Fabian Keil [Sat, 24 Feb 2007 12:27:32 +0000 (12:27 +0000)]
Improve cookie expiration date detection.
Fabian Keil [Fri, 23 Feb 2007 14:59:54 +0000 (14:59 +0000)]
Speed up NULL byte escaping and only log the complete
NULL byte requests with header debugging enabled.
Fabian Keil [Fri, 23 Feb 2007 14:24:37 +0000 (14:24 +0000)]
List Peter Hyman (pete4abw) as contributor.
He sent in several useful problem reports.
hal9 [Fri, 23 Feb 2007 12:17:19 +0000 (12:17 +0000)]
Adding adtech.de from Actionsfile feedback item #
1665682 by Adam Piggott.
Fabian Keil [Wed, 21 Feb 2007 18:42:10 +0000 (18:42 +0000)]
Answer requests that contain NULL bytes with
a custom response instead of waiting for more
data until the client eventually hangs up.
Fabian Keil [Wed, 21 Feb 2007 14:10:23 +0000 (14:10 +0000)]
- Fix a js-annoyances pcrs command that broke
evaluated code. (BR #
1124071, thanks to Bor Gergely)
- Have unsolicited-popups and all-popups catch the
wheather.com popup reported in in AF #
1640173.
hal9 [Mon, 19 Feb 2007 11:22:48 +0000 (11:22 +0000)]
Adding back the orginal filter content to offset problems found by Fabian.
hal9 [Sat, 17 Feb 2007 13:29:44 +0000 (13:29 +0000)]
Updates to the crude parental filter per Feature Requests item #
1648657.
Fabian Keil [Wed, 14 Feb 2007 17:15:36 +0000 (17:15 +0000)]
Allow access to Privoxy's CGI pages, don't call trusted
domains "safe", note that "+" is unsafe in most environments
and remove the comment about "*" (doesn't work).
Fabian Keil [Tue, 13 Feb 2007 15:10:26 +0000 (15:10 +0000)]
Apparently fopen()ing in "binary" mode doesn't require
#ifdefs, it's already done without them in cgiedit.c.
Fabian Keil [Tue, 13 Feb 2007 14:35:25 +0000 (14:35 +0000)]
Replace hash escaping code to prevent
crashes, memory and file corruption.
Fabian Keil [Tue, 13 Feb 2007 13:59:24 +0000 (13:59 +0000)]
Remove redundant log message.
Fabian Keil [Sat, 10 Feb 2007 17:03:32 +0000 (17:03 +0000)]
Sync with CVS.
Fabian Keil [Sat, 10 Feb 2007 17:01:37 +0000 (17:01 +0000)]
Don't overlook map result for the forwarding-type.
Fabian Keil [Sat, 10 Feb 2007 16:55:22 +0000 (16:55 +0000)]
- Show forwarding settings on the show-url-info page
- Fix some HTML syntax errors.
Fabian Keil [Thu, 8 Feb 2007 19:44:49 +0000 (19:44 +0000)]
Use a transparent background for the PNG replacement pattern.
Fabian Keil [Thu, 8 Feb 2007 19:12:35 +0000 (19:12 +0000)]
Don't run server_content_length() the first time
sed() parses server headers; only adjust the
Content-Length header if the page was modified.
Fabian Keil [Wed, 7 Feb 2007 16:52:11 +0000 (16:52 +0000)]
Fix log messages regarding the cookie time format
(cookie and request URL were mixed up).
Fabian Keil [Wed, 7 Feb 2007 11:52:40 +0000 (11:52 +0000)]
Fix suse-dist as described in BR#
1654052.
(I didn't test it, but it's done the same
way in redhat-dist which is known to work).
Fabian Keil [Wed, 7 Feb 2007 11:27:12 +0000 (11:27 +0000)]
- Let decompress_iob()
- not corrupt the content if decompression fails
early. (the first byte(s) were lost).
- use pointer arithmetics with defined outcome for
a change.
- Use a different kludge to remember a failed decompression.
Fabian Keil [Wed, 7 Feb 2007 11:12:02 +0000 (11:12 +0000)]
- Move delivery and logging of crunched responses
from chat() into send_crunch_response().
- Display the reason for generating http_responses.
