httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1470940 - in /httpd/httpd/trunk: CHANGES modules/dav/main/util.c
Date Tue, 23 Apr 2013 13:14:34 GMT
Author: minfrin
Date: Tue Apr 23 13:14:34 2013
New Revision: 1470940

URL: http://svn.apache.org/r1470940
Log:
mod_dav: Make sure that when we prepare an If URL for Etag comparison,     
we compare unencoded paths. PR 53910
Patch submitted by Timothy Wood <tjw omnigroup com>
Tested by William Lewis <wiml omnigroup com>

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/dav/main/util.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1470940&r1=1470939&r2=1470940&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Apr 23 13:14:34 2013
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
+     we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]
+
   *) core, mod_ssl: Lift the restriction that prevents mod_ssl taking
      full advantage of the event MPM. Enable the ability for a module
      to reverse the sense of a poll event from a read to a write or vice

Modified: httpd/httpd/trunk/modules/dav/main/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?rev=1470940&r1=1470939&r2=1470940&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/util.c (original)
+++ httpd/httpd/trunk/modules/dav/main/util.c Tue Apr 23 13:14:34 2013
@@ -663,6 +663,13 @@ static dav_error * dav_process_if_header
             if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/')
                 parsed_uri.path[--uri_len] = '\0';
 
+            /* the resources we will compare to have unencoded paths */
+            if (ap_unescape_url(parsed_uri.path) != OK) {
+                return dav_new_error(r->pool, HTTP_BAD_REQUEST,
+                        DAV_ERR_IF_TAGGED, rv,
+                        "Invalid percent encoded URI in tagged If-header.");
+            }
+
             uri = parsed_uri.path;
             list_type = tagged;
             break;



Mime
View raw message