Blank chars query parsing from mini_httpd-1.30_170

[f54rog]

After the October updates, the info regarding the line has disappeared from the Ancistrus Home page. Any suggestions? Thanks in advanc e

[negan07]

There's something missing maybe: partition usage @74% is too low. Rescue firmware never went under 80% usage.

Has something been removed manually ?

[f54rog]

Yes I have removed some packages, I show you which are the remaining N ° 22. Can you tell me which one is missing to be able to see the status line

[negan07]

All the packages are up to date except samba, the larger, maybe removed.

the guiinfo.sh script is not invoked before loading the page

running manually: guiinfo.sh from telnet/ssh and then loading the webpage should show the full status line: please confirm it.

[f54rog]

Hi Negan I did what you suggested and now everything is ok Thanks

[negan07]

Found the bug, related to a wrong string chars interpreter on javascript, fixed on the next core upgrade.

The trick suggested is valid only until next device reboot only.

To fix permanently:

opkg update && opkg install ancistrus-core

If possible, to investigate on 74% on rootfs usage only, can you please post the result of the cmd:

df

[f54rog]

Hi I have installed the new core package v1.7.2 now the bug is fix. I attach the "df" report

[negan07]

It looks regular (suspected a different NAND dom...): maybe the absence of samba 3.6.25 and minidlna mediaserver has boosted free space up.

[f54rog]

Yes, if I remember correctly, before deleting some packages the percentage of space occupied was about 80-82%

Il giorno sab 23 ott 2021 alle ore 21:14 negan07 @.***> ha scritto:

It looks regular (suspected a different NAND dom...): maybe the absence of samba 3.6.25 and minidlna mediaserver has boosted free space up.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/negan07/ancistrus/issues/86#issuecomment-950199788, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMCPRQILN7ICYIC4Y5POLS3UIMCRBANCNFSM5GJBKBPQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[negan07]

Reopen because further investigations have found out at least 2 more issues.

openssh keys download button

core setup utilities download nvram button

With the recap page stats above, all seem related to vendor's latest mini_httpd modifications, here added.

D7000_V1.0.1.82_apps_mini_httpd-1.17beta1-000-all.zip

In particular:

@@ -1493,15 +1510,136 @@
  */
 int path_exist(char *path, char *paths[], char *method_str)
 {
-   int i;
-
-   for (i = 0; paths[i]; i++)
+   if ((strcasestr(path, "%2") !=NULL) || (strcasestr(path, "%3") != NULL))
+   {   
+       SC_CFPRINTF("path:%s\n", path);
+       strdecode(path, path);      
+       SC_CFPRINTF("path after decode: %s\n", path);
+   }

involving in fact, all the location.href method calls on the webpages, with blanks.

[negan07]

In the latest mini_httpd own snapshot, the vendor opted to decode query path on some special code chars (beginning with 2 & 3 code num): this involves query GET methods avoiding blank char spaces ( %20 ): for this reason, since now, all the query get string like href must encode blank with +

openssh & core package updates fixes related involved webpages.

[negan07]

The 1.0.1.84 latest mini_httpd patch update has removed also:

if ((strcasestr(path, "%2") !=NULL) || (strcasestr(path, "%3") != NULL))

condition, decoding all the paths in any case