httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/mappers mod_rewrite.c
Date Thu, 31 Jul 2003 22:58:58 GMT
nd          2003/07/31 15:58:58

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               modules/mappers Tag: APACHE_2_0_BRANCH mod_rewrite.c
  Log:
  Ignore RewriteRules in .htaccess files if the directory
  containing the .htaccess file is requested without a trailing slash.
  
  PR:	20195
  Reviewed by:    Justin Erenkrantz, Jeff Trawick
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.144 +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.143
  retrieving revision 1.988.2.144
  diff -u -r1.988.2.143 -r1.988.2.144
  --- CHANGES	31 Jul 2003 20:23:20 -0000	1.988.2.143
  +++ CHANGES	31 Jul 2003 22:58:57 -0000	1.988.2.144
  @@ -1,5 +1,9 @@
   Changes with Apache 2.0.48
   
  +  *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
  +     containing the .htaccess file is requested without a trailing slash.
  +     PR 20195.  [André Malo]
  +
     *) ab: Overlong credentials given via command line no longer clobber
        the buffer.  [André Malo]
   
  
  
  
  1.751.2.406 +1 -10     httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.405
  retrieving revision 1.751.2.406
  diff -u -r1.751.2.405 -r1.751.2.406
  --- STATUS	31 Jul 2003 20:23:20 -0000	1.751.2.405
  +++ STATUS	31 Jul 2003 22:58:57 -0000	1.751.2.406
  @@ -257,15 +257,6 @@
           modules/generators/mod_autoindex.c r1.120
         +1: nd, trawick
   
  -    * Ignore RewriteRules in .htaccess files if the directory
  -      containing the .htaccess file is requested without a trailing slash.
  -      PR 20195.
  -        modules/mappers/mod_rewrite.c: r1.156, 1.168
  -      jerenkrantz says: We're doing 3 strlen's on the same value, can we please
  -                        clean that up?
  -            nd replies: of course ..., 1.168 does.
  -      +1: nd, jerenkrantz, trawick
  -
       * ab: Handle conditions where connect() on non-blocking socket
         doesn't complete immediately (i.e., restore functionality when
         benchmarking non-local targets).  This doesn't resolve some
  
  
  
  No                   revision
  No                   revision
  1.135.2.14 +13 -1     httpd-2.0/modules/mappers/mod_rewrite.c
  
  Index: mod_rewrite.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_rewrite.c,v
  retrieving revision 1.135.2.13
  retrieving revision 1.135.2.14
  diff -u -r1.135.2.13 -r1.135.2.14
  --- mod_rewrite.c	7 Jul 2003 19:54:54 -0000	1.135.2.13
  +++ mod_rewrite.c	31 Jul 2003 22:58:58 -0000	1.135.2.14
  @@ -1402,7 +1402,7 @@
       char *cp2;
       const char *ccp;
       char *prefix;
  -    int l;
  +    apr_size_t l;
       int rulestatus;
       int n;
       char *ofilename;
  @@ -1423,6 +1423,18 @@
       /* if there are no real (i.e. no RewriteRule directives!)
          per-dir config of us, we return also immediately */
       if (dconf->directory == NULL) {
  +        return DECLINED;
  +    }
  +
  +    /*
  +     *  .htaccess file is called before really entering the directory, i.e.:
  +     *  URL: http://localhost/foo  and .htaccess is located in foo directory
  +     *  Ignore such attempts, since they may lead to undefined behaviour.
  +     */
  +    l = strlen(dconf->directory) - 1;
  +    if (r->filename && strlen(r->filename) == l &&
  +        (dconf->directory)[l] == '/' &&
  +        !strncmp(r->filename, dconf->directory, l)) {
           return DECLINED;
       }
   
  
  
  

Mime
View raw message