You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl-cvs@perl.apache.org by st...@apache.org on 2019/09/24 16:31:13 UTC

svn commit: r1867470 - /perl/modperl/trunk/src/modules/perl/mod_perl.c

Author: stevehay
Date: Tue Sep 24 16:31:13 2019
New Revision: 1867470

URL: http://svn.apache.org/viewvc?rev=1867470&view=rev
Log:
Fix [CVE-2011-2767] Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess

Patch by Jan Ingvoldstad <ja...@ifi.uio.no> from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644169#19
(See also https://rt.cpan.org/Ticket/Display.html?id=126984)

Modified:
    perl/modperl/trunk/src/modules/perl/mod_perl.c

Modified: perl/modperl/trunk/src/modules/perl/mod_perl.c
URL: http://svn.apache.org/viewvc/perl/modperl/trunk/src/modules/perl/mod_perl.c?rev=1867470&r1=1867469&r2=1867470&view=diff
==============================================================================
--- perl/modperl/trunk/src/modules/perl/mod_perl.c (original)
+++ perl/modperl/trunk/src/modules/perl/mod_perl.c Tue Sep 24 16:31:13 2019
@@ -939,18 +939,18 @@ static const command_rec modperl_cmds[]
     MP_CMD_DIR_ITERATE2("PerlAddVar", add_var, "PerlAddVar"),
     MP_CMD_DIR_TAKE2("PerlSetEnv", set_env, "PerlSetEnv"),
     MP_CMD_SRV_TAKE1("PