httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1374253 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS server/util.c
Date Fri, 17 Aug 2012 13:46:25 GMT
Author: jim
Date: Fri Aug 17 13:46:24 2012
New Revision: 1374253

URL: http://svn.apache.org/viewvc?rev=1374253&view=rev
Log:
http://people.apache.org/~rjung/patches/x-www-form-urlencoded-content-type-checking.patch

Modified:
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/server/util.c

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1374253&r1=1374252&r2=1374253&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Aug 17 13:46:24 2012
@@ -10,6 +10,11 @@ Changes with Apache 2.4.3
   *) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
      authorization provider in lua. [Stefan Fritsch]
 
+  *) core: Be less strict when checking whether Content-Type is set to 
+     "application/x-www-form-urlencoded" when parsing POST data, 
+     or we risk losing data with an appended charset. PR 53698
+     [Petter Berntsen <petterb gmail.com>]
+
   *) httpd.conf: Added configuration directives to set a bad_DNT environment
      variable based on User-Agent and to remove the DNT header field from
      incoming requests when a match occurs. This currently has the effect of

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1374253&r1=1374252&r2=1374253&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Fri Aug 17 13:46:24 2012
@@ -88,21 +88,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * core: make ap_parse_form_data less strict when checking for a correct 
-           Content-Type header when parsing POST, or we risk losing valid 
-           data with an appended charset.
-     Submitted by: Petter Berntsen <petterb gmail com>
-     (Changed since the original commit, hence the long list of revisions)
-     PR: 53698
-     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1372054
-                  http://svn.apache.org/viewvc?view=revision&revision=1372055
-                  http://svn.apache.org/viewvc?view=revision&revision=1372305
-                  http://svn.apache.org/viewvc?view=revision&revision=1372349
-                  http://svn.apache.org/viewvc?view=revision&revision=1372419
-     2.4.x patch: http://people.apache.org/~rjung/patches/x-www-form-urlencoded-content-type-checking.patch
-     +1: humbedooh, rjung, jim
-     rjung: I added a combined 2.4.x patch for convenience, because the change
-            is only one line
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.4.x/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/util.c?rev=1374253&r1=1374252&r2=1374253&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/util.c (original)
+++ httpd/httpd/branches/2.4.x/server/util.c Fri Aug 17 13:46:24 2012
@@ -2393,7 +2393,7 @@ AP_DECLARE(int) ap_parse_form_data(reque
 
     /* sanity check - we only support forms for now */
     ct = apr_table_get(r->headers_in, "Content-Type");
-    if (!ct || strcmp("application/x-www-form-urlencoded", ct)) {
+    if (!ct || strncasecmp("application/x-www-form-urlencoded", ct, 33)) {
         return ap_discard_request_body(r);
     }
 



Mime
View raw message