Index: client/1.0/neutral/common.tcl ================================================================== --- client/1.0/neutral/common.tcl +++ client/1.0/neutral/common.tcl @@ -290,33 +290,39 @@ # procedure will always attempt to force HTTPS use when the "tls" # package is available -AND- it disallows redirects from HTTPS to # HTTP -AND- it disallows using HTTP when the "tls" package is # unavailable. # - set http http://; set https https:// + set http http:// + set httpLen [string length $http] + set httpEnd [expr {$httpLen - 1}] + + set https https:// + set httpsLen [string length $https] + set httpsEnd [expr {$httpsLen - 1}] # # NOTE: If the "tls" package is available, always attempt to use HTTPS; # otherwise, only attempt to use HTTP if explicitly allowed. # if {[catch {package require tls} error] == 0} then { ::http::register https 443 [list ::tls::socket -tls1 true] if {$forceSecureUri} then { - if {[string tolower [string range $uri 0 6]] eq $http} then { - set uri [appendArgs $https [string range $uri 7 end]] + if {[string tolower [string range $uri 0 $httpEnd]] eq $http} then { + set uri [appendArgs $https [string range $uri $httpLen end]] } } } else { if {$mustHaveTls} then { error [appendArgs \ "the \"tls\" package cannot be loaded: " $error] } if {$allowInsecureUri} then { - if {[string tolower [string range $uri 0 7]] eq $https} then { - set uri [appendArgs $http [string range $uri 8 end]] + if {[string tolower [string range $uri 0 $httpsEnd]] eq $https} then { + set uri [appendArgs $http [string range $uri $httpsLen end]] } } } # @@ -363,11 +369,11 @@ # if {[string length $code] == 0} then { error [appendArgs \ "received empty HTTP response code for URL \"" $uri \ "\", the \"tls\" (and/or \"http\") package(s) may be " \ - "broken for this platform"] + "broken for this Tcl installation (or platform)"] } # # NOTE: Check the HTTP response code, in order to follow any HTTP # redirect responses. @@ -414,13 +420,16 @@ # than X. # incr redirectCount # - # TODO: Maybe make this limit more configurable? + # TODO: Maybe make this limit more configurable? The caller + # can pass any negative integer to disable it entirely + # -OR- zero to completely disallow any redirects. # - if {$redirectCount > $redirectLimit} then { + if {$redirectLimit >= 0 && \ + $redirectCount > $redirectLimit} then { # # NOTE: Just "give up" and raise a script error. # ::http::cleanup $token; error [appendArgs \ "redirection limit of " $redirectLimit " exceeded"] @@ -445,18 +454,21 @@ # NOTE: For security, by default, do NOT follow an HTTP # redirect if it attempts to redirect from HTTPS # to HTTP. # if {!