From bb7ed02c124eec21529fa92bd51fd08f70b82f07 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Wed, 25 Jun 2014 02:57:04 +0200 Subject: [PATCH 01/14] Set version to 0.25.1 --- CHANGELOG.md | 5 +++++ package.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b0b1bb3a..7fbe638c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ **h5ai** uses [semantic versioning](http://semver.org/). +## develop branch + +* ... + + ## v0.25.1 - *2014-06-25* * fixes broken paths for filenames containing '+' characters diff --git a/package.json b/package.json index b0b7053e..defeed00 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "h5ai", - "version": "0.25.1", + "version": "0.25.1+", "description": "a modern HTTP web server index", "url": "http://larsjung.de/h5ai/", "author": "Lars Jung", From daa1d255e273e19878033e1b2ebe01f33e955810 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Wed, 25 Jun 2014 19:30:49 +0200 Subject: [PATCH 02/14] More fixes on Google Universal Analytics. --- src/_h5ai/client/js/inc/ext/google-analytics.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/_h5ai/client/js/inc/ext/google-analytics.js b/src/_h5ai/client/js/inc/ext/google-analytics.js index c82c3ed2..91059ef1 100644 --- a/src/_h5ai/client/js/inc/ext/google-analytics.js +++ b/src/_h5ai/client/js/inc/ext/google-analytics.js @@ -67,8 +67,7 @@ modulejs.define('ext/google-analytics-ua', ['_', 'core/settings', 'core/event'], var loc = win.location; win[id]('send', 'pageview', { - location: loc.protocol + '//' + loc.hostname + item.absHref, - page: loc.protocol + '//' + loc.host + item.absHref, + location: loc.protocol + '//' + loc.host + item.absHref, title: _.pluck(item.getCrumb(), 'label').join(' > ') }); }); From d4c6b33ed501c945dc514420f39083b3761c0ffa Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Thu, 26 Jun 2014 12:42:09 +0200 Subject: [PATCH 03/14] Some fixes. --- src/_h5ai/index.html.jade | 2 +- src/_h5ai/server/php/inc/class-app.php | 2 +- src/_h5ai/server/php/inc/page.php.jade | 2 +- src/_h5ai/server/php/index.php | 1 + 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/_h5ai/index.html.jade b/src/_h5ai/index.html.jade index b6204a1a..83e1a86d 100644 --- a/src/_h5ai/index.html.jade +++ b/src/_h5ai/index.html.jade @@ -38,5 +38,5 @@ html.no-js.browser( lang="en" ) | ! ⚡ span.right a( href="{{pkg.url}}", title="{{pkg.name}} {{pkg.version}} · {{pkg.description}}" ) - | powered by h5ai {{pkg.version}} + | powered by {{pkg.name}} {{pkg.version}} span.center diff --git a/src/_h5ai/server/php/inc/class-app.php b/src/_h5ai/server/php/inc/class-app.php index fd16ede9..ec0ed64f 100644 --- a/src/_h5ai/server/php/inc/class-app.php +++ b/src/_h5ai/server/php/inc/class-app.php @@ -26,7 +26,7 @@ class App { $consts = get_defined_constants(true); $setup = $consts["user"]; - $setup["PHP_VERSION"] = PHP_VERSION; + // $setup["PHP_VERSION"] = PHP_VERSION; unset($setup["APP_PATH"]); unset($setup["ROOT_PATH"]); unset($setup["CURRENT_PATH"]); diff --git a/src/_h5ai/server/php/inc/page.php.jade b/src/_h5ai/server/php/inc/page.php.jade index c5bc1b24..8af65591 100644 --- a/src/_h5ai/server/php/inc/page.php.jade +++ b/src/_h5ai/server/php/inc/page.php.jade @@ -35,7 +35,7 @@ html.no-js.browser( lang="en" ) | ! ⚡ span.right a( href="{{pkg.url}}", title="{{pkg.name}} {{pkg.version}} · {{pkg.description}}" ) - | powered by h5ai {{pkg.version}} + | powered by {{pkg.name}} {{pkg.version}} span.center div#sidebar diff --git a/src/_h5ai/server/php/index.php b/src/_h5ai/server/php/index.php index b5459e9c..5a99db7b 100644 --- a/src/_h5ai/server/php/index.php +++ b/src/_h5ai/server/php/index.php @@ -22,6 +22,7 @@ normalized_require_once("class-thumb"); setup(); $app = new App(); +header("X-Powered-By: " . NAME . "/" . VERSION); if (has_request_param("action")) { header("Content-type: application/json;charset=utf-8"); From db4932b9ce94cf10ff9e8df143efb01b34a3657b Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Sat, 28 Jun 2014 19:21:29 +0200 Subject: [PATCH 04/14] Replace PHP short open tag, as it might be turned off in PHP < 5.4.0. --- src/_h5ai/server/php/inc/page.php.jade | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_h5ai/server/php/inc/page.php.jade b/src/_h5ai/server/php/inc/page.php.jade index 8af65591..4b9333d9 100644 --- a/src/_h5ai/server/php/inc/page.php.jade +++ b/src/_h5ai/server/php/inc/page.php.jade @@ -1,6 +1,6 @@ -- var app_href = "" -- var fallback = "" +- var app_href = "" +- var fallback = "" doctype 5 //if lt IE 10 From 96480a5c500f6fed3b8459e2ef688ede461efb61 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Sun, 29 Jun 2014 17:51:00 +0200 Subject: [PATCH 05/14] Add optional info page protection. --- src/_h5ai/client/css/inc/h5ai-info.less | 68 +++++++++--- src/_h5ai/client/js/inc/info.js | 139 +++++++++++++++++++----- src/_h5ai/index.html.jade | 7 -- src/_h5ai/server/php/inc/class-api.php | 17 ++- src/_h5ai/server/php/inc/class-app.php | 20 +++- src/_h5ai/server/php/inc/setup.php | 9 ++ src/_h5ai/server/php/index.php | 12 ++ 7 files changed, 218 insertions(+), 54 deletions(-) diff --git a/src/_h5ai/client/css/inc/h5ai-info.less b/src/_h5ai/client/css/inc/h5ai-info.less index d33a2f9d..57424a2f 100644 --- a/src/_h5ai/client/css/inc/h5ai-info.less +++ b/src/_h5ai/client/css/inc/h5ai-info.less @@ -17,15 +17,6 @@ body#h5ai-info { } } - .build-version { - display: block; - } - .build-stamp { - display: block; - margin-top: 0.3em; - font-size: 0.6em; - color: #aaa; - } .idx-file { margin-top: 1em; font-size: 0.6em; @@ -61,6 +52,56 @@ body#h5ai-info { line-height: 1.4em; } + #login-wrapper { + margin: 96px 0; + font-size: 14px; + + #pass { + -moz-appearance: none; + -ms-appearance: none; + -webkit-appearance: none; + font-family: @font-family; + font-weight: @font-weight; + color: @col; + background: @col-widget-back-highlight; + border: @border-widget; + outline: none; + display: inline-block; + width: 200px; + height: 30px; + padding: 0 6px; + margin: 8px; + } + #login, #logout { + display: inline-block; + padding: 4px 16px; + margin: 8px; + background-color: @col-widget-back; + border: @border-widget; + cursor: pointer; + + color: @col; + cursor: pointer; + text-decoration: none; + .transition(all 0.2s ease-in-out); + + &:hover, &.hover { + background-color: @col-widget-back-highlight; + color: @col-hover; + } + } + #hint { + margin: 12px auto; + width: 320px; + color: @col; + font-size: 12px; + } + } + + #tests-wrapper { + margin: 96px 0; + } + #tests { display: inline-block; list-style-type: none; @@ -69,16 +110,17 @@ body#h5ai-info { padding: 0; .test { + padding: 6px; + .label { display: inline-block; - width: 370px; + width: 250px; } .result { display: inline-block; - width: 70px; + width: 250px; text-align: right; font-weight: bold; - color: #aaa; &.passed { color: #5a5; @@ -91,7 +133,7 @@ body#h5ai-info { margin: 4px 0 12px 12px; font-size: 0.7em; color: #aaa; - width: 370px; + width: 380px; line-height: 1.2em; } } diff --git a/src/_h5ai/client/js/inc/info.js b/src/_h5ai/client/js/inc/info.js index c5c75c7b..d02387aa 100644 --- a/src/_h5ai/client/js/inc/info.js +++ b/src/_h5ai/client/js/inc/info.js @@ -1,36 +1,59 @@ modulejs.define('info', ['$', 'config'], function ($, config) { - var template = '
  • ' + - '' + - '' + - '
    ' + - '
    • ', + var testsTemp = + '
    ' + + '
      ' + + '
    ', + + testTemp = + '
  • ' + + '' + + '' + + '
    ' + + '
    • ', + + loginTemp = + '
    ' + + '' + + 'login' + + 'logout' + + '
    ' + + 'The preset password is the empty string, so just hit login. ' + + 'You might change it in the index file if you want to keep these informations private!' + + '
    ' + + '
    ', setup = config.setup, - $tests = $("#tests"), - - addTest = function (label, info, passed, result) { - - $(template) - .find('.label') - .text(label) - .end() - .find('.result') - .addClass(passed ? 'passed' : 'failed') - .text(result ? result : (passed ? 'yes' : 'no')) - .end() - .find('.info') - .html(info) - .end() - .appendTo($tests); - }, addTests = function () { + var addTest = function (label, info, passed, result) { + + $(testTemp) + .find('.label') + .text(label) + .end() + .find('.result') + .addClass(passed ? 'passed' : 'failed') + .text(result ? result : (passed ? 