13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
An example of where this is useful is the
[https://sqlite.org/src/ext/checklist|checklist application] on
the [https://sqlite.org/|SQLite] project. The checklist
helps the SQLite developers track which release tests have passed,
or failed, or are still to be done. The checklist program began as a
stand-alone CGI which kept its own private user database and implemented
its on permissions and login system. By converting checklist into
a Fossil extension, the same login that works for the
[https://sqlite.org/src|main SQLite source repository] also works
for the checklist. And permission to change elements of the checklist
is based on permission to check-in to the main source repository.
<h2>2.0 How It Works</h2>
Extensions are disabled by default.
An administrator activates the CGI extension mechanism by specifying
an "Extension Root Directory" or "extroot" as part of the server setup.
If the Fossil server is itself run as CGI, then add a line to the CGI
script file that says:
<blockquote><pre>
extroot: <i>DIRECTORY</i>
|
|
|
|
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
An example of where this is useful is the
[https://sqlite.org/src/ext/checklist|checklist application] on
the [https://sqlite.org/|SQLite] project. The checklist
helps the SQLite developers track which release tests have passed,
or failed, or are still to be done. The checklist program began as a
stand-alone CGI which kept its own private user database and implemented
its own permissions and login system. By converting checklist into
a Fossil extension, the same login that works for the
[https://sqlite.org/src|main SQLite source repository] also works
for the checklist. And permission to change elements of the checklist
is based on permission to check-in to the main source repository.
<h2>2.0 How It Works</h2>
CGI Extensions are disabled by default.
An administrator activates the CGI extension mechanism by specifying
an "Extension Root Directory" or "extroot" as part of the server setup.
If the Fossil server is itself run as CGI, then add a line to the CGI
script file that says:
<blockquote><pre>
extroot: <i>DIRECTORY</i>
|
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
of the URL to work with: "/ext/checklist". Fossil extracts the "/ext"
prefix and uses that to determine that this a CGI extension request.
Then it takes the leftover "/checklist" part and appends it to the
"extroot" to get the filename "/sqlite-src-ext/checklist". Fossil finds
that file to be executable, so it runs it as CGI and returns the result.
The /sqlite-src-ext/checklist file is a
[https://wapp.tcl.tk|Wapp program]. The complete source code to the
this program can be seen at
[https://www.sqlite.org/src/ext/checklist/self].
There is a cascade of CGIs happening here. The webserver that receives
the initial HTTP request runs Fossil as a CGI based on the
"https://sqlite.org/src" portion of the URL. The Fossil instance then
runs the checklist sub-CGI based on the "/ext/checklists" suffix. The
output of the sub-CGI is read by Fossil and then relayed on to the
main webserver which in turn relays the result back to the original client.
|
|
|
>
>
|
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
of the URL to work with: "/ext/checklist". Fossil extracts the "/ext"
prefix and uses that to determine that this a CGI extension request.
Then it takes the leftover "/checklist" part and appends it to the
"extroot" to get the filename "/sqlite-src-ext/checklist". Fossil finds
that file to be executable, so it runs it as CGI and returns the result.
The /sqlite-src-ext/checklist file is a
[https://wapp.tcl.tk|Wapp program]. The current source code to the
this program can be seen at
[https://www.sqlite.org/src/ext/checklist/self] and
historical versions are available at
[https://sqlite.org/docsrc/finfo/misc/checklist.tcl].
There is a cascade of CGIs happening here. The webserver that receives
the initial HTTP request runs Fossil as a CGI based on the
"https://sqlite.org/src" portion of the URL. The Fossil instance then
runs the checklist sub-CGI based on the "/ext/checklists" suffix. The
output of the sub-CGI is read by Fossil and then relayed on to the
main webserver which in turn relays the result back to the original client.
|
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
* SCRIPT_DIRECTORY
* SCRIPT_FILENAME
* SCRIPT_NAME
* SERVER_NAME
* SERVER_PORT
* SERVER_PROTOCOL
In addition, Fossil adds the following environment variables:
The [https://sqlite.org/ext/checklist|checklist application] uses the
FOSSIL_USER environment variable to determine the name of the user and
the FOSSIL_CAPABILITIES variable to determine if the user is allowed to
mark off changes to the checklist. Only users with check-in permission
to the Fossil repository are allowed to mark off checklist items. That
means that the FOSSIL_CAPABILITIES string must contain the letter "i".
If the HTTP request includes content (for example if this is a POST request)
then the CONTENT_LENGTH value will be positive and the data for the content
will be readable on standard input.
<h2>4.0 CGI Outputs</h2>
|
>
>
>
>
>
>
>
>
>
>
>
|
|
>
>
>
|
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
* SCRIPT_DIRECTORY
* SCRIPT_FILENAME
* SCRIPT_NAME
* SERVER_NAME
* SERVER_PORT
* SERVER_PROTOCOL
Do a web search for
"[https://duckduckgo.com/?q=cgi+environment_variables|cgi environment variables]"
to find more detail about what each of the above variables mean and how
they are used.
