truh/http.sh
1
0
Fork 0
mirror of https://git.sakamoto.pl/laudom/http.sh.git synced 2025-09-17 23:43:44 +02:00
Code Issues Projects Releases Wiki Activity
279 commits 4 branches 5 tags 629 KiB
Commit graph

279 commits

This branch
This branch
All branches
Author SHA1 Message Date
sdomi
c5c7cda07c tests: add template datestamp tests 2025-03-06 01:33:04 +01:00
sdomi
94b65db0e7 template: add datestamp rendering mode 2025-03-06 00:33:18 +01:00
sdomi
6fdff40f93 template: clean the uri_list on function exit 2025-03-05 22:23:44 +01:00
sdomi
7c9ae72db4 tst: small QoL invocation fixes 2025-03-04 02:36:06 +01:00
sdomi
533c49e670 notORM: migrate to safer delimeter matching everywhere 2025-03-04 02:34:02 +01:00
sdomi
19039683bb tests: correct typo in notORM replace-oldsyntax test 2025-03-04 02:30:44 +01:00
sdomi
c22ee9b245 tests: fixup the header test 2025-03-04 02:30:14 +01:00
sdomi
061b6d14a2 notORM: fix yeet regression + better non-greedy match 2025-03-04 02:00:23 +01:00
sdomi
aa970ef7e9 server: workaround for the Connection header specifying more than one flag 2025-02-26 04:02:22 +01:00
sdomi
ec0c81f9f5 docs: websockets api documentation 2025-02-26 01:22:42 +01:00
sdomi
519fdbe6c8 ws: full hecking rewrite 2025-02-26 01:22:23 +01:00
sdomi
75e6b66973 server: disable websocket support by default 2025-02-25 17:00:48 +01:00
sdomi
7f0cd58986 secfixes: add disclosure of the template.sh bug 2025-02-24 15:52:39 +01:00
sdomi
89c2850428 template: sanitize all inputs to prevent delimeter injection 2025-02-24 15:43:24 +01:00
sdomi
ec6a0d81a9 notORM: fix spurious missing backslashes 2025-02-20 15:45:44 +01:00
sdomi
9c403fbc3b notORM: data_add now supports auto-increment IDs 2025-02-19 23:05:57 +01:00
sdomi
affe9e4fbe notORM: fix a few leaky variables 2025-02-19 22:42:42 +01:00
sdomi
febb4087e4 misc: sync up immediate cookie changes with cookies array 2025-02-14 17:41:26 +01:00
sdomi
993941680a notORM: hotfix the off-by-one bug until I can find a better solution 2025-02-13 23:21:02 +01:00
sdomi
4b59b3d257 template: add -uri-num tags for automatic URL manipulation 2025-02-12 04:47:37 +01:00
sdomi
f7627c7af6 template: new array copy solution (... not happy about it, but what can I do) 2025-01-14 16:43:42 +00:00
sdomi
23e85fc7d0 main: add a $run_once variable, to discern between startup and normal operation 2025-01-14 13:40:57 +00:00
sdomi
55814d4427 server: generic r[url_clean] for just getting the current URL w/o params 2025-01-08 21:32:34 +01:00
sdomi
d39956b815 readme: update 2025-01-06 00:33:20 +01:00
Merlin Scholz
1b085fbbdb
 		Fix accidental session_cookie loss caused by missing IFS unset 2025-01-05 19:37:18 +01:00
sdomi
eaabcc0da2 notORM: fix matching } 2025-01-01 01:37:00 +01:00
sdomi
a66a74208e account: add a config toggle for register behavior 2024-12-26 12:54:28 +01:00
sdomi
284e1c0e70 relicense to BSD 3-Clause 2024-12-23 19:36:03 +01:00
sdomi
53dbaadc6c docker: rewrite 2024-12-23 19:35:02 +01:00
sdomi
b5b44aa4ca dockerfile: revert f938165518 2024-12-23 19:14:23 +01:00
sdomi
fbcdd76b14 account: propagate user from user_reset_password 2024-12-22 05:13:45 +01:00
sdomi
bd445181ee mail: propagate errors on mailsend 2024-12-16 21:19:47 +01:00
sdomi
cc1619e797 notORM: fix an off-by-one affecting ops on the second-last column 2024-12-16 20:06:14 +01:00
sdomi
9d62173cfe misc: fix striping garbage from url_decode 2024-12-16 19:34:42 +01:00
sdomi
b251e2736c notORM: fix data_replace_value due to sed quirk 2024-12-16 19:34:23 +01:00
sdomi
a2413d7062 notORM: remove debug echo 2024-12-16 17:57:56 +01:00
sdomi
5c099c1472 sec-fixes: add information about the notORM bug 2024-12-15 16:28:24 +01:00
sdomi
a00b1b00ee notORM: secfix for sed inconsistently parsing escaped characters 2024-12-15 15:57:44 +01:00
sdomi
e64bdbb0d9 notORM: temporarily disable new parameter parsing on data_replace 2024-12-10 03:19:50 +01:00
sdomi
b0d76ecc9a notORM: split expr generation into _data_gen_expr 2024-12-06 05:19:45 +01:00
sdomi
4ca9c99b14 tests: add a few notORM tests 2024-12-06 05:19:07 +01:00
sdomi
62e7a9edd9 notORM: implement new syntax for data_yeet + more fixes 2024-12-06 04:04:54 +01:00
sdomi
6d91d057e8 notORM: implement new syntax for data_iter + some fixes 2024-12-06 03:00:25 +01:00
sdomi
a2daafe89a notORM: split argv parsing code into an alias 2024-12-06 01:37:15 +01:00
sdomi
45dc428576 notORM: impl searching for more than one constraint in data_get 2024-12-05 23:50:25 +01:00
sdomi
1c144612de server: normalize x-forwarded-for (somewhat) 2024-12-03 23:48:05 +01:00
sdomi
60b40019aa docs: add info about the router 2024-12-03 20:29:10 +01:00
sdomi
5ee00c6ead server: fix directory traversal 
In select cases, if the attacker asked for an URL not starting with a slash (/),
a directory traversal bug could have been triggered. The attack is limited to
directories within `${cfg[namespace]}` (default: `app`) which begin with
`${cfg[root]}` (default: `webroot`).

This means that an adversary could traverse to `app/webroot*`. We never
encouraged / suggested keeping multiple webroots in one namespace, thus it's
doubtful whether any HTTP.sh deployment met the criteria.
 2024-12-01 22:52:11 +01:00
sdomi
403ef2b4ee server: normalize a few other things 2024-12-01 22:51:56 +01:00
sdomi
c943b7897e template: prevent expansion on keys (which shouldn't happen anyways) 2024-12-01 22:39:30 +01:00