'yes' : 'no')) + .end() + .find('.info') + .html(info) + .end() + .appendTo('#tests'); + }; + + $(testsTemp).appendTo('body'); + + addTest( + 'Server software', 'Server is one of apache, lighttpd, nginx or cherokee', + setup.HAS_SERVER, setup.SERVER_NAME + ' ' + setup.SERVER_VERSION + ); + addTest( 'PHP version', 'PHP version >= ' + setup.MIN_PHP_VERSION, - setup.HAS_PHP_VERSION + setup.HAS_PHP_VERSION, setup.PHP_VERSION ); addTest( @@ -49,8 +72,8 @@ modulejs.define('info', ['$', 'config'], function ($, config) { ); addTest( - 'Movie thumbs', 'Command line program ffmpeg or avconv available', - setup.HAS_CMD_FFMPEG || setup.HAS_CMD_AVCONV + 'Movie thumbs', 'Command line program avconv or ffmpeg available', + setup.HAS_CMD_AVCONV || setup.HAS_CMD_FFMPEG ); addTest( @@ -69,15 +92,75 @@ modulejs.define('info', ['$', 'config'], function ($, config) { ); addTest( - 'Folder sizes', 'Command line program du available', + 'Shell du', 'Command line program du available', setup.HAS_CMD_DU ); }, + addLogin = function () { + + var request = function (data) { + + $.ajax({ + url: 'server/php/index.php', + type: 'POST', + dataType: 'JSON', + data: data + }) + .always(function () { + + window.location.reload(); + }); + }, + + onLogin = function () { + + request({ + 'action': 'login', + 'pass': $('#pass').val() + }); + }, + + onLogout = function () { + + request({ + 'action': 'logout' + }); + }, + + onKeydown = function (event) { + + if (event.which === 13) { + onLogin(); + } + }; + + $(loginTemp).appendTo('body'); + + if (setup.AS_ADMIN) { + $('#pass').remove(); + $('#login').remove(); + $('#logout').on('click', onLogout); + } else { + $('#pass').on('keydown', onKeydown).focus(); + $('#login').on('click', onLogin); + $('#logout').remove(); + } + if (setup.HAS_CUSTOM_PASSHASH) { + $('#hint').remove(); + } + }, + init = function () { - $('.idx-file .value').text(setup.INDEX_HREF); - addTests(); + $('Index: ') + .appendTo('body') + .find('.value').text(setup.INDEX_HREF); + + if (setup.AS_ADMIN) { + addTests(); + } + addLogin(); }; init(); diff --git a/src/_h5ai/index.html.jade b/src/_h5ai/index.html.jade index 83e1a86d..31b49efa 100644 --- a/src/_h5ai/index.html.jade +++ b/src/_h5ai/index.html.jade @@ -20,13 +20,6 @@ html.no-js.browser( lang="en" ) h1 a( href="{{pkg.url}}" ) {{pkg.name}} - span.build-version version {{pkg.version}} - span.build-stamp {{stamp}} - span.idx-file Index: - code.value - - h2 Server Setup - ul#tests div#bottombar.clearfix span.left diff --git a/src/_h5ai/server/php/inc/class-api.php b/src/_h5ai/server/php/inc/class-api.php index 445ccbd3..86db2bc3 100644 --- a/src/_h5ai/server/php/inc/class-api.php +++ b/src/_h5ai/server/php/inc/class-api.php @@ -8,7 +8,7 @@ class Api { public function __construct($app) { - $this->actions = array("get", "getThumbHref", "download", "upload", "delete", "rename"); + $this->actions = array("login", "logout", "get", "getThumbHref", "download"); $this->app = $app; $this->options = $app->get_options(); } @@ -24,6 +24,21 @@ class Api { } + private function on_login() { + + $pass = use_request_param("pass"); + $_SESSION[AS_ADMIN_SESSION_KEY] = sha1($pass) === PASSHASH; + json_exit(array("as_admin" => $_SESSION[AS_ADMIN_SESSION_KEY])); + } + + + private function on_logout() { + + $_SESSION[AS_ADMIN_SESSION_KEY] = false; + json_exit(array("as_admin" => $_SESSION[AS_ADMIN_SESSION_KEY])); + } + + private function on_get() { $response = array(); diff --git a/src/_h5ai/server/php/inc/class-app.php b/src/_h5ai/server/php/inc/class-app.php index ec0ed64f..8448646d 100644 --- a/src/_h5ai/server/php/inc/class-app.php +++ b/src/_h5ai/server/php/inc/class-app.php @@ -26,11 +26,21 @@ class App { $consts = get_defined_constants(true); $setup = $consts["user"]; - // $setup["PHP_VERSION"] = PHP_VERSION; - unset($setup["APP_PATH"]); - unset($setup["ROOT_PATH"]); - unset($setup["CURRENT_PATH"]); - unset($setup["CACHE_PATH"]); + + $setup["PHP_VERSION"] = PHP_VERSION; + unset($setup["AS_ADMIN_SESSION_KEY"]); + unset($setup["PASSHASH"]); + + if (!AS_ADMIN) { + unset($setup["APP_PATH"]); + unset($setup["CACHE_PATH"]); + unset($setup["CURRENT_PATH"]); + unset($setup["PHP_VERSION"]); + unset($setup["ROOT_PATH"]); + unset($setup["SERVER_NAME"]); + unset($setup["SERVER_VERSION"]); + } + return $setup; } diff --git a/src/_h5ai/server/php/inc/setup.php b/src/_h5ai/server/php/inc/setup.php index 19dc18e0..040544a9 100644 --- a/src/_h5ai/server/php/inc/setup.php +++ b/src/_h5ai/server/php/inc/setup.php @@ -10,12 +10,20 @@ function setup() { define("NAME", "{{pkg.name}}"); define("VERSION", "{{pkg.version}}"); + define("STAMP", "{{stamp}}"); define("BACKEND", "PHP"); define("API", true); define("FILE_PREFIX", "_{{pkg.name}}"); + // ADMIN + session_start(); + define("AS_ADMIN_SESSION_KEY", "__H5AI_AS_ADMIN__"); + define("AS_ADMIN", isset($_SESSION[AS_ADMIN_SESSION_KEY]) && $_SESSION[AS_ADMIN_SESSION_KEY] === true); + define("HAS_CUSTOM_PASSHASH", PASSHASH !