29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
An administrator activates the CGI extension mechanism by specifying
an "Extension Root Directory" or "extroot" as part of the
[./server/index.html|server setup].
If the Fossil server is itself run as
[./server/any/cgi.md|CGI], then add a line to the
[./cgi.wiki#extroot|CGI script file] that says:
<blockquote><pre>
</pre></blockquote>
Or, if the Fossil server is being run using the
"[./server/any/none.md|fossil server]" or
"[./server/any/none.md|fossil ui]" or
"[./server/any/inetd.md|fossil http]" commands, then add an extra
"--extroot <i>DIRECTORY</i>" option to that command.
The <i>DIRECTORY</i> is the DOCUMENT_ROOT for the CGI.
Files in the DOCUMENT_ROOT are accessed via URLs like this:
<blockquote>
https://example-project.org/ext/<i>FILENAME</i>
</blockquote>
In other words, access files in DOCUMENT_ROOT by appending the filename
relative to DOCUMENT_ROOT to the [/help?cmd=/ext|/ext]
page of the Fossil server.
Files that are readable but not executable are returned as static
content. Files that are executable are run as CGI.
<h3>2.1 Example #1</h3>
The source code repository for SQLite is a Fossil server that is run
as CGI. The URL for the source code repository is [https://sqlite.org/src].
The CGI script looks like this:
<blockquote><verbatim>
</verbatim></blockquote>
The "extroot: /sqlite-src-ext" line tells Fossil that it should look for
extension CGIs in the /sqlite-src-ext directory. (All of this is happening
inside of a chroot jail, so putting the document root in a top-level
directory is a reasonable thing to do.)
When a URL like "https://sqlite.org/src/ext/checklist" is received by the
|
|
|
|
|
|
|
|
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
An administrator activates the CGI extension mechanism by specifying
an "Extension Root Directory" or "extroot" as part of the
[./server/index.html|server setup].
If the Fossil server is itself run as
[./server/any/cgi.md|CGI], then add a line to the
[./cgi.wiki#extroot|CGI script file] that says:
<pre>
extroot: <i>DIRECTORY</i>
</pre>
Or, if the Fossil server is being run using the
"[./server/any/none.md|fossil server]" or
"[./server/any/none.md|fossil ui]" or
"[./server/any/inetd.md|fossil http]" commands, then add an extra
"--extroot <i>DIRECTORY</i>" option to that command.
The <i>DIRECTORY</i> is the DOCUMENT_ROOT for the CGI.
Files in the DOCUMENT_ROOT are accessed via URLs like this:
<pre>
https://example-project.org/ext/<i>FILENAME</i>
</pre>
In other words, access files in DOCUMENT_ROOT by appending the filename
relative to DOCUMENT_ROOT to the [/help?cmd=/ext|/ext]
page of the Fossil server.
Files that are readable but not executable are returned as static
content. Files that are executable are run as CGI.
<h3>2.1 Example #1</h3>
The source code repository for SQLite is a Fossil server that is run
as CGI. The URL for the source code repository is [https://sqlite.org/src].
The CGI script looks like this:
<verbatim>
#!/usr/bin/fossil
repository: /fossil/sqlite.fossil
errorlog: /logs/errors.txt
extroot: /sqlite-src-ext
</verbatim>
The "extroot: /sqlite-src-ext" line tells Fossil that it should look for
extension CGIs in the /sqlite-src-ext directory. (All of this is happening
inside of a chroot jail, so putting the document root in a top-level
directory is a reasonable thing to do.)
When a URL like "https://sqlite.org/src/ext/checklist" is received by the
|
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
main web server which in turn relays the result back to the original client.
<h3>2.2 Example #2</h3>
The [https://fossil-scm.org/home|Fossil self-hosting repository] is also
a CGI that looks like this:
<blockquote><verbatim>
</verbatim></blockquote>
The extroot for this Fossil server is /fossil-extroot and in that directory
is an executable file named "fileup1" - another [https://wapp.tcl.tk|Wapp]
script. (The extension mechanism is not required to use Wapp. You can use
any kind of program you like. But the creator of SQLite and Fossil is fond
of [https://www.tcl.tk|Tcl/Tk] and so he tends to gravitate toward Tcl-based
technologies like Wapp.) The fileup1 script is a demo program that lets
|
|
|
|
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
main web server which in turn relays the result back to the original client.
