squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-22 08:27:24 -06:00
Code Issues Packages Projects Releases Wiki Activity
9,011 Commits 17 Branches 253 Tags
eea38e7c9ecb1e1df5e889cb42fc93d3f79d429f
Commit Graph

60 Commits

Author SHA1 Message Date
Chocobo1
fcd3bb6918 Refactor HTTP query parsing 2019-05-10 09:20:03 +08:00
Chocobo1
df6df20969 Use QSet for tracking server connections 
We don't need to maintain order between connections so QSet would be more suitable.
 2019-04-16 12:34:09 +08:00
Chocobo1
4e5a85dda5 Remove closed connections immediately 
Previously it relied on a timer to drop dead connections but that proved to
be too slow when there is an incoming burst of connections.

Fixes #10487.
 2019-04-16 12:34:00 +08:00
Chocobo1
be74987084 Correctly handle '+' sign in x-www-form-urlencoded data 
Fixes #10451.
 2019-04-09 13:57:35 +08:00
Chocobo1
24dcbe7d43 Fix wrong arg placeholder 2019-02-09 21:26:08 +08:00
Vladimir Golovnev (Glassez)
a55ea29919 Separate URL components before percent-decoding 
Allow special characters in query string parameters.
Closes #9116.
 2019-01-28 08:54:36 +03:00
Chocobo1
be2895ac6f Enforce referrer-policy in WebUI 
This stops leaking private data to other websites via Referrer header.
 2018-12-17 00:49:06 +02:00
thalieht
e2ee928017 Convert all foreach() to range-based for() 2018-12-17 00:28:32 +02:00
thalieht
62e71a15a4 Fix coding style for various things 2018-12-17 00:28:31 +02:00
Chocobo1
0287481001 Send Cache-Control header in WebUI responses 
Tune the caching time to be shorter, in case there is a program
update.
Change the cacheability to private, as WebUI resources are not intended
to be cached at proxy.
For uncacheable responses, send out "no-store" explicitly to halt
browser caching.
 2018-08-12 11:08:06 +03:00
Chocobo1
55c3813fac Cleanup header include order 
Add missing header.
Cleanup license.
 2018-08-12 11:08:06 +03:00
Vladimir Golovnev (Glassez)
5c3d9ffb46 Properly fill UploadedFile::filename field 
Closes #8928.
 2018-05-27 18:31:51 +03:00
thalieht
96d9d810fd Fix coding style 2018-05-27 18:31:51 +03:00
thalieht
9cb190ebe7 Replace the zeroing of pointers with nullptr 2018-05-27 18:31:51 +03:00
Chocobo1
4dea03fc74 Remove unused constants 2018-04-17 20:29:43 +08:00
Chocobo1
423511765a Fix typo 2018-03-14 23:37:08 +08:00
Vladimir Golovnev (Glassez)
1aca3b0adc Parse URL query string at application level 2018-03-04 17:08:48 +03:00
Vladimir Golovnev (Glassez)
34295a78f2 Move ByteArray utils into Utils::ByteArray namespace 2018-03-02 17:23:21 +03:00
Chocobo1
f34dfca5e6 Enable Http/1.1 persistence connection 
This enables reusing existing TCP connection instead of opening a new connection
for every request
 2018-02-23 14:46:22 +08:00
Chocobo1
cec68c3fd7 Rewrite RequestParser 
* Add more checks and also more strict checks for invalid conditions
* Add http version field
* Raise max request size to 64 MB
* Add author in license
* Use Qt5 new connect syntax
 2018-02-23 14:46:17 +08:00
Vladimir Golovnev (Glassez)
a0842a1e68 Don't convert POST parameter names to lower-case 2018-02-18 19:57:48 +03:00
Vladimir Golovnev (Glassez)
27d8dbf13b Redesign Web API 
Normalize Web API method names.
Allow to use alternative Web UI.
Switch Web API version to standard form (i.e. "2.0").
Improve Web UI translation code.
Retranslate changed files.
Add Web API for RSS subsystem.
 2018-01-28 19:16:24 +03:00
Vladimir Golovnev (Glassez)
bb683bd393 Switch built-in Web UI html to HTML5 2018-01-23 11:08:37 +03:00
Chocobo1
c1a282aa7b Fix missing qbt logo on login page in webUI. Closes #7953. 2017-12-02 14:31:48 +08:00
thalieht
