aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/src/http_server
AgeCommit message (Collapse)Author
2011-08-25Typofix in httpd_file:handle_error messageAndrás Veres-Szentkirályi
2011-05-20Update copyright yearsBjörn-Egil Dahlberg
2011-04-06Accepting file descriptors (fd) in the config forMicael Karlberg
socket type ip_comm.
2011-03-28A slightly more usefull debug printout (including httpd services).Micael Karlberg
2011-03-28Merge branch 'bd/mod_esi_timeout_fix' into bmk/inets/inet56_integrationMicael Karlberg
OTP-9158
2011-03-28Merge branch 'rj/fix-httpd-format' into bmk/inets/inet56_integrationMicael Karlberg
OTP-9157
2011-03-18Merge branch 'bmk/inets/httpd/prevent_xss_in_error_pages/OTP-9124' into ↵Micael Karlberg
bmk/inets/inet56_integration Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/inets_app/inets.appup.src
2011-03-17Fix timeout message generated by mod_esiBernard Duggan
When a mod_esi request times out, the code to send a timeout response was incorrect and generated an internal server error as well as an invalid response line.
2011-03-17Fix log messages formating in httpdRicardo Catalinas Jiménez
2011-02-24Modify mod_esi:deliver/2 to accept binary dataBernard Duggan
This change allows for more efficient delivery of large amounts of data through the mod_esi interface when the handling process has that data in binary format. It avoids the need to convert to list and the extra memory involved in passing that list between processes.
2011-02-22inets: prevent XSS in error pagesMichael Santos
Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters. The reserved character set should be safe for displaying data within the body of HTML pages as outlined here: http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet Previously, weird URLs were URI encoded in the error page. This worked quite well but the URL would be displayed in the HTML in percent encoded format. There was also a check for URIs that were already escaped (by the browser) that would fail if the browser sent an URI containing a "%", e.g.: w3m "http://localhost:8080/<b>foo</b>?%" Also encode the HTTP method and version, since it's possible they may be manipulated: <b>FOO</b> /index.html HTTP/1.0 GET /index.html <b>foo</b>/1.0 Encode the static messages to prevent characters from being interpreted as HTML such as "heavy load (>~w processes)".
2010-12-16External include filesMicael Karlberg
HTTPD header file install "fixed". That is, the include files in the include dir are installed in the include dir (by the Makefile in the src/inets_app). New wrapper header files (with the same names httpd.hrl and mod_auth.hrl) has been created in the src/http_server dir (which in turn is installed in the src/http_server dir by the Makefile in the src/http_server dir).
2010-11-30Changed file error handling to be consistentIngela Anderton Andin
Internal server error is only used for emfile and enfile all other errors are treated as 404 file not found, except 403 eacces.
2010-11-29URL-encoding - add support in client and more usage in server. AlsoIngela Anderton Andin
added missing include directory.
2010-06-07OTP-7907: Allow the use of the "new" ssl (essl).Micael Karlberg
OTP-8564: Update deeprication status. OTP-8573: Inets mod_alias URL rewrite.
2010-05-27OTP-8609: Problems processing netscape cookies - expireMicael Karlberg
OTP-8610: Problem processing netscape cookies - date OTP-8624: Documented debug options not handled
2010-03-19OTP-8508 & OTP-8509.Micael Karlberg
2010-01-13OTP-8016, OTP-8056, OTP-8103, OTP-8106, OTP-8312, OTP-8315, OTP-8327, OTP-8349,Micael Karlberg
OTP-8351, OTP-8359 & OTP-8371.
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 09:30:15 +0000