Age | Commit message (Collapse) | Author |
|
|
|
OTP-9158
|
|
OTP-9157
|
|
bmk/inets/inet56_integration
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
|
|
'bmk/inets/httpd/make_mod_esi_deliver_accept_binary_data/OTP-9123' into bmk/inets/inet56_integration
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
|
|
into bmk/inets/inet56_integration
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
|
|
Fixed appup file (not updated).
Fixed application version.
|
|
Conflicts:
lib/inets/doc/src/notes.xml
Fixed release notes after merge.
|
|
When a mod_esi request times out, the code to send a timeout response
was incorrect and generated an internal server error as well as an invalid
response line.
|
|
|
|
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
|
|
|
|
bmk/inets/httpd/prevent_xss_in_error_pages/OTP-9124
|
|
|
|
bmk/inets/httpd/make_mod_esi_deliver_accept_binary_data/OTP-9123
|
|
|
|
5.4 appear in two places).
|
|
Also fixed some of the documentation (types).
|
|
bmk/inets/httpc/support_upload_body_streaming/OTP-OTP-9094
Conflicts:
lib/inets/src/http_client/httpc.erl
lib/inets/test/httpc_SUITE.erl
|
|
|
|
* Assure store_cookies (and verify_cookies) is documented instead of the
nonexistent store_cookie and verify_cookie.
* Make sure the cookies option is not called cookie in comments.
* Sprinkle <c>...</c> arround symbols and code snippets in text.
* Grammar, wording, and punctuation fixes.
* Formalize See gen_tcp:connect/3,4 using <seealso>.
|
|
This change allows for more efficient delivery of large amounts of
data through the mod_esi interface when the handling process has that
data in binary format. It avoids the need to convert to list and the
extra memory involved in passing that list between processes.
|
|
Prevent user controlled input from being interpreted as HTML in error
pages by encoding the reserved HTML characters. The reserved character
set should be safe for displaying data within the body of HTML pages
as outlined here:
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Previously, weird URLs were URI encoded in the error page. This worked
quite well but the URL would be displayed in the HTML in percent encoded
format. There was also a check for URIs that were already escaped (by
the browser) that would fail if the browser sent an URI containing a
"%", e.g.:
w3m "http://localhost:8080/<b>foo</b>?%"
Also encode the HTTP method and version, since it's possible they may be
manipulated:
<b>FOO</b> /index.html HTTP/1.0
GET /index.html <b>foo</b>/1.0
Encode the static messages to prevent characters from being interpreted
as HTML such as "heavy load (>~w processes)".
|
|
HTTPD header file install "fixed". That is, the include files in the
include dir are installed in the include dir (by the Makefile in the
src/inets_app). New wrapper header files (with the same names
httpd.hrl and mod_auth.hrl) has been created in the src/http_server
dir (which in turn is installed in the src/http_server dir by the
Makefile in the src/http_server dir).
|
|
* bmk/inets/httpc_meybe_retry_queue_terminating/OTP-8906:
Pipelined requests not handled properly when terminating.
|
|
|
|
Internal server error is only used for emfile and enfile all
other errors are treated as 404 file not found, except 403 eacces.
|
|
Also added some verbosity (dbg) printouts in the
transport module (for ip_comm listen).
|
|
|
|
added missing include directory.
|
|
|
|
This is specially useful when a client doesn't know in advance the
length of the payload (so that it can't set the
Content-Length header).
Example:
-module(httpc_post_stream_test).
-compile(export_all).
prepare_data() ->
crypto:start(),
{ok, Fd} = file:open("test_data.dat", [binary, write]),
ok = file:write(Fd, lists:duplicate(crypto:rand_uniform(8182, 32768), "1")),
ok = file:close(Fd).
test() ->
inets:start(),
ok = prepare_data(),
{ok, Fd1} = file:open("test_data.dat", [binary, read]),
BodyFun = fun(Fd) ->
case file:read(Fd, 512) of
eof ->
eof;
{ok, Data} ->
{ok, Data, Fd}
end
end,
%% header 'Transfer-Encoding: chunked' is added by httpc
{ok, {{_,200,_}, _, _}} = httpc:request(post, {"http://localhost:8888",
[], "text/plain", {chunkify, BodyFun, Fd1}}, [], []),
ok = file:close(Fd1).
|
|
This is a must when uploading large bodies that are to large to store
in a string or binary.
