[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 488: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4762: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4764: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4765: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4766: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3897)
newlispfanclub.alh.net • View topic - parameter for http only

parameter for http only

Q&A's, tips, howto's

parameter for http only

Postby protozen » Fri Nov 17, 2017 1:17 am

When using -http, should newlisp still be processing file writing requests etc.. like with (write-file "http://xzy.com/index.html" "blah"). This is happening on several newlisp versions on windows and linux. If this is intended behavior, is there a simple way to disable it?
protozen
 
Posts: 36
Joined: Thu Aug 22, 2013 4:02 am

Re: parameter for http only

Postby Lutz » Fri Nov 17, 2017 7:00 am

Lutz
 
Posts: 5279
Joined: Thu Sep 26, 2002 4:45 pm
Location: Pasadena, California

Re: parameter for http only

Postby protozen » Fri Nov 17, 2017 7:05 am

Thank you.
protozen
 
Posts: 36
Joined: Thu Aug 22, 2013 4:02 am

Re: parameter for http only

Postby protozen » Sat Nov 18, 2017 7:39 pm

Actually that doesn't work, but it's a good way to redefine methods to implement a form of permissions. What I mean is that when you run newlisp as a process with -http as in;

newlisp -http -d 8080 src.lsp

and in other newlisp process (write-file "http://localhost:8080/blah.txt" "write test") ... you'll find blah.txt with "write test" contents in the cwd of "newlisp -http -d 8080 src.lsp" .

I know we're not really suppose to use it as production, but for simple sites, I would like to use the embedded server, but the above issues allows people to use file functions to overwrite pages etc... Files can be made write protected, but this is a small band-aid and doesn't really solve other issues. Is there a way to prevent the remote file processing?

I also see external actors trying to use it as an http proxy, as this is how it shows up in nmap. I've not looked into the implementation or security issues, just looking for quick and simple site publishing.
protozen
 
Posts: 36
Joined: Thu Aug 22, 2013 4:02 am

Re: parameter for http only

Postby ralph.ronnquist » Sun Nov 19, 2017 8:21 am

You might want to check out ,
ralph.ronnquist
 
Posts: 216
Joined: Mon Jun 02, 2014 1:40 am
Location: Melbourne, Australia

Re: parameter for http only

Postby Lutz » Sun Nov 19, 2017 2:25 pm

In newLISP version 10.7.4 a new server mode using the -http-safe flag on server start will suppress HTTP PUT and DELETE requests. This will cause 'write-file and delete-file with url', 'put-url' and 'delete-url' functions issued from a newLISP client to return the text message "Server in safe mode".

http://www.newlisp.org/downloads/develo ... nprogress/

Ps: files can still be uploaded via a POST request, but require a server side script.
Lutz
 
Posts: 5279
Joined: Thu Sep 26, 2002 4:45 pm
Location: Pasadena, California

Re: parameter for http only

Postby protozen » Mon Nov 20, 2017 1:00 am

Ah great thanks Lutz!
protozen
 
Posts: 36
Joined: Thu Aug 22, 2013 4:02 am


Return to newLISP in the real world

Who is online

Users browsing this forum: No registered users and 1 guest

cron