525fdd6c2b Coding style, use nullptr and other minor things 2017-10-08 10:20:54 +03:00
Chocobo1
0532d546d7 Implement HTTP host header filtering 
This filtering is required to defend against DNS rebinding attack.
 2017-07-12 17:26:13 +03:00
sledgehammer999
d88f0f36e0 Merge pull request #6889 from Chocobo1/lowercase 
Convert all http header name constants to lowercase
 2017-06-14 02:38:57 +03:00
Chocobo1
8419ca87f9 Fix KEEP_ALIVE_DURATION value 
I intended to specify 7 seconds, which should be 7000 milliseconds
 2017-06-07 21:45:47 +08:00
Chocobo1
45c21f62f9 [WebAPI] Convert all header name constants to lowercase 
This save us another transition when some day we implements HTTP/2
(which all headers are in lowercase).
 2017-06-02 21:55:16 +08:00
Chocobo1
087856d3d8 [WebUI]: Implement CSRF defense 
Bump API version
 2017-06-01 19:37:57 +03:00
Chocobo1
0b5de9ff54 Temporary revert to the old behavior. 2017-04-20 22:26:35 +08:00
Chocobo1
302c8ba850 Revise Utils::Gzip::compress code 
Change signature
Add ZLIB_CONST define to make  z_stream.next_in const
Cast to zlib defined type Bytef*
Set memLevel to 9 in deflateInit2() for maximum performance
Revise compression loop
On returning false, free memory correctly by calling deflateEnd()
Reserve space by the estimation of deflateBound()
 2017-04-20 22:24:50 +08:00
Chocobo1
94b496354b Rewrite rules for gzipping http response content 2017-04-20 22:22:17 +08:00
Chocobo1
4600e679d1 Implement robust acceptsGzipEncoding() 
Adhere more to http/1.1 standard
 2017-04-20 22:22:17 +08:00
Chocobo1
129172453b Fix "Content-Encoding" header is always created. 
Was side effect of operator[]
 2017-04-20 22:22:17 +08:00
Chocobo1
7d36c81949 Cleanup Http::responseGenerator() 
Add CRLF definition
Rewrite loop using iterator, slightly more efficient
Rename variables
 2017-04-20 22:22:17 +08:00
Chocobo1
6cb2f05a6c Demote to helper function 
Rename function
 2017-04-20 22:22:17 +08:00
Chocobo1
829e1399ca Convert Qstring to char arrays 
Cleanup header
Sort constants
 2017-04-20 22:22:17 +08:00
Chocobo1
4b2266a8e2 Send Date http header 
It's not strict required but often expected.
change class to namespace
cleanup header
 2017-04-20 22:22:17 +08:00
Chocobo1
9496b2a159 Always send Content-Length header. 
Because without it, HTTP/1.1 (with persistence connection) clients will
keep waiting for more data.
 2017-04-20 22:22:17 +08:00
Chocobo1
0b28fb6c6b Implement http persistence connection 
Max simultaneous connection limit set to 500
This also release allocated memory of Connection instances at runtime instead of at program shutdown.
 2017-04-20 22:22:14 +08:00
sledgehammer999
018574e546 Merge pull request #6475 from OpenGG/master 
[WebUI-API] Add "skip_checking" and "paused" to "/command/download" and "/command/upload"
 2017-04-17 17:12:24 +03:00
Chocobo1
d1ee54f6ea Refactor: move methods under the same #if section. 2017-04-11 23:16:16 +08:00
Chocobo1
7f346b49a7 Refactor: move the validation of certificates & key functions under Server class 
Rename method
Add log messages
 2017-04-10 21:18:59 +08:00
opengg
db3158c410 [WebUI] bugfix: RequestParser::splitMultipartData drop extra trailing newline. 2017-03-11 01:26:22 +08:00
Eugene Shalygin
e64bb1de8c Drop Qt 4 support 2017-03-05 22:24:59 +01:00
Chocobo1
ea9d65f377 Fix incomplete type compile error with Qt4 2017-03-04 16:20:36 +08:00
Chocobo1
7756dd80f3 [WebUI]: add X-XSS-Protection, X-Content-Type-Options, CSP header 2017-03-03 21:28:28 +02:00
ngosang
f5ad04766f [WebUI] Avoid clickjacking attacks 2017-03-03 21:28:27 +02:00
Chocobo1
f9c39e3dac [WebUI]: exclude insecure ciphers 2017-03-03 21:28:26 +02:00