== "da39a3ee5e6b4b0d3255bfef95601890afd80709"); + + // PHP define("MIN_PHP_VERSION", "5.3.0"); define("HAS_PHP_VERSION", version_compare(PHP_VERSION, MIN_PHP_VERSION) >= 0); @@ -38,6 +46,7 @@ function setup() { } define("SERVER_NAME", $server_name); define("SERVER_VERSION", $server_version); + define("HAS_SERVER", in_array($server_name, array("apache", "lighttd", "nginx", "cherokee"))); define("HAS_WIN_OS", strtolower(substr(PHP_OS, 0, 3)) === "win"); diff --git a/src/_h5ai/server/php/index.php b/src/_h5ai/server/php/index.php index 5a99db7b..553764a2 100644 --- a/src/_h5ai/server/php/index.php +++ b/src/_h5ai/server/php/index.php @@ -1,5 +1,17 @@ Date: Sun, 29 Jun 2014 18:26:40 +0200 Subject: [PATCH 06/14] Fix typos. --- src/_h5ai/client/js/inc/info.js | 2 +- src/_h5ai/server/php/index.php | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/_h5ai/client/js/inc/info.js b/src/_h5ai/client/js/inc/info.js index d02387aa..74df50f6 100644 --- a/src/_h5ai/client/js/inc/info.js +++ b/src/_h5ai/client/js/inc/info.js @@ -20,7 +20,7 @@ modulejs.define('info', ['$', 'config'], function ($, config) { 'logout' + '
    ' + 'The preset password is the empty string, so just hit login. ' + - 'You might change it in the index file if you want to keep these informations private!' + + 'You might change it in the index file to keep this information private.' + '
    ' + '', diff --git a/src/_h5ai/server/php/index.php b/src/_h5ai/server/php/index.php index 553764a2..5c760921 100644 --- a/src/_h5ai/server/php/index.php +++ b/src/_h5ai/server/php/index.php @@ -4,8 +4,7 @@ /********************************************************************* SHA1 hash of the info page password, the preset password is the - empty string. You might change it if you want to keep these - informations private. + empty string. You might change it to keep this information private. Online hash generator: http://www.sha1.cz/ *********************************************************************/ define("PASSHASH", "da39a3ee5e6b4b0d3255bfef95601890afd80709"); From 49d0c968b9338efc40b2493e2bd8a1b7b0211527 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Sun, 29 Jun 2014 21:11:40 +0200 Subject: [PATCH 07/14] Fix default folder download (still strange for shell-tar). --- src/_h5ai/server/php/inc/class-archive.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/_h5ai/server/php/inc/class-archive.php b/src/_h5ai/server/php/inc/class-archive.php index a78a107a..dcc099a1 100644 --- a/src/_h5ai/server/php/inc/class-archive.php +++ b/src/_h5ai/server/php/inc/class-archive.php @@ -23,7 +23,11 @@ class Archive { $this->add_hrefs($urls); if (count($this->dirs) === 0 && count($this->files) === 0) { - $this->add_dir(CURRENT_PATH, "/"); + if ($type === "php-tar") { + $this->add_dir(CURRENT_PATH, "/"); + } else { + $this->add_dir(CURRENT_PATH, "."); + } } if ($type === "php-tar") { From 122546eae1d575856f0d1e930ed4def14d6cc5d5 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Mon, 30 Jun 2014 00:14:48 +0200 Subject: [PATCH 08/14] Minor tweaks. --- src/_h5ai/client/css/inc/h5ai-info.less | 2 +- src/_h5ai/server/php/index.php | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/_h5ai/client/css/inc/h5ai-info.less b/src/_h5ai/client/css/inc/h5ai-info.less index 57424a2f..9064a82e 100644 --- a/src/_h5ai/client/css/inc/h5ai-info.less +++ b/src/_h5ai/client/css/inc/h5ai-info.less @@ -92,7 +92,7 @@ body#h5ai-info { } #hint { margin: 12px auto; - width: 320px; + width: 360px; color: @col; font-size: 12px; } diff --git a/src/_h5ai/server/php/index.php b/src/_h5ai/server/php/index.php index 5c760921..1590ad62 100644 --- a/src/_h5ai/server/php/index.php +++ b/src/_h5ai/server/php/index.php @@ -33,7 +33,6 @@ normalized_require_once("class-thumb"); setup(); $app = new App(); -header("X-Powered-By: " . NAME . "/" . VERSION); if (has_request_param("action")) { header("Content-type: application/json;charset=utf-8"); From 8fd393d34a60ef5cf5e56751909e2fcf18ac8e35 