httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dgau...@hyperreal.org
Subject cvs commit: apache-1.3/src/modules/standard mod_include.c
Date Wed, 05 May 1999 17:46:08 GMT
dgaudet     99/05/05 10:46:08

  Modified:    src      CHANGES
               src/modules/standard mod_include.c
  Log:
  mod_include's fsize/flastmod should allow only relative paths, just
  like "include file".
  
  This bug was introduced during the 1.98 -> 1.99 rev of mod_include.
  
  Submitted by:	Jaroslav Benkovsky <benkovsk@pha.pvt.cz>
  
  Revision  Changes    Path
  1.1347    +3 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1346
  retrieving revision 1.1347
  diff -u -r1.1346 -r1.1347
  --- CHANGES	1999/05/04 11:21:07	1.1346
  +++ CHANGES	1999/05/05 17:46:05	1.1347
  @@ -1,5 +1,8 @@
   Changes with Apache 1.3.7
   
  +  *) mod_include's fsize/flastmod should allow only relative paths, just
  +     like "include file".  [Jaroslav Benkovsky <benkovsk@pha.pvt.cz>]
  +
     *) OS/2: Add support for building loadable modules using DLLs.
        [Brian Havard]
   
  
  
  
  1.114     +26 -20    apache-1.3/src/modules/standard/mod_include.c
  
  Index: mod_include.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_include.c,v
  retrieving revision 1.113
  retrieving revision 1.114
  diff -u -r1.113 -r1.114
  --- mod_include.c	1999/04/27 20:36:35	1.113
  +++ mod_include.c	1999/05/05 17:46:07	1.114
  @@ -1045,35 +1045,41 @@
   static int find_file(request_rec *r, const char *directive, const char *tag,
                        char *tag_val, struct stat *finfo, const char *error)
   {
  -    char *to_send;
  -    request_rec *rr;
  +    char *to_send = tag_val;
  +    request_rec *rr = NULL;
       int ret=0;
  +    char *error_fmt = NULL;
   
       if (!strcmp(tag, "file")) {
  -        ap_getparents(tag_val);    /* get rid of any nasties */
  -        
  -        rr = ap_sub_req_lookup_file(tag_val, r);
  +        /* be safe; only files in this directory or below allowed */
  +        if (!is_only_below(tag_val)) {
  +            error_fmt = "unable to access file \"%s\" "
  +                        "in parsed file %s";
  +        }
  +        else {
  +            ap_getparents(tag_val);    /* get rid of any nasties */
  +            rr = ap_sub_req_lookup_file(tag_val, r);
   
  -        if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
  -            to_send = rr->filename;
  -            if ((ret = stat(to_send, finfo)) == -1) {
  -                ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
  -                            "unable to get information about \"%s\" "
  -                            "in parsed file %s",
  -                            to_send, r->filename);
  -                ap_rputs(error, r);
  +            if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
  +                to_send = rr->filename;
  +                if (stat(to_send, finfo)) {
  +                    error_fmt = "unable to get information about \"%s\" "
  +                                "in parsed file %s";
  +                }
  +            }
  +            else {
  +                error_fmt = "unable to lookup information about \"%s\" "
  +                            "in parsed file %s";
               }
           }
  -        else {
  +
  +        if (error_fmt) {
               ret = -1;
  -            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
  -                        "unable to lookup information about \"%s\" "
  -                        "in parsed file %s",
  -                        tag_val, r->filename);
  +            ap_log_rerror(APLOG_MARK, APLOG_ERR, r, error_fmt, to_send, r->filename);
               ap_rputs(error, r);
           }
  -        
  -        ap_destroy_sub_req(rr);
  +
  +        if (rr) ap_destroy_sub_req(rr);
           
           return ret;
       }
  
  
  

Mime
View raw message