httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/mappers mod_dir.c
Date Sun, 15 Aug 2004 21:59:58 GMT
nd          2004/08/15 14:59:58

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               docs/manual/mod Tag: APACHE_2_0_BRANCH mod_dir.xml
               modules/mappers Tag: APACHE_2_0_BRANCH mod_dir.c
  Log:
  make trailing-slash-behaviour configurable
  
  Reviewed by: Justin Erenkrantz, Jeff Trawick
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.318 +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.317
  retrieving revision 1.988.2.318
  diff -u -u -r1.988.2.317 -r1.988.2.318
  --- CHANGES	15 Aug 2004 21:35:14 -0000	1.988.2.317
  +++ CHANGES	15 Aug 2004 21:59:56 -0000	1.988.2.318
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0.51
   
  +  *) mod_dir: the trailing-slash behaviour is now configurable using the
  +     DirectorySlash directive.  [André Malo]
  +
     *) Allow proxying of resources that are invoked via DirectoryIndex.
        PR 14648, 15112, 29961.  [André Malo]
   
  
  
  
  1.751.2.980 +1 -6      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.979
  retrieving revision 1.751.2.980
  diff -u -u -r1.751.2.979 -r1.751.2.980
  --- STATUS	15 Aug 2004 21:35:15 -0000	1.751.2.979
  +++ STATUS	15 Aug 2004 21:59:57 -0000	1.751.2.980
  @@ -152,11 +152,6 @@
          <http://www.apache.org/~clar/detach-addrspace_APR_0_9.patch>
          +1: jjclar, bnicholes
   
  -    *) mod_dir: Backport DirectorySlash directive to work around problems
  -       with <Location>-SetHandler combinations and trailing slash redirects.
  -         modules/mappers/mod_dir.c: r1.48
  -       +1: nd, jerenkrantz, trawick
  -
       *) mod_ssl: Remove some unused functions (after CAN-2004-0488 fix is applied)
          http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_util.c?r1=1.46&r2=1.47
          +1: jorton
  
  
  
  No                   revision
  No                   revision
  1.4.2.5   +55 -1     httpd-2.0/docs/manual/mod/mod_dir.xml
  
  Index: mod_dir.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_dir.xml,v
  retrieving revision 1.4.2.4
  retrieving revision 1.4.2.5
  diff -u -u -r1.4.2.4 -r1.4.2.5
  --- mod_dir.xml	17 Apr 2004 18:43:37 -0000	1.4.2.4
  +++ mod_dir.xml	15 Aug 2004 21:59:57 -0000	1.4.2.5
  @@ -96,4 +96,58 @@
   </usage>
   </directivesynopsis>
   
  +<directivesynopsis>
  +<name>DirectorySlash</name>
  +<description>Toggle trailing slash redirects on or off</description>
  +<syntax>DirectorySlash On|Off</syntax>
  +<default>DirectorySlash On</default>
  +<contextlist><context>server config</context><context>virtual host</context>
  +<context>directory</context><context>.htaccess</context></contextlist>
  +<override>Indexes</override>
  +<compatibility>Available in version 2.1 and later</compatibility>
  +
  +<usage>
  +    <p>The <directive>DirectorySlash</directive> directive determines,
whether
  +    <module>mod_dir</module> should fixup URLs pointing to a directory or
  +    not.</p>
  +
  +    <p>Typically if a user requests a resource without a trailing slash, which
  +    points to a directory, <module>mod_dir</module> redirects him to the same
  +    ressource, but <em>with</em> trailing slash for some good reasons:</p>
  +
  +    <ul>
  +    <li>The user is finally requesting the canonical URL of the resource</li>
  +    <li><module>mod_autoindex</module> works correctly. Since it doesn't
emit
  +    the path in the link, it would point to the wrong path.</li>
  +    <li><directive module="mod_dir">DirectoryIndex</directive> will be
evaluated
  +    <em>only</em> for directories requested with trailing slash.</li>
  +    <li>Relative URL references inside html pages will work correctly.</li>
  +    </ul>
  +
  +    <p>Well, if you don't want this effect <em>and</em> the reasons above
don't
  +    apply to you, you can turn off the redirect with:</p>
  +
  +    <example>
  +        # see security warning below!<br />
  +        &lt;Location /some/path&gt;<br />
  +        <indent>
  +            DirectorySlash Off<br />
  +            SetHandler some-handler<br />
  +        </indent>
  +        &lt;/Location&gt;
  +    </example>
  +
  +    <note type="warning"><title>Security Warning</title>
  +    <p>Turning off the trailing slash redirect may result in an information
  +    disclosure. Consider a situation where <module>mod_autoindex</module> is
  +    active (<code>Options +Indexes</code>) and <directive module="mod_dir"
  +    >DirectoryIndex</directive> is set to a valid resource (say,
  +    <code>index.html</code>) and there's no other special handler defined for
  +    that URL. In this case a request with a trailing slash would show the
  +    <code>index.html</code> file. <strong>But a request without trailing
slash
  +    would list the directory contents</strong>.</p>
  +    </note>
  +</usage>
  +</directivesynopsis>
  +
   </modulesynopsis>
  
