1 |
- - - - - - - - - - high priority - - - - - - - - - - |
2 |
|
3 |
Why is the client's IP address showing up in paths? |
4 |
|
5 |
Add option to syslog to a named pipe, for use in chroot trees. |
6 |
|
7 |
Fetches with numeric IP addresses and no Host: header are screwing up the |
8 |
vhost code? |
9 |
143.90.193.229 - - [06/Apr/2000:09:21:34 -0700] "GET /209.133.38.22/software/thttpd/ HTTP/1.0" 200 12093 "http://www.dbphotography.demon.co.uk/index.html" "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)" |
10 |
143.90.193.229 - - [06/Apr/2000:09:21:37 -0700] "GET /143.90.193.229/software/thttpd/anvil_thttpd.gif HTTP/1.0" 403 - "http://www.acme.com/software/thttpd/" "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)" |
11 |
|
12 |
Have directory indexing skip files that start with dot? Except ..? |
13 |
In libhttpd.c: |
14 |
+ if (*(de->d_name) == '.' && *(de->d_name+1) != '.') |
15 |
+ continue; |
16 |
namlen = NAMLEN(de); |
17 |
|
18 |
Add comment on INDEX_NAMES that it should be simple filenames only. |
19 |
|
20 |
The error page generated for non-local referers should include the |
21 |
original URL as an active link. |
22 |
|
23 |
Does the initgroups() call work? Or does it need to be moved to |
24 |
before the chroot()? |
25 |
|
26 |
Make open in mmc.c use O_NONBLOCK flag, to prevent DOS attack via |
27 |
a named pipe? |
28 |
|
29 |
Sites that clog with lots of TCP connections in CLOSING (not CLOSE_WAIT). |
30 |
Related to throttling, and timers? |
31 |
|
32 |
On A SIGUSR1, thttpd sometimes gives 'fdwatch - Bad file descriptor' |
33 |
instead of the usual exit message. Looks like we have to do any |
34 |
closes in the main loop, and only set flags in the signal routines. |
35 |
And once we got a CPU-bound loop. |
36 |
|
37 |
Switch all signal handling to use sigaction. |
38 |
|
39 |
- - - - - - - - - - later - - - - - - - - - - |
40 |
|
41 |
Document how symlinks interact with .htpasswd - authorization is checked |
42 |
on the result of the symlink, and not the origin. |
43 |
|
44 |
SIGHUP log re-opening doesn't work if you started as root. |
45 |
|
46 |
Change redirect to put the Refresh command in the HTTP headers, instead of |
47 |
a META tag. |
48 |
|
49 |
Add TCP_NODELAY, but after CGIs get spawned. |
50 |
|
51 |
Add stat cache? 1 minute expiry? |
52 |
|
53 |
Ifdef the un-close-on-exec CGI thing for Linux only. |
54 |
|
55 |
Try using shutdown(2) in lingering close. |
56 |
|
57 |
Check whether phf can still syslog from within chroot (probably not). |
58 |
|
59 |
Can we remove the "if ( errno == EINTR )" check on the select()? |
60 |
|
61 |
Add keep-alives, via a new state in thttpd.c. |
62 |
|
63 |
- - - - - - - - - - someday - - - - - - - - - - |
64 |
|
65 |
The special world-permissions checking is probably bogus. For one |
66 |
thing, it doesn't handle restrictive permissions on parent directories |
67 |
properly. It should probably just go away. |
68 |
|
69 |
redirect should interpret a path with a trailing / as /index.html |
70 |
|
71 |
ssi should change $cwd to the source document's location. |
72 |
|
73 |
Allow .throttle files in individual directories. |
74 |
|
75 |
Log-digesting scripts. |
76 |
|
77 |
Config web page. |
78 |
Common errors: |
79 |
Not realizing that -c overrides CGI_PATTERN instead of augmenting it. |
80 |
Using a directory name for the -c pattern. |
81 |
|
82 |
- - - - - - - - - - 3.x - - - - - - - - - - |
83 |
|
84 |
Tasklets re-write. |
85 |
|
86 |
- - - - - - - - - - general - - - - - - - - - - |
87 |
|
88 |
Release process: |
89 |
- update version number in version.h README INSTALL and |
90 |
contrib/redhat-rpm/thttpd.spec |
91 |
- do a tdiff and update the local installation |
92 |
- do an rcstreeinfo, and check in all files |
93 |
- make tar |
94 |
- mv it to web |
95 |
- update version number in web/thttpd.html |
96 |
- update ~acmeweb/updates.html |
97 |
- mail announcement to thttpd-announce |