- Log the content length for LOG_LEVEL_CLF correctly
(still incorrect for some fixed responses).
- Reword an incorrect comment about
treat-forbidden-connects-like-blocks violating
the specs.
- Add some log messages.
Fabian Keil [Wed, 7 Feb 2007 10:55:20 +0000 (10:55 +0000)]
- Save the reason for generating http_responses.
- Block (+block) with status code 403 instead of 404.
- Use a different kludge to remember a failed decompression.
Fabian Keil [Wed, 7 Feb 2007 10:45:22 +0000 (10:45 +0000)]
- Save the reason for generating http_responses.
- Fix --disable-toggle (again).
- Use TBL birthday hack for 403 responses as well.
- Uglify the @menu@ again to fix JavaScript
errors on the "blocked" template.
- Escape an ampersand in cgi_error_unknown().
Fabian Keil [Wed, 7 Feb 2007 10:36:16 +0000 (10:36 +0000)]
Add new http_response member to save
the reason why the response was generated.
Fabian Keil [Mon, 5 Feb 2007 16:47:31 +0000 (16:47 +0000)]
- Let banners-by-link look for "advert".
- Fix XML systax problems with banners-by-link
and banners-by-size (AF#
1651570).
hal9 [Mon, 5 Feb 2007 12:08:52 +0000 (12:08 +0000)]
Two new user tracking submissions from Adam Piggot.
Fabian Keil [Wed, 31 Jan 2007 16:25:24 +0000 (16:25 +0000)]
Update copyright range for the About message.
Fabian Keil [Wed, 31 Jan 2007 16:21:38 +0000 (16:21 +0000)]
Search for Max-Forwards headers case-insensitive,
don't generate the "501 unsupported" message for invalid
Max-Forwards values and don't increase negative ones.
hal9 [Wed, 31 Jan 2007 11:43:44 +0000 (11:43 +0000)]
Two recent submissions via the Actions file tracker, one for domain squatting
pop-ups and one for projectwonderful banner ads.
Fabian Keil [Tue, 30 Jan 2007 13:05:26 +0000 (13:05 +0000)]
- Let server_set_cookie() check the expiration date
of cookies and don't touch the ones that are already
expired. Fixes problems with low quality web applications
as described in BR 932612.
- Adjust comment in client_max_forwards to reality;
remove invalid Max-Forwards headers.
Fabian Keil [Sun, 28 Jan 2007 16:11:23 +0000 (16:11 +0000)]
Accept WebDAV methods for subversion
in parse_http_request(). Closes FR
1581425.
Fabian Keil [Sun, 28 Jan 2007 13:41:18 +0000 (13:41 +0000)]
- Add HEAD support to finish_http_response.
- Add error favicon to internal HTML error messages.
Fabian Keil [Sat, 27 Jan 2007 13:13:44 +0000 (13:13 +0000)]
- Add config file entries for "templdir",
"accept-intercepted-requests" and "split-large-forms".
- Update meaning of debug 128 which is used by all
redirecting actions now.
Fabian Keil [Sat, 27 Jan 2007 13:09:16 +0000 (13:09 +0000)]
Add new config option "templdir" to
change the templates directory.
hal9 [Sat, 27 Jan 2007 11:51:36 +0000 (11:51 +0000)]
Two changes related to yahoo. One unblocker and one better regex for blocking
submitted by Justin McMurty.
Fabian Keil [Sat, 27 Jan 2007 10:52:56 +0000 (10:52 +0000)]
Move mutex initialization into separate
function and exit in case of errors.
Fabian Keil [Fri, 26 Jan 2007 15:33:46 +0000 (15:33 +0000)]
Stop filter_header() from unintentionally removing
empty header lines that were enlisted by the continue
hack.
Fabian Keil [Fri, 26 Jan 2007 14:18:42 +0000 (14:18 +0000)]
- Start to reduce chat()'s line count and move
parts of it into separate functions.
- Add "HTTP/1.1 100 Continue" hack for BR 756734.
Fabian Keil [Thu, 25 Jan 2007 15:02:46 +0000 (15:02 +0000)]
- Comment cosmetic.
- Suggest to check the show-status page
and to make sure the forwarders are running.