Besides a string or binary, a body can now be a function and
an accumulator.
Example:
-module(httpc_post_stream_test).
-compile(export_all).
-define(LEN, 1024 * 1024).
prepare_data() ->
{ok, Fd} = file:open("test_data.dat", [binary, write]),
ok = file:write(Fd, lists:duplicate(?LEN, "1")),
ok = file:close(Fd).
test() ->
inets:start(),
ok = prepare_data(),
{ok, Fd1} = file:open("test_data.dat", [binary, read]),
BodyFun = fun(Fd) ->
case file:read(Fd, 512) of
eof ->
eof;
{ok, Data} ->
{ok, Data, Fd}
end
end,
{ok, {{_,200,_}, _, _}} = httpc:request(post, {"http://localhost:8888",
[{"content-length", integer_to_list(?LEN)}], "text/plain", {BodyFun, Fd1}}, [], []),
ok = file:close(Fd1).
|
|
|
|
|
|
* maint-r13:
snmp: Patch 1130
inets: Patch 1129
ssh: Patch 1127
ssh: Patch 1126
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
lib/inets/vsn.mk
lib/snmp/vsn.mk
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh.appup.src
lib/ssh/vsn.mk
|
|
OTP-8739 [httpc] If a request times out (not connect timeout), the
handler process exited (normal) but neglected to inform
the manager process. For this reason, the manager did not
clean up the request table, resulting in a memory leak.
Also the manager did not create a monitor for the handler,
so in an unforseen handler crash, this could also create
a memory leak.
OTP-8741 The service tftp was spelled wrong in documentation and
in some parts of the code. It should be tftp.
OTP-8742 [httpc] Replaced the old http client api module (http) with
the new, httpc in the users guide.
|
|
OTP-8609 [httpc] Made cookie handling more case insensitive.
OTP-8610 [httpc|httpd] Some netscape cookie dates are given with
a 2-digit year (e.g. 06 = 2006).
OTP-8624 [httpd] Added support (again) for the documented debugging
features. See the User's Guide Configuration chapter for
more info.
|
|
OTP-8542 [httpc] Memory leak plugged. The profile manager never cleaned
up in its handler database. This meant that with each new
request handler, another entry was created that was never
deleted. Eventually the request id counter (used as a key)
would wrap, but the machine would most likely run out of
memory before that happened.
OTP-8607 [httpc] https requests with default port not handled properly.
Jebu Ittiachen.
|
|
OTP-8508 [httpc] Badly formated error reason for errors occuring
during initial connec to a servert. Also, the possible error
reasons was not properly documented.
OTP-8509 [httpd] Issues with ESI erl_script_timeout. </p> *) The
"erl_script_timeout" config option is ducumented as a number
of seconds. But when parsing the config, in the new format
(not a config file), it was handled as if in number of
milliseconds. *) When the erl-script-timeout time was
exceeded, the server incorrectly marked the answer as sent,
thereby leaving client hanging (with an incomplete answer).
This has been changed, so that now the socket will be closed.
|
|
OTP-8564: Update deeprication status.
OTP-8573: Inets mod_alias URL rewrite.
|
|
OTP-8610: Problem processing netscape cookies - date
OTP-8624: Documented debug options not handled
|
|
OTP-8610: Problem processing netscape cookies - date
OTP-8624: Documented debug options not handled
|
|
OTP-8610: Some netscape cookie dates are given with a 2-digit year.
|
|
OTP-8607: https default port not handled
|
|
|
|
|
|
OTP-8431: [email protected]
|
|
between the httpc manager and request handler was synchronous.
When the manager starts a new request handler, this is no longer
a synchronous operation. Previously, the new request handler made
the connection to the server and issuing of the first request
(the reason for starting it) in the gen_server init function. If
the connection for some reason "took some time", the manager
hanged, leaving all other activities by that manager also
hanging. As a side-effect of these changes, some modules was also
renamed, and a new api module, httpc, has been introduced (the
old module, http, is *not* removed, but is now just wrapper for
httpc).
|
|
OTP-8349, OTP-8351, OTP-8352, OTP-8359 & OTP-8371.
|