https://github.com/warmcat/libwebsockets/issues/706
This fixes a problem where the check for the existing pw was
skipped when a logged-in user is changing his password.
It's not good but because the user has to be logged in, it only affected
the situation someone changes his password on his logged in session.
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.
Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in several places relying on snprintf to truncate the length
overflows are possible.
This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.
All users should update with these fixes.
This adds
- simple lws_urlencode()
- simple lws_urldecode()
- simple lws_sql_purify
Those expect the data to all be there and process it up until
the first '\0'.
There is also a larger opaque apis for handling POST_BODY urldecode. To
enable these, you need to give cmake -DLWS_WITH_STATEFUL_URLDECODE=1 (or
arrange any larger feature that relies on it sets that in CMakeLists.txt)
- stateful urldecode with parameter array
These have create / process / destroy semantics on a struct that maintains
decode state.
Stateful urldecode is capable of dealing with large POST data in multiple
POST_BODY callbacks cleanly, eg, file transfer by POST.
Stateful urldecode with parameter array wraps the above with a canned
callback that stores the urldecoded data and indexes them in a pointer
array matching an array of parameter names.
You may also pass it an optional callback when creating it, that will recieve
uploaded file content.
The test html is updated to support both urlencoded and multipart forms,
with some javascript to do clientside validation of an arbitrary 100KB
file size limit (there is no file size limit in the apis).
Signed-off-by: Andy Green <andy@warmcat.com>
https://github.com/warmcat/libwebsockets/issues/526
On master, cleanups and refactor mean the last two problems already
don't exist (array is gone from main.c and http.c is deleted)
Signed-off-by: Andy Green <andy@warmcat.com>
This is used to confirm that SSL client connections can coexist with
a vhost doing serving.
To set it up,
/*
* This is a bit fiddly...
*
* 0) If you want the wss:// test to work, make sure the vhost is marked with
* enable-client-ssl if using lwsws, or call lws_init_vhost_client_ssl() on
* the vhost if you're doing it by hand.
*
* 1) enable the protocol on a vhost
*
* "ws-protocols": [{
* "client-loopback-test": {
* "status": "ok"
* }, ...
*
* the vhost should listen on 80 (ws://) or 443 (wss://)
*
* 2) mount the http part of the test one level down on the same vhost, eg
* {
* "mountpoint": "/c",
* "origin": "callback://client-loopback-test"
* }
*
* 3) Use a browser to visit the mountpoint with a URI attached for looping
* back, eg, if testing on localhost
*
* http://localhost/c/ws://localhost
* https://localhost/c/wss://localhost
*
* 4) The HTTP part of this test protocol will try to do the requested
* ws client connection, to the same test protocol on the same
* server.
*/
Results should look like this
lwsws[29938]: client connection to localhost:443 with ssl: 1 started
lwsws[29938]: server part: LWS_CALLBACK_ESTABLISHED
lwsws[29938]: checking client ext permessage-deflate
lwsws[29938]: instantiating client ext permessage-deflate
lwsws[29938]: Client connection established
lwsws[29938]: Client connection received 7 from server 'Made it'
Signed-off-by: Andy Green <andy@warmcat.com>
This allows mounts to define the caching policy of the files inside them.
Support is added in lwsws for controlling it from the config files.
The api for serializing a mount struct opaquely is removed and lws_http_mount struct
made public... it was getting out of control trying to hide the options.
Signed-off-by: Andy Green <andy@warmcat.com>
This trades off a couple of wsi pointers for vastly increased speed
for the callback when writeable "all protocol" variants when there
are many kinds of wsi active.
Signed-off-by: Andy Green <andy@warmcat.com>
https://github.com/warmcat/libwebsockets/issues/489
This
1) fixes the vhost changes on master
2) works around the ah pool changes
3) fixes some other build problems that appeared
4) hacks out physical flow control for internal streams
5) updates the advertised protocol to h2 needed by, eg, chrome 51
That gets it able to serve small (<4K, ie, one packet) files over http2
Signed-off-by: Andy Green <andy@warmcat.com>
This adds support for dynamically loaded plugins at runtime, which
can expose their own protocols or extensions transparently.
With these changes lwsws defaults to OFF in cmake, and if enabled it
automatically enables plugins and libuv support.
Signed-off-by: Andy Green <andy@warmcat.com>
