smallsolar
/
libkiwix
mirror of https://github.com/kiwix/libkiwix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,489 Commits 23 Branches 58 Tags 111 MiB
Commit Graph

2489 Commits

Author SHA1 Message Date
Matthieu Gautier f2a1c0f106 Add braces around for loop's body. 2022-03-29 14:05:45 +02:00
Matthieu Gautier 2cc4befb12 Correctly display searchpattern in search result page. 
The `searchPattern` is already "diples encoded".
So we can simply using it without protecting us from script injection.

Fix #723
 2022-03-29 14:05:45 +02:00
Matthieu Gautier 3641dbf14d Handle book without xapian index. 2022-03-29 14:05:45 +02:00
Matthieu Gautier 1962262f94 Correctly handle invalid book. 
If user request for a non existent book, we must return a 400 page.
(This is done by throwing a `std::invalid_argument` and let the catch
handle it)
 2022-03-29 14:05:45 +02:00
Matthieu Gautier 7407f30790 Better cache usage. 
It is better to directly try to get the `Search` from the cache instead
of getting the `Searcher` first which could be useless in Search already
exist.
 2022-03-29 14:05:45 +02:00
Matthieu Gautier d740ffe465 Introduce SearchInfo. 
SearchInfo is a small helper structure to store information about the
queried search. It regroup already existing information (`patternString`,
geo query, ...) in one structure.
It is also used as key in the cache instead of using a generated string.
 2022-03-29 14:05:39 +02:00
Matthieu Gautier e7293346be Return http 400 error response when needed. 2022-03-28 17:37:41 +02:00
Matthieu Gautier b1643e422e Introduce HTTP400HtmlResponse. 
HTTP400HtmlResponse is build on the same design than HTTP404HtmlResponse.
 2022-03-28 17:35:15 +02:00
Kelson 574c1ad690
Merge pull request #736 from kiwix/pin_jinja2_doc 
Remove pinning of Sphinx<4
 2022-03-28 15:50:17 +02:00
Matthieu Gautier 59364a737a [WIP] Remove pinning of Sphinx<4 
It seems we add this pinning to fix a dependencies issue.
Let's remove it.
 2022-03-28 15:37:05 +02:00
Kelson 49f24d18df
Merge pull request #732 from kiwix/HTTP404HtmlResponse 
New way of building 404 error HTML responses
 2022-03-28 15:27:46 +02:00
Veloman Yunkan ec2e10b40e Moved taskbarInfo into ContentResponseBlueprint 2022-03-28 14:56:40 +02:00
Veloman Yunkan 2da8ea1650 Moved function definition to cpp 2022-03-28 14:56:40 +02:00
Veloman Yunkan 0eb8f09f79 One more victory of HTTP404HtmlResponse 
One more instance of `Response::build_404()` & `withTaskbarInfo()`
was taken over by `HTTP404HtmlResponse`.
 2022-03-28 14:56:40 +02:00
Veloman Yunkan 0ecbdbcf63 Enter TaskbarInfo 
After this change it's time to say thank you and good-bye to
`withTaskbarInfo()`. But it will take a while.
 2022-03-28 14:56:40 +02:00
Veloman Yunkan 9bc09a815c noSuchBookErrorMsg() 2022-03-28 14:56:40 +02:00
Veloman Yunkan 48d377ca44 HTTP404HtmlResponse::operator+(const std::string&) 2022-03-28 14:56:40 +02:00
Veloman Yunkan d5ae92e4e2 More uses of HTTP404HtmlResponse 2022-03-28 14:56:40 +02:00
Veloman Yunkan 1a5e2eda0f HTTP404HtmlResponse::operator+(UrlNotFoundMsg) 2022-03-28 14:56:40 +02:00
Veloman Yunkan 89785a259a Enter HTTP404HtmlResponse 2022-03-28 14:56:40 +02:00
Veloman Yunkan 668063205c Enter UrlNotFoundMsg iomanipulator-like class 2022-03-28 14:56:40 +02:00
Veloman Yunkan df98c58d07 Enter ContentResponseBlueprint 2022-03-28 14:56:40 +02:00
Veloman Yunkan ff8da65c68 Separated make404ResponseData() 2022-03-28 14:56:40 +02:00
Veloman Yunkan ae60ba806b Made 404.html error template a little more generic 
The fact that an info message was moved into C++ code is temporary
since it will be moved to a message resource file soon.
 2022-03-28 14:56:40 +02:00
Veloman Yunkan 8cfcf2ea86 A new overload of Response::build_404() 2022-03-28 14:56:40 +02:00
Veloman Yunkan 26c16bb1b2 Renamed a variable 2022-03-28 14:56:40 +02:00
Veloman Yunkan ca965d448f Got rid of 2 parameters in Response::build_404() 
Instead of passing the `bookName` and `bookTitle` parameters to
`Response::build_404()`, `withTaskbarInfo()` is applied to its result
when needed. Note, that in `InternalServer::handle_raw()`
`withTaskbarInfo()` was not utilized since the results of the `/raw`
endpoint are not supposed to be decorated with a taskbar.
 2022-03-28 14:56:40 +02:00
Veloman Yunkan 6d16d7386d Changed the signature of ContentResponse::set_taskbar() 2022-03-28 14:56:40 +02:00
Veloman Yunkan 40e9a19c48 Introduced withTaskbarInfo() helper function 
This was done in preparation for removing the `bookName` and `bookTitle`
parameters from `Response::build_404()`, but since the new function
could already be put to some use in this commit that was done too.
 2022-03-28 14:56:40 +02:00
Veloman Yunkan d487c78ea4 Changed the return type of Response::build_404() 2022-03-28 14:56:40 +02:00
Veloman Yunkan 96cbd2bf26 kiwix::onlyAsNonEmptyMustacheValue() 2022-03-28 14:56:40 +02:00
Matthieu Gautier 941c3b5df3
Merge pull request #734 from kiwix/br_10.1.0 2022-03-24 18:55:38 +01:00
Matthieu Gautier b9e40def88 New version 10.1.0 2022-03-24 18:26:35 +01:00
Kelson 116ecd1c78
Merge pull request #733 from kiwix/kelson42-patch-1 
Add release badge
 2022-03-24 17:45:54 +01:00
Kelson 8f2faf37dc
Add release badge 2022-03-24 17:45:03 +01:00
Matthieu Gautier ddc4c3ec2c
Merge pull request #727 from kiwix/testing_of_ft_search_unavailable_page 2022-03-23 15:06:47 +01:00
Veloman Yunkan 511261cc81 Testing of "Fulltext search unavailable" page 2022-03-18 15:57:11 +04:00
Veloman Yunkan aaf232bee4 Support for CSS URL in HTML response tests 2022-03-18 15:56:19 +04:00
Veloman Yunkan a3460f6f48 Supporting varying page title in HTML response tests 2022-03-18 15:50:25 +04:00
Veloman Yunkan e4a4b2f961 Extracted CSS out of no_search_results.html 2022-03-18 15:46:54 +04:00
Veloman Yunkan 389d29c92e Searching in a non-existent book is a 404 case 2022-03-18 15:46:41 +04:00
Veloman Yunkan c64fce52e7 Made 404 HTML template consistent with the rest 2022-03-18 15:46:01 +04:00
Kelson a5baafd09f
Merge pull request #725 from kiwix/safer_testing_of_html_responses 
Safer testing of HTML responses
 2022-03-18 07:03:02 +01:00
Veloman Yunkan ed46541b6f Clean-up promised in the previous commit 2022-03-11 22:53:46 +04:00
Veloman Yunkan e93ccd18d4 Robust test data in ServerTest.404WithBodyTesting 
Before this change the meaning of test data in the ServerTest.404WithBodyTesting
unit test entirely depended on the number of entries:

