a good opportunity to refactor get_forms and its caller
functions, as get_forms was not differentiate fatal errors from user
input errors.
|
| |
|
|
|
|
|
|
|
|
| |
As otherwise reported by clang 14.0.0:
main.c:679:14: warning: variable 'cur' is used uninitialized whenever '&&' condition is false [-Wsometimes-uninitialized]
else if (available && quota_current(a, username, &cur))
This was a minor issue after all, as pq was not used unless available
were set.
|
| |
|
|
|
|
| |
So far, slcl failed with poorly described error messages when any of the
essential directories were missing. Now, these are created automatically
so that the initial setup is easier.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
An HTML form is now added next to each regular file, that generates a
POST request. Then, slcl replies with a HTML document with a link to the
public resource (which are implemented as symlinks).
Limitations:
- For now, only regular files can be shared i.e., sharing directories is
not possible. While feasible, it still requires a larger refactor to
list_dir and resource_layout, so that read-only access to the directory
is provided to anonymous users.
|
| |
|
|
| |
Otherwise, every function calling get_forms must implement this.
|
| |
|
|
|
|
| |
Otherwise, slcl would fail to generate the URLs for the elements inside
a directory, because of how cust_dirname worked, which also turned out
to be redundant.
|
| | |
|
| |
|
|
|
|
| |
Until now, f->tmpname was removed by move_file when the move
operation succeeded. However, since a HTTP operation can fail before
move_file is called, the temporary file must also be removed.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature allows admins to set a specific quota for each user, in
MiB. This feature is particularly useful for shared instances, where
unlimited user storage might be unfeasible or even dangerous for the
server.
Also, a nice HTML5 <progress> element has been added to the site that
shows how much of the quota has been consumed.
If no quota is set, slcl falls back to the default behaviour i.e.,
assume unlimited storage.
Limitations:
- While HTTP does specify a Content-Length, which determines the length
of the whole request, it does not specify how many files are involved
or their individual sizes.
- Because of this, if multiple files are uploaded simultaneously, the
whole request would be dropped if user quota is exceeded, even if not
all files exceeded it.
- Also, Content-Length adds the length of some HTTP boilerplate
(e.g.: boundaries), but slcl must rely on this before accepting the
whole request. In other words, this means some requests might be
rejected by slcl because of the extra bytes caused by such boilerplate.
- When the quota is exceeded, slcl must close the connection so that
the rest of the transfer is cancelled. Unfortunately, this means no
HTML can be sent back to the customer to inform about the situation.
|
| |
|
|
|
| |
- Location seems to have no effect on 401 HTTP responses.
- Content-Type is already set by page_failed_login.
|
| |
|
