Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

""

git-svn-id: https://erlyaws.svn.sourceforge.net/svnroot/erlyaws/trunk/yaws@911 9fbdc01b-0d2c-0410-bfb7-fb27d70d8b52
  • Loading branch information...
commit f88377761a44a14dadc847bf0b0a8536578b9b86 1 parent a291b50
@klacke authored
Showing with 96 additions and 18 deletions.
  1. +70 −7 ChangeLog
  2. +7 −1 src/Makefile
  3. +10 −10 src/yaws_revproxy.erl
  4. +9 −0 www/news
View
77 ChangeLog
@@ -1,13 +1,76 @@
-2005-07-02 16:16 mikl
+2005-08-17 15:01 klacke
- * yaws_cgi.erl: Do not send the server port along with the host name in
- the CGI HTTP_HOST environment variable.
+ * vsn.mk: preparing for 1.57
-2005-06-29 21:30 mikl
+2005-08-17 01:01 klacke
- * Added compile option to generate debug information in the Erlang beam
- file.
- * Added HTTP_HOST env variable for CGI scripts (was required by sphpblog).
+ * include/yaws.hrl: rel/abs path patch by Rob Schmersel which fixed
+ a problem in the wiki
+
+2005-08-15 20:26 klacke
+
+ * src/: yaws_revproxy.erl, yaws_ssl.erl: ""
+
+2005-08-15 17:45 klacke
+
+ * src/: yaws.erl, yaws_ctl.erl, yaws_debug.erl, yaws_revproxy.erl,
+ yaws_server.erl, yaws_ssl.erl: rewrote yaws SSL code to use the
+ packet http and packet line modes that are now supported in the OTP
+ ssl module. Earlier this was all manual (and slow) code in yaws.
+ Thus yaws/SSL servers are now considerably faster
+
+2005-08-15 13:01 klacke
+
+ * src/: yaws_server.erl, yaws_session_server.erl, yaws_ssl.erl:
+ support chunked data from the client
+
+2005-07-05 11:08 klacke
+
+ * src/: yaws.erl, yaws_server.erl: tmp patch by Karel Ostrovsky
+
+2005-07-02 16:30 klacke
+
+ * src/yaws_cgi.erl: cgi port patch by joe_e_e
+
+2005-07-02 16:17 mikl
+
+ * ChangeLog, src/yaws_cgi.erl: yaws_cgi.erl: Do not send the server
+ port along with the host name in the CGI HTTP_HOST environment
+ variable.
+
+2005-06-30 15:40 mikl
+
+ * ChangeLog, src/yaws_cgi.erl: Added HTTP_HOST env variable for CGI
+ scripts (was required by sphpblog).
+
+2005-06-30 15:37 mikl
+
+ * ChangeLog, include.mk.in: Added compile option to generate debug
+ information in the Erlang beam file
+
+2005-06-17 12:58 klacke
+
+ * www/: dynamic.yaws, index.yaws, news: ""
+
+2005-06-16 13:59 klacke
+
+ * www/news, www/yaws-1.55_to_1.56.patch, vsn.mk: ""
+
+2005-06-16 13:47 klacke
+
+ * www/news: ""
+
+2005-06-16 13:36 klacke
+
+ * src/yaws_api.erl: ""
+
+2005-06-16 13:33 klacke
+
+ * src/yaws_api.erl: ""
+
+2005-06-10 16:17 klacke
+
+ * ChangeLog, www/news: ""
2005-06-10 16:08 klacke
View
8 src/Makefile
@@ -22,7 +22,6 @@ MODULES=yaws \
yaws_ctl \
yaws_cgi \
yaws_zlib \
- yaws_ssl \
yaws_vsn \
mime_type_c \
mime_types \
@@ -90,3 +89,10 @@ tags:
xref:
erl -noshell -pa ../ebin -s yaws_debug xref ../ebin
+DIALYZER_FLAGS+=-Wno_return
+
+dialyzer: .dialyzer.ok
+
+.dialyzer.ok: $(MODULES:%=../ebin/%.$(EMULATOR))
+ dialyzer $(DIALYZER_FLAGS) -c ../ebin
+ touch .dialyzer.ok
View
20 src/yaws_revproxy.erl
@@ -88,7 +88,7 @@ init(CliSock, ARG, DecPath, QueryPart, {Prefix, URL}, N) ->
P1 = proc_lib:spawn_link(?MODULE, ploop, [Cli2, Srv, GC, SC, self()]),
?Debug("Client=~p, Srv=~p", [P1, self()]),
ploop(Srv, Cli2, GC, SC, P1);
- ERR ->
+ _ERR ->
yaws:outh_set_dyn_headers(ARG#arg.req, ARG#arg.headers,
#urltype{}),
yaws_server:deliver_dyn_part(
@@ -212,7 +212,7 @@ get_chunk_num(Fd,SSL) ->
{ok, Line} ->
?Debug("Get chunk num from line ~p~n",[Line]),
erlang:list_to_integer(nonl(Line),16);
- {error, Rsn} ->
+ {error, _Rsn} ->
exit(normal)
end.