(I expect this page to be mostly reached by
Tor users who forgot to actually start the Tor client.)
Fabian Keil [Thu, 25 Jan 2007 14:18:32 +0000 (14:18 +0000)]
Fix template name in comments.
Fabian Keil [Thu, 25 Jan 2007 14:16:54 +0000 (14:16 +0000)]
Add "forwarding-failed" template,
currently only used for socks errors
Fabian Keil [Thu, 25 Jan 2007 14:09:45 +0000 (14:09 +0000)]
- Save errors in socks4_connect() to csp->error_message.
- Silence some gcc43 warnings, hopefully the right way.
Fabian Keil [Thu, 25 Jan 2007 14:02:30 +0000 (14:02 +0000)]
- Add Proxy-Agent header to HTTP snippets that are
supposed to reach HTTP clients only.
- Made a few CONNECT log messages more descriptive.
- Catch completely empty server responses (as seen
with Tor's fake ".noconnect" top level domain).
- Use shiny new "forwarding-failed" template for socks errors.
Fabian Keil [Thu, 25 Jan 2007 13:47:26 +0000 (13:47 +0000)]
Added "forwarding-failed" template support for error_response().
Fabian Keil [Thu, 25 Jan 2007 13:38:20 +0000 (13:38 +0000)]
Freez csp->error_message in sweep().
Fabian Keil [Thu, 25 Jan 2007 13:36:59 +0000 (13:36 +0000)]
Add csp->error_message for failure reasons
that should be embedded into the CGI pages.
Fabian Keil [Wed, 24 Jan 2007 12:56:52 +0000 (12:56 +0000)]
- Repeat the request URL before logging any headers.
Makes reading the log easier in case of simultaneous requests.
- If there are more than one Content-Type headers in one request,
use the first one and remove the others.
- Remove "newval" variable in server_content_type().
It's only used once.
Fabian Keil [Tue, 23 Jan 2007 16:07:10 +0000 (16:07 +0000)]
- Add favicon link.
Fabian Keil [Tue, 23 Jan 2007 16:03:17 +0000 (16:03 +0000)]
- Add favicon links.
- Remove useless W3C validator links.
Fabian Keil [Tue, 23 Jan 2007 15:51:17 +0000 (15:51 +0000)]
Add favicon delivery functions.
Fabian Keil [Tue, 23 Jan 2007 15:10:24 +0000 (15:10 +0000)]
Remove useless W3C validator link.
Fabian Keil [Tue, 23 Jan 2007 13:14:32 +0000 (13:14 +0000)]
- Map variables that aren't guaranteed to be
pure ASCII html_encoded.
- Use CGI_PREFIX to generate URL for user manual
CGI page to make sure CGI_SITE_2_PATH is included.
Fabian Keil [Mon, 22 Jan 2007 17:43:12 +0000 (17:43 +0000)]
- Update to reflect recent changes.
- Mention that we don't relicense included non-GPL code.
Fabian Keil [Mon, 22 Jan 2007 16:06:28 +0000 (16:06 +0000)]
Disable prevent-compression for all default
settings. It's no longer needed for filtering,
now that Privoxy has zlib support.
Change Medium's hide-referrer mode from "forge"
to the superior "conditional-block".
Fabian Keil [Mon, 22 Jan 2007 15:34:13 +0000 (15:34 +0000)]
- "Protect" against a rather lame JavaScript-based
Privoxy detection "attack" and check the referrer
before delivering the CGI style sheet.
- Move referrer check for unsafe CGI pages into
referrer_is_safe() and log the result.
- Map @url@ in cgi-error-disabled page.
It's required for the "go there anyway" link.
- Mark *csp as immutable for grep_cgi_referrer().
Fabian Keil [Mon, 22 Jan 2007 15:15:08 +0000 (15:15 +0000)]
- Be a bit more descriptive about why CGI access
has been denied and what the user can do about it.
- Add a "go there anyway" link to pass the referrer check.
- Add empty table summary to silence validator warning.
- Remove the useless W3C validator link.
Fabian Keil [Mon, 22 Jan 2007 13:15:00 +0000 (13:15 +0000)]
#include CSS to be prepared for the send-stylesheet
referrer check that will arrive soonish.
