httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/mappers mod_rewrite.c
Date Mon, 12 Jan 2004 02:02:11 GMT
nd          2004/01/11 18:02:11

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               modules/mappers Tag: APACHE_2_0_BRANCH mod_rewrite.c
  Log:
  cause a lookup failure of external rewrite maps, if the key contains a \n
  
  PR: 14453
  Reviewed by: Jeff Trawick, Justin Erenkrantz
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.212 +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.211
  retrieving revision 1.988.2.212
  diff -u -u -r1.988.2.211 -r1.988.2.212
  --- CHANGES	12 Jan 2004 00:59:02 -0000	1.988.2.211
  +++ CHANGES	12 Jan 2004 02:02:10 -0000	1.988.2.212
  @@ -1,5 +1,9 @@
   Changes with Apache 2.0.49
   
  +  *) mod_rewrite: In external rewrite maps lookup keys containing
  +     a newline now cause a lookup failure. PR 14453.
  +     [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
  +
     *) Backport major overhaul of mod_include's filter parser from 2.1.
        The new parser code is expected to be more robust and should
        catch all of the edge cases that were not handled by the previous one.
  
  
  
  1.751.2.623 +1 -12     httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.622
  retrieving revision 1.751.2.623
  diff -u -u -r1.751.2.622 -r1.751.2.623
  --- STATUS	12 Jan 2004 00:59:02 -0000	1.751.2.622
  +++ STATUS	12 Jan 2004 02:02:10 -0000	1.751.2.623
  @@ -270,17 +270,6 @@
                      else.  BTW, clever use of NULL terms (or lack of).  ;-)
         +1: nd, trawick, jerenkrantz
   
  -    * mod_rewrite: cause a lookup failure in external rewrite maps if
  -      the key contains a newline. PR 14453. (2.0 + 1.3)
  -        modules/mappers/mod_rewrite.c: r1.199
  -      jerenkrantz: Okay by me, but perhaps we should just escape the \n?
  -                   Wouldn't ignoring the rewrite here do something bad tho?
  -                   (Am not backporting.)
  -      nd: If the user/admin wants to escape, he can use the internal escape
  -          map. Additionally not escaping \n is (more or less) backwards
  -          compatible, because it always failed (the map got out of sync).
  -      +1: nd, trawick, jerenkrantz
  -
       * mod_ssl: fix a link failure when the openssl-engine libraries are
         present but the engine headers are missing.
           modules/ssl/mod_ssl.c: r1.87
  
  
  
  No                   revision
  No                   revision
  1.135.2.21 +7 -2      httpd-2.0/modules/mappers/mod_rewrite.c
  
  Index: mod_rewrite.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_rewrite.c,v
  retrieving revision 1.135.2.20
  retrieving revision 1.135.2.21
  diff -u -u -r1.135.2.20 -r1.135.2.21
  --- mod_rewrite.c	1 Jan 2004 13:30:40 -0000	1.135.2.20
  +++ mod_rewrite.c	12 Jan 2004 02:02:11 -0000	1.135.2.21
  @@ -3240,11 +3240,16 @@
        * context then the rewritemap-programs were not spawned.
        * In this case using such a map (usually in per-dir context)
        * is useless because it is not available.
  +     *
  +     * newlines in the key leave bytes in the pipe and cause
  +     * bad things to happen (next map lookup will use the chars
  +     * after the \n instead of the new key etc etc - in other words,
  +     * the Rewritemap falls out of sync with the requests).
        */
  -    if (fpin == NULL || fpout == NULL) {
  +    if (fpin == NULL || fpout == NULL || ap_strchr(key, '\n')) {
           return NULL;
       }
  -
  + 
       /* take the lock */
   
       if (rewrite_mapr_lock_acquire) {
  
  
  

Mime
View raw message