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Mon, 30 Jun 2014 03:15:27 +0200 Subject: [PATCH 09/14] Refactor PHP. --- src/_h5ai/server/php/inc/util.php | 31 ++++++++++--------------------- src/_h5ai/server/php/index.php | 8 +------- 2 files changed, 11 insertions(+), 28 deletions(-) diff --git a/src/_h5ai/server/php/inc/util.php b/src/_h5ai/server/php/inc/util.php index f3e040d4..e4bb2a3d 100644 --- a/src/_h5ai/server/php/inc/util.php +++ b/src/_h5ai/server/php/inc/util.php @@ -1,6 +1,13 @@ Date: Tue, 1 Jul 2014 03:03:41 +0200 Subject: [PATCH 10/14] Refactor PHP. --- src/_h5ai/server/php/inc/class-api.php | 2 +- src/_h5ai/server/php/inc/page.php.jade | 1 + src/_h5ai/server/php/inc/util.php | 11 +++++++---- src/_h5ai/server/php/index.php | 7 +------ 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/src/_h5ai/server/php/inc/class-api.php b/src/_h5ai/server/php/inc/class-api.php index 86db2bc3..10c51132 100644 --- a/src/_h5ai/server/php/inc/class-api.php +++ b/src/_h5ai/server/php/inc/class-api.php @@ -103,7 +103,7 @@ class Api { $response["all_items"] = $this->app->get_all_items(); } - if (count($_REQUEST)) { + if (AS_ADMIN && count($_REQUEST)) { $response["unused"] = $_REQUEST; } diff --git a/src/_h5ai/server/php/inc/page.php.jade b/src/_h5ai/server/php/inc/page.php.jade index 4b9333d9..82ddb9dc 100644 --- a/src/_h5ai/server/php/inc/page.php.jade +++ b/src/_h5ai/server/php/inc/page.php.jade @@ -2,6 +2,7 @@ - var app_href = "" - var fallback = "" + doctype 5 //if lt IE 10 diff --git a/src/_h5ai/server/php/inc/util.php b/src/_h5ai/server/php/inc/util.php index e4bb2a3d..fc2d091f 100644 --- a/src/_h5ai/server/php/inc/util.php +++ b/src/_h5ai/server/php/inc/util.php @@ -3,14 +3,18 @@ function normalize_path($path, $trailing_slash = false) { - $path = preg_replace("#\\\\+|/+#", "/", $path); + $path = preg_replace("#[\\\\/]+#", "/", $path); return preg_match("#^(\w:)?/$#", $path) ? $path : (rtrim($path, "/") . ($trailing_slash ? "/" : "")); } function json_exit($obj = array()) { - $obj["code"] = 0; + if (!isset($obj["code"])) { + $obj["code"] = 0; + } + + header("Content-type: application/json;charset=utf-8"); echo json_encode($obj); exit; } @@ -19,8 +23,7 @@ function json_exit($obj = array()) { function json_fail($code, $msg = "", $cond = true) { if ($cond) { - echo json_encode(array("code" => $code, "msg" => $msg)); - exit; + json_exit(array("code" => $code, "msg" => $msg)); } } diff --git a/src/_h5ai/server/php/index.php b/src/_h5ai/server/php/index.php index c117b81e..bfd13c08 100644 --- a/src/_h5ai/server/php/index.php +++ b/src/_h5ai/server/php/index.php @@ -13,7 +13,7 @@ define("PASSHASH", "da39a3ee5e6b4b0d3255bfef95601890afd80709"); function normalized_require_once($lib) { - require_once(preg_replace("#\\\\+|/+#", "/", dirname(__FILE__) . "/inc/${lib}.php")); + require_once(preg_replace("#[\\\\/]+#", "/", dirname(__FILE__) . "/inc/${lib}.php")); } normalized_require_once("util"); @@ -28,14 +28,9 @@ setup(); $app = new App(); if (has_request_param("action")) { - - header("Content-type: application/json;charset=utf-8"); $api = new Api($app); $api->apply(); - } else { - - header("Content-type: text/html;charset=utf-8"); define("FALLBACK", $app->get_fallback()); normalized_require_once("page"); } From b4a1bb1218ec884bf15943d288dd531f427888ad Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Tue, 1 Jul 2014 03:21:54 +0200 Subject: [PATCH 11/14] Refactor PHP. --- src/_h5ai/server/php/inc/class-api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/_h5ai/server/php/inc/class-api.php b/src/_h5ai/server/php/inc/class-api.php index 10c51132..a52d8971 100644 --- a/src/_h5ai/server/php/inc/class-api.php +++ b/src/_h5ai/server/php/inc/class-api.php @@ -19,7 +19,7 @@ class Api { $action = use_request_param("action"); json_fail(100, "unsupported request", !in_array($action, $this->actions)); - $methodname = "on_$action"; + $methodname = "on_${action}"; $this->$methodname(); } From d6695da97d05aa1f4e1d201766771a02f5465b7b Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Tue, 1 Jul 2014 20:24:10 +0200 Subject: [PATCH 12/14] Fix managed check. --- npm-debug.log | 173 +++++++++++++++++++++++++ src/_h5ai/server/php/inc/class-app.php | 2 +- 2 files changed, 174 insertions(+), 1 deletion(-) create mode 100644 npm-debug.log