  
  
  No                   revision
  No                   revision
  1.41.2.6  +27 -3     httpd-2.0/modules/mappers/mod_dir.c
  
  Index: mod_dir.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_dir.c,v
  retrieving revision 1.41.2.5
  retrieving revision 1.41.2.6
  diff -u -u -r1.41.2.5 -r1.41.2.6
  --- mod_dir.c	15 Aug 2004 21:35:18 -0000	1.41.2.5
  +++ mod_dir.c	15 Aug 2004 21:59:57 -0000	1.41.2.6
  @@ -30,8 +30,15 @@
   
   module AP_MODULE_DECLARE_DATA dir_module;
   
  +typedef enum {
  +    SLASH_OFF = 0,
  +    SLASH_ON,
  +    SLASH_UNSET
  +} slash_cfg;
  +
   typedef struct dir_config_struct {
       apr_array_header_t *index_names;
  +    slash_cfg do_slash;
   } dir_config_rec;
   
   #define DIR_CMD_PERMS OR_INDEXES
  @@ -47,10 +54,20 @@
       return NULL;
   }
   
  +static const char *configure_slash(cmd_parms *cmd, void *d_, int arg)
  +{
  +    dir_config_rec *d = d_;
  +
  +    d->do_slash = arg ? SLASH_ON : SLASH_OFF;
  +    return NULL;
  +}
  +
   static const command_rec dir_cmds[] =
   {
       AP_INIT_ITERATE("DirectoryIndex", add_index, NULL, DIR_CMD_PERMS,
                       "a list of file names"),
  +    AP_INIT_FLAG("DirectorySlash", configure_slash, NULL, DIR_CMD_PERMS,
  +                 "On or Off"),
       {NULL}
   };
   
  @@ -59,6 +76,7 @@
       dir_config_rec *new = apr_pcalloc(p, sizeof(dir_config_rec));
   
       new->index_names = NULL;
  +    new->do_slash = SLASH_UNSET;
       return (void *) new;
   }
   
  @@ -69,6 +87,8 @@
       dir_config_rec *add = (dir_config_rec *)addv;
   
       new->index_names = add->index_names ? add->index_names : base->index_names;
  +    new->do_slash =
  +        (add->do_slash == SLASH_UNSET) ? base->do_slash : add->do_slash;
       return new;
   }
   
  @@ -95,11 +115,18 @@
           return DECLINED;
       }
   
  +    d = (dir_config_rec *)ap_get_module_config(r->per_dir_config,
  +                                               &dir_module);
  +
       /* Redirect requests that are not '/' terminated */
       if (r->uri[0] == '\0' || r->uri[strlen(r->uri) - 1] != '/') 
       {
           char *ifile;
   
  +        if (!d->do_slash) {
  +            return DECLINED;
  +        }
  +
           /* Only redirect non-get requests if we have no note to warn
            * that this browser cannot handle redirs on non-GET requests 
            * (such as Microsoft's WebFolders). 
  @@ -126,9 +153,6 @@
       if (strcmp(r->handler, DIR_MAGIC_TYPE)) {
           return DECLINED;
       }
  -
  -    d = (dir_config_rec *)ap_get_module_config(r->per_dir_config,
  -                                               &dir_module);
   
       if (d->index_names) {
           names_ptr = (char **)d->index_names->elts;
  
  
  

Mime
View raw message