httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r374895 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS server/util_script.c
Date Sat, 04 Feb 2006 17:45:55 GMT
Author: niq
Date: Sat Feb  4 09:45:51 2006
New Revision: 374895

URL: http://svn.apache.org/viewcvs?rev=374895&view=rev
Log:
Fix PR#38070
Avoid server-driven negotiation when a script has sent a Status: header.

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/server/util_script.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=374895&r1=374894&r2=374895&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Feb  4 09:45:51 2006
@@ -1,6 +1,9 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.1
 
+  *) PR#38070: Avoid Server-driven negotiation when a script has
+     emitted an explicit Status: header.
+
   *) Fix to avoid feeding C99 to C++ compilers [Joe Orton]
 
   *) SECURITY: CVE-2005-3357 (cve.mitre.org)

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/STATUS?rev=374895&r1=374894&r2=374895&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat Feb  4 09:45:51 2006
@@ -180,10 +180,6 @@
       +1: rpluem, niq
       NOTE: this also supersedes previous fix to PR#37790
 
-    * util_script: Fix PR#38070 - Honour a CGI Status header correctly
-      http://svn.apache.org/viewcvs?rev=370692&view=rev
-      +1: niq, colm, wrowe
-
     * Solaris build proposal; don't fail on missing .h files within
       a VPATH build, and don't test trees with -d (simply -f the
       expected files) in case a tree such as srclib/apr is actually

Modified: httpd/httpd/branches/2.2.x/server/util_script.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/server/util_script.c?rev=374895&r1=374894&r2=374895&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/util_script.c (original)
+++ httpd/httpd/branches/2.2.x/server/util_script.c Sat Feb  4 09:45:51 2006
@@ -398,6 +398,8 @@
     return 1;
 }
 
+#define HTTP_UNSET (-HTTP_OK)
+
 AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
                                        int (*getsfunc) (char *, int, void *),
                                        void *getsfunc_data)
@@ -405,7 +407,7 @@
     char x[MAX_STRING_LEN];
     char *w, *l;
     int p;
-    int cgi_status = HTTP_OK;
+    int cgi_status = HTTP_UNSET;
     apr_table_t *merge;
     apr_table_t *cookie_table;
 
@@ -466,7 +468,18 @@
         if (w[0] == '\0') {
             int cond_status = OK;
 
-            if ((cgi_status == HTTP_OK) && (r->method_number == M_GET)) {
+           /* PR#38070: This fails because it gets confused when a
+            * CGI Status header overrides ap_meets_conditions.
+            * 
+            * We can fix that by dropping ap_meets_conditions when
+            * Status has been set.  Since this is the only place
+            * cgi_status gets used, let's test it explicitly.
+            *
+            * The alternative would be to ignore CGI Status when
+            * ap_meets_conditions returns anything interesting.
+            * That would be safer wrt HTTP, but would break CGI.
+            */
+            if ((cgi_status == HTTP_UNSET) && (r->method_number == M_GET)) {
                 cond_status = ap_meets_conditions(r);
             }
             apr_table_overlap(r->err_headers_out, merge,



Mime
View raw message