httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r773352 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/filters/mod_include.c
Date Sun, 10 May 2009 15:09:45 GMT
Author: rpluem
Date: Sun May 10 15:09:45 2009
New Revision: 773352

URL: http://svn.apache.org/viewvc?rev=773352&view=rev
Log:
Merge r757376 from trunk:

Prevent a case of SSI timefmt-smashing with filter chains including
multiple INCLUDES filters:

* modules/filters/mod_include.c (add_include_vars): Drop unused
  timefmt argument.
  (add_include_vars_lazy): Take timefmt argument.
  (get_include_var, handle_printenv): Pass time format from context.

PR: 39369

Submitted by: jorton
Reviewed by: rpluem, jim, wrowe

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/filters/mod_include.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=773352&r1=773351&r2=773352&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sun May 10 15:09:45 2009
@@ -5,6 +5,9 @@
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
 
+  *) mod_include: Prevent a case of SSI timefmt-smashing with filter chains
+     including multiple INCLUDES filters. PR 39369 [Joe Orton]
+
   *) mod_rewrite: When evaluating a proxy rule in directory context, do
      escape the filename by default. PR 46428 [Joe Orton]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=773352&r1=773351&r2=773352&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sun May 10 15:09:45 2009
@@ -87,14 +87,6 @@
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
- * mod_include: Prevent a case of SSI timefmt-smashing with filter chains
-   including multiple INCLUDES filters
-   Trunk version of patch:
-      http://svn.apache.org/viewvc?rev=757376&view=rev
-   Backport version for 2.2.x of patch:
-      Trunk version of patch works
-   +1: rpluem, jim, wrowe
-
  * mod_negotiation: Escape pathes of filenames in 406 responses to avoid
    HTML injections and HTTP response splitting
    Trunk version of patch:

Modified: httpd/httpd/branches/2.2.x/modules/filters/mod_include.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/filters/mod_include.c?rev=773352&r1=773351&r2=773352&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/filters/mod_include.c (original)
+++ httpd/httpd/branches/2.2.x/modules/filters/mod_include.c Sun May 10 15:09:45 2009
@@ -580,7 +580,7 @@
     *p = '\0';
 }
 
-static void add_include_vars(request_rec *r, const char *timefmt)
+static void add_include_vars(request_rec *r)
 {
     apr_table_t *e = r->subprocess_env;
     char *t;
@@ -608,26 +608,17 @@
     }
 }
 
-static const char *add_include_vars_lazy(request_rec *r, const char *var)
+static const char *add_include_vars_lazy(request_rec *r, const char *var, const char *timefmt)
 {
     char *val;
     if (!strcasecmp(var, "DATE_LOCAL")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 0);
+        val = ap_ht_time(r->pool, r->request_time, timefmt, 0);
     }
     else if (!strcasecmp(var, "DATE_GMT")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 1);
+        val = ap_ht_time(r->pool, r->request_time, timefmt, 1);
     }
     else if (!strcasecmp(var, "LAST_MODIFIED")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->finfo.mtime, conf->default_time_fmt, 0);
+        val = ap_ht_time(r->pool, r->finfo.mtime, timefmt, 0);
     }
     else if (!strcasecmp(var, "USER_NAME")) {
         if (apr_uid_name_get(&val, r->finfo.user, r->pool) != APR_SUCCESS) {
@@ -684,7 +675,7 @@
         val = apr_table_get(r->subprocess_env, var);
 
         if (val == LAZY_VALUE) {
-            val = add_include_vars_lazy(r, var);
+            val = add_include_vars_lazy(r, var, ctx->time_str);
         }
     }
 
@@ -2424,7 +2415,7 @@
         /* get value */
         val_text = elts[i].val;
         if (val_text == LAZY_VALUE) {
-            val_text = add_include_vars_lazy(r, elts[i].key);
+            val_text = add_include_vars_lazy(r, elts[i].key, ctx->time_str);
         }
         val_text = ap_escape_html(ctx->dpool, elts[i].val);
         v_len = strlen(val_text);
@@ -3609,7 +3600,7 @@
          * environment */
         ap_add_common_vars(r);
         ap_add_cgi_vars(r);
-        add_include_vars(r, conf->default_time_fmt);
+        add_include_vars(r);
     }
     /* Always unset the content-length.  There is no way to know if
      * the content will be modified at some point by send_parsed_content.



Mime
View raw message