Fabian Keil [Mon, 22 Jan 2007 13:12:43 +0000 (13:12 +0000)]
White space cosmetics for #include.
Fabian Keil [Mon, 22 Jan 2007 13:09:32 +0000 (13:09 +0000)]
- #include CSS to be prepared for the send-stylesheet
referrer check that will arrive soonish.
- Add empty table summary to silence validator warnings.
- Remove the useless W3C validator link.
hal9 [Mon, 22 Jan 2007 03:07:46 +0000 (03:07 +0000)]
Added fixes for user tracking and ads exposed on floodle.net
hal9 [Sat, 20 Jan 2007 23:00:51 +0000 (23:00 +0000)]
Two ads coming from wunderground.com, and exception for compression problems
with compusa.com
Fabian Keil [Sat, 20 Jan 2007 16:29:38 +0000 (16:29 +0000)]
Suppress edit buttons for action files if Privoxy has
no write access. Suggested by Roland in PR
1564026.
Fabian Keil [Sat, 20 Jan 2007 15:31:31 +0000 (15:31 +0000)]
Display warning if show-url-info CGI page
is used while Privoxy is toggled off.
Fabian Keil [Sat, 20 Jan 2007 13:24:29 +0000 (13:24 +0000)]
- Add block pattern "/.*(top|bottom|left|right)_?ad".
Closes action file tracker
1616457,
thanks to Adam Piggott for reporting.
- Enable fast-redirects for bloglines.com.
Closes action file tracker
1593393,
thanks to Davide Alberani for reporting.
- Add leading dot for -filter patterns "cvs.",
"svn." and "websvn".
- Update suggested hide-if-modified-since random
range which is nowadays interpreted as minutes
instead of hours.
Fabian Keil [Fri, 19 Jan 2007 16:13:00 +0000 (16:13 +0000)]
Cure yahoo logout problems reported in support
request #
1635354 and rant about yahoo defaults.
Fabian Keil [Thu, 18 Jan 2007 15:03:20 +0000 (15:03 +0000)]
Don't include replacement timegm() if
putenv() or tzset() isn't available.
Fabian Keil [Thu, 18 Jan 2007 14:55:45 +0000 (14:55 +0000)]
Check for tzset() and putenv() to make sure the
replacement timegm() isn't included on systems
where it fails to compile.
hal9 [Tue, 16 Jan 2007 10:54:36 +0000 (10:54 +0000)]
Fix a 'classifiedad' problem and add guesttrace as a user tracker.
Fabian Keil [Fri, 12 Jan 2007 15:41:00 +0000 (15:41 +0000)]
Remove some white space at EOL.
Fabian Keil [Fri, 12 Jan 2007 15:36:44 +0000 (15:36 +0000)]
Mark *csp as immutable for is_untrusted_url()
and is_imageurl(). Closes FR
1237736.
Fabian Keil [Fri, 12 Jan 2007 15:20:17 +0000 (15:20 +0000)]
Temporarily ignore external libpcrs to prevent
problems that are fixed in Privoxy's own version.
Fabian Keil [Fri, 12 Jan 2007 15:07:10 +0000 (15:07 +0000)]
Use zalloc in cgi_send_user_manual.
Fabian Keil [Fri, 12 Jan 2007 15:03:02 +0000 (15:03 +0000)]
Correct a cast, check inflateEnd() exit code
to see if we have to, replace sprintf calls
with snprintf.
Fabian Keil [Tue, 9 Jan 2007 11:54:26 +0000 (11:54 +0000)]
Fix strdup() error handling in cgi_error_unknown()
and cgi_error_no_template(). Reported by Markus Elfring.
joergs [Sun, 7 Jan 2007 07:43:43 +0000 (07:43 +0000)]
AmigaOS4 support added.
joergs [Sun, 7 Jan 2007 07:40:52 +0000 (07:40 +0000)]
Added AmigaOS4 support and made it work on AmigaOS 3.x with current sources.
joergs [Sun, 7 Jan 2007 07:38:10 +0000 (07:38 +0000)]
Disabled -pipe for AmigaOS4.
joergs [Sun, 7 Jan 2007 07:36:36 +0000 (07:36 +0000)]
Added AmigaOS4 support.
Fabian Keil [Sat, 6 Jan 2007 14:24:38 +0000 (14:24 +0000)]
Mark *csp as immutable for parse_http_url()
and url_match().
Fabian Keil [Sat, 6 Jan 2007 14:23:56 +0000 (14:23 +0000)]
Fix gcc43 warnings. Mark *csp as immutable
for parse_http_url() and url_match().
Replace a sprintf call with snprintf.
Fabian Keil [Fri, 5 Jan 2007 15:46:12 +0000 (15:46 +0000)]
Don't use strlen() to calculate the length of
the pcrs substitutes. They don't have to be valid C
strings and getting their length wrong can result in
user-controlled memory corruption.
Thanks to Felix Gröbert for reporting the problem
and providing the fix [#
1627140].
Fabian Keil [Fri, 5 Jan 2007 14:19:02 +0000 (14:19 +0000)]
Handle pcrs_execute() errors in template_fill() properly.
Fabian Keil [Wed, 3 Jan 2007 14:39:19 +0000 (14:39 +0000)]
Fix a gcc43 warning and mark the binbuffer
as immutable for buf_getbyte().
Fabian Keil [Tue, 2 Jan 2007 12:49:46 +0000 (12:49 +0000)]
Add FEATURE_ZLIB to the list of conditional
defines at the show-status page.
David Schmidt [Tue, 2 Jan 2007 01:39:52 +0000 (01:39 +0000)]
Ulrich Spoerlein's patch to remove whitespace
Fabian Keil [Mon, 1 Jan 2007 19:36:37 +0000 (19:36 +0000)]
Integrate a modified version of Wil Mahan's
zlib patch (PR #895531).
Fabian Keil [Sun, 31 Dec 2006 22:21:33 +0000 (22:21 +0000)]
Skip empty filter files in filter_header()
but don't ignore the ones that come afterwards.
Fixes BR
1619208, this time for real.
Fabian Keil [Sun, 31 Dec 2006 17:56:38 +0000 (17:56 +0000)]
Added config option accept-intercepted-requests
and disabled it by default.
Fabian Keil [Sun, 31 Dec 2006 15:03:31 +0000 (15:03 +0000)]
Fix gcc43 compiler warnings and a comment.
Fabian Keil [Sun, 31 Dec 2006 14:25:20 +0000 (14:25 +0000)]
Fix gcc43 compiler warnings.
Fabian Keil [Fri, 29 Dec 2006 19:08:22 +0000 (19:08 +0000)]
Reverted parts of my last commit
to keep error handling working.
Fabian Keil [Fri, 29 Dec 2006 18:30:46 +0000 (18:30 +0000)]
Fixed gcc43 conversion warnings,
changed sprintf calls to snprintf.
Fabian Keil [Fri, 29 Dec 2006 18:04:40 +0000 (18:04 +0000)]
Fixed gcc43 conversion warnings.
Fabian Keil [Fri, 29 Dec 2006 17:53:05 +0000 (17:53 +0000)]
Fixed gcc43 conversion warnings.
Fabian Keil [Fri, 29 Dec 2006 17:38:57 +0000 (17:38 +0000)]
Fixed gcc43 conversion warnings.
Fabian Keil [Thu, 28 Dec 2006 19:21:23 +0000 (19:21 +0000)]
Fixed gcc43 warning and enabled list_is_valid()'s loop
detection again. It was ineffective since the removal of
the arbitrary list length limit two years ago.
Fabian Keil [Thu, 28 Dec 2006 18:25:53 +0000 (18:25 +0000)]
Fixed gcc43 compiler warning.
Fabian Keil [Thu, 28 Dec 2006 18:16:41 +0000 (18:16 +0000)]
Fixed gcc43 compiler warnings, zero out cgi_send_user_manual's
body memory before using it, replaced sprintf calls with snprintf.
Fabian Keil [Thu, 28 Dec 2006 18:04:25 +0000 (18:04 +0000)]
Fixed gcc43 conversion warnings.
Fabian Keil [Thu, 28 Dec 2006 17:54:22 +0000 (17:54 +0000)]
Fixed gcc43 conversion warnings and replaced sprintf
calls with snprintf to give OpenBSD's gcc one less reason
to complain.