<h3>2.2 Example #2</h3>
The [https://fossil-scm.org/home|Fossil self-hosting repository] is also
a CGI that looks like this:
<verbatim>
#!/usr/bin/fossil
repository: /fossil/fossil.fossil
errorlog: /logs/errors.txt
extroot: /fossil-extroot
</verbatim>
The extroot for this Fossil server is /fossil-extroot and in that directory
is an executable file named "fileup1" - another [https://wapp.tcl.tk|Wapp]
script. (The extension mechanism is not required to use Wapp. You can use
any kind of program you like. But the creator of SQLite and Fossil is fond
of [https://www.tcl.tk|Tcl/Tk] and so he tends to gravitate toward Tcl-based
technologies like Wapp.) The fileup1 script is a demo program that lets
|
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
|
header and footer, then the inserted header will include a
Content Security Policy (CSP) restriction on the use of javascript within
the webpage. Any <script>...</script> elements within the
CGI output must include a nonce or else they will be suppressed by the
web browser. The FOSSIL_NONCE variable contains the value of that nonce.
So, in other words, to get javascript to work, it must be enclosed in:
<blockquote><verbatim>
</verbatim></blockquote>
Except, of course, the $FOSSIL_NONCE is replaced by the value of the
FOSSIL_NONCE environment variable.
<h3>3.1 Input Content</h3>
If the HTTP request includes content (for example if this is a POST request)
then the CONTENT_LENGTH value will be positive and the data for the content
will be readable on standard input.
<h2>4.0 CGI Outputs</h2>
CGI programs construct a reply by writing to standard output. The first
few lines of output are parameters intended for the web server that invoked
the CGI. These are followed by a blank line and then the content.
Typical parameter output looks like this:
<blockquote><verbatim>
</verbatim></blockquote>
CGI programs can return any content type they want - they are not restricted
to text replies. It is OK for a CGI program to return (for example)
image/png.
The fields of the CGI response header can be any valid HTTP header fields.
Those that Fossil does not understand are simply relayed back to up the
line to the requester.
Fossil takes special action with some content types. If the Content-Type
is "text/x-fossil-wiki" or "text/x-markdown" then Fossil
converts the content from [/wiki_rules|Fossil-Wiki] or
[/md_rules|Markdown] into HTML, adding its
own header and footer text according to the repository skin. Content
of type "text/html" is normally passed straight through
unchanged. However, if the text/html content is of the form:
<blockquote><verbatim>
</verbatim></blockquote>
In other words, if the outer-most markup of the HTML is a <div>
element with a single class of "fossil-doc",
then Fossil will adds its own header and footer to the HTML. The
page title contained in the added header will be extracted from the
"data-title" attribute.
|
|
|
|
|
|
|
|
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
|
header and footer, then the inserted header will include a
Content Security Policy (CSP) restriction on the use of javascript within
the webpage. Any <script>...</script> elements within the
CGI output must include a nonce or else they will be suppressed by the
web browser. The FOSSIL_NONCE variable contains the value of that nonce.
So, in other words, to get javascript to work, it must be enclosed in:
<verbatim>
<script nonce='$FOSSIL_NONCE'>...</script>
</verbatim>
Except, of course, the $FOSSIL_NONCE is replaced by the value of the
FOSSIL_NONCE environment variable.
<h3>3.1 Input Content</h3>
If the HTTP request includes content (for example if this is a POST request)
then the CONTENT_LENGTH value will be positive and the data for the content
will be readable on standard input.
<h2>4.0 CGI Outputs</h2>
CGI programs construct a reply by writing to standard output. The first
few lines of output are parameters intended for the web server that invoked
the CGI. These are followed by a blank line and then the content.
Typical parameter output looks like this:
<verbatim>
Status: 200 OK
Content-Type: text/html
</verbatim>
CGI programs can return any content type they want - they are not restricted
to text replies. It is OK for a CGI program to return (for example)
image/png.
The fields of the CGI response header can be any valid HTTP header fields.
Those that Fossil does not understand are simply relayed back to up the
line to the requester.
Fossil takes special action with some content types. If the Content-Type
is "text/x-fossil-wiki" or "text/x-markdown" then Fossil
converts the content from [/wiki_rules|Fossil-Wiki] or
[/md_rules|Markdown] into HTML, adding its
own header and footer text according to the repository skin. Content
of type "text/html" is normally passed straight through
unchanged. However, if the text/html content is of the form:
<verbatim>
<div class='fossil-doc' data-title='DOCUMENT TITLE'>
... HTML content there ...
</div>
</verbatim>
In other words, if the outer-most markup of the HTML is a <div>
element with a single class of "fossil-doc",
then Fossil will adds its own header and footer to the HTML. The
page title contained in the added header will be extracted from the
"data-title" attribute.
|