@@ -229,10 +229,10 @@ nonl([]) ->
-get_chunk(Fd, N, N,_) ->
+get_chunk(Fd, _N, N,_) ->
[];
get_chunk(Fd, N, Asz,SSL) ->
- case yaws:do_recv(Fd, N, 20000,SSL) of
+ case yaws:do_recv(Fd, N, SSL) of
{ok, Bin} ->
SZ = size(Bin),
[Bin|get_chunk(Fd, N, SZ+Asz,SSL)];
@@ -317,7 +317,7 @@ ploop(From0, To, Pid) ->
yaws:gen_tcp_send(TS,<<13,10>>),
ploop(From#psock{mode = expectchunked,
state = undefined}, To, Pid);
- Other ->
+ _Other ->
exit(normal)
end;
len when From#psock.state == 0 ->
@@ -331,8 +331,8 @@ ploop(From0, To, Pid) ->
yaws:gen_tcp_send(TS, Bin),
ploop(From#psock{state = From#psock.state - SZ},
To, Pid);
- Rsn ->
- ?Debug("Failed to read :~p~n", [Rsn]),
+ _Rsn ->
+ ?Debug("Failed to read :~p~n", [_Rsn]),
exit(normal)
end;
undefined ->
@@ -348,7 +348,7 @@ ploop(From0, To, Pid) ->
%% Before reentering the ploop in expect_header mode (new request/reply),
%% We must check the if we need to keep the connection alive
%% or if we must close it.
-ploop_keepalive(From = #psock{httpconnection="close"}, To, Pid) ->
+ploop_keepalive(_From = #psock{httpconnection="close"}, To, Pid) ->
?Debug("Connection closed by proxy: No keep-alive~n",[]),
done; %% Close the connection
ploop_keepalive(From, To, Pid) ->
@@ -427,7 +427,7 @@ rewrite_loc_url(LocUrl, PS) ->
SC=get(sc),
Scheme = yaws_server:redirect_scheme(SC),
RedirHost = yaws_server:redirect_host(SC, PS#psock.r_host),
- RealPath = LocUrl#url.path,
+ _RealPath = LocUrl#url.path,
[Scheme, RedirHost, yaws:slash_append(PS#psock.prefix, LocUrl#url.path)].
@@ -447,7 +447,7 @@ eat_crnl(Fd) ->
eat_crnl(Fd,nossl).
eat_crnl(Fd,SSL) ->
yaws:setopts(Fd, [{packet, line}],SSL),
- case yaws:do_recv(Fd,0, ?READ_TIMEOUT,SSL) of
+ case yaws:do_recv(Fd,0, SSL) of
{ok, <<13,10>>} ->
ok;
{ok, [13,10]} ->
View
9 www/news
@@ -1,3 +1,12 @@
+Wed Aug 17 14:54:06 CEST 2005 Version 1.57
+rel/abs path patch by Rob Schmersel which fixed a problem in the wiki
+Rewrote yaws SSL code to use the packet http and packet line modes that are now supported in the OTP ssl module. Earlier this was all manual (and slow) code in yaws. Thus yaws/SSL servers are now considerably faster. The old yaws_ssl modules is no longer used. (klacke)
+Support clients that POST data with Transfer-Encoding chunked. This is used by some models of cellphones. Bug found by ermine@ermine.pp.ru (Klacke)
+Tmp dir patch by Karel Ostrovsky to better support tmp dir on Windows
+cgi port patch by joe_e_e
+Do not send the server port along with the host name in the CGI HTTP_HOST environment variable. Added HTTP_HOST env variable for CGI scripts (was required by sphpblog). (mikl)
+
+
Thu Jun 16 13:42:50 CEST 2005, Version 1.56, Security update release.
A bug was found by Daniel Fabian, SEC-Consult Unternehmensberatung GmbH whereby: If a null byte is appended to the filename of a yaws script (.yaws), the yaws webserver returns a page containing the source code of the according script. This flaw allows a malicious attacker to analyse the source code of the entire web application, which might result in the attacker gaining sensitiv information like passwords. All versions of yaws older than 1.56 are vulnerable.
For users running old yaws web servers, the following <a href="yaws-1.55_to_1.56.patch"> patch </a> can be applied. The patch is small and can easily be backported to older yaws releases.
Please sign in to comment.
Something went wrong with that request. Please try again.