2008-07-23 Oyvind Harboe * Sync with Jim Tcl repository 2008-07-07 Oyvind Harboe * src/cgi.c, include/http.h: allow non-athttpd threads to use Tcl interpreter. 2008-03-07 Edgar Grimberg * src/http.c: In cyg_httpd_send_file, cyg_httpd_write can return negative or 0, so this has been taken care of. 2008-03-07 Edgar Grimberg * src/http.c: Avoided infinite loop in cyg_httpd_send_file by exiting the loop if fread returns <= 0 2008-03-07 Oyvind Harboe * src/cgi.c: throw Tcl exception when writeform fails. 2008-02-07 Oyvind Harboe * src/http.c: Ref. 14.8.1 of RFC2616, do not add date fields when the server cannot provide a reasonable approximation of the current time. 2008-01-22 Oyvind Harboe * src/forms.c, src/http.c: added kludge to be able to show error message when a too large POST request is sent. The entire POST request must be received before reporting an error, lest the web browser will just show a default communication aborted page. 2008-01-07 Oyvind Harboe * src/http.c, src/forms.c, include/http.h: formfetch now first checks the query string before checking form data. This makes it easier to write tcl scripts since query strings are more easily formulated. 2007-12-19 Oyvind Harboe * src/http.c: let .htm & .html encode charset within the page, it was hardcoded to iso-8559-1, which stops e.g. UTF-8 being used. 2006-12-14 Anthony Tonizzo * test_http: test application. Will be sorted out a bit as we go along... Tcl file upload will be added amongst other things... 2007-12-14 Oyvind Harboe * merging work in progress.... * added file upload support * form variables are evaluated on demand in tcl * tcl now garbage collects local variables * an url is passed to CGI processing and if none of the CGI alternatives want it, the request can be handled by the default handler, e.g. directory scanning. Mimicks more closely what happens with convenient, evil and unsecure servers... * remove post_data variable in tcl. it can be evaluated on demand via the post_data proc, faster & *much* less memory for big files. 2007-12-02 Danny Sade * src/socket.c: Added a extra check for end of header in case of POST requests. In the original code the payload following the POST header could be confused with the start of a new request. 2007-12-02 Danny Sade and Anthony Tonizzo * src/socket.c src/httpd.c: Changed the function that collects a request. Now the remaining part of an incomplete request is copied back to the beginning of the buffer. This avoids that multiple split headers might creep towards the end of the buffer. Corrected a bug in the cyg_httpd_write_chunked(). Now the CRLF that terminates a chunk is added by the function and not expected to be there already in the data supplied by the user. The cyg_httpd_process_request() now loops as many times as the number of full requests received. Modified the function cyg_httpd_end_chunked() so that the flag CYG_HTTPD_MODE_TRANSFER_CHUNKED is always cleared after it terminates. Renamed header_end to request_end to better reflect its real use. * doc/athttpd.sgml: Included Digest (MD5) authentication as fully supported. 2007-11-28 Rene' Nielsen and Anthony Tonizzo * cdl/httpd.cdl: Updated the cdl to reflect the fact that MD5 authentication is now a fully tested feature (Thanks to Tad for testing this!) * src/httpd.c: Added the initialization of the global variable cyg_httpd_md5_response. This corrects a security hole that could allow unauthenticated browsers to access pages that require authentication. This required a minor change (switch of variables used) in the authentication code. Added code to avoid a buffer overflow during the parsing of headers for authenticated pages. * src/auth.c: Removed dead code and made static a bunch of functions. * src/socket.c: Added a NULL terminator after each header packet that is received. Now the strstr() is guaranteed to find terminated string. 2007-11-27 Tad Artis * src/auth.c: Modified the cyg_httpd_digest_data() and cyg_httpd_digest_skip() functions to support IE7. A careful read of the augmented BNF in RFC2616 indicates that spaces within the elements of the authentication header are optional. The original atHTTPD code incorrectly relied on a space after the comma. Moved the authentication check inside cyg_httpd_process_method() so that each request, regardless of the type, will have to go through authentication. 2007-11-26 Tad Artis * src/forms.c: Checked for a null terminator inside cyg_httpd_store_form_variable, so that we do not scan past the end of the packet. Check the form variables for both length and content, to avoid false positives. * src/httpd.c: Corrected the strings sent back by the server to challenge the client to an MD5 authentication. Adds a couple of commas to separate the items in the string. * src/http.h: * src/socket.h: Corrected a number of indexes where CYGNUM_FILEIO_NFILE was used instead of the correct CYGPKG_NET_MAXSOCKETS. 2007-11-12 Oyvind Harboe 2007-11-12 Jonathan Larmour * doc/athttpd.sgml: added an example of a tcl script. * src/http.c, forms.c: serve cgi requests before file system requests, that way it isn't possible to download the actual cgi/.o script and cgi works even if the http root directory is above the cgi directory. * src/http.c: if only tcl cgi is enabled, cgi requests are now forwarded to tcl * include/jim.h: include file order fix; now compiles again. * doc/athttpd.sgml: Fixed typos in doc. Return value from handler is not used, recommend returning 0 in doc. 2006-12-03 Anthony Tonizzo * cdl/httpd.cdl: Corrected a CDL error in the requirements of CYGOPT_NET_ATHTTPD_USE_FS 2006-11-27 Jonathan Larmour * cdl/httpd.cdl: Improve CDL dependencies. 