Ignoring .htpasswd file for PUT and DELETE requests. Those use separate passwords file.

eed09600 · Sergey Lyubka · 8d6634ff · eed09600
Commit eed09600 authored Dec 25, 2012 by Sergey Lyubka
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 5 deletions

mongoose.c mongoose.c +9 -5

No files found.
--- a/mongoose.c
+++ b/mongoose.c
@@ -4171,6 +4171,11 @@ int mg_upload(struct mg_connection *conn, const char *destination_dir) {
  return num_uploaded_files;
 }

+static int is_put_or_delete_request(const struct mg_connection *conn) {
+  const char *s = conn->request_info.request_method;
+  return s != NULL && (!strcmp(s, "PUT") || !strcmp(s, "DELETE"));
+}
+
 // This is the heart of the Mongoose's logic.
 // This function is called when the request is read, parsed and validated,
 // and Mongoose must decide what action to take: serve a file, or
@@ -4192,7 +4197,7 @@ static void handle_request(struct mg_connection *conn) {
                                get_remote_ip(conn), ri->uri);

  DEBUG_TRACE(("%s", ri->uri));
-  if (!check_authorization(conn, path)) {
+  if (!is_put_or_delete_request(conn) && !check_authorization(conn, path)) {
    send_authorization_request(conn);
 #if defined(USE_WEBSOCKET)
  } else if (is_websocket_request(conn)) {
@@ -4204,8 +4209,7 @@ static void handle_request(struct mg_connection *conn) {
    send_options(conn);
  } else if (conn->ctx->config[DOCUMENT_ROOT] == NULL) {
    send_http_error(conn, 404, "Not Found", "Not Found");
-  } else if ((!strcmp(ri->request_method, "PUT") ||
-        !strcmp(ri->request_method, "DELETE")) &&
+  } else if (is_put_or_delete_request(conn) &&
             (conn->ctx->config[PUT_DELETE_PASSWORDS_FILE] == NULL ||
              is_authorized_for_put(conn) != 1)) {
    send_authorization_request(conn);