Original release 20160919

[fex.git] / lib / fex.pp

diff --git a/lib/fex.pp b/lib/fex.pp
index 8bfddbf550276afad07c019c7c35b6820cd168f5..177babac657e927a0cb175aa3d5785bb6363beae 100644 (file)
--- a/lib/fex.pp
+++ b/lib/fex.pp
@@ -62,6 +62,7 @@ $fop_auth = 0;
 $mail_authid = 'yes';
 $force_https = 0;
 $debug = 0;
+@forbidden_user_agents = ('FDM');
 
 # https://securityheaders.io/
 # https://scotthelme.co.uk/hardening-your-http-response-headers/
@@ -124,6 +125,7 @@ http_die("cannot determine the server hostname") unless $hostname;
 
 $ENV{PROTO} = 'http' unless $ENV{PROTO};
 $keep = $keep_default ||= $keep || 5;
+$purge ||= 3*$keep;
 $fra = $ENV{REMOTE_ADDR} || '';
 $sid = $ENV{SID} || '';
 
@@ -320,6 +322,8 @@ sub html_header {
   my $header = 'header.html';
   my $head;
 
+  binmode(STDOUT,':utf8'); # for text/html !
+
   # http://www.w3.org/TR/html401/struct/global.html
   # http://www.w3.org/International/O-charset
   $head = qqq(qq(
@@ -370,6 +374,12 @@ sub html_error {
 
   errorlog($msg);
 
+  $SIG{ALRM} = sub {
+    $SIG{__DIE__} = 'DEFAULT';
+    die "TIMEOUT\n";
+  };
+  alarm($timeout);
+
   # cannot send standard HTTP Status-Code 400, because stupid
   # Internet Explorer then refuses to display HTML body!
   http_header("666 Bad Request - $msg");