* file system.
* NO_FILES only disables the automatic mapping between URLs and local
* file names.
- * NO_FILESYSTEM = do not access any file at all. Useful for embedded
+ * NO_FILESYSTEMS = do not access any file at all. Useful for embedded
* devices without file system. Logging to files in not available
* (use callbacks instead) and API functions like mg_send_file are not
* available.
#if defined(USE_LUA) && defined(USE_WEBSOCKET)
{"lua_websocket_pattern", MG_CONFIG_TYPE_EXT_PATTERN, "**.lua$"},
#endif
- {"replace_asterisk_with_origin", MG_CONFIG_TYPE_BOOLEAN, "no"},
+ {"replace_asterisk_with_origin", MG_CONFIG_TYPE_BOOLEAN, "no"},
{"access_control_allow_origin", MG_CONFIG_TYPE_STRING, "*"},
{"access_control_allow_methods", MG_CONFIG_TYPE_STRING, "*"},
{"access_control_allow_headers", MG_CONFIG_TYPE_STRING, "*"},
conn->dom_ctx->config[ACCESS_CONTROL_EXPOSE_HEADERS];
const char *cors_meth_cfg =
conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_METHODS];
- const char *cors_repl_asterisk_with_orig_cfg =
- conn->dom_ctx->config[REPLACE_ASTERISK_WITH_ORIGIN];
-
- if (cors_orig_cfg && *cors_orig_cfg && origin_hdr && *origin_hdr && cors_repl_asterisk_with_orig_cfg && *cors_repl_asterisk_with_orig_cfg) {
- int cors_repl_asterisk_with_orig = mg_strcasecmp(cors_repl_asterisk_with_orig_cfg, "yes");
-
+ const char *cors_repl_asterisk_with_orig_cfg =
+ conn->dom_ctx->config[REPLACE_ASTERISK_WITH_ORIGIN];
+
+ if (cors_orig_cfg && *cors_orig_cfg && origin_hdr && *origin_hdr
+ && cors_repl_asterisk_with_orig_cfg
+ && *cors_repl_asterisk_with_orig_cfg) {
+ int cors_repl_asterisk_with_orig =
+ mg_strcasecmp(cors_repl_asterisk_with_orig_cfg, "yes");
+
/* Cross-origin resource sharing (CORS), see
* http://www.html5rocks.com/en/tutorials/cors/,
* http://www.html5rocks.com/static/images/cors_server_flowchart.png
* CORS preflight is not supported for files. */
if (cors_repl_asterisk_with_orig == 0 && cors_orig_cfg[0] == '*') {
mg_response_header_add(conn,
- "Access-Control-Allow-Origin",
- origin_hdr,
- -1);
+ "Access-Control-Allow-Origin",
+ origin_hdr,
+ -1);
} else {
mg_response_header_add(conn,
- "Access-Control-Allow-Origin",
- cors_orig_cfg,
- -1);
+ "Access-Control-Allow-Origin",
+ cors_orig_cfg,
+ -1);
}
}
}
return;
}
-
+
/* 1.3. decode url (if config says so) */
if (should_decode_url(conn)) {
}
remove_dot_segments(tmp);
ri->local_uri = tmp;
- #if !defined(NO_FILES) /* Only compute if later code can actually use it */
- /* Cache URI length once; recompute only if the buffer changes later. */
- uri_len = (int)strlen(ri->local_uri);
- #endif
-
+#if !defined(NO_FILES) /* Only compute if later code can actually use it */
+ /* Cache URI length once; recompute only if the buffer changes later. */
+ uri_len = (int)strlen(ri->local_uri);
+#endif
/* step 1. completed, the url is known now */
const char *cors_acrm = get_header(ri->http_headers,
ri->num_headers,
"Access-Control-Request-Method");
- const char *cors_repl_asterisk_with_orig_cfg =
- conn->dom_ctx->config[REPLACE_ASTERISK_WITH_ORIGIN];
-
+ const char *cors_repl_asterisk_with_orig_cfg =
+ conn->dom_ctx->config[REPLACE_ASTERISK_WITH_ORIGIN];
+
/* Todo: check if cors_origin is in cors_orig_cfg.
