httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1710380 - in /httpd/httpd/trunk: docs/manual/mod/core.xml include/http_core.h server/core.c server/util_script.c
Date Sat, 24 Oct 2015 19:13:16 GMT
Author: covener
Date: Sat Oct 24 19:13:16 2015
New Revision: 1710380

URL: http://svn.apache.org/viewvc?rev=1710380&view=rev
Log:
Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in. 



Modified:
    httpd/httpd/trunk/docs/manual/mod/core.xml
    httpd/httpd/trunk/include/http_core.h
    httpd/httpd/trunk/server/core.c
    httpd/httpd/trunk/server/util_script.c

Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1710380&r1=1710379&r2=1710380&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml Sat Oct 24 19:13:16 2015
@@ -4803,5 +4803,32 @@ for external processing, e.g. to a CGI s
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>QualifyRedirectURL</name>
+<description>Controls whether the REDIRECT_URL environent variable is 
+             fully qualified</description>
+<syntax>QualifyRedirectURL ON|OFF</syntax>
+<default>QualifyRedirectURL OFF</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>Directive supported in 2.4.18 and later. 2.4.17 acted
+as if 'QualifyRedirectURL ON' was configured.</compatibility>
+
+<usage>
+    <p>This directive controls whether the server will ensure that the 
+    REDIRECT_URL environment variable is fully qualified.  By default, 
+    the variable contains the verbatim URL requested by the client, 
+    such as "/index.html".  With <directive module="core"
+    >QualifyRedirectURL ON</directive>, the same request would result in a
+    value such as "http://www.example.com/index.html".</p>
+    <p>Even without this directive set, when a request is issued against a 
+    fully qualified URL, REDIRECT_URL will remain fully qualified.
+    </p>
+</usage>
+</directivesynopsis>
+
+
 
 </modulesynopsis>

Modified: httpd/httpd/trunk/include/http_core.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_core.h?rev=1710380&r1=1710379&r2=1710380&view=diff
==============================================================================
--- httpd/httpd/trunk/include/http_core.h (original)
+++ httpd/httpd/trunk/include/http_core.h Sat Oct 24 19:13:16 2015
@@ -465,6 +465,17 @@ typedef unsigned long etag_components_t;
 /* This is the default value used */
 #define ETAG_BACKWARD (ETAG_MTIME | ETAG_SIZE)
 
+/* Generic ON/OFF/UNSET for unsigned int foo :2 */
+#define AP_CORE_CONFIG_OFF   (0)
+#define AP_CORE_CONFIG_ON    (1)
+#define AP_CORE_CONFIG_UNSET (2)
+
+/* Generic merge of flag */
+#define AP_CORE_MERGE_FLAG(field, to, base, over) to->field = \
+               over->field != AP_CORE_CONFIG_UNSET            \
+               ? over->field                                  \
+               : base->field                                   
+
 /**
  * @brief Server Signature Enumeration
  */
@@ -634,6 +645,8 @@ typedef struct {
      */
     apr_hash_t *response_code_exprs;
 
+    unsigned int qualify_redirect_url :2;
+
 } core_dir_config;
 
 /* macro to implement off by default behaviour */

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1710380&r1=1710379&r2=1710380&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Sat Oct 24 19:13:16 2015
@@ -198,6 +198,7 @@ static void *create_core_dir_config(apr_
     conf->max_reversals = AP_MAXRANGES_UNSET;
 
     conf->cgi_pass_auth = AP_CGI_PASS_AUTH_UNSET;
+    conf->qualify_redirect_url = AP_CORE_CONFIG_UNSET; 
 
     return (void *)conf;
 }
@@ -416,6 +417,8 @@ static void *merge_core_dir_configs(apr_
 
     conf->cgi_pass_auth = new->cgi_pass_auth != AP_CGI_PASS_AUTH_UNSET ? new->cgi_pass_auth
: base->cgi_pass_auth;
 
+    AP_CORE_MERGE_FLAG(qualify_redirect_url, conf, base, new);
+
     return (void*)conf;
 }
 
@@ -1776,6 +1779,15 @@ static const char *set_cgi_pass_auth(cmd
     return NULL;
 }
 
+static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag)
+{
+    core_dir_config *d = d_;
+
+    d->qualify_redirect_url = flag ? AP_CORE_CONFIG_ON : AP_CORE_CONFIG_OFF;
+
+    return NULL;
+}
+
 static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
 {
     core_dir_config *d = d_;
@@ -4471,6 +4483,10 @@ AP_INIT_TAKE12("LimitInternalRecursion",
 AP_INIT_FLAG("CGIPassAuth", set_cgi_pass_auth, NULL, OR_AUTHCFG,
              "Controls whether HTTP authorization headers, normally hidden, will "
              "be passed to scripts"),
+AP_INIT_FLAG("QualifyRedirectURL", set_qualify_redirect_url, NULL, OR_FILEINFO,
+             "Controls whether HTTP authorization headers, normally hidden, will "
+             "be passed to scripts"),
+
 AP_INIT_TAKE1("ForceType", ap_set_string_slot_lower,
        (void *)APR_OFFSETOF(core_dir_config, mime_type), OR_FILEINFO,
      "a mime type that overrides other configured type"),

Modified: httpd/httpd/trunk/server/util_script.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_script.c?rev=1710380&r1=1710379&r2=1710380&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_script.c (original)
+++ httpd/httpd/trunk/server/util_script.c Sat Oct 24 19:13:16 2015
@@ -286,21 +286,26 @@ AP_DECLARE(void) ap_add_common_vars(requ
     /* Apache custom error responses. If we have redirected set two new vars */
 
     if (r->prev) {
-        /* PR#57785: reconstruct full URL here */
-        apr_uri_t *uri = &r->prev->parsed_uri;
-        if (!uri->scheme) {
-            uri->scheme = (char*)ap_http_scheme(r->prev);
+        if (conf->fully_qualify_redirect_url != AP_CORE_CONFIG_ON) { 
+            add_unless_null(e, "REDIRECT_URL", r->prev->uri);
         }
-        if (!uri->port) {
-            uri->port = ap_get_server_port(r->prev);
-            uri->port_str = apr_psprintf(r->pool, "%u", uri->port);
-        }
-        if (!uri->hostname) {
-            uri->hostname = (char*)ap_get_server_name_for_url(r->prev);
+        else { 
+            /* PR#57785: reconstruct full URL here */
+            apr_uri_t *uri = &r->prev->parsed_uri;
+            if (!uri->scheme) {
+                uri->scheme = (char*)ap_http_scheme(r->prev);
+            }
+            if (!uri->port) {
+                uri->port = ap_get_server_port(r->prev);
+                uri->port_str = apr_psprintf(r->pool, "%u", uri->port);
+            }
+            if (!uri->hostname) {
+                uri->hostname = (char*)ap_get_server_name_for_url(r->prev);
+            }
+            add_unless_null(e, "REDIRECT_URL",
+                            apr_uri_unparse(r->pool, uri, 0));
         }
         add_unless_null(e, "REDIRECT_QUERY_STRING", r->prev->args);
-        add_unless_null(e, "REDIRECT_URL",
-                        apr_uri_unparse(r->pool, uri, 0));
     }
 
     if (e != r->subprocess_env) {



Mime
View raw message