clean-dot-directories: fix: clear arg envvars on loop
Otherwise, with mischevious client requests, we run out of room for all
the cut up versions of the requested resource we store copies of. This
actually crashes in a way the client does not notice, though all the
extra string processing does have a noticable performance cost.
It is possible that the result of crashing could be a request that
exposes files outside subdirectories of supported_domains, as the
remaining dot-dots would be interpreted literally. Instead of attempting
this exploit I have simply fixed the bug.
Perhaps we *should* have been using sed(1) all along...
when done reading from the client, we defensively close stdin, to
prevent potential bugs being exploitable to malicious input
toybox opens /dev/null if stdin does not exist, which crashes in a
chrooted evironment. piping in an empty string more or less
accomplishes the same thing as closing stdin would
i really do not know why toybox found this necessary.
+ `backtick -i` is now the default behaviour
+ `backtick -I` is now the old default behaviour
+ `backtick -x` is now what `-I` used to be
+ `backtick -E` was added to automatically `import -i -u`
+ `trap` no longer supports timeouts; switch to timeout(1p)
as an additional bonus, child processes of `httpd.execline` now inherit
the environment variables for the parsed start line and headers; this
allows `http-error-response.execline` to make use of the host supplied
by the client request with minimal changes.
note that `Content-Length` is currently not supplied anymore for header
responses (functional, but the HTTP/1.1 standard says you “SHOULD” use
that header); this needs fixing.
also note that `http-error-response.execline` currently forces error
status pages to use a `Content-Type` of
`application/xhtml+xml; charset=utf-8`; surely we should allow the user
to override this. (perhaps make status code *folders*, and use
constituent files `Content-Type`, perhaps `extra_headers`, and of course
`message_body`, in that directory? this interface would be less than
ideal though)