truh/http.sh
1
0
Fork 0
mirror of https://git.sakamoto.pl/laudom/http.sh.git synced 2025-09-17 15:33:44 +02:00
Code Issues Projects Releases Wiki Activity
211 commits 4 branches 5 tags 628 KiB
Commit graph

211 commits

This branch
This branch
All branches
Author SHA1 Message Date
sdomi
bdfd7a20e8 WiP: rust template engine 2025-02-12 04:48:33 +01:00
sdomi
4b59b3d257 template: add -uri-num tags for automatic URL manipulation 2025-02-12 04:47:37 +01:00
sdomi
f7627c7af6 template: new array copy solution (... not happy about it, but what can I do) 2025-01-14 16:43:42 +00:00
sdomi
23e85fc7d0 main: add a $run_once variable, to discern between startup and normal operation 2025-01-14 13:40:57 +00:00
sdomi
55814d4427 server: generic r[url_clean] for just getting the current URL w/o params 2025-01-08 21:32:34 +01:00
sdomi
d39956b815 readme: update 2025-01-06 00:33:20 +01:00
Merlin Scholz
1b085fbbdb
 		Fix accidental session_cookie loss caused by missing IFS unset 2025-01-05 19:37:18 +01:00
sdomi
eaabcc0da2 notORM: fix matching } 2025-01-01 01:37:00 +01:00
sdomi
a66a74208e account: add a config toggle for register behavior 2024-12-26 12:54:28 +01:00
sdomi
284e1c0e70 relicense to BSD 3-Clause 2024-12-23 19:36:03 +01:00
sdomi
53dbaadc6c docker: rewrite 2024-12-23 19:35:02 +01:00
sdomi
b5b44aa4ca dockerfile: revert f938165518 2024-12-23 19:14:23 +01:00
sdomi
fbcdd76b14 account: propagate user from user_reset_password 2024-12-22 05:13:45 +01:00
sdomi
bd445181ee mail: propagate errors on mailsend 2024-12-16 21:19:47 +01:00
sdomi
cc1619e797 notORM: fix an off-by-one affecting ops on the second-last column 2024-12-16 20:06:14 +01:00
sdomi
9d62173cfe misc: fix striping garbage from url_decode 2024-12-16 19:34:42 +01:00
sdomi
b251e2736c notORM: fix data_replace_value due to sed quirk 2024-12-16 19:34:23 +01:00
sdomi
a2413d7062 notORM: remove debug echo 2024-12-16 17:57:56 +01:00
sdomi
5c099c1472 sec-fixes: add information about the notORM bug 2024-12-15 16:28:24 +01:00
sdomi
a00b1b00ee notORM: secfix for sed inconsistently parsing escaped characters 2024-12-15 15:57:44 +01:00
sdomi
e64bdbb0d9 notORM: temporarily disable new parameter parsing on data_replace 2024-12-10 03:19:50 +01:00
sdomi
b0d76ecc9a notORM: split expr generation into _data_gen_expr 2024-12-06 05:19:45 +01:00
sdomi
4ca9c99b14 tests: add a few notORM tests 2024-12-06 05:19:07 +01:00
sdomi
62e7a9edd9 notORM: implement new syntax for data_yeet + more fixes 2024-12-06 04:04:54 +01:00
sdomi
6d91d057e8 notORM: implement new syntax for data_iter + some fixes 2024-12-06 03:00:25 +01:00
sdomi
a2daafe89a notORM: split argv parsing code into an alias 2024-12-06 01:37:15 +01:00
sdomi
45dc428576 notORM: impl searching for more than one constraint in data_get 2024-12-05 23:50:25 +01:00
sdomi
1c144612de server: normalize x-forwarded-for (somewhat) 2024-12-03 23:48:05 +01:00
sdomi
60b40019aa docs: add info about the router 2024-12-03 20:29:10 +01:00
sdomi
5ee00c6ead server: fix directory traversal 
In select cases, if the attacker asked for an URL not starting with a slash (/),
a directory traversal bug could have been triggered. The attack is limited to
directories within `${cfg[namespace]}` (default: `app`) which begin with
`${cfg[root]}` (default: `webroot`).

This means that an adversary could traverse to `app/webroot*`. We never
encouraged / suggested keeping multiple webroots in one namespace, thus it's
doubtful whether any HTTP.sh deployment met the criteria.
 2024-12-01 22:52:11 +01:00
sdomi
403ef2b4ee server: normalize a few other things 2024-12-01 22:51:56 +01:00
sdomi
c943b7897e template: prevent expansion on keys (which shouldn't happen anyways) 2024-12-01 22:39:30 +01:00
sdomi
3d8dd9879e server: url_decode all GET params, (we don't care about binary data there) 2024-10-22 16:33:02 +01:00
sdomi
126de1e396 main: fix edge case with cloned app repo 2024-10-11 20:41:37 +02:00
sdomi
da54143a3f server: remove PHP/Python execution handlers, to be replaced with CGI 2024-10-07 18:09:17 +02:00
sdomi
951517b30d *: better versioning, split off various resources into .resources/ 2024-10-07 17:58:15 +02:00
sdomi
56d2af2cd8 tests: more header parsing tests 2024-10-05 04:36:03 +02:00
sdomi
3c8f848a9a proxy: remove 
While a proxy function is useful, this implementation was unsalvageable.
 2024-10-05 03:17:39 +02:00
famfo
510c372f1d server: add support for getting IP address behind a proxy 2024-10-05 03:05:16 +02:00
famfo
2cc067fc93 server: simplify header parsing code 2024-10-05 03:05:09 +02:00
famfo
a1323dc07e Test: fix bash path 2024-10-05 03:04:11 +02:00
TheresNoTime
9adbf34fce Add xxd as a required dependency 2024-09-26 23:18:24 +02:00
famfo
b4ea5954ec
 		mime: fix ico/favicon.ico mimetype 2024-09-26 14:04:19 +02:00
sdomi
2fd62dbbba server: fixup non-urlencoded post_data parsing 2024-09-06 00:50:47 +02:00
sdomi
fb8ae0eabc notORM: fix erroneous row return on no match 2024-09-03 22:56:34 +02:00
sdomi
cd0fe42879 cookie: add Path attribute 2024-08-18 00:05:58 +02:00
sdomi
d8a475e11b notORM, account: revert previous fix and employ a workaround for a bash bug 2024-08-17 23:10:10 +02:00
sdomi
11828198ce account: fix bug with empty fields getting omitted 2024-08-17 22:36:47 +02:00
sdomi
12011e5991 notORM: fix not enough delims 2024-08-17 22:30:07 +02:00
sdomi
4b9d4a5fda notORM: fix spurious $delim 2024-08-17 21:57:17 +02:00