* Or, let the client check this. */
if ((cors_meth_cfg != NULL) && (*cors_meth_cfg != 0)
&& (cors_orig_cfg != NULL) && (*cors_orig_cfg != 0)
&& (cors_origin != NULL) && (cors_acrm != NULL)
- && (cors_repl_asterisk_with_orig_cfg != NULL) && (*cors_repl_asterisk_with_orig_cfg != 0)) {
- int cors_repl_asterisk_with_orig = mg_strcasecmp(cors_repl_asterisk_with_orig_cfg, "yes");
-
+ && (cors_repl_asterisk_with_orig_cfg != NULL)
+ && (*cors_repl_asterisk_with_orig_cfg != 0)) {
+ int cors_repl_asterisk_with_orig =
+ mg_strcasecmp(cors_repl_asterisk_with_orig_cfg, "yes");
+
/* This is a valid CORS preflight, and the server is configured
* to handle it automatically. */
const char *cors_acrh =
"Content-Length: 0\r\n"
"Connection: %s\r\n",
date,
- (cors_repl_asterisk_with_orig == 0 && cors_orig_cfg[0] == '*') ? cors_origin : cors_orig_cfg,
+ (cors_repl_asterisk_with_orig == 0
+ && cors_orig_cfg[0] == '*')
+ ? cors_origin
+ : cors_orig_cfg,
((cors_meth_cfg[0] == '*') ? cors_acrm : cors_meth_cfg),
suggest_connection_header(conn));
/* 12. Directory uris should end with a slash */
if (file.stat.is_directory && (uri_len > 0)
- && (ri->local_uri[uri_len - 1] != '/')) {
+ && (ri->local_uri[uri_len - 1] != '/')) {
/* Path + server root */
len++;
}
- /* Append with size of space left for query string + null terminator */
+ /* Append with size of space left for query string + null
+ * terminator */
size_t max_append = buflen - len - 1;
strncat(new_path, ri->query_string, max_append);
}
for (i = 0; uri[i] != 0; i++) {
/* Check for CRLF injection attempts */
if (uri[i] == '%') {
- if (uri[i+1] == '0' && (uri[i+2] == 'd' || uri[i+2] == 'D')) {
+ if (uri[i + 1] == '0' && (uri[i + 2] == 'd' || uri[i + 2] == 'D')) {
/* Found %0d (CR) */
DEBUG_TRACE("CRLF injection attempt detected: %s\r\n", uri);
return 0;
}
- if (uri[i+1] == '0' && (uri[i+2] == 'a' || uri[i+2] == 'A')) {
+ if (uri[i + 1] == '0' && (uri[i + 2] == 'a' || uri[i + 2] == 'A')) {
/* Found %0a (LF) */
DEBUG_TRACE("CRLF injection attempt detected: %s\r\n", uri);
return 0;
return MG_FORM_FIELD_STORAGE_ABORT;
}
- key_dec_len = mg_url_decode(
- key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
+ key_dec_len =
+ mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
if (*value_len >= 2 && value[*value_len - 2] == '%')
*value_len -= 2;
int key_dec_len;
(void)conn;
- key_dec_len = mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
+ key_dec_len =
+ mg_url_decode(key, (int)key_len, key_dec, (int)sizeof(key_dec), 1);
if (key_dec_len < 0) {
return MG_FORM_FIELD_STORAGE_ABORT;
}
vallen = (ptrdiff_t)strlen(val);
end_of_key_value_pair_found = all_data_read;
if ((buf + buf_fill) > (val + vallen)) {
- /* Avoid DoS attacks by having a zero byte in the middle of
- * a request that is supposed to be URL encoded. Since this
- * request is certainly invalid, according to the protocol
+ /* Avoid DoS attacks by having a zero byte in the middle
+ * of a request that is supposed to be URL encoded.
+ * Since this request is certainly invalid, according to
+ * the protocol
* specification, stop processing it. Fixes #1348 */
abort_read = 1;
break;
}
-
}
if (field_storage == MG_FORM_FIELD_STORAGE_GET) {
projects / 0xmirror / civetweb.git / commitdiff