httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r686789 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS docs/ docs/manual/mod/mod_rewrite.xml modules/mappers/mod_rewrite.c support/ab.c support/suexec.c
Date Mon, 18 Aug 2008 15:39:37 GMT
Author: jim
Date: Mon Aug 18 08:39:36 2008
New Revision: 686789

URL: http://svn.apache.org/viewvc?rev=686789&view=rev
Log:
Merge r647395, r660461, r660566, r664330 from trunk:

* Allow Cookie option to set secure and HttpOnly flags

PR: 44799
Submitted by: Christian Wenz <christian wenz.org>
Reviewed by: rpluem



* Handle the case that secure is NULL


* Make setting of HttpOnly flag more explicit.


* Allow HttpOnly, 1 and true to enable HttpOnly, allow secure, 1 and true
  to enable secure.

Submitted by: rpluem
Reviewed by: jim

Modified:
    httpd/httpd/branches/2.2.x/   (props changed)
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/docs/   (props changed)
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.xml
    httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c
    httpd/httpd/branches/2.2.x/support/ab.c   (props changed)
    httpd/httpd/branches/2.2.x/support/suexec.c   (props changed)

Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 18 08:39:36 2008
@@ -1 +1 @@
-/httpd/httpd/trunk:678761,682369,683626,685112
+/httpd/httpd/trunk:647395,660461,660566,664330,678761,682369,683626,685112

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=686789&r1=686788&r2=686789&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Mon Aug 18 08:39:36 2008
@@ -5,6 +5,9 @@
      mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
      the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
 
+  *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
+     PR 44799 [Christian Wenz <christian wenz.org>]
+
   *) mod_ssl: Rewrite shmcb to avoid memory alignment issues.  PR 42101.
      [Geoff Thorpe]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=686789&r1=686788&r2=686789&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Aug 18 08:39:36 2008
@@ -90,17 +90,6 @@
    http://svn.apache.org/viewvc?rev=639010&view=rev (mmn)
    +1: niq, rpluem, mturk
 
- * mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
-   PR 44799
-   Trunk version of patch:
-         http://svn.apache.org/viewvc?rev=647395&view=rev
-         http://svn.apache.org/viewvc?rev=660461&view=rev
-         http://svn.apache.org/viewvc?rev=660566&view=rev
-         http://svn.apache.org/viewvc?rev=664330&view=rev
-   Backport version for 2.2.x of patch:
-         Trunk version of patch works
-   +1: rpluem, niq, jim
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

Propchange: httpd/httpd/branches/2.2.x/docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 18 08:39:36 2008
@@ -1 +1 @@
-/httpd/httpd/trunk/docs:675610,678761,682369,683626,685112
+/httpd/httpd/trunk/docs:647395,660461,660566,664330,675610,678761,682369,683626,685112

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.xml?rev=686789&r1=686788&r2=686789&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_rewrite.xml Mon Aug 18 08:39:36 2008
@@ -1230,14 +1230,18 @@
         when you let an external redirect happen (where the
         ``<code>.www</code>'' part should not occur!).</dd>
 
-        <dt>'<code>cookie|CO=</code><em>NAME</em>:<em>VAL</em>:<em>domain</em>[:<em>lifetime</em>[:<em>path</em>]]'
+        <dt>'<code>cookie|CO=</code><em>NAME</em>:<em>VAL</em>:<em>domain</em>[:<em>lifetime</em>[:<em>path</em>[:<em>secure</em>[:<em>httponly</em>]]]]'
         (set cookie)</dt><dd>
         This sets a cookie in the client's browser.  The cookie's name
         is specified by <em>NAME</em> and the value is
         <em>VAL</em>. The <em>domain</em> field is the domain of
the
         cookie, such as '.apache.org', the optional <em>lifetime</em>
-	is the lifetime of the cookie in minutes, and the optional 
-	<em>path</em> is the path of the cookie</dd>
+        is the lifetime of the cookie in minutes, and the optional 
+        <em>path</em> is the path of the cookie. If <em>secure</em>
+        is set to 'secure', 'true' or '1', the cookie is only transmitted via secured
+        connections. If <em>httponly</em> is set to 'HttpOnly', 'true' or '1',
the
+        <code>HttpOnly</code> flag is used, making the cookie not accessible
+        to JavaScript code on browsers that support this feature.</dd>
 
         <dt>
         '<code>env|E=</code><em>VAR</em>:<em>VAL</em>'

Modified: httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c?rev=686789&r1=686788&r2=686789&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c Mon Aug 18 08:39:36 2008
@@ -2339,6 +2339,8 @@
     char *domain;
     char *expires;
     char *path;
+    char *secure;
+    char *httponly;
 
     char *tok_cntx;
     char *cookie;
@@ -2363,6 +2365,8 @@
 
             expires = apr_strtok(NULL, ":", &tok_cntx);
             path = expires ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
+            secure = path ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
+            httponly = secure ? apr_strtok(NULL, ":", &tok_cntx) : NULL;
 
             if (expires) {
                 apr_time_exp_t tms;
@@ -2383,6 +2387,16 @@
                                  "; domain=", domain,
                                  expires ? "; expires=" : NULL,
                                  expires ? exp_time : NULL,
+                                 (secure && (!strcasecmp(secure, "true")
+                                             || !strcmp(secure, "1")
+                                             || !strcasecmp(secure,
+                                                            "secure"))) ?
+                                  "; secure" : NULL,
+                                 (httponly && (!strcasecmp(httponly, "true")
+                                               || !strcmp(httponly, "1")
+                                               || !strcasecmp(httponly,
+                                                              "HttpOnly"))) ?
+                                  "; HttpOnly" : NULL,
                                  NULL);
 
             apr_table_addn(rmain->err_headers_out, "Set-Cookie", cookie);

Propchange: httpd/httpd/branches/2.2.x/support/ab.c
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 18 08:39:36 2008
@@ -1 +1 @@
-/httpd/httpd/trunk/support/ab.c:83751-655654,657433,678761,682369,683626,685112
+/httpd/httpd/trunk/support/ab.c:83751-655654,657433,660461,660566,664330,678761,682369,683626,685112

Propchange: httpd/httpd/branches/2.2.x/support/suexec.c
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Aug 18 08:39:36 2008
@@ -1 +1 @@
-/httpd/httpd/trunk/support/suexec.c:655711,678761,682369,683626,685112
+/httpd/httpd/trunk/support/suexec.c:647395,655711,660461,660566,664330,678761,682369,683626,685112



Mime
View raw message