3 * h_bash.c - close the input side of the pipe, so that if the
4 child dies early the parent doesn't deadlock (patch by Diego
6 * rfc2388.c, sliding_buffer.c, haserl.c - read CONTENT_LENGTH,
7 and stop reading input when CONTENT_LENGTH reached (fixes odd
8 problems where the client may not close the connection
9 properly at the end of a request [guess which clients are
10 MiStaken?]) (patch by Diego Santa Cruz)
11 * Allow "-" to be used in a field identifier (e.g. FORM["-foo"])
15 * haserl.c - fixed a stupid test for strlen that caused CGI post
16 requests to take exponentially longer amounts of time based on
17 the size of the upload
18 * h_bash.c - removed open_bash function; found that a CGI post
19 of > ~150K will cause bash to fail on the subshell. This
20 appears to be a limitation of execv, not haserl. AFAICT
21 * h_script.c - Fixed stupid error where the leading html was
22 dropped if a comment tag was used.
24 text data bss dec hex filename
25 17425 808 128 18361 47b9 src/haserl
28 * h_script.c - Added Comment tag (<%#)
29 * various - Removed syslog calls
30 text data bss dec hex filename
31 17425 808 128 18361 47b9 src/haserl
34 * haserl.c - If CONTENT_LENGTH not set, don't try to read POST
35 data (caused haserl to hang on --accept-all)
36 * configure.ac - Don't require dl on BSD/OSX (N Copa)
37 * h_script.c - Don't switch <% %> <? ?> in include files. Check
38 only on the original script (Hinko Kocevar)
39 * Workaround for cross-compiling haserl_lualib.inc (reported by
41 * haserl.* - add extern definitions to shell function pointers
42 so uClinux (gcc 3.2.3) can compile haserl (glhs329 at gmail)
43 text data bss dec hex filename
44 17584 784 128 18496 4840 src/haserl
47 * h_script.c, lua2c.c - Fixed two typos that prevented
49 * configure.ac patch to compile with pkg-config, if found
50 (ubuntu calls it lua51, not lua) - submitted by Natanael Copa
53 * h_bash.c - rc3 commented out the signal call, so an <? exit ?>
54 would cause the script to hang.
55 * h_bash.c - don't wait for the echo statement to signal end of
56 script. Do a waitpid instead. This means fd 5 is now not
58 * *lua.* - precompiled lua support, with reorganization of all
59 lua source code (Robin Haberkorn)
60 * configure.ac / makefile.am - Ability to turn off
61 shell/lua/luac (Robin Haberkorn)
62 * lua2c.c - simple luac + bin2c replacement.
63 * h_script.c / h_error.c - Use <% as the prefered tag element
64 use <? only when <% is not found in the script.
65 text data bss dec hex filename
66 17580 784 136 18500 4844 src/haserl
70 * haserl.c - Setuid/gid security fix from Timo Teras
71 * rfc2388.c - upload-handler; fixed problem if boundary
72 is not last tag in the line.
73 * haserl.c - fix in myputenv (Robin Haberkorn)
74 * sliding_buffer.c - Fixes for short reads vs eof (Andreas
76 * h_bash.c - don't exit when child dies - prevents proper
77 cleanup; argv[19] was incorrectly overwritten. (Timo Teras)
78 * text data bss dec hex filename
79 17581 784 136 18501 4845 src/haserl
82 * sliding_buffer added to reduce memory requirements on large
84 * rfc2388 completely replaces old mimedecoder; adds ability to
85 upload to a FIFO or program. (This may be a mistake)
86 * text data bss dec hex filename
87 size before 15612 716 132 16460 404c src/haserl
88 size after 17068 712 132 17912 45f8 src/haserl
92 2 code patches from Juris Kalnins based on a code audit
93 * h_errror.c : die_with_message does not write all error to stdout
94 when running under httpd
95 * haserl.c: decode_url oversteps string end on trailing or near trailing %
96 * haserl.c - If mime block doesn't have a content disposition, skip it
97 (workaround for bug in Opera 9.10)
100 * revert back to "\n" instead of ";" for echo & eval - too many edge cases
101 where it doesn't work
102 * haserl+lua compiles on FreeBSD (and possibly OSX - not tested yet)
105 * added lua info to manpage
108 * h_lua.c - ]] (or ]=] ]==] etc) are now "echo command" safe
109 * h_lua.c h_bash.c - don't add extra linebreaks in echo or eval commands.