- 2 entries: url, expected body
- 4 entries: url, book name, book title and expected body

This was fragile and non scalable (if other combinations of expected
response data are needed).

This commit defines a mini-DSL taking advantage of operator overloading
that allows to define test data in a robust way with the help of the compiler.

Some code in `TestContentIn404HtmlResponse` is obsoleted by this change
however it is not removed in this commit so that the change is easier to
understand. That will be done next.
 2022-03-11 22:53:38 +04:00
Kelson f893777dc0
Merge pull request #721 from kiwix/xssVul 
Use encoded URLs for searchSuggestionHtml
 2022-03-09 14:33:11 +01:00
Nikhil Tanwar 04d682486a Add some tests to emulate XSS attack 2022-03-09 06:31:24 +01:00
Nikhil Tanwar 8136138492 use encoded URLs for searchSuggestionHtml 
Previously, the seachURL was not encoded.
This resulted in an XSS vulnerability, a concept of proof is:

start kiwix-serve
visit - http://192.168.18.1:8081/"><svg onload="alert(1)">
This would display an alert message.

This encodes the searchURL before passing it to searchSuggestionHtml
 2022-03-09 06:31:24 +01:00
Matthieu Gautier e48b550b68
Merge pull request #620 from kiwix/search_caching 2022-03-08 18:12:33 +01:00
Maneesh P M 6523d9f563 Retrieve SuggestionSearcher from LRU Cache 
We create a cache for SuggestionSearcher very similar to that of FT
searcher. User can specify a custom cache size using the environment
variable SUGGESTION_SEARCHER_CACHE_SIZE. It has a default value of 10%
of the number of books in the library.
 2022-03-08 17:35:39 +01:00