httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1302665 - in /httpd/httpd/trunk: CHANGES docs/log-message-tags/next-number server/core.c
Date Mon, 19 Mar 2012 21:34:03 GMT
Author: sf
Date: Mon Mar 19 21:34:03 2012
New Revision: 1302665

URL: http://svn.apache.org/viewvc?rev=1302665&view=rev
Log:
Disallow directives in AllowOverrideList which are only allowed
in VirtualHost or server context. These are usually not prepared to be
called in .htaccess files.


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/log-message-tags/next-number
    httpd/httpd/trunk/server/core.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1302665&r1=1302664&r2=1302665&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Mar 19 21:34:03 2012
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: Disallow directives in AllowOverrideList which are only allowed
+     in VirtualHost or server context. These are usually not prepared to be
+     called in .htaccess files. [Stefan Fritsch]
+
   *) core: In AllowOverrideList, do not allow 'None' together with other
      directives. PR 52823. [Stefan Fritsch]
 

Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1302665&r1=1302664&r2=1302665&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Mon Mar 19 21:34:03 2012
@@ -1 +1 @@
-2304
+2305

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1302665&r1=1302664&r2=1302665&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Mon Mar 19 21:34:03 2012
@@ -1681,14 +1681,25 @@ static const char *set_override_list(cmd
             const command_rec *result = NULL;
             module *mod = ap_top_module;
             result = ap_find_command_in_modules(argv[i], &mod);
-            if (result)
-                apr_table_set(d->override_list, argv[i], "1");
-            else
+            if (result == NULL) {
                 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
                              APLOGNO(00116) "Discarding unrecognized "
                              "directive `%s' in AllowOverrideList at %s:%d",
                              argv[i], cmd->directive->filename,
                              cmd->directive->line_num);
+                continue;
+            }
+            else if ((result->req_override & (OR_ALL|ACCESS_CONF)) == 0) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
+                             APLOGNO(02304) "Discarding directive `%s' not "
+                             "allowed in AllowOverrideList at %s:%d",
+                             argv[i], cmd->directive->filename,
+                             cmd->directive->line_num);
+                continue;
+            }
+            else {
+                apr_table_set(d->override_list, argv[i], "1");
+            }
         }
     }
 



Mime
View raw message