diff --git a/npm-debug.log b/npm-debug.log new file mode 100644 index 00000000..bbe5e459 --- /dev/null +++ b/npm-debug.log @@ -0,0 +1,173 @@ +0 info it worked if it ends with ok +1 verbose cli [ '/usr/bin/node', '/usr/bin/npm', 'install', '-g', 'fquery' ] +2 info using npm@1.4.14 +3 info using node@v0.10.29 +4 verbose node symlink /usr/bin/node +5 verbose cache add [ 'fquery', null ] +6 verbose cache add name=undefined spec="fquery" args=["fquery",null] +7 verbose parsed url { protocol: null, +7 verbose parsed url slashes: null, +7 verbose parsed url auth: null, +7 verbose parsed url host: null, +7 verbose parsed url port: null, +7 verbose parsed url hostname: null, +7 verbose parsed url hash: null, +7 verbose parsed url search: null, +7 verbose parsed url query: null, +7 verbose parsed url pathname: 'fquery', +7 verbose parsed url path: 'fquery', +7 verbose parsed url href: 'fquery' } +8 silly lockFile 9a7368bb-fquery fquery +9 verbose lock fquery /home/lars/.npm/cache/9a7368bb-fquery.lock +10 silly lockFile 9a7368bb-fquery fquery +11 silly lockFile 9a7368bb-fquery fquery +12 verbose addNamed [ 'fquery', '' ] +13 verbose addNamed [ null, '*' ] +14 silly lockFile e5526921-fquery fquery@ +15 verbose lock fquery@ /home/lars/.npm/cache/e5526921-fquery.lock +16 silly addNameRange { name: 'fquery', range: '*', hasData: false } +17 verbose url raw fquery +18 verbose url resolving [ 'https://registry.npmjs.org/', './fquery' ] +19 verbose url resolved https://registry.npmjs.org/fquery +20 info trying registry request attempt 1 at 18:48:33 +21 http GET https://registry.npmjs.org/fquery +22 http 200 https://registry.npmjs.org/fquery +23 silly registry.get cb [ 200, +23 silly registry.get { date: 'Tue, 01 Jul 2014 16:48:33 GMT', +23 silly registry.get server: 'CouchDB/1.5.0 (Erlang OTP/R16B03)', +23 silly registry.get etag: '"DFHDQXLRHLZ7Y1EXB5YI3U9MI"', +23 silly registry.get 'content-type': 'application/json', +23 silly registry.get 'cache-control': 'max-age=30', +23 silly registry.get 'content-length': '29084', +23 silly registry.get 'accept-ranges': 'bytes', +23 silly registry.get via: '1.1 varnish', +23 silly registry.get age: '0', +23 silly registry.get 'x-served-by': 'cache-fra1220-FRA', +23 silly registry.get 'x-cache': 'MISS', +23 silly registry.get 'x-cache-hits': '0', +23 silly registry.get 'x-timer': 'S1404233313.482664,VS0,VE367', +23 silly registry.get vary: 'Accept', +23 silly registry.get 'keep-alive': 'timeout=10, max=50', +23 silly registry.get connection: 'Keep-Alive' } ] +24 silly addNameRange number 2 { name: 'fquery', range: '*', hasData: true } +25 silly addNameRange versions [ 'fquery', +25 silly addNameRange [ '0.1.0', +25 silly addNameRange '0.2.0', +25 silly addNameRange '0.3.0', +25 silly addNameRange '0.4.0', +25 silly addNameRange '0.5.0', +25 silly addNameRange '0.6.0', +25 silly addNameRange '0.7.0', +25 silly addNameRange '0.8.0', +25 silly addNameRange '0.8.1', +25 silly addNameRange '0.9.0', +25 silly addNameRange '0.10.0', +25 silly addNameRange '0.11.0' ] ] +26 verbose addNamed [ 'fquery', '0.11.0' ] +27 verbose addNamed [ '0.11.0', '0.11.0' ] +28 silly lockFile c56ebe5c-fquery-0-11-0 fquery@0.11.0 +29 verbose lock fquery@0.11.0 /home/lars/.npm/cache/c56ebe5c-fquery-0-11-0.lock +30 silly lockFile 2abe8ce0-mjs-org-fquery-fquery-0-11-0-tgz https://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz +31 verbose lock https://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz /home/lars/.npm/cache/2abe8ce0-mjs-org-fquery-fquery-0-11-0-tgz.lock +32 verbose addRemoteTarball [ 'https://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz', +32 verbose addRemoteTarball '034d7d4e233586f742975b2ced7b27d2fdbeba70' ] +33 info retry fetch attempt 1 at 18:48:34 +34 verbose fetch to= /tmp/npm-21334-KPbVeGat/registry.npmjs.org/fquery/-/fquery-0.11.0.tgz +35 http GET https://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz +36 http 200 https://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz +37 silly lockFile 2abe8ce0-mjs-org-fquery-fquery-0-11-0-tgz https://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz +38 silly lockFile 2abe8ce0-mjs-org-fquery-fquery-0-11-0-tgz https://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz +39 silly lockFile c56ebe5c-fquery-0-11-0 