+ debug mode; - potential RCE bug, problems with '!'

http.sh

@@ -66,6 +66,10 @@ LauraIsCute
 	exit 0
 fi
 
+if [[ $1 == "debug" ]]; then
+	cfg[dbg]=true
+fi
+
 source src/worker.sh
 
 if [[ -f "${cfg[namespace]}/config.sh" ]]; then
@@ -75,7 +79,11 @@ fi
 if [[ ${cfg[http]} == true ]]; then
 	# this is a workaround because ncat kept messing up large (<150KB) files over HTTP - but not over HTTPS!
 	socket=$(mktemp -u /tmp/XXXX.socket)
-	ncat -l -U "$socket" -c src/server.sh -k 2>> /dev/null &
+	if [[ ${cfg[dbg]} == true ]]; then
+		ncat -l -U "$socket" -c src/server.sh -k &
+	else
+		ncat -l -U "$socket" -c src/server.sh -k 2>> /dev/null &
+	fi
 	socat TCP-LISTEN:${cfg[port]},fork,bind=${cfg[ip]} UNIX-CLIENT:$socket &
 	echo "[HTTP] listening on ${cfg[ip]}:${cfg[port]} through '$socket'"
 	#ncat -v -l ${cfg[ip]} ${cfg[port]} -c ./src/server.sh -k 2>> /dev/null &
@@ -83,10 +91,10 @@ fi
 
 if [[ ${cfg[ssl]} == true ]]; then
 	echo "[SSL] listening on port ${cfg[ip]}:${cfg[ssl_port]}"
-	if [[ ${cfg[ssl_key]} != '' && ${cfg[ssl_cert]} != '' ]]; then
-		ncat -l ${cfg[ip]} ${cfg[ssl_port]} -c ./src/server.sh -k --ssl --ssl-cert ${cfg[ssl_cert]} --ssl-key ${cfg[ssl_key]} 2>> /dev/null &
+	if [[ ${cfg[dbg]} == true ]]; then
+		ncat -l ${cfg[ip]} ${cfg[ssl_port]} -c src/server.sh -k --ssl $([[ ${cfg[ssl_key]} != '' && ${cfg[ssl_cert]} != '' ]] && echo "--ssl-cert ${cfg[ssl_cert]} --ssl-key ${cfg[ssl_key]}") &
 	else
-		ncat -l ${cfg[ip]} ${cfg[ssl_port]} -c ./src/server.sh -k --ssl 2>> /dev/null &
+		ncat -l ${cfg[ip]} ${cfg[ssl_port]} -c src/server.sh -k --ssl $([[ ${cfg[ssl_key]} != '' && ${cfg[ssl_cert]} != '' ]] && echo "--ssl-cert ${cfg[ssl_cert]} --ssl-key ${cfg[ssl_key]}") 2>> /dev/null &
 	fi
 fi
 

src/mime.sh

@@ -13,8 +13,8 @@
 # Python (.py) -> no content-type
 
 function get_mime() {
-	local file=$@
-	local mime=$(file --mime-type -b $file)
+	local file="$@"
+	local mime="$(file --mime-type -b "$file")"
 	if [[ $file == *".htm" || $file == *".html" ]]; then
 		content_type="text/html"
 		return 0

src/response/200.sh

@@ -1,6 +1,6 @@
 printf "HTTP/1.0 200 OK
 ${cfg[extra_headers]}\r\n"
-get_mime ${r[uri]}
+get_mime "${r[uri]}"
 [[ $content_type != '' ]] && printf "content-type: $content_type\r\n"
 
 if [[ ${cfg[php_enabled]} == true && ${r[uri]} =~ ".php" ]]; then
@@ -27,5 +27,5 @@ elif [[ ${r[uri]} =~ \.${cfg[extension]}$ ]]; then
 else
 	printf "\r\n"
 	cat "${r[uri]}"
+	
 fi
-

src/server.sh

@@ -106,7 +106,6 @@ fi
 
 echo "$(date) - IP: ${r[ip]}, PROTO: ${r[proto]}, URL: ${r[url]}, GET_data: ${get_data[@]}, POST_data: ${post_data[@]}, POST_multipart: ${post_multipart[@]}" >> "${cfg[namespace]}/${cfg[log]}"
 
-
 if [[ ${r[status]} != 101 ]]; then
 	if [[ -a ${r[uri]} && ! -r ${r[uri]} ]]; then
 		r[status]=403