unhttp is a funky little web server I whipped up for streaming music.  And of
course, I got carried away. :^)  Play with it.  Beware, it's very slow and
likely to be insecure.

It has fatal bugs regarding files with funky characters in their names, namely
spaces.  Sh/bash is entirely the wrong language to use for this, or anything
else for that matter. X^(

--- Funky URL's ---

http://host:port/path/to/dir

  Redirect to http://host:port/path/to/dir/ , as is proper.

http://host:port/path/to/dir/Default.htm
http://host:port/path/to/dir/index.htm

  Redirect to http://host:port/path/to/dir/index.html .  Yay Microsoft.

http://host:port/path/to/dir/
http://host:port/path/to/dir/index.html

  Gives a really nice directory listing. :^)  One thing you should be aware of:
  To go up a directory or two, use the row of links across the top of the page
  (they're labeled "Navigation:").  I like this better than the silly ".." link.

http://host:port/path/to/dir/index.html?name=%2a.c&flag=-name
http://host:port/path/to/dir/index.html?name=.%2a\.c&flag=-regex

  Searches for all files named *.c in path/to/dir and its subdirectories.

http://host:port/path/to/dir/index.txt

  Gives a ho-hum directory listing, with all rows formatted as URL's.  If
  publicfile could generate directory listings, I would have used it rather
  than write my own cruddy web server for streaming music, but oh well, this
  is more fun.  To get mpg123 to play all songs in a directory, type:
  
  $ mpg123 -@ http://host:port/path/to/dir/index.txt

  However, with mpg123 0.59r, this feature doesn't work as advertised: apply my
  patch to make it all better.  You can also use -z to mix up the track order.
  
  xmms needs to be able to directly load playlists from Web servers... grumble.

http://host:port/path/to/dir/index.m3u

  index.txt interspersed with #EXTINF lines giving track durations and titles
  as read from the ID3 tags/Vorbis comments.  But mpg123 doesn't use #EXTINF,
  xmms throws it away after you play a song, and the Vorbis stuff is untested.
  Things could be better...

http://host:post/path/to/dir/index.tar
http://host:post/path/to/dir/index.tar.gz
http://host:post/path/to/dir/index.tar.bz2

  Generates a (compressed) tar archive of the directory and its subdirs.
  Unpacks to "dir", to avoid cluttering the current directory.  Be careful you
  don't ask for too large an archive!

http://host:port/../

  Laughs at the user's lame attempt to pwn you.

--- Dependencies ---

make, gcc, bash, and friends <URL:http://www.gnu.org/>

  You should already have these.

tcpserver <URL:http://cr.yp.to/ucspi-tcp/install.html>

  If you don't have this, you should get it.  If you don't want it, (1) there's
  something wrong with you, and (2) you can use inetd/xinetd instead.

  Note: on my system (which is probably horribly misconfigured), I had to add
  "#include <errno.h>" to ucspi-tcp's error.h.

mp3info <URL:http://www.ibiblio.org/mp3info/>
vorbistools <URL:http://www.xiph.org/ogg/vorbis/>

  This is used by the index.m3u code, which is optional.  Disable it if you
  want.  mpg123 doesn't need it (it's quite happy with index.txt), and xmms
  discards the #EXTINF information when it tries playing a streamed file, so
  it's not really useful anyway.

  The Vorbis stuff is commented out right now because I haven't tested it.

--- Bugs, security holes ---

Probably quite a lot.  But who cares--- it's streaming my music without
complaint.  That's good enough for me.

--- Friends ---

Makefile

  Stupid little Makefile to build everything.  "make run" starts the server.

htmlesc.c

  Escapes dangerous characters as HTML entities.

range.c

  Output only a given byte range.

urlesc.c

  Escapes dangerous characters using %xx notation.  -r: do the reverse!

mpg123-0.59r.patch

  Fix to mpg123 allowing it to correctly handle playlists downloaded via HTTP.
  I hope. :^)

--- The end ---

There's not much point to hacking any more on this program.  It was just a lazy
Sunday waste of time anyway.  Maybe I might turn it into a C program or PHP/CGI
scripts or redo it in Zope or whatever.  But probably not.

You really should not run unhttpd in an unprotected environment.  First and
foremost, it's probably extremely insecure.  Furthermore, it's quite slow.
Imagine if some lamer did this:

  while true; do
    echo -e 'GET /index.tar.bz2 HTTP/1.1\r\n\r' > /dev/tcp/yourhost/port
  done

It would cause you to die.  Don't let it happen.  Trust me--- this code is so
bad, you're almost better off with IIS.

---

Andy Goth <unununium@openverse.com>
