Fossil

Check-in [23e138e8]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Refactored [dd490d17be] into a separate routine and applied it to the POST parsing handler to fix problem reported at https://fossil-scm.org/forum/forumpost/f3e11f5629.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 23e138e808ff34066a91ce1b454b928bb2de898795770a72b001e1a0f84c6a6b
User & Date: stephan 2020-07-09 02:15:47
References
2020-07-09
12:53
Refactored [23e138e808] a bit to move some new json-only code from main.c to json.c. ... (check-in: b2ac2183 user: stephan tags: trunk)
Context
2020-07-09
03:13
JS fossil.fetch(): moved an XHR.setRequestHeader() call to after the XHR.open() call because FF now says it must be done in that order. ... (check-in: 98f3c05c user: stephan tags: trunk)
02:15
Refactored [dd490d17be] into a separate routine and applied it to the POST parsing handler to fix problem reported at https://fossil-scm.org/forum/forumpost/f3e11f5629. ... (check-in: 23e138e8 user: stephan tags: trunk)
2020-07-08
20:26
Fix for problem reported at https://fossil-scm.org/forum/forumpost/e4953666d6 which triggered a JSON-mode assertion when trying to access a /json path via a server running in directory-serving mode (which prefixes such paths with the repo name). Such paths are now recognized as routes into the JSON API. ... (check-in: dd490d17 user: stephan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/cgi.c.

1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
    int i, j;
    for(i=0; zRequestUri[i]==zScriptName[i] && zRequestUri[i]; i++){}
    for(j=i; zRequestUri[j] && zRequestUri[j]!='?'; j++){}
    zPathInfo = mprintf("%.*s", j-i, zRequestUri+i);
    cgi_set_parameter("PATH_INFO", zPathInfo);
  }
#ifdef FOSSIL_ENABLE_JSON
  if(strncmp("/json",zPathInfo,5)==0
     && (zPathInfo[5]==0 || zPathInfo[5]=='/')){
    /* We need to change some following behaviour depending on whether
    ** we are operating in JSON mode or not. We cannot, however, be
    ** certain whether we should/need to be in JSON mode until the
    ** PATH_INFO is set up.
    */
    g.json.isJsonMode = 1;
  }else{







|
<







1099
1100
1101
1102
1103
1104
1105
1106

1107
1108
1109
1110
1111
1112
1113
    int i, j;
    for(i=0; zRequestUri[i]==zScriptName[i] && zRequestUri[i]; i++){}
    for(j=i; zRequestUri[j] && zRequestUri[j]!='?'; j++){}
    zPathInfo = mprintf("%.*s", j-i, zRequestUri+i);
    cgi_set_parameter("PATH_INFO", zPathInfo);
  }
#ifdef FOSSIL_ENABLE_JSON
  if(json_request_is_json_api(zPathInfo)){

    /* We need to change some following behaviour depending on whether
    ** we are operating in JSON mode or not. We cannot, however, be
    ** certain whether we should/need to be in JSON mode until the
    ** PATH_INFO is set up.
    */
    g.json.isJsonMode = 1;
  }else{

Changes to src/main.c.

1525
1526
1527
1528
1529
1530
1531



































1532
1533
1534
1535
1536
1537
1538
    }
    cgi_redirect_with_status(zURL, 301, "Moved Permanently");
    return 1;
  }
  return 0;
}




































/*
** Preconditions:
**
**  * Environment variables are set up according to the CGI standard.
**
** If the repository is known, it has already been opened.  If unknown,
** then g.zRepositoryName holds the directory that contains the repository







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
    }
    cgi_redirect_with_status(zURL, 301, "Moved Permanently");
    return 1;
  }
  return 0;
}

#ifdef FOSSIL_ENABLE_JSON
/*
** Given the current request path string, this function returns true
** if it refers to a JSON API path. i.e. if (1) it starts with /json
** or (2) g.zCmdName is "server" and the path starts with
** /somereponame/json. Specifically, it returns 1 in the former case
** and 2 for the latter.
*/
int json_request_is_json_api(const char * zPathInfo){
  int rc = 0;
  if(zPathInfo==0){
    rc = 0;
  }else if(0==strncmp("/json",zPathInfo,5)
           && (zPathInfo[5]==0 || zPathInfo[5]=='/')){
    rc = 1;
  }else if(g.zCmdName!=0 && 0==strcmp("server",g.zCmdName)){
    /* When running in server "directory" mode, zPathInfo is
    ** prefixed with the repository's name, so in order to determine
    ** whether or not we're really running in json mode we have to
    ** try a bit harder. Problem reported here:
    ** https://fossil-scm.org/forum/forumpost/e4953666d6
    */
    ReCompiled * pReg = 0;
    const char * zErr = re_compile(&pReg, "^/[^/]+/json(/.*)?", 0);
    assert(zErr==0 && "Regex compilation failed?");
    if(zErr==0 &&
         re_match(pReg, (const unsigned char *)zPathInfo, -1)){
      rc = 2;
    }
    re_free(pReg);
  }
  return rc;
}
#endif

/*
** Preconditions:
**
**  * Environment variables are set up according to the CGI standard.
**
** If the repository is known, it has already been opened.  If unknown,
** then g.zRepositoryName holds the directory that contains the repository
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
  ** Ensure that JSON mode is set up if we're visiting /json, to allow
  ** us to customize some following behaviour (error handling and only
  ** process JSON-mode POST data if we're actually in a /json
  ** page). This is normally set up before this routine is called, but
  ** it looks like the ssh_request_loop() approach to dispatching
  ** might bypass that.
  */
  if( g.json.isJsonMode==0 && zPathInfo!=0 ){
    if(0==strncmp("/json",zPathInfo,5)
       && (zPathInfo[5]==0 || zPathInfo[5]=='/')){
      g.json.isJsonMode = 1;
    }else if(g.zCmdName!=0 && 0==strcmp("server",g.zCmdName)){
      /* When running in server "directory" mode, zPathInfo is
      ** prefixed with the repository's name, so in order to determine
      ** whether or not we're really running in json mode we have to
      ** try a bit harder. Problem reported here:
      ** https://fossil-scm.org/forum/forumpost/e4953666d6
      */
      ReCompiled * pReg = 0;
      const char * zErr = re_compile(&pReg, "^/[^/]+/json(/.*)?", 0);
      assert(zErr==0 && "Regex compilation failed?");
      if(zErr==0 &&
         re_match(pReg, (const unsigned char *)zPathInfo, -1)){
        g.json.isJsonMode = 1;
      }
      re_free(pReg);
    }
  }
#endif
  /* If the repository has not been opened already, then find the
  ** repository based on the first element of PATH_INFO and open it.
  */
  if( !g.repositoryOpen ){
    char *zRepo;               /* Candidate repository name */







|
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







1612
1613
1614
1615
1616
1617
1618
1619


1620
















1621
1622
1623
1624
1625
1626
1627
  ** Ensure that JSON mode is set up if we're visiting /json, to allow
  ** us to customize some following behaviour (error handling and only
  ** process JSON-mode POST data if we're actually in a /json
  ** page). This is normally set up before this routine is called, but
  ** it looks like the ssh_request_loop() approach to dispatching
  ** might bypass that.
  */
  if( g.json.isJsonMode==0 && json_request_is_json_api(zPathInfo) ){


    g.json.isJsonMode = 1;
















  }
#endif
  /* If the repository has not been opened already, then find the
  ** repository based on the first element of PATH_INFO and open it.
  */
  if( !g.repositoryOpen ){
    char *zRepo;               /* Candidate repository name */