Fossil

Check-in [362a7b7c]
Login

Check-in [362a7b7c]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Relax constraints on PATHINFO names such that the "fossil ui /" command can be used if some repositories have non-ASCII filenames. Response to forum post ec3ab5b1f5.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 362a7b7c9de817d1f8079b1bfccac55f336f30a54a57c4d34b26962f31a0c7bc
User & Date: drh 2024-05-18 14:12:05
Context
2024-05-21
11:18
Update the built-in SQLite to the first 3.46.0 release candidate. ... (check-in: 2ba99c27 user: drh tags: trunk)
2024-05-18
14:12
Relax constraints on PATHINFO names such that the "fossil ui /" command can be used if some repositories have non-ASCII filenames. Response to forum post ec3ab5b1f5. ... (check-in: 362a7b7c user: drh tags: trunk)
2024-05-15
21:11
In /chat, add a config option to audibly notify only for the first message received when the tab is not visible, and then remain silent until chat is visited again. ... (check-in: df86fa33 user: stephan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/main.c. 

1700
1701
1702
1703
1704
1705
1706







1707
1708
1709
1710
1711
1712
1713

  const char *zBase = g.zRepositoryName;
  int isReadonly = 0;

  g.zPhase = "process_one_web_page";
#if !defined(_WIN32)
  signal(SIGSEGV, sigsegv_handler);
#endif








  /* Handle universal query parameters */
  if( PB("utc") ){
    g.fTimeFormat = 1;
  }else if( PB("localtime") ){
    g.fTimeFormat = 2;
  }








>
>
>
>
>
>
>








1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720

  const char *zBase = g.zRepositoryName;
  int isReadonly = 0;

  g.zPhase = "process_one_web_page";
#if !defined(_WIN32)
  signal(SIGSEGV, sigsegv_handler);
#endif

  /* Decode %HH escapes in PATHINFO */
  if( strchr(zPathInfo,'%') ){
    char *z = fossil_strdup(zPathInfo);
    dehttpize(z);
    zPathInfo = z;
  }

  /* Handle universal query parameters */
  if( PB("utc") ){
    g.fTimeFormat = 1;
  }else if( PB("localtime") ){
    g.fTimeFormat = 2;
  }

1755
1756
1757
1758
1759
1760
1761
1762
1763
1764


1765


1766
1767


1768

1769
1770
1771
1772
1773



1774
1775
1776
1777
1778
1779
1780
1781
1782
1783



1784
1785
1786
1787
1788
1789
1790

      zRepo = zToFree = mprintf("%s%.*s%s",zBase,i,zPathInfo,zRepoExt);
      if( g.fHttpTrace ){
        @ <!-- Looking for repository named "%h(zRepo)" -->
        fprintf(stderr, "# looking for repository named \"%s\"\n", zRepo);
      }


      /* For safety -- to prevent an attacker from accessing arbitrary disk
      ** files by sending a maliciously crafted request URI to a public
      ** server -- make sure the repository basename contains no


      ** characters other than alphanumerics, "/", "_", "-", and ".", and


      ** that "-" never occurs immediately after a "/" and that "." is always
      ** surrounded by two alphanumerics.  Any character that does not


      ** satisfy these constraints is converted into "_".

      */
      szFile = 0;
      for(j=nBase+1, k=0; zRepo[j] && k<i-1; j++, k++){
        char c = zRepo[j];
        if( fossil_isalnum(c) ) continue;



#if defined(_WIN32) || defined(__CYGWIN__)
        /* Allow names to begin with "/X:/" on windows */
        if( c==':' && j==2 && sqlite3_strglob("/[a-zA-Z]:/*", zRepo)==0 ){
          continue;
        }
#endif
        if( c=='/' ) continue;
        if( c=='_' ) continue;
        if( c=='-' && zRepo[j-1]!='/' ) continue;
        if( c=='.' && fossil_isalnum(zRepo[j-1]) && fossil_isalnum(zRepo[j+1])){



          continue;
        }
        if( c=='.' && g.fAllowACME && j==(int)nBase+1
         && strncmp(&zRepo[j-1],"/.well-known/",12)==0
        ){
          /* We allow .well-known as the top-level directory for ACME */
          continue;








|
|
|
>
>
|
>
>
|
<
>
>
|
>
|



|
>
>
>









|
>
>
>








1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777

1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809

      zRepo = zToFree = mprintf("%s%.*s%s",zBase,i,zPathInfo,zRepoExt);
      if( g.fHttpTrace ){
        @ <!-- Looking for repository named "%h(zRepo)" -->
        fprintf(stderr, "# looking for repository named \"%s\"\n", zRepo);
      }


      /* Restrictions on the URI for security:
      **
      **    1.  Reject characters that are not ASCII alphanumerics, 
      **        "-", "_", ".", "/", or unicode (above ASCII).
      **        In other words:  No ASCII punctuation or control characters
      **        other than "-", "_", "." and "/".
      **    2.  Exception to rule 1: Allow /X:/ where X is any ASCII 
      **        alphabetic character at the beginning of the name on windows.
      **    3.  "-" may not occur immediately after "/"

      **    4.  "." may not be adjacent to another "." or to "/"
      **
      ** Any character does not satisfy these constraints a Not Found
      ** error is returned.
      */  
      szFile = 0;
      for(j=nBase+1, k=0; zRepo[j] && k<i-1; j++, k++){
        char c = zRepo[j];
        if( c>='a' && c<='z' ) continue;
        if( c>='A' && c<='Z' ) continue;
        if( c>='0' && c<='9' ) continue;
        if( (c&0x80)==0x80 ) continue;
#if defined(_WIN32) || defined(__CYGWIN__)
        /* Allow names to begin with "/X:/" on windows */
        if( c==':' && j==2 && sqlite3_strglob("/[a-zA-Z]:/*", zRepo)==0 ){
          continue;
        }
#endif
        if( c=='/' ) continue;
        if( c=='_' ) continue;
        if( c=='-' && zRepo[j-1]!='/' ) continue;
        if( c=='.'
         && zRepo[j-1]!='.' && zRepo[j-1]!='/'
         && zRepo[j+1]!='.' && zRepo[j+1]!='/'
        ){
          continue;
        }
        if( c=='.' && g.fAllowACME && j==(int)nBase+1
         && strncmp(&zRepo[j-1],"/.well-known/",12)==0
        ){
          /* We allow .well-known as the top-level directory for ACME */
          continue;