2006-11-08 Anthony Tonizzo * doc/athttpd.sgml: Updated to describe lasted changes and corrected minor typos. * src/http.c: Check for "Content-Type" header. This is needed if we want to support parsing form variables in POST requests. * src/jim.c: Updated with latest release from Jim CVS. * src/cgi.c: streamlined cyg_httpd_exec_cgi_tcl(), now uses the 'source' command of tcl to execute a tcl script. * src/forms.c: Modified cyg_handle_method_POST so that the variables in the payload are scanned only if the request has a Content-Type of 'application/x-www-form-urlencoded' * src/jim-aio.c: Added to package. Now tcl has IO functions to access a file system. * include/httpd.h: Added a new mode, CYG_HTTPD_MODE_FORM_DATA which is set when a POST request has a Content-Type of 'application/x-www-form-urlencoded' 2006-10-16 Lars Povlsen and Anthony Tonizzo * cdl/httpd.cdl: add CYGOPT_NET_ATHTTPD_CLOSE_CHUNKED_CONNECTIONS. Default is set to CLOSE, so it is backward compatible with previous versions of the browser. * src/socket.c: cyg_httpd_process_request() uses a loop to collect at least one full frame (til a header terminator is found), cyg_httpd_start_chunked() only close if configured to do so. * src/httpd.c: Overhaul of cyg_httpd_send_error to avoid the use of inbuffer as temporary storage (conflicts with pipelined frames), removed the option to send a page after calling a C language handler * include/httpd.h: Added a new mode, CYG_HTTPD_MODE_NO_CACHE 2006-10-12 Lars Povlsen and Anthony Tonizzo * cdl/httpd.cdl: add CYGNUM_ATHTTPD_SERVER_MAX_POST to limit POST'ed data * include/http.h: Added header_end, post_data fields to httpstate, Added "302 Found" for POST handler redirect (CYG_HTTPD_STATUS_MOVED_TEMPORARILY) * src/forms.c: Fixed variable decoding, fixed large POST processing * src/http.c: Fixed some debug ouptuts, cleanup after POST processing, overhaul of the pipelined requests code which can now handle multiple requests per frame. * src/socket.c: Removed assert for socket write failure, Accumulating receiving of requests (Browsers (Firefox) may pass partial headers in separate fragments). Fixed some diagnostics output. 2006-07-19 Anthony Tonizzo and Sergei Gavrikov * cdl/httpd.cdl: * doc/athttpd.sgml: Corrected some typos and rectified some omissions. * include/jim.h: Added an inline to Jim_InitExtension() * src/cgi.c: used malloc() instead of cyg_ldr_malloc(); * src/forms.c: Added a #define to be able tio use the TCL scripting without OBJLOADER * src/http.c: * src/socket.c: Lots of typos stamped out, and some better comments too. 2006-07-19 Anthony Tonizzo * src/socket.c: Corrected a typo that generated an assertion. Modified slightly the source of cyg_httpd_write and cyg_httpd_writev to make the code more consistent as to when assertions are thrown. 2006-07-19 Sergei Gavrikov * doc/athttpd.sgml: jade doesn't allow underscores in id attributes, so fix. 2006-07-18 Jonathan Larmour * cdl/httpd.cdl: Add -D __ECOS in compiler flags. Change include_dir to cyg/athttpd. Rename all CDL options from *_HTTPD_* to *_ATHTTPD_*. * All files: Rename cyg/httpd include directory to cyg/athttpd. Rename all CDL options from *_HTTPD_* to *_ATHTTPD_*. * doc/athttpd.sgml: Document MD5 algorithm licensing. * src/socket.c: Remove unused SNTP include. 2006-06-13 Anthony Tonizzo * cdl/httpd.cdl: * doc/athttpd.sgml: * doc/mime_types.txt: * include/auth.h: * include/cgi.h: * include/digcalc.h: * include/forms.h: * include/global.h: * include/handler.h: * include/http.h: * include/jim.h: * include/md5.h: * include/socket.h: * src/auth.c: * src/cgi.c: * src/forms.c: * src/handler.c: * src/http.c: * src/jim.c: * src/md5c.c: * src/socket.c: Created ATHTTPD package. //=========================================================================== //####ECOSGPLCOPYRIGHTBEGIN#### // ------------------------------------------- // This file is part of eCos, the Embedded Configurable Operating System. // Copyright (C) 2005, 2006 eCosCentric Ltd. // // eCos is free software; you can redistribute it and/or modify it under // the terms of the GNU General Public License as published by the Free // Software Foundation; either version 2 or (at your option) any later version. // // eCos is distributed in the hope that it will be useful, but WITHOUT ANY // WARRANTY; without even the implied warranty of MERCHANTABILITY or // FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License // for more details. // // You should have received a copy of the GNU General Public License along // with eCos; if not, write to the Free Software Foundation, Inc., // 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. // // As a special exception, if other files instantiate templates or use macros // or inline functions from this file, or you compile this file and link it // with other works to produce a work based on this file, this file does not // by itself cause the resulting work to be covered by the GNU General Public // License. However the source code for this file must still be made available // in accordance with section (3) of the GNU General Public License. // // This exception does not invalidate any other reasons why a work based on // this file might be covered by the GNU General Public License. // // ------------------------------------------- //####ECOSGPLCOPYRIGHTEND#### //===========================================================================