111 * haserl.c - fixed --accept-all (was --Accept-all)
112 * h_lua.* h_bash.* haserl.h - now prints the name of the file when
113 reporting syntax or runtime error. Previously, the script was an
115 * haserl.c - removed debug message in file-upload unlink code. (oops)
116 * h_script.c - shell_exec runs "code; ", not "code\n"
117 * h_script.c - make the error reporting match the line in the source script
118 (Not perfect, but should be closer than before)
123 0.9.13_rc [major code refactoring]
125 * haserll removed; lua code is now part of the main haserl program.
126 * <?if <?el <?fi <?ab tags removed.
127 * removed the extras directory
128 * changed license to GPL2 only
131 * haserl.c Alexander Bigga pointed out the accept-all / accept-none short
132 options were wrong, and the optional argument for -u is a gnu extension.
133 * h_luascript.c if a form variable has a number component, force the variable
134 to be numeric -> foo.1.var = foo[1].var, not foo["1"].var
137 * a bash shell cannot be opened until AFTER all the environment variables are
138 placed in the environ. Now have a "pre_open..." set of functions to handle
139 the difference between lua and shell
142 * Special linking options so that lua "require" will work when linking c libraries
143 * remove <?if <?el <?fi from lua shell
146 * html outputting now uses io.write with [[ ]], so the html function
147 is much simpler and faster.
148 * added <?= eval instruction
151 * FORM and ENV global tables are populated by haserl. The code will create a
152 nested table (e.g. FORM[eth][0][type] = static; FORM[eth][1][type] = dhcp
153 * configure now knows to inlcude libm for math.
155 0.9.10_alpha0 version
156 * haserll is built if lua is found. This version will run lua scripts,
157 and handles printing html code, but does not create the FORM or ENV tables
161 * Public Release (no changes from rc1)
164 * haserl.c remove check for LABEL and GOTO tags (they don't exist, and
165 cause segfaults on secure OS'es)
167 * haserldb.c - added strftime strptime functions
170 * haserl.c - unlink all uploaded files at the end of the script
171 * haserl.c - --upload-none option added to prevent parsing stdin as
172 web server content (for haserl scripts called from haserl scripts)
173 * haserl.c - if its a GET request and --accept-all is set, then silently
174 ignore the post content if CONTENT_LENGTH is not set.
177 * h_subshell.c - renable code to run user-specified shell
180 * Fix memory overwrite bug when processing NULL length HTML tags
181 * Fix syntax typos in man page examples
182 (Both reported by Martin Begheyn)
186 * common.c, haserldb.c, haserl.c
187 argc_argv now passes a argv_t pointer around; which includes
188 an indicator if the string was quoted or not. This allows
189 keywords to be used as literal strings:
190 haserldb \"fetch"\ username store
191 * Large chunks of haserl were refactored.
192 * haserl.c, h_script.c
193 If an HTML token is entirely whitespace, output is suppressed.
194 The "Verbatim" flag is no longer supported.
196 HTML tokens are passed as "echo -n" commands, so the "debug"
197 option can be used to actually print out the shell script that would
199 All tokens are passed to the subshell, and then the parent haserl waits
200 for the script to end. This means that the <?if <?el <?fi tokens are
201 no longer needed, although still supported (for now).
202 <? while ... ?>stuff<? do ?>
207 * haserldb.c - sort, rsort, merge and split functions
208 * haserl.c - fix off-by-one error on include files (included
209 files were incorrectly truncated)
210 * silently rejects argv beyond argv[2]
211 http://192.168.0.1/test.cgi?--upload-limit%3d2059&foo%3dbar
212 should not not reset the upload limit. This duplicates
213 0.8.0 behaviour, broke in 0.9.3
214 * haserl.c --silent option (don't print errors advertizing
216 * haserldb.c - realloc might not allocate enough space for
217 the new token in getCommandString - fixed
220 * haserl.c - command-line parsing now uses optarg - "haserl foo.txt"
221 now works; new command-line options supported.
