about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2014-04-15 07:10:17 +0000
committerEric Wong <e@80x24.org>2014-04-15 07:13:43 +0000
commit3f9410e7a2663dc3f341f82687bef3e9dbea336a (patch)
tree471fa11847f42e0e0df5b2ef52df93687cf74eb9
parentd95eccbe97f1a48b76c8a80fc81d88a291676cdc (diff)
downloadpublic-inbox-3f9410e7a2663dc3f341f82687bef3e9dbea336a.tar.gz
Revert "cgi: relax path restriction for top-level"
CGI mounts should probably handle this internally.  We're reverting
this since it adds too much potential for abuse with fake/extra
prefixes in the URL.  We also need to reorder our redirect handling
as a result.

This reverts commit c394de9f2c91c2c5ed1f7832a5a7cc0206120b7f.
Diffstat
-rwxr-xr-xpublic-inbox.cgi8
-rw-r--r--t/cgi.t4
2 files changed, 4 insertions, 8 deletions
diff --git a/public-inbox.cgi b/public-inbox.cgi
index 1fb96e75..9d60d1fc 100755
--- a/public-inbox.cgi
+++ b/public-inbox.cgi
@@ -17,7 +17,7 @@ use Encode qw(decode_utf8);
 use PublicInbox::Config;
 use URI::Escape qw(uri_escape uri_unescape);
 use Digest::SHA qw(sha1_hex);
-our $LISTNAME_RE = qr!\A(?:/.*?)?/([\w\.\-]+)!;
+our $LISTNAME_RE = qr!\A/([\w\.\-]+)!;
 our $pi_config;
 BEGIN {
         $pi_config = PublicInbox::Config->new;
@@ -62,7 +62,9 @@ sub main {
         # top-level indices and feeds
         if ($path_info eq "/") {
                 r404();
-        } elsif ($path_info =~ m!$LISTNAME_RE/(?:index\.html)?\z!o) {
+        } elsif ($path_info =~ m!$LISTNAME_RE\z!o) {
+                invalid_list(\%ctx, $1) || redirect_list_index(\%ctx, $cgi);
+        } elsif ($path_info =~ m!$LISTNAME_RE(?:/|/index\.html)?\z!o) {
                 invalid_list(\%ctx, $1) || get_index(\%ctx, $cgi, 1);
         } elsif ($path_info =~ m!$LISTNAME_RE/(?:all\.html)?\z!o) {
                 invalid_list(\%ctx, $1) || get_index(\%ctx, $cgi, 0);
@@ -85,8 +87,6 @@ sub main {
         } elsif ($path_info =~ m!$LISTNAME_RE/f/(\S+)\z!o) {
                 redirect_mid_html($cgi, $1, $2);
 
-        } elsif ($path_info =~ m!$LISTNAME_RE\z!o) {
-                invalid_list(\%ctx, $1) || redirect_list_index(\%ctx, $cgi);
         } else {
                 r404();
         }
diff --git a/t/cgi.t b/t/cgi.t
index 91efca50..611fb604 100644
--- a/t/cgi.t
+++ b/t/cgi.t
@@ -156,10 +156,6 @@ EOF
         $res = cgi_run("/test/m/blahblah\@example.com.txt");
         like($res->{body}, qr/Message-Id: <blahblah\@example\.com>/,
                 "mid.txt hit");
-
-        my $pfx = cgi_run("/prefixed/test/m/blahblah\@example.com.txt");
-        is_deeply($pfx, $res, "we do not have to be a top-level URL");
-
         $res = cgi_run("/test/m/blahblah\@example.con.txt");
         like($res->{head}, qr/Status: 404 Not Found/, "mid.txt miss");