truh/http.sh
1
0
Fork 0
mirror of https://git.sakamoto.pl/laudom/http.sh.git synced 2025-09-20 08:43:44 +02:00
Code Issues Projects Releases Wiki Activity
277 commits 4 branches 5 tags 630 KiB
Commit graph

207 commits

Author SHA1 Message Date
sdomi
e45eef0f58 version: bump to 0.97.3 2025-09-14 22:02:04 +02:00
sdomi
8bd34c9823 util/bump: new util 2025-09-14 21:52:25 +02:00
sdomi
a60245bb4c util/notORM: new util 2025-09-14 21:43:10 +02:00
sdomi
d563570d6f template: fixes around handling nonexistant files 2025-09-14 12:20:35 +02:00
sdomi
44c128289c template: escape newlines on raw replace statements 2025-09-13 14:18:30 +02:00
sdomi
c59202a6dc server: respect cfg[enable_multipart] 2025-06-13 02:18:00 +02:00
sdomi
57ed8eadbf version: bump to 0.97.2 2025-06-01 17:50:00 +02:00
sdomi
1801e05fd9 template: bugfix the default include path 2025-06-01 17:47:26 +02:00
sdomi
21f922f731 template: prevent possible LFI given a template injection 
we're now doing some extra work to sanitize paths in include keys.
 2025-06-01 17:43:12 +02:00
sdomi
e809c0be6b template: implement relative paths. bump to 0.97.1 2025-05-18 14:14:00 +02:00
sdomi
64fd5d1836 notORM: fix a bug around search terms containing a backslash 2025-05-01 10:58:03 +02:00
sdomi
10d19c1a36 template: implement more sanitizations for the new {{-set-value}} statement 
this is a bit paranoic, as we're dealing with an assoc array, so we should be
fine with having basically any printable characters in here. HOWEVER, as per
the docs, we only recommend using [a-zA-Z0-9_-] anyways, so this is a good
safety measure to have.
 2025-04-10 16:06:29 +02:00
sdomi
c9f03158c7 template: move main template directy into garbage to not miss it at any point 2025-04-07 22:22:41 +02:00
sdomi
be23e31362 template: implement set statements 2025-04-06 06:57:21 +02:00
sdomi
c6d3dfa045 server: fixup hangs on empty POST reqs 2025-04-06 06:18:52 +02:00
sdomi
d5aaa1c265 template: tpl includes don't need to prepend the expr anymore 2025-04-06 05:05:57 +02:00
sdomi
f9e1be8a90 template: horrible hack implementing iterators in included templates 2025-04-06 04:39:01 +02:00
sdomi
6a9ec3bf71 template: small style/performance fixes 2025-04-06 03:56:33 +02:00
sdomi
9ad46350af template: add special auto-increment -index value 2025-04-05 20:58:01 +02:00
sdomi
9f123a6d66 worker: create missing control files on startup 2025-04-03 01:52:45 +02:00
sdomi
8aa0dcd2fa template: fix quoting issue causing a tr malfunction 2025-04-02 22:56:11 +02:00
sdomi
ede27f9905 server: normalize method to uppercase 2025-04-02 06:08:01 +02:00
sdomi
b55011332e server: workaround for clients which incorrectly skip the Content-Length value 2025-03-14 20:23:47 +01:00
sdomi
4df7be9a7c template: migrate nested_add to an internal randomness source 
this should slightly improve overall performance.
additionally, we migrate to mei's proposed better way of
array copying.
 2025-03-12 04:20:54 +01:00
sdomi
cf053496a2 misc: remove unnecessary sed -E 2025-03-12 04:20:27 +01:00
sdomi
44c2aec5ca template: eliminate all temporary file i/o 
this commit replaces all file i/o with file substitutions, bringing
the whole engine more closely in-line with how it used to look,
at least initially, before it turned out that keeping the filters
inline is a no-go due to command length limits.

This also brings a modest performance improvement (~1.35s -> ~1.2s
on my test page)
 2025-03-07 03:29:37 +01:00
sdomi
86f424fb30 template: deprecate render_unsafe 
we haven't needed this in a million years, and using it supports
poorly-written templates.
 2025-03-07 02:26:46 +01:00
sdomi
ba6fa37d62 template: cleanup rest sed generators 2025-03-07 02:26:18 +01:00
sdomi
0673c0f644 template: migrate from raw hex digits to replacement variables 
First of a few commits intending to clean up the template engine.
Fully moved from $'\01' / $'\02' control chars onto... the same, but
in variables. It should be somewhat more readable now.

Future work will include removing all of the unnecessary quotes,
and a general refactor aiming to remove at least some temporary
file writes.
 2025-03-06 01:34:20 +01:00
sdomi
94b65db0e7 template: add datestamp rendering mode 2025-03-06 00:33:18 +01:00
sdomi
6fdff40f93 template: clean the uri_list on function exit 2025-03-05 22:23:44 +01:00
sdomi
533c49e670 notORM: migrate to safer delimeter matching everywhere 2025-03-04 02:34:02 +01:00
sdomi
061b6d14a2 notORM: fix yeet regression + better non-greedy match 2025-03-04 02:00:23 +01:00
sdomi
aa970ef7e9 server: workaround for the Connection header specifying more than one flag 2025-02-26 04:02:22 +01:00
sdomi
519fdbe6c8 ws: full hecking rewrite 2025-02-26 01:22:23 +01:00
sdomi
75e6b66973 server: disable websocket support by default 2025-02-25 17:00:48 +01:00
sdomi
89c2850428 template: sanitize all inputs to prevent delimeter injection 2025-02-24 15:43:24 +01:00
sdomi
ec6a0d81a9 notORM: fix spurious missing backslashes 2025-02-20 15:45:44 +01:00
sdomi
9c403fbc3b notORM: data_add now supports auto-increment IDs 2025-02-19 23:05:57 +01:00
sdomi
affe9e4fbe notORM: fix a few leaky variables 2025-02-19 22:42:42 +01:00
sdomi
febb4087e4 misc: sync up immediate cookie changes with cookies array 2025-02-14 17:41:26 +01:00
sdomi
993941680a notORM: hotfix the off-by-one bug until I can find a better solution 2025-02-13 23:21:02 +01:00
sdomi
4b59b3d257 template: add -uri-num tags for automatic URL manipulation 2025-02-12 04:47:37 +01:00
sdomi
f7627c7af6 template: new array copy solution (... not happy about it, but what can I do) 2025-01-14 16:43:42 +00:00
sdomi
55814d4427 server: generic r[url_clean] for just getting the current URL w/o params 2025-01-08 21:32:34 +01:00
Merlin Scholz
1b085fbbdb
 		Fix accidental session_cookie loss caused by missing IFS unset 2025-01-05 19:37:18 +01:00
sdomi
eaabcc0da2 notORM: fix matching } 2025-01-01 01:37:00 +01:00
sdomi
a66a74208e account: add a config toggle for register behavior 2024-12-26 12:54:28 +01:00
sdomi
fbcdd76b14 account: propagate user from user_reset_password 2024-12-22 05:13:45 +01:00
sdomi
bd445181ee mail: propagate errors on mailsend 2024-12-16 21:19:47 +01:00