Live listings of the values of some or all of these environment variables
can be found at links like these:
* [https://fossil-scm.org/home/test_env]
* [https://sqlite.org/src/ext/checklist/env]
In addition to the standard CGI environment variables listed above,
Fossil adds the following:
* FOSSIL_CAPABILITIES
* FOSSIL_REPOSITORY
* FOSSIL_USER
The FOSSIL_USER string is the name of the logged-in user. This variable
is missing or is an empty string if the user is not logged in. The
FOSSIL_CAPABILITIES string is a list of
[/setup_ulist_notes|Fossil capability letters] that
indicate what permissions the user has on the Fossil repository.
The FOSSIL_REPOSITORY environment variable gives the filename of the
Fossil repository that is running.
The [https://sqlite.org/src/ext/checklist|checklist application] uses the
FOSSIL_USER environment variable to determine the name of the user and
the FOSSIL_CAPABILITIES variable to determine if the user is allowed to
mark off changes to the checklist. Only users with check-in permission
to the Fossil repository are allowed to mark off checklist items. That
means that the FOSSIL_CAPABILITIES string must contain the letter "i".
Search for "FOSSIL_CAPABILITIES" in the
[https://sqlite.org/src/ext/checklist/self|source listing] to see how
this happens.
If the HTTP request includes content (for example if this is a POST request)
then the CONTENT_LENGTH value will be positive and the data for the content
will be readable on standard input.
<h2>4.0 CGI Outputs</h2>
|
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
The fields of the CGI response header can be any valid HTTP header fields.
Those that Fossil does not understand are simply relayed back to up the
line to the requester.
Fossil takes special action with some content types. If the Content-Type
is "application/x-fossil-wiki" or "application/x-markdown" then Fossil
converts the content from Fossil-wiki or Markdown into HTML, adding its
own header and footer text according to the repository skin. If the
content-type is "text/html", that is normally passed straight through
unchanged. However, if the HTML content is of the form:
<blockquote><verbatim>
<div class='fossil-doc' data-title='DOCUMENT TITLE'>
... HTML content there ...
</div>
</verbatim></blockquote>
In other words, if the outer-most markup of the HTML is a <div>
element with a single class of "fossil-doc",
then Fossil will adds its own header and footer to the HTML. The
page title contained in the added header will be extracted from the
"data-title" attribute.
Except for the three cases noted above, Fossil makes no changes or
additions to the CGI-generated content, but simply passes the verbatim
content back up the stack towards the requester.
<h2>5.0 Filename Restrictions</h2>
For security reasons, Fossil places restrictions on the names of files
in the extroot directory that can participate in the extension CGI
mechanism:
1. Filenames must consist of only ASCII alphanumeric characters,
".", "_", and "-", and of course "/" as the file separator.
Files with names that includes spaces or
other punctuation or special characters are ignored.
2. No element of the pathname can begin with "." or "-". Files or
directories whose names begin with "." or "-" are ignored.
If a CGI program requires separate data files, it is safe to put those
files in the same directory as the CGI program itself as long as the names
of the data files contain special characters that cause them to be ignored
by Fossil. For example, ensure that all datafile begin with "-" or
end with ",data" or "~data".
<h2>6.0 Trouble-Shooting Hints</h2>
Remember that the /ext will return any file in the extroot directory
hierarchy as static content if the file is readable but not executable.
When initially setting up the /ext mechanism, it is sometimes helpful
to verify that you are able to receive static content prior to working
|
|
>
|
|
|
|
|
<
|
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
|
The fields of the CGI response header can be any valid HTTP header fields.
Those that Fossil does not understand are simply relayed back to up the
line to the requester.
Fossil takes special action with some content types. If the Content-Type
is "application/x-fossil-wiki" or "application/x-markdown" then Fossil
converts the content from [/wiki_rules|Fossil-Wiki] or
[/md_rules|Markdown] into HTML, adding its
own header and footer text according to the repository skin. Content
of type "text/html" is normally passed straight through
unchanged. However, if the text/html content is of the form:
<blockquote><verbatim>
<div class='fossil-doc' data-title='DOCUMENT TITLE'>
... HTML content there ...
</div>
</verbatim></blockquote>
In other words, if the outer-most markup of the HTML is a <div>
element with a single class of "fossil-doc",
then Fossil will adds its own header and footer to the HTML. The
page title contained in the added header will be extracted from the
"data-title" attribute.
Except for the three cases noted above, Fossil makes no changes or
additions to the CGI-generated content. Fossil just passes the verbatim
content back up the stack towards the requester.
<h2>5.0 Filename Restrictions</h2>
For security reasons, Fossil places restrictions on the names of files
in the extroot directory that can participate in the extension CGI
mechanism:
1. Filenames must consist of only ASCII alphanumeric characters,
".", "_", and "-", and of course "/" as the file separator.
Files with names that includes spaces or
other punctuation or special characters are ignored.
2. No element of the pathname can begin with "." or "-". Files or
directories whose names begin with "." or "-" are ignored.
If a CGI program requires separate data files, it is safe to put those
files in the same directory as the CGI program itself as long as the names
of the data files contain special characters that cause them to be ignored
by Fossil.
<h2>6.0 Trouble-Shooting Hints</h2>
Remember that the /ext will return any file in the extroot directory
hierarchy as static content if the file is readable but not executable.
When initially setting up the /ext mechanism, it is sometimes helpful
to verify that you are able to receive static content prior to working
|