1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
- - - - - - - - - - high priority - - - - - - - - - -
IPv6 not working right.
Problem with ACME News downloads. PATH_INFO interferes with the authorization.
Why is the client's IP address showing up in paths?
Fetches with numeric IP addresses and no Host: header are screwing up the
vhost code?
143.90.193.229 - - [06/Apr/2000:09:21:34 -0700] "GET /209.133.38.22/software/thttpd/ HTTP/1.0" 200 12093 "http://www.dbphotography.demon.co.uk/index.html" "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)"
143.90.193.229 - - [06/Apr/2000:09:21:37 -0700] "GET /143.90.193.229/software/thttpd/anvil_thttpd.gif HTTP/1.0" 403 - "http://www.acme.com/software/thttpd/" "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)"
Have directory indexing skip files that start with dot? Except ..?
In libhttpd.c:
+ if (*(de->d_name) == '.' && *(de->d_name+1) != '.')
+ continue;
namlen = NAMLEN(de);
Add comment on INDEX_NAMES that it should be simple filenames only.
The error page generated for non-local referers should include the
original URL as an active link.
Does the initgroups() call work? Or does it need to be moved to
before the chroot()?
Make open in mmc.c use O_NONBLOCK flag, to prevent DOS attack via
a named pipe?
- - - - - - - - - - later - - - - - - - - - -
Document how symlinks interact with .htpasswd - authorization is checked
on the result of the symlink, and not the origin.
SIGHUP log re-opening doesn't work if you started as root.
Change redirect to put the Refresh command in the HTTP headers, instead of
a META tag.
Add TCP_NODELAY, but after CGIs get spawned.
Add stat cache? 1 minute expiry?
Ifdef the un-close-on-exec CGI thing for Linux only.
Add keep-alives, via a new state in thttpd.c.
- - - - - - - - - - someday - - - - - - - - - -
The special world-permissions checking is probably bogus. For one
thing, it doesn't handle restrictive permissions on parent directories
properly. It should probably just go away.
redirect should interpret a path with a trailing / as /index.html
ssi should change $cwd to the source document's location.
Allow .throttle files in individual directories.
Log-digesting scripts.
Config web page.
Common errors:
Not realizing that -c overrides CGI_PATTERN instead of augmenting it.
Using a directory name for the -c pattern.
- - - - - - - - - - 3.x - - - - - - - - - -
Tasklets re-write.
- - - - - - - - - - general - - - - - - - - - -
Release process:
- update version number in version.h README INSTALL and
contrib/redhat-rpm/thttpd.spec
- do a tdiff and update the local installation
- do an rcstreeinfo, and check in all files
- make tar
- mv it to ..
- update version number in ../thttpd.html
- update ~acmeweb/updates.html
- mail announcement to thttpd-announce
|
