HTTP standard doesn't allow it and no sane clients should ever use it.
function old new delta
handle_incoming_and_exit 2795 2785 -10
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
send_headers_and_exit(HTTP_BAD_REQUEST);
/* Determine type of request (GET/POST) */
send_headers_and_exit(HTTP_BAD_REQUEST);
/* Determine type of request (GET/POST) */
- urlp = strpbrk(iobuf, " \t");
+ // rfc2616: method and URI is separated by exactly one space
+ //urlp = strpbrk(iobuf, " \t"); - no, tab isn't allowed
+ urlp = strchr(iobuf, ' ');
if (urlp == NULL)
send_headers_and_exit(HTTP_BAD_REQUEST);
*urlp++ = '\0';
if (urlp == NULL)
send_headers_and_exit(HTTP_BAD_REQUEST);
*urlp++ = '\0';
if (strcasecmp(iobuf, request_GET) != 0)
send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
#endif
if (strcasecmp(iobuf, request_GET) != 0)
send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
#endif
- urlp = skip_whitespace(urlp);
+ // rfc2616: method and URI is separated by exactly one space
+ //urlp = skip_whitespace(urlp); - should not be necessary
if (urlp[0] != '/')
send_headers_and_exit(HTTP_BAD_REQUEST);
if (urlp[0] != '/')
send_headers_and_exit(HTTP_BAD_REQUEST);