httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From iga...@apache.org
Subject svn commit: r1053375 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/core.xml server/core.c
Date Tue, 28 Dec 2010 15:56:46 GMT
Author: igalic
Date: Tue Dec 28 15:56:46 2010
New Revision: 1053375

URL: http://svn.apache.org/viewvc?rev=1053375&view=rev
Log:
Applying patch from PR 33078 (with slight changes to its return values)
This patch disallows the mixing of relative (+/-) and absolute Options where insensible.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/manual/mod/core.xml
    httpd/httpd/trunk/server/core.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1053375&r1=1053374&r2=1053375&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 28 15:56:46 2010
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.11
 
+  *) core: Disallow the mixing of relative and absolute Options PR 33708.
+     [Sönke Tesch <st kino-fahrplan.de>]
+
   *) core: When exporting request headers to HTTP_* environment variables,
      drop variables whose names contain invalid characters. Describe in the
      docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]

Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1053375&r1=1053374&r2=1053375&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml Tue Dec 28 15:56:46 2010
@@ -3016,10 +3016,10 @@ directory</description>
     <code>-</code> are removed from the options currently in
     force. </p>
 
-    <note type="warning"><title>Warning</title>
+    <note><title>Note</title>
     <p>Mixing <directive>Options</directive> with a <code>+</code>
or
-    <code>-</code> with those without is not valid syntax, and is likely
-    to cause unexpected results.</p>
+    <code>-</code> with those without is not valid syntax, and will be
+    rejected during server startup by the syntax check with an abort.</p>
     </note>
 
     <p>For example, without any <code>+</code> and <code>-</code>
symbols:</p>

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1053375&r1=1053374&r2=1053375&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Tue Dec 28 15:56:46 2010
@@ -1409,6 +1409,8 @@ static const char *set_options(cmd_parms
     core_dir_config *d = d_;
     allow_options_t opt;
     int first = 1;
+    int merge = 0;
+    int all_none = 0;
     char action;
 
     while (l[0]) {
@@ -1417,10 +1419,16 @@ static const char *set_options(cmd_parms
 
         if (*w == '+' || *w == '-') {
             action = *(w++);
+            if (!merge && !first && !all_none) {
+                return "Either all Options must start with + or -, or no Option may.";
+            }
+            merge = 1;
         }
         else if (first) {
             d->opts = OPT_NONE;
-            first = 0;
+        }
+        else if (merge) {
+            return "Either all Options must start with + or -, or no Option may.";
         }
 
         if (!strcasecmp(w, "Indexes")) {
@@ -1448,10 +1456,24 @@ static const char *set_options(cmd_parms
             opt = OPT_MULTI|OPT_EXECCGI;
         }
         else if (!strcasecmp(w, "None")) {
+            if (!first) {
+                return "'Options None' must be the first Option given.";
+            }
+            else if (merge) { /* Only works since None may not follow any other option. */
+                return "You may not use 'Options +None' or 'Options -None'.";
+            }
             opt = OPT_NONE;
+            all_none = 1;
         }
         else if (!strcasecmp(w, "All")) {
+            if (!first) {
+                return "'Options All' must be the first option given.";
+            }
+            else if (merge) { /* Only works since All may not follow any other option. */
+                return "You may not use 'Options +All' or 'Options -All'.";
+            }
             opt = OPT_ALL;
+            all_none = 1;
         }
         else {
             return apr_pstrcat(cmd->pool, "Illegal option ", w, NULL);
@@ -1474,6 +1496,8 @@ static const char *set_options(cmd_parms
         else {
             d->opts |= opt;
         }
+
+        first = 0;
     }
 
     return NULL;



Mime
View raw message