From 10bd132717e7e8a0cc28c3aeda0c242a87cf1fbb Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Fri, 2 Feb 2024 00:01:38 +0100
Subject: [PATCH] Update to SVR.JS 3.4.42; Last supported version of SVR.JS
 3.4.x LTS line

---
 index.html          |  9 +++------
 licenses/index.html |  8 ++++----
 svr.js              | 35 ++++++++++++++++++++++++++---------
 tests.html          |  4 ++--
 4 files changed, 35 insertions(+), 21 deletions(-)

diff --git a/index.html b/index.html
index 5546b73..2be23da 100644
--- a/index.html
+++ b/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
   <head>
-    <title>SVR.JS 3.4.41</title>
+    <title>SVR.JS 3.4.42</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta charset="UTF-8" />
     <style>
@@ -12,7 +12,7 @@
     </style>
   </head>
   <body>
-    <h1>Welcome to SVR.JS 3.4.41</h1>
+    <h1>Welcome to SVR.JS 3.4.42</h1>
     <br/>
     <img src="/logo.png" style="width: 256px;" />
     <br/>
@@ -119,10 +119,7 @@
     </div>
     <p>Changes:</p>
     <ul>
-      <li>Removed all remnants of "DorianTech".</li>
-      <li>Mitigated log file injection vulnerability for HTTP authentication.</li>
-      <li>Mitigated log file injection vulnerability for SVR.JS mod file names.</li>
-      <li>SVR.JS no longer crashes, when access to a log file is denied.</li>
+      <li>Custom head and foot inclusion is now returning 500 error in case of server error instead of crashing the server.</li>
     </ul>
     <br/>
     <a href="/tests.html">Tests</a><br/>
diff --git a/licenses/index.html b/licenses/index.html
index c308801..2417b43 100644
--- a/licenses/index.html
+++ b/licenses/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
   <head>
-    <title>SVR.JS 3.4.41 Licenses</title>
+    <title>SVR.JS 3.4.42 Licenses</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta charset="UTF-8" />
     <style>
@@ -12,8 +12,8 @@
     </style>
   </head>
   <body>
-    <h1>SVR.JS 3.4.41 Licenses</h1>
-    <h2>SVR.JS 3.4.41</h2>
+    <h1>SVR.JS 3.4.42 Licenses</h1>
+    <h2>SVR.JS 3.4.42</h2>
     <div style="display: inline-block; text-align: left; border-width: 2px; border-style: solid; border-color: gray; padding: 8px;">
       MIT License<br/>
       <br/>
@@ -37,7 +37,7 @@
       OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE<br/>
       SOFTWARE.<br/>
     </div>
-    <h2>Packages used by SVR.JS 3.4.41 and utilities</h2>
+    <h2>Packages used by SVR.JS 3.4.42 and utilities</h2>
     <div style="width: 100%; background-color: #ccc; border: 1px solid green; text-align: left; margin: 10px 0;">
       <div style="float: right;">License: MIT</div>
       <div style="font-size: 20px;">
diff --git a/svr.js b/svr.js
index b0b446a..5a6b9c3 100644
--- a/svr.js
+++ b/svr.js
@@ -62,7 +62,7 @@ function deleteFolderRecursive(path) {
 }
 
 var os = require("os");
-var version = "3.4.41";
+var version = "3.4.42";
 var singlethreaded = false;
 
 if (process.versions) process.versions.svrjs = version; //Inject SVR.JS into process.versions
@@ -2007,8 +2007,9 @@ if (!cluster.isPrimary) {
     var isProxy = false;
     if (req.url.indexOf("/") != 0 && req.url != "*") isProxy = true;
 
-    var head = fs.existsSync("./.head") ? fs.readFileSync("./.head").toString() : (fs.existsSync("./head.html") ? fs.readFileSync("./head.html").toString() : ""); // header
-    var foot = fs.existsSync("./.foot") ? fs.readFileSync("./.foot").toString() : (fs.existsSync("./foot.html") ? fs.readFileSync("./foot.html").toString() : ""); // footer
+    // Header and footer placeholders
+    var head = "";
+    var foot = "";
     var fd = "";
 
     function responseEnd(d) {
@@ -2127,6 +2128,9 @@ if (!cluster.isPrimary) {
     if (req.headers["user-agent"] != undefined) serverconsole.reqmessage("Client uses " + req.headers["user-agent"]);
 
     try {
+      head = fs.existsSync("./.head") ? fs.readFileSync("./.head").toString() : (fs.existsSync("./head.html") ? fs.readFileSync("./head.html").toString() : ""); // header
+      foot = fs.existsSync("./.foot") ? fs.readFileSync("./.foot").toString() : (fs.existsSync("./foot.html") ? fs.readFileSync("./foot.html").toString() : ""); // footer
+    
       if (req.headers["expect"] && req.headers["expect"] != "100-continue") {
         serverconsole.errmessage("Expectation not satified!");
         callServerError(417);
@@ -2397,8 +2401,9 @@ if (!cluster.isPrimary) {
     });
     socket.on("error", function () {});
 
