GetErrorPage() only generates the HTML for the error page while PrintErrorPage()
actually makes sure the error page is sent with the correct HTTP status code.
(We sent all error pages with status "200 OK"!)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2039 726aef4b-f618-498e-8847-2d620e286838
(but different ports), any web login session from ZNC #1 would overwrite the session from
ZNC #2. While doing this, also removed an unnecessary check in CHTTPSock::SendCookie and
CHTTPSock::GetRequestCookies (which doesn't transparently translate cookie names and has
never been used so far).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2030 726aef4b-f618-498e-8847-2d620e286838
Instead of having the template files and images in /usr/share/znc/www/<mod>/,
modules now get to use /usr/share/znc/<mod>/tmpl/ and files/ for this purpose.
This puts those directories for static data to good use again and might even fix
some bugs (after all, the code for that dir is older and more tested than the
new code for www/).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1997 726aef4b-f618-498e-8847-2d620e286838
When one now finishes a web request with PAGE_DONE, the code actively calls
Close(CLT_AFTERWRITE) which one previously had to call explicitly. This means
there is finally a difference between PAGE_DONE and PAGE_DEFERRED. ;)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1981 726aef4b-f618-498e-8847-2d620e286838
Until now, the code checked for <moddir>/www/<mod name> and just used
./modules/www/<mod name> if the other dir didn't exist.
Now we calculate the correct path from the module's shared object's path, which
is the correct thing to do.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1967 726aef4b-f618-498e-8847-2d620e286838
At the beginning of lines, one uses tabs for indenting. In the middle of the
line, you use spaces. If you want two different lines to line up with each
other, you start them with the same number of tabs and use spaces for the rest
of the indenting in the "other" line.
Really, that's how one does it!
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1963 726aef4b-f618-498e-8847-2d620e286838
To achieve that, split internal cookie jar into a jar for received cookies
and one for cookies that are to be sent with the response.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1840 726aef4b-f618-498e-8847-2d620e286838
When e.g. imapauth started handling a login from WebMods it opened a new TCP
connection etc. This took time, but WebMods didn't actually wait for the login
to finish which caused the login to fail later on since the HTTP socket was
already destroyed.
This fixes it by letting the HTTP sock just hang. Once the login finishes,
CHTTPSock::Redirect() is called to let it come back to life again.
Thanks to DarthGandalf for finding this issue.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1834 726aef4b-f618-498e-8847-2d620e286838
Instead of return a bool, this now returns an enum. This explains the meaning of
the returned value better and will be used in the next commit to fix a bug.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1833 726aef4b-f618-498e-8847-2d620e286838
This changes CHTTPSock so that one can handle HTTP requests asynchronously.
This is done by not forcing a page to be sent out in the caller of
OnPageRequest() but instead requiring a call to the new function
CHTTPSock::PrintPage().
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1830 726aef4b-f618-498e-8847-2d620e286838
If a user who is currently logged in to WebMods is deleted, his CWebSession
still kept a stale CUser pointer around. The next time he loaded a web page,
Bad Things(tm) happened.
This is fixed by deleting all of a user's sessions when that user is deleted.
Thanks to DarthGandalf for spotting the bug and writing the patch.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1827 726aef4b-f618-498e-8847-2d620e286838
When a CWebSock was destroyed before its CWebAuth, the CWebAuth dereferenced a
stale pointer once it was used again. Fix this by calling
CAuthBase::Invalidate() appropriately.
Thanks to DarthGandalf for finding this.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1826 726aef4b-f618-498e-8847-2d620e286838
We now use a lot more data for generating the session id which is fed to a hash
to make it impossible to attack specific parts of the input.
Also we now retry generating a new session id in the (improbable) case of
collision with an existing session id.
Thanks a lot to cnu for pointing out the weakness in the old code by stealing my
session cookie, you evil hacker!
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1819 726aef4b-f618-498e-8847-2d620e286838
