| Age | Commit message (Collapse) | Author |
|---|
|
|
|
max_headers operated on the individual header length instead of
the total length of all headers. Also headers with empty keys are
now discarded.
|
|
New chunk mechanism of body data in POST requests added in
5d01c70ca399edf28e99dc760506329689fab6ba
broke handling of POST body data not using the new mechanism.
Added better regression test
|
|
If the client uses PUT or POST to send a HTTP body the server
currently will gather the whole body in memory before passing it on to
the mod-callback. For legacy reasons it also converts the binary body
to a list, this is really bad for memory usage!
Add new option max_client_body_chunk to enable chunked handling of
content-length requests. Also make it possible for chunked-encoded data
to be propagated in portions to the mod-callback.
Conflicts:
lib/inets/test/httpd_SUITE.erl
|
|
|
|
|
|
Many HTTP headers are optional, and it could be desirable for the
server to filter and maybe even alter them without replacing the
mod_* modules that generate/process them. Add new behaviour
httpd_custom_api with default implementation in httpd_custom.erl.
Add behaviour module in 18 as then we can specify optional callbacks.
|
|
|
|
Gracefully handle invalid content-lenght headers instead of
crashing in list_to_integer.
|
|
|
|
|
|
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/httpd/xss_when_erl_encoded/r14/OTP-9655
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/http_lib/http_uri.erl
lib/inets/src/http_lib/http_util.erl
lib/inets/src/http_server/httpd_file.erl
lib/inets/src/http_server/httpd_request.erl
lib/inets/src/http_server/httpd_request_handler.erl
lib/inets/src/http_server/httpd_util.erl
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpc_SUITE.erl
lib/inets/test/httpd_SUITE.erl
lib/inets/test/httpd_basic_SUITE.erl
lib/inets/test/httpd_test_lib.erl
lib/inets/vsn.mk
|
|
do the actual html encode.
OTP-9655
|
|
|
|
|
|
are URL-encoded. Added support in http-client to use
URL-encoding. Also added the missing include directory
for the inets application.
OTP-8940
[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos
OTP-9124
|
|
Although the validation in httpd_request works well on platforms using
forward slash as directory separator, on Windows systems, this
protection can be circumvented using URLs containing backslashes.
This way, any file accessible to the user running the server (even
those outside the document root) can be read through HTTP. This commit
solves the problem by expanding the list of path separators to '/\\'.
|
|
added missing include directory.
|
|
OTP-8564: Update deeprication status.
OTP-8573: Inets mod_alias URL rewrite.
|
|
OTP-8351, OTP-8359 & OTP-8371.
|
|
|