fquery@0.11.0 +40 silly lockFile c56ebe5c-fquery-0-11-0 fquery@0.11.0 +41 silly lockFile e5526921-fquery fquery@ +42 silly lockFile e5526921-fquery fquery@ +43 silly resolved [ { name: 'fquery', +43 silly resolved displayName: 'fQuery', +43 silly resolved version: '0.11.0', +43 silly resolved description: 'file selection and processing for node', +43 silly resolved url: 'http://larsjung.de/fquery/', +43 silly resolved keywords: +43 silly resolved [ 'file', +43 silly resolved 'tool', +43 silly resolved 'preprocessor', +43 silly resolved 'less', +43 silly resolved 'css', +43 silly resolved 'lesscss', +43 silly resolved 'js', +43 silly resolved 'javascript' ], +43 silly resolved author: { name: 'Lars Jung', email: 'lrsjng@gmail.com' }, +43 silly resolved license: 'MIT', +43 silly resolved repository: { type: 'git', url: 'https://github.com/lrsjng/fQuery.git' }, +43 silly resolved main: './lib/fQuery', +43 silly resolved bin: { makejs: './bin/makejs', wepp: './bin/wepp' }, +43 silly resolved dependencies: +43 silly resolved { async: '~0.2.9', +43 silly resolved 'clean-css': '~1.0.12', +43 silly resolved commander: '~2.0.0', +43 silly resolved docco: '~0.6.2', +43 silly resolved glob: '~3.2.6', +43 silly resolved 'gzip-js': '~0.3.2', +43 silly resolved handlebars: '~1.0.12', +43 silly resolved jade: '~0.34.1', +43 silly resolved jshint: '~2.1.6', +43 silly resolved less: '~1.4.2', +43 silly resolved mkdirp: '~0.3.5', +43 silly resolved moment: '~2.1.0', +43 silly resolved mustache: '~0.7.2', +43 silly resolved rimraf: '~2.2.2', +43 silly resolved semver: '~2.0.11', +43 silly resolved 'uglify-js': '~2.3.6', +43 silly resolved underscore: '~1.5.1' }, +43 silly resolved engines: { node: '>=0.8' }, +43 silly resolved readme: '# fQuery\nFile selection and processing for Node.js. `makejs` and `wepp` included.\n\n* to report a bug or make a feature request please create [a new issue](https://github.com/lrsjng/fquery/issues/new).\n* website: \n* sources: \n\nfQuery is provided under the terms of the [MIT License](https://github.com/lrsjng/fquery/blob/develop/LICENSE.md).\n\n\n## Changelog\n\n\n### v0.11.0 - *2013-08-16*\n\n* adds `newerThan`\n* adds `spawnProcess`\n* adds `hash` plugin\n* removes `css-condensed`, `live` and `zip` plugin\n* adds lazy load for plugins\n* minor fixes\n\n\n### v0.10.0 - *2013-08-09*\n\n* moves `makejs` to a new tools section\n* integrates [wepp](http://larsjung.de/wepp/)\n* replaces `rmfr` with `DELETE`, no longer needs `I_AM_SURE`\n* adds uppercase methods `MOVE`, `COPY`, `WRITE` which overwrite existing files by default\n* adds `map` function\n\n\n### v0.9.0 - *2013-07-31*\n\n* fixes\n* updates `async` to `0.2.9`\n* updates `clean-css` to `1.0.12`\n* updates `commander` to `2.0.0`\n* updates `css-condense` to `0.0.6`\n* updates `docco` to `0.6.2`\n* updates `glob` to `3.2.6`\n* updates `handlebars` to `1.0.12`\n* updates `jade` to `0.34.1`\n* updates `jshint` to `2.1.6`\n* updates `less` to `1.4.2`\n* updates `mkdirp` to `0.3.5`\n* updates `moment` to `2.1.0`\n* updates `mustache` to `0.7.2`\n* updates `rimraf` to `2.2.2`\n* updates `semver` to `2.0.11`\n* updates `uglify-js` to `2.3.6`\n* updates `underscore` to `1.5.1`\n\n\n### v0.8.1 - *2012-09-15*\n\n* improves git plugin\n\n\n### v0.8.0 - *2012-09-13*\n\n* updates version method\n* updates git plugin\n\n\n### v0.7.0 - *2012-09-12*\n\n* adds header option to uglifyjs and cssmin plugin\n* adds cleancss plugin\n* adds csscondense plugin\n* adds githash plugin\n* adds shzip plugin\n* minor fixes\n\n\n### v0.6.0 - *2012-08-14*\n\n* adds linebreak option to uglifyjs and cssmin plugin\n\n\n### v0.5.0 - *2012-08-12*\n\n* adds globs in `includify`\n\n\n### v0.4.0 - *2012-08-11*\n\n* add plugin handlebars\n\n\n### v0.3.0 - *2012-08-05*\n\n* interface nearly done\n\n\n### v0.2.0 - *2012-07-26*\n\n* still initial changes\n\n\n### v0.1.0 - *2012-07-20*\n\n* initial release\n\n', +43 silly resolved readmeFilename: 'README.md', +43 silly resolved bugs: { url: 'https://github.com/lrsjng/fQuery/issues' }, +43 silly resolved _id: 'fquery@0.11.0', +43 silly resolved dist: +43 silly resolved { shasum: '034d7d4e233586f742975b2ced7b27d2fdbeba70', +43 silly resolved tarball: 'http://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz' }, +43 silly resolved _from: 'fquery@', +43 silly resolved _npmVersion: '1.3.5', +43 silly resolved _npmUser: { name: 'lrsjng', email: 'lrsjng@gmail.com' }, +43 silly resolved maintainers: [ [Object] ], +43 silly resolved directories: {}, +43 silly resolved _shasum: '034d7d4e233586f742975b2ced7b27d2fdbeba70', +43 silly resolved _resolved: 'https://registry.npmjs.org/fquery/-/fquery-0.11.0.tgz' } ] +44 info install fquery@0.11.0 into /usr/lib +45 info installOne fquery@0.11.0 +46 info /usr/lib/node_modules/fquery unbuild +47 verbose tar unpack /home/lars/.npm/cache/fquery/0.11.0/package.tgz +48 silly lockFile f927d464-tar-usr-lib-node-modules-fquery tar:///usr/lib/node_modules/fquery +49 verbose lock tar:///usr/lib/node_modules/fquery /home/lars/.npm/cache/f927d464-tar-usr-lib-node-modules-fquery.lock +50 silly lockFile 8c765a20--cache-fquery-0-11-0-package-tgz tar:///home/lars/.npm/cache/fquery/0.11.0/package.tgz +51 verbose lock tar:///home/lars/.npm/cache/fquery/0.11.0/package.tgz /home/lars/.npm/cache/8c765a20--cache-fquery-0-11-0-package-tgz.lock +52 silly gunzTarPerm modes [ '755', '644' ] +53 error Error: EACCES, mkdir '/usr/lib/node_modules/fquery' +53 error { [Error: EACCES, mkdir '/usr/lib/node_modules/fquery'] +53 error errno: 3, +53 error code: 'EACCES', +53 error path: '/usr/lib/node_modules/fquery', +53 error fstream_type: 'Directory', +53 error fstream_path: '/usr/lib/node_modules/fquery', +53 error fstream_class: 'DirWriter', +53 error fstream_stack: +53 error [ '/usr/lib/node_modules/npm/node_modules/fstream/lib/dir-writer.js:36:23', +53 error '/usr/lib/node_modules/npm/node_modules/mkdirp/index.js:37:53', +53 error 'Object.oncomplete (fs.js:107:15)' ] } +54 error Please try running this command again as root/Administrator. +55 error System Linux 3.13.0-30-generic +56 error command "/usr/bin/node" "/usr/bin/npm" "install" "-g" "fquery" +57 error cwd /home/lars/env/workspace/h5ai +58 error node -v v0.10.29 +59 error npm -v 1.4.14 +60 error path /usr/lib/node_modules/fquery +61 error fstream_path /usr/lib/node_modules/fquery +62 error fstream_type Directory +63 error fstream_class DirWriter +64 error code EACCES +65 error errno 3 +66 error stack Error: EACCES, mkdir '/usr/lib/node_modules/fquery' +67 error fstream_stack /usr/lib/node_modules/npm/node_modules/fstream/lib/dir-writer.js:36:23 +67 error fstream_stack /usr/lib/node_modules/npm/node_modules/mkdirp/index.js:37:53 +67 error fstream_stack Object.oncomplete (fs.js:107:15) +68 verbose exit [ 3, true ] diff --git a/src/_h5ai/server/php/inc/class-app.php b/src/_h5ai/server/php/inc/class-app.php index 8448646d..6b786c32 100644 --- a/src/_h5ai/server/php/inc/class-app.php +++ b/src/_h5ai/server/php/inc/class-app.php @@ -144,7 +144,7 @@ class App { public function is_managed_path($path) { - if (!is_dir($path) || strpos($path, '../') || strpos($path, '/..') || $path == '..') { + if (!is_dir($path) || strpos($path, '../') !== false || strpos($path, '/..') !== false || $path === '..') { return false; } From 75ced2d18c2d250c772dcae4a6e27d037e978e69 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Tue, 1 Jul 2014 21:39:32 +0200 Subject: [PATCH 13/14] Update changelog. --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7fbe638c..073d451e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,10 @@ ## develop branch -* ... +* adds optional info page protection +* fixes `short_open_tag` issues for PHP < 5.4.0 +* fixes default folder download (`alwaysVisible` option) +* minor fixes ## v0.25.1 - *2014-06-25* From e0aafa5f4712aa0ed95a2f27ef958ca02d82df51 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Tue, 1 Jul 2014 22:35:32 +0200 Subject: [PATCH 14/14] Prepare release. --- CHANGELOG.md | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 073d451e..b23580a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ **h5ai** uses [semantic versioning](http://semver.org/). -## develop branch +## v0.25.2 - *2014-07-01* * adds optional info page protection * fixes `short_open_tag` issues for PHP < 5.4.0 diff --git a/package.json b/package.json index defeed00..c86db1f8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "h5ai", - "version": "0.25.1+", + "version": "0.25.2", "description": "a modern HTTP web server index", "url": "http://larsjung.de/h5ai/", "author": "Lars Jung",