222 * haserl.c new command-line options (upload-limit, verbatim,
224 * haserl.c - found some memory-overwrite errors in loadscript
226 * haserl.c - token parsing routine (BuildTokenList) refactored.
227 * HASERL_* vars are now populated from above command-line
229 * haserl.c - --accept-all functionalitiy added
230 * haserl.c - <?ab?> command now causes non-zero return code
231 * haserl.c - <?include .... ?> function added
232 * haserl.1 - man page updated
235 * extras dirs contains a example login system -
236 login.cgi, index.cgi, loginlib.sh, haserldb-howto.txt
237 * haserldb.c - RAM-db is now live throughout a run, so
238 the RAM-db is now extra storage through run of system
239 * Some language keyword changes to make the language a
240 little more orthogonal - repl->sub, clear->empty
242 0.9.1 version (not released)
243 * common.c - Improved parsing - now handles empty strings
244 and arbitrary comment delimiters correctly. This improved
245 haserldb's command parsing considerably.
246 * haserldb.c - New functions: ifstack ifempty if
249 * added haserldb (common.* lists.* sha256.* haserldb.*)
250 * An example of using haserldb is in the extras directory:
251 (haserldb-howto.txt, loginlib.sh, login.cgi)
254 * configure.ac - Remove check for malloc, as it fails
256 * No other changes, upgraded the version number to a
257 "stable" release because no real problems have been
258 reported with this code.
261 * configure.ac / configure - include signal.h define in config.h
262 to compile properly with gcc 2.95.3
263 * extras/* - tutorial removed; buttons and a few examples moved here
264 * doc/haserl.1 - a real manual page
267 * haserl.c - misc fixes from Eric Titl to compile with gcc 2.95.3
269 (include SIGNAL_H for sigchild; move variable declaration to
270 top of function in ReadMimeEncodedInput)
273 No change from 0.7.0 - version # incremented because
274 of a sourceforge upload fault.
276 * haserl.c - The interpreter now starts a single subshell, and
277 all commands are run from that shell. State is now
278 preserved between code blocks. (Thanks to Arne Bernin
279 for suggestions on getting this working.)
280 * haserl.c - a "u" must be on the command line (#!/usr/bin/haserl -u)
281 to allow file uploads. (Security feature - prevent
282 malicious clients from uploading abitrary data to /tmp)
283 * haserl.c - attempt to set uid/gid to the owner/group of the
285 * tutorial/*.in - fix the tutorial to reflect changes above
288 * haserl.c - HASERL_VAR_PREFIX (config.h) prefixed to
289 all user supplied strings. This is to prevent
290 the client from easily polluting global namespace,
291 such as "foo?SCRIPT_NAME=/blah.txt"
295 * haserl.c - <? (run) tags can now be delimited by
296 space, tab, or newline. This means <?\n will
300 * haserl.c - HTTP_COOKIE is now parsed and the contents
301 placed in env variables before any other
305 * haserl.c - "abort" doesn't follow the standard of 2 chars
306 (if/el/fi); changed to "ab"
309 * haserl.c/.h: Added the "abort" directive.
310 * tutorial/language.cgi.in - documented the abort function
311 * tutorial/source.cgi.in - added the code to make the "source"
312 link at the bottom of each web page work.
315 * haserl.c: The name of the tempfile created by a mime-upload
316 was not stored in the variable by that name. Fixed.
319 0.4.0 version ------------------------------------
322 * haserl.c: Fixed problem with POST data reading stdin "twice"
323 * tutorial/* all web pages are now in the tutorial
326 * haserl.c: WCVER is now HASERLVER; fixed problem with POSTs returning
327 "unable to read from stdin"
331 * haserl.c / haserl.h: Project renamed to haserl
332 (Html And Shell Embedded Runtime Language)
333 (Html And Shell Extraction and Report Language) (a.k.a pERL)
335 Added code to specify maximum upload size, to prevent
336 20GB file uploads. Current compile default is 2MB
339 Make -Wall -O2 CFLAG defaults
343 * Added autoconf/automake support
345 * webconf.c: added code to support and use autoconf/automake constructs,
347 added code to protect from uploads of arbitrary size (compile-time
348 setting up MAX_UPLOAD_MB)
350 added logic to allow a "zero-length" upload to proceed - its
351 /possible/ someone does a post without any form elements