-    var head = fs.existsSync("./.head") ? fs.readFileSync("./.head").toString() : (fs.existsSync("./head.html") ? fs.readFileSync("./head.html").toString() : ""); // header
-    var foot = fs.existsSync("./.foot") ? fs.readFileSync("./.foot").toString() : (fs.existsSync("./foot.html") ? fs.readFileSync("./foot.html").toString() : ""); // footer
+    // Header and footer placeholders
+    var head = "";
+    var foot = "";
 
     var fd = "";
 
@@ -2486,6 +2491,9 @@ if (!cluster.isPrimary) {
     serverconsole.locmessage("Somebody connected to port " + (secure && fromMain ? sport : port) + "...");
     serverconsole.reqmessage("Client " + ((!reqip || reqip == "") ? "[unknown client]" : (reqip + ((reqport && reqport !== 0) && reqport != "" ? ":" + reqport : ""))) + " sent invalid request.");
     try {
+      head = fs.existsSync("./.head") ? fs.readFileSync("./.head").toString() : (fs.existsSync("./head.html") ? fs.readFileSync("./head.html").toString() : ""); // header
+      foot = fs.existsSync("./.foot") ? fs.readFileSync("./.foot").toString() : (fs.existsSync("./foot.html") ? fs.readFileSync("./foot.html").toString() : ""); // footer
+    
       if ((err.code && (err.code.indexOf("ERR_SSL_") == 0 || err.code.indexOf("ERR_TLS_") == 0)) || (!err.code && err.message.indexOf("SSL routines") != -1)) {
         if (err.code == "ERR_SSL_HTTP_REQUEST" || err.message.indexOf("http request") != -1) {
           serverconsole.errmessage("Client sent HTTP request to HTTPS port.");
@@ -2962,9 +2970,9 @@ if (!cluster.isPrimary) {
       var acceptEncoding = request.headers["accept-encoding"];
       if (!acceptEncoding) acceptEncoding = "";
 
-      var head = fs.existsSync("./.head") ? fs.readFileSync("./.head").toString() : (fs.existsSync("./head.html") ? fs.readFileSync("./head.html").toString() : ""); // header
-      var foot = fs.existsSync("./.foot") ? fs.readFileSync("./.foot").toString() : (fs.existsSync("./foot.html") ? fs.readFileSync("./foot.html").toString() : ""); // footer
-
+      // Header and footer placeholders
+      var head = "";
+      var foot = "";
       var fd = "";
 
       function responseEnd(d) {
@@ -3149,7 +3157,13 @@ if (!cluster.isPrimary) {
         }
       }
 
-
+      try {
+        head = fs.existsSync("./.head") ? fs.readFileSync("./.head").toString() : (fs.existsSync("./head.html") ? fs.readFileSync("./head.html").toString() : ""); // header
+        foot = fs.existsSync("./.foot") ? fs.readFileSync("./.foot").toString() : (fs.existsSync("./foot.html") ? fs.readFileSync("./foot.html").toString() : ""); // footer  
+      } catch (err) {
+        callServerError(500, undefined, generateErrorStack(err));
+      }
+      
       function redirect(dest, isTemporary, headers) {
         if (headers === undefined) headers = getCustomHeaders();
         headers["Location"] = dest;
@@ -4371,6 +4385,9 @@ function start(init) {
       if (secure && configJSON.enableOCSPStapling && ocsp._errored) serverconsole.locwarnmessage("Can't load OCSP module. OCSP stapling will be disabled");
       if (vnum < 64) serverconsole.locwarnmessage("SVR.JS 3.5.0 and newer are no longer supported on Node.JS 8.x and 9.x");
       if (disableMods) serverconsole.locwarnmessage("SVR.JS is running without mods and server-side JavaScript enabled.");
+      if (new Date() > new Date("2 February 2023")) {
+        serverconsole.locwarnmessage("SVR.JS 3.4.x LTS versions are no longer supported after 2nd February 2024. Please update SVR.JS to the supported version. If you're using Node.JS 8.x or 9.x, please update your Node.JS runtime.");
+      }
       console.log();
       serverconsole.locmessage("Server version: " + version);
       if (process.isBun) serverconsole.locmessage("Bun version: v" + process.versions.bun);
diff --git a/tests.html b/tests.html
index 77b14ac..e14b9cb 100644
--- a/tests.html
+++ b/tests.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
   <head>
-    <title>SVR.JS 3.4.41 Tests</title>
+    <title>SVR.JS 3.4.42 Tests</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta charset="UTF-8" />
     <style>
@@ -12,7 +12,7 @@
     </style>
   </head>
   <body>
-    <h1>SVR.JS 3.4.41 Tests</h1>
+    <h1>SVR.JS 3.4.42 Tests</h1>
     <h2>Directory</h2>
     <iframe src="/testdir" width="50%" height="300px"></iframe>
     <h2>Directory (with query)</h2>