httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/generators mod_autoindex.c
Date Sun, 02 Mar 2003 18:06:17 GMT
nd          2003/03/02 10:06:16

  Modified:    .        CHANGES
               modules/generators mod_autoindex.c
  Log:
  Unescape the supplied wildcard pattern. Otherwise the pattern will
  not always match as desired. In order to be correct and safe, the
  pattern will be re-escaped for output.
  
  PR: 12596
  
  Revision  Changes    Path
  1.1102    +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1101
  retrieving revision 1.1102
  diff -u -r1.1101 -r1.1102
  --- CHANGES	2 Mar 2003 17:15:41 -0000	1.1101
  +++ CHANGES	2 Mar 2003 18:06:16 -0000	1.1102
  @@ -2,6 +2,10 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
  +     the pattern will not always match as desired. PR 12596.
  +     [André Malo]
  +
     *) mod_autoindex now emits and accepts modern query string parameter
        delimiters (;). Thus column headers no longer contain unescaped
        ampersands. PR 10880  [André Malo]
  
  
  
  1.119     +19 -12    httpd-2.0/modules/generators/mod_autoindex.c
  
  Index: mod_autoindex.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/generators/mod_autoindex.c,v
  retrieving revision 1.118
  retrieving revision 1.119
  diff -u -r1.118 -r1.119
  --- mod_autoindex.c	2 Mar 2003 17:28:34 -0000	1.118
  +++ mod_autoindex.c	2 Mar 2003 18:06:16 -0000	1.119
  @@ -2002,7 +2002,7 @@
           colargs = "";
       }
       else {
  -        char fval[5], vval[5], *ppre = "";
  +        char fval[5], vval[5], *ppre = "", *epattern = "";
           fval[0] = '\0'; vval[0] = '\0';
           qstring = r->args;
   
  @@ -2065,26 +2065,33 @@
   
               /* P= wildcard pattern (*.foo) */
               else if (qstring[0] == 'P' && qstring[1] == '=') {
  -                const char *eos = qstring + 2;
  +                const char *eos = qstring += 2; /* for efficiency */
   
                   while (*eos && *eos != '&' && *eos != ';') {
                       ++eos;
                   }
   
  -                if (*eos) {
  -                    pstring = apr_pstrndup(r->pool, qstring + 2,
  -                                           eos - qstring - 2);
  -                    qstring = eos + 1;
  +                if (eos == qstring) {
  +                    pstring = NULL;
                   }
                   else {
  -                    pstring = apr_pstrdup(r->pool, qstring + 2);
  -                    qstring = NULL;
  +                    pstring = apr_pstrndup(r->pool, qstring, eos - qstring);
  +                    if (ap_unescape_url(pstring) != OK) {
  +                        /* ignore the pattern, if it's bad. */
  +                        pstring = NULL;
  +                    }
  +                    else {
  +                        ppre = ";P=";
  +                        /* be correct */
  +                        epattern = ap_escape_uri(r->pool, pstring);
  +                    }
                   }
  -                if (*pstring) {
  -                    ppre = ";P=";
  +
  +                if (*eos && *++eos) {
  +                    qstring = eos;
                   }
                   else {
  -                    pstring = NULL;
  +                    qstring = NULL;
                   }
               }
   
  @@ -2093,7 +2100,7 @@
                   qstring = NULL;
               }
           }
  -        colargs = apr_pstrcat(r->pool, fval, vval, ppre, pstring, NULL);
  +        colargs = apr_pstrcat(r->pool, fval, vval, ppre, epattern, NULL);
       }
   
       /* Spew HTML preamble */
  
  
  

Mime
View raw message