From eed09600f7317879f21de7f5ac5c07c84c495e18 Mon Sep 17 00:00:00 2001
From: Sergey Lyubka <valenok@gmail.com>
Date: Tue, 25 Dec 2012 11:49:41 +0000
Subject: [PATCH] Ignoring .htpasswd file for PUT and DELETE requests. Those
use separate passwords file.
---
mongoose.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/mongoose.c b/mongoose.c
index 9e41ea752..9257e9aa4 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -4171,6 +4171,11 @@ int mg_upload(struct mg_connection *conn, const char *destination_dir) {
return num_uploaded_files;
}
+static int is_put_or_delete_request(const struct mg_connection *conn) {
+ const char *s = conn->request_info.request_method;
+ return s != NULL && (!strcmp(s, "PUT") || !strcmp(s, "DELETE"));
+}
+
// This is the heart of the Mongoose's logic.
// This function is called when the request is read, parsed and validated,
// and Mongoose must decide what action to take: serve a file, or
@@ -4192,7 +4197,7 @@ static void handle_request(struct mg_connection *conn) {
get_remote_ip(conn), ri->uri);
DEBUG_TRACE(("%s", ri->uri));
- if (!check_authorization(conn, path)) {
+ if (!is_put_or_delete_request(conn) && !check_authorization(conn, path)) {
send_authorization_request(conn);
#if defined(USE_WEBSOCKET)
} else if (is_websocket_request(conn)) {
@@ -4204,10 +4209,9 @@ static void handle_request(struct mg_connection *conn) {
send_options(conn);
} else if (conn->ctx->config[DOCUMENT_ROOT] == NULL) {
send_http_error(conn, 404, "Not Found", "Not Found");
- } else if ((!strcmp(ri->request_method, "PUT") ||
- !strcmp(ri->request_method, "DELETE")) &&
- (conn->ctx->config[PUT_DELETE_PASSWORDS_FILE] == NULL ||
- is_authorized_for_put(conn) != 1)) {
+ } else if (is_put_or_delete_request(conn) &&
+ (conn->ctx->config[PUT_DELETE_PASSWORDS_FILE] == NULL ||
+ is_authorized_for_put(conn) != 1)) {
send_authorization_request(conn);
} else if (!strcmp(ri->request_method, "PUT")) {
put_file(conn, path);
--
GitLab