$allowInsecureRedirect && \ - [string tolower [string range $uri 0 7]] eq $https && \ - [string tolower [string range $location 0 7]] ne $https} then { + [string tolower [string range \ + $uri 0 $httpsEnd]] eq $https && \ + [string tolower [string range \ + $location 0 $httpsEnd]] ne $https} then { # # NOTE: Just "give up" and raise a script error. # ::http::cleanup $token; error [appendArgs \ - "refused insecure redirect from \"" $uri "\" to \"" \ - $location \"] + "refused (insecure) redirect from \"" $uri \ + "\" to \"" $location \ + "\" with HTTP response status code " $code] } # # NOTE: Replace the original URI with the new one, for # use in the next HTTP request. @@ -471,21 +483,22 @@ } else { # # NOTE: Just "give up" and raise a script error. # ::http::cleanup $token; error [appendArgs \ - "redirect from \"" $uri "\" missing location, code " \ + "redirect from \"" $uri \ + "\" missing location, HTTP response status code " \ $code ", data: " $data] } } 300 - 304 - 305 - 306 { ::http::cleanup $token; error [appendArgs \ - "unsupported redirection HTTP response status code " $code \ - ", data: " $data] + "unsupported redirection HTTP response status code " \ + $code ", data: " $data] } 4?? { ::http::cleanup $token; error [appendArgs \ "client error HTTP response status code " $code ", data: " \ $data] Index: client/1.0/neutral/common.tcl.asc ================================================================== --- client/1.0/neutral/common.tcl.asc +++ client/1.0/neutral/common.tcl.asc @@ -1,18 +1,17 @@ -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2 Comment: Eagle Package Repository -iQIcBAABCAAGBQJdwuweAAoJEFAslq9JXcLZXBIP/3AljWlM+FVGIHPg8dzZQGP2 -taIaYU4TN1J2dwwNhcw+lBG/aaGtvwjdGdWrEoPQ/V/+ix2jDnC/bIpORLoW6oKt -1ZLHLPIUH6PwgxVdC9Jnirwh2qcRlOXuJEWeKVCE3mwEzMnWgmN0f0UpnmiG9xV3 -L+Q/QAqIWI/EO7TI2thZCtu6Xa/gTexT9NSfpT7Wrb3ycFm9MSAylkMDgpKIV4NT -Ix/VaceRBHTEL8PnU2v4QS5Oy4qYDKT+7gXwYgZa37hpFE0u+Te/gmw/E0f9+i4F -jaasJYjPfwakw4zkhvyGrBqPQghvOmTLNSYaAnXinVbdbFqDuhLHFuRsXSsjQzOS -s7tsomAXeap21KkAOmj5L4xmzRUneV0mu4eG55dcBVPkkB4PSnM0x6K26FsjQHVa -hb+cbkdzokiSfx5RSA52+XM6qoYssERg03mmWXnSB0HQiS3zwgMgFXiLyn/wuS7M -xB78bGec2sZcvDFt4iNGeLU9gUpkeRFw8Y2nWJufF7qaZLYMPDrvxKXeyAv+rVJ5 -FpE6EDs+87edtTY4Gas31LiX01/IqtOoItwcMTq3cRaMHW0JV5TTkfovDfUXb6ZY -VrskkrEJINr+hjuyWZt+qKM5yLynonkRIGKHzgKyKcGcfq/T2Dc18F9etuWuKxZx -8evp66iJ3/hGlV27JB84 -=KydR +iQIzBAABCAAdFiEEw8dROIPu3TrtH+QlUCyWr0ldwtkFAl7ee7IACgkQUCyWr0ld +wtlRcQ//ZaKrXdZGIuW8aom12cid6YdlKUP+tCEAQLuN0mWeoOgk2RsDzksnUM2s +tp66AYvtUWa9kjoADakDXtuDz+ld2bv+SoGV0neY7Fd+9vzBuMJjQgbgtmGuLWwm ++XdVY87OoY1TennQ0wuI9X7VZdJS0E8xAEsR7L/p5LdZMUmkX7tX2QZyXOOaMhq3 +5AJEA7W50+44zCEENx6Ex8KA5SwcYmaQnFm3TQxPbBVxtYerUZKCeN/XeLFa7EKz +9IsWQRQADF5CUrQEMOutW+wHCtmnQNiEu+u0ra6Gxi67mD3dtc2yKDTftpY8wg/X +pTWfr5mcOz+ddEne4+cWD7dV3JZozbu8rHsWQSYODxEOOAZuCWjuNAB51JLEGpxz +CGCetZ52TvOrj7sBuofSuV6Kbd9KtXRMimzxJl/6JipndSICCqojCDxlfm1keN0p +FUcUTwA9WKOy38jnU6Qaub1Rhb4lAFG2BM1iWqNHnR6fl7wMvAkIWwyGzyXUgHMe +AHpYRp8ezbc2L89DHQT1KO0BAMeNtbn8WOt00tNZAsav8pLgn9Iuo8Pra00nhY8Z +704+soZq+MkY12cLU4cU+RX7UJSOK26K4+XF+8OgwZopdB265mcYxMjcS7q1YGS8 ++N0GVeb2VUtJNV5h1GTa8y7tfzOor1siGKOYqEoDPPELSuiismc= +=dA/R -----END PGP SIGNATURE-----