httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: svn commit: r1053375 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/core.xml server/core.c
Date Fri, 07 Jan 2011 13:34:54 GMT
Doesn't this preclude useful things like

"All -Indexes" ?



On Tue, Dec 28, 2010 at 10:56 AM,  <igalic@apache.org> wrote:
> Author: igalic
> Date: Tue Dec 28 15:56:46 2010
> New Revision: 1053375
>
> URL: http://svn.apache.org/viewvc?rev=1053375&view=rev
> Log:
> Applying patch from PR 33078 (with slight changes to its return values)
> This patch disallows the mixing of relative (+/-) and absolute Options where insensible.
>
> Modified:
>    httpd/httpd/trunk/CHANGES
>    httpd/httpd/trunk/docs/manual/mod/core.xml
>    httpd/httpd/trunk/server/core.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1053375&r1=1053374&r2=1053375&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 28 15:56:46 2010
> @@ -2,6 +2,9 @@
>
>  Changes with Apache 2.3.11
>
> +  *) core: Disallow the mixing of relative and absolute Options PR 33708.
> +     [Sönke Tesch <st kino-fahrplan.de>]
> +
>   *) core: When exporting request headers to HTTP_* environment variables,
>      drop variables whose names contain invalid characters. Describe in the
>      docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
>
> Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1053375&r1=1053374&r2=1053375&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/core.xml Tue Dec 28 15:56:46 2010
> @@ -3016,10 +3016,10 @@ directory</description>
>     <code>-</code> are removed from the options currently in
>     force. </p>
>
> -    <note type="warning"><title>Warning</title>
> +    <note><title>Note</title>
>     <p>Mixing <directive>Options</directive> with a <code>+</code>
or
> -    <code>-</code> with those without is not valid syntax, and is likely
> -    to cause unexpected results.</p>
> +    <code>-</code> with those without is not valid syntax, and will be
> +    rejected during server startup by the syntax check with an abort.</p>
>     </note>
>
>     <p>For example, without any <code>+</code> and <code>-</code>
symbols:</p>
>
> Modified: httpd/httpd/trunk/server/core.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1053375&r1=1053374&r2=1053375&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/core.c (original)
> +++ httpd/httpd/trunk/server/core.c Tue Dec 28 15:56:46 2010
> @@ -1409,6 +1409,8 @@ static const char *set_options(cmd_parms
>     core_dir_config *d = d_;
>     allow_options_t opt;
>     int first = 1;
> +    int merge = 0;
> +    int all_none = 0;
>     char action;
>
>     while (l[0]) {
> @@ -1417,10 +1419,16 @@ static const char *set_options(cmd_parms
>
>         if (*w == '+' || *w == '-') {
>             action = *(w++);
> +            if (!merge && !first && !all_none) {
> +                return "Either all Options must start with + or -, or no Option
may.";
> +            }
> +            merge = 1;
>         }
>         else if (first) {
>             d->opts = OPT_NONE;
> -            first = 0;
> +        }
> +        else if (merge) {
> +            return "Either all Options must start with + or -, or no Option may.";
>         }
>
>         if (!strcasecmp(w, "Indexes")) {
> @@ -1448,10 +1456,24 @@ static const char *set_options(cmd_parms
>             opt = OPT_MULTI|OPT_EXECCGI;
>         }
>         else if (!strcasecmp(w, "None")) {
> +            if (!first) {
> +                return "'Options None' must be the first Option given.";
> +            }
> +            else if (merge) { /* Only works since None may not follow any other
option. */
> +                return "You may not use 'Options +None' or 'Options -None'.";
> +            }
>             opt = OPT_NONE;
> +            all_none = 1;
>         }
>         else if (!strcasecmp(w, "All")) {
> +            if (!first) {
> +                return "'Options All' must be the first option given.";
> +            }
> +            else if (merge) { /* Only works since All may not follow any other
option. */
> +                return "You may not use 'Options +All' or 'Options -All'.";
> +            }
>             opt = OPT_ALL;
> +            all_none = 1;
>         }
>         else {
>             return apr_pstrcat(cmd->pool, "Illegal option ", w, NULL);
> @@ -1474,6 +1496,8 @@ static const char *set_options(cmd_parms
>         else {
>             d->opts |= opt;
>         }
> +
> +        first = 0;
>     }
>
>     return NULL;
>
>
>



-- 
Eric Covener
covener@gmail.com

Mime
View raw message