Return-Path: 
 <cvs-return-32659-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 15558 invoked from network); 10 May 2009 14:47:28 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 10 May 2009 14:47:28 -0000
Received: (qmail 34402 invoked by uid 500); 10 May 2009 14:47:28 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 34331 invoked by uid 500); 10 May 2009 14:47:28 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 34322 invoked by uid 99); 10 May 2009 14:47:28 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 May 2009 14:47:28 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 May 2009 14:47:16 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id F0C4223889D0; Sun, 10 May 2009 14:46:54 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r773347 - in /httpd/test/framework/trunk/t:
 conf/include-ssi-exec.conf.in htdocs/modules/include/ssi-exec/121/
 htdocs/modules/include/ssi-exec/121/subdir/
 htdocs/modules/include/ssi-exec/121/subdir/exec.shtml
 security/CVE-2009-1195.t
Date: Sun, 10 May 2009 14:46:54 -0000
To: cvs@httpd.apache.org
From: rpluem@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20090510144654.F0C4223889D0@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: rpluem
Date: Sun May 10 14:46:54 2009
New Revision: 773347

URL: http://svn.apache.org/viewvc?rev=773347&view=rev
Log:
* Add testcase for r773322 / r773342

Added:
    httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/
    httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/
    httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml   (with props)
Modified:
    httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in
    httpd/test/framework/trunk/t/security/CVE-2009-1195.t

Modified: httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in?rev=773347&r1=773346&r2=773347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in Sun May 10 14:46:54 2009
@@ -483,5 +483,13 @@
    Options Includes
    AllowOverride None
 </Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/121">
+   Options Includes
+   AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/120/subdir">
+# Just a dummy directive that is always available to make this a valid block
+   FileETag All
+</Directory>
 
 </IfModule>

Added: httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml?rev=773347&view=auto
==============================================================================
--- httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml (added)
+++ httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml Sun May 10 14:46:54 2009
@@ -0,0 +1 @@
+<!--#exec cgi="/modules/cgi/perl.pl"-->

Propchange: httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: httpd/test/framework/trunk/t/security/CVE-2009-1195.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2009-1195.t?rev=773347&r1=773346&r2=773347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/security/CVE-2009-1195.t (original)
+++ httpd/test/framework/trunk/t/security/CVE-2009-1195.t Sun May 10 14:46:54 2009
@@ -7,7 +7,7 @@
 
 Apache::TestRequest::module('mod_include'); #use this module's port
 
-plan tests => 219;
+plan tests => 221;
 
 my $r;
 my $body;
@@ -1107,3 +1107,13 @@
 
 ok t_cmp($body, 'perl cgi', "SSI should be evaluated with exec allowed for script #120");
 
+### Test #121, context: Options Includes : AllowOverride None : No options in subdir, no .htaccess
+
+$r = GET("/modules/include/ssi-exec/121/subdir/exec.shtml");
+ok t_cmp($r->code, 200, "Options should be allowed for script #121; 200 response expected");
+
+$body = $r->content;
+chomp $body;
+
+ok t_cmp($body, 'perl cgi', "SSI should be evaluated with exec allowed for script #121");
+