httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1686853 - in /httpd/httpd/trunk: CHANGES modules/mappers/mod_alias.c
Date Mon, 22 Jun 2015 12:48:03 GMT
Author: ylavic
Date: Mon Jun 22 12:48:02 2015
New Revision: 1686853

URL: http://svn.apache.org/r1686853
Log:
mod_alias: follow up to r1653941.
Limit Redirect expressions to directory (Location) context
and redirect statuses (implicit or explicit).

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/mappers/mod_alias.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1686853&r1=1686852&r2=1686853&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Jun 22 12:48:02 2015
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_alias: Limit Redirect expressions to directory (Location) context
+     and redirect statuses (implicit or explicit).
+     [Yann Ylavic, Ruediger Pluem]
+
   *) mod_ext_filter, mod_charset_lite: Avoid inadvertent filtering of protocol
      data during read of chunked request bodies. PR 58049. 
      [Edward Lu <Chaosed0 gmail.com>]

Modified: httpd/httpd/trunk/modules/mappers/mod_alias.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_alias.c?rev=1686853&r1=1686852&r2=1686853&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_alias.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_alias.c Mon Jun 22 12:48:02 2015
@@ -252,25 +252,37 @@ static const char *add_redirect_internal
         status = HTTP_MOVED_TEMPORARILY;
     else if (!strcasecmp(arg1, "seeother"))
         status = HTTP_SEE_OTHER;
-    else if (!strcasecmp(arg1, "gone"))
+    else if (!strcasecmp(arg1, "gone")) {
         status = HTTP_GONE;
-    else if (apr_isdigit(*arg1))
+        grokarg1 = -1;
+    }
+    else if (apr_isdigit(*arg1)) {
         status = atoi(arg1);
-    else
+        if (!ap_is_HTTP_REDIRECT(status)) {
+            grokarg1 = -1;
+        }
+    }
+    else {
         grokarg1 = 0;
+    }
 
     if (arg3 && !grokarg1)
         return "Redirect: invalid first argument (of three)";
 
     /*
-     * if we have the 2nd arg and we understand the 1st one, or if we have the
+     * if we have the 2nd arg and we understand the 1st one as a redirect
+     * status (3xx, but not things like 404 /robots.txt), or if we have the
      * 1st arg but don't understand it, we use the expression syntax assuming
      * a path from the location.
      *
      * if we understand the first arg but have no second arg, we are dealing
-     * with a status like "GONE".
+     * with a status like "GONE" or a non-redirect status (e.g. 404, 503).
      */
-    if (grokarg1 && arg2 && !arg3 && HTTP_GONE != status) {
+    if (!cmd->path) {
+        /* <Location> context only for now */
+        ;
+    }
+    else if (grokarg1 > 0 && arg2 && !arg3) {
         const char *expr_err = NULL;
 
         dirconf->redirect =
@@ -288,7 +300,7 @@ static const char *add_redirect_internal
         return NULL;
 
     }
-    else if (grokarg1 && !arg2 && HTTP_GONE == status) {
+    else if (grokarg1 < 0 && !arg2) {
 
         dirconf->redirect_status = status;
         dirconf->redirect_set = 1;



Mime
View raw message