* if we need the first urlpart, we musn't move it just left, but add another one...

[citadel.git] / webcit / context_loop.c

diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index c2943f07e221142ce7fb28f89edebf4f3ab777b2..7af1790c1cbf491564e47fb61071ae1fddf11870 100644 (file)
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -48,6 +48,7 @@ void DestroySession(struct wcsession **sessions_to_kill)
        DeleteHash(&((*sessions_to_kill)->ServCfg));
        FreeStrBuf(&((*sessions_to_kill)->UrlFragment1));
        FreeStrBuf(&((*sessions_to_kill)->UrlFragment2));
+       FreeStrBuf(&((*sessions_to_kill)->UrlFragment3));
        FreeStrBuf(&((*sessions_to_kill)->WBuf));
        FreeStrBuf(&((*sessions_to_kill)->HBuf));
        FreeStrBuf(&((*sessions_to_kill)->CLineBuf));
@@ -356,7 +357,7 @@ void context_loop(int *sock)
                    (isspace(*ChrPtr(Line)))) {
                        pch = pchs = ChrPtr(Line);
                        pche = pchs + StrLength(Line);
-                       while (isspace(pch) && (pch < pche))
+                       while (isspace(*pch) && (pch < pche))
                                pch ++;
                        StrBufCutLeft(Line, pch - pchs);
                        StrBufAppendBuf(LastLine, Line, 0);
@@ -395,7 +396,9 @@ void context_loop(int *sock)
        }
 
        /**
-        * Browser-based sessions use cookies for session authentication
+        * Browser-based sessions use cookies for session 
+
+authentication
         */
        if (GetHash(HTTPHeaders, HKEY("COOKIE"), &vLine) && 
            (vLine != NULL)) {
@@ -410,14 +413,14 @@ void context_loop(int *sock)
        if (GetHash(HTTPHeaders, HKEY("AUTHORIZATION"), &vLine) && 
            (vLine != NULL)) {
                Line = (StrBuf*)vLine;
-               if (strncasecmp(ChrPtr(Line), "Basic ", 6)) {
+               if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
                        StrBufCutLeft(Line, 6);
                        CtdlDecodeBase64(httpauth_string, ChrPtr(Line), StrLength(Line));
                        extract_token(httpauth_user, httpauth_string, 0, ':', sizeof httpauth_user);
                        extract_token(httpauth_pass, httpauth_string, 1, ':', sizeof httpauth_pass);
                }
                else 
-                       lprintf(1, "Authentication sheme not supported! [%s]\n", ChrPtr(Line));
+                       lprintf(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
        }
 
        if (GetHash(HTTPHeaders, HKEY("IF-MODIFIED-SINCE"), &vLine) && 
@@ -444,7 +447,7 @@ void context_loop(int *sock)
        StrBufCutLeft(ReqLine, StrLength(ReqType) + 1);
        StrBufCutRight(ReqLine, StrLength(HTTPVersion) + 1);
 
-       if ((StrLength(ReqLine) >= 8) &&
+       if ((follow_xff == 1) && (StrLength(ReqLine) >= 8) &&
            (ptr = strstr(ChrPtr(ReqLine), "/webcit/"), /*< Handle "/webcit/" */
             (ptr != NULL))) {
                StrBufCutLeft(ReqLine, 7);
@@ -454,6 +457,7 @@ void context_loop(int *sock)
 #ifdef TECH_PREVIEW
        if ((strncmp(ChrPtr(ReqLine), "/sslg", 5) != 0) &&
            (strncmp(ChrPtr(ReqLine), "/static/", 8) != 0) &&
+           (strncmp(ChrPtr(ReqLine), "/tiny_mce/", 10) != 0) &&
            (strncmp(ChrPtr(ReqLine), "/wholist_section", 16) != 0) &&
            (strstr(ChrPtr(ReqLine), "wholist_section") == NULL)) {
 #endif