1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
--- bin/standalone.py.orig 2025-07-22 12:12:06 UTC
+++ bin/standalone.py
@@ -191,18 +191,17 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe
</html>"""
)
- def is_viewvc(self):
+ def is_viewvc(self, path):
"""Check whether self.path is, or is a child of, the ScriptAlias"""
+ if not path.startswith("/"):
+ return False
if not options.script_alias:
- return 1
- if self.path == "/" + options.script_alias:
- return 1
- alias_len = len(options.script_alias)
- if self.path[: (alias_len + 2)] == "/" + options.script_alias + "/":
- return 1
- if self.path[: (alias_len + 2)] == "/" + options.script_alias + "?":
- return 1
- return 0
+ return True
+ if path == "/" + options.script_alias:
+ return True
+ if path.startswith("/" + options.script_alias + "/"):
+ return True
+ return False
def validate_password(self, htpasswd_file, username, password):
"""Compare USERNAME and PASSWORD against HTPASSWD_FILE."""
@@ -219,8 +218,18 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe
# NOTE: Much of this is adapter from Python's standard library
# module CGIHTTPServer.
+ i = self.path.rfind("?")
+ if i >= 0:
+ path = _unquote(self.path[:i], "utf-8", "surrogateescape")
+ query = self.path[(i + 1) :]
+ else:
+ path = _unquote(self.path)
+ query = ""
+ # normalize path
+ path = os.path.normpath(path) + ("/" if path[-1] == "/" else "")
+
# Is this request even aimed at ViewVC? If not, complain.
- if not self.is_viewvc():
+ if not self.is_viewvc(path):
raise NotViewVCLocationException()
# If htpasswd authentication is enabled, try to authenticate the user.
@@ -245,12 +254,7 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe
scriptname = options.script_alias and "/" + options.script_alias or ""
- rest = self.path[len(scriptname) :]
- i = rest.rfind("?")
- if i >= 0:
- rest, query = rest[:i], rest[(i + 1) :]
- else:
- query = ""
+ rest = path[len(scriptname) :]
# Since we're going to modify the env in the parent, provide empty
# values to override previously set values
@@ -274,8 +278,7 @@ class ViewVCHTTPRequestHandler(_http_server.BaseHTTPRe
env["SERVER_PROTOCOL"] = self.protocol_version
env["SERVER_PORT"] = str(self.server.server_port)
env["REQUEST_METHOD"] = self.command
- uqrest = _unquote(rest, "utf-8", "surrogateescape")
- env["PATH_INFO"] = uqrest
+ env["PATH_INFO"] = rest
env["SCRIPT_NAME"] = scriptname
if query:
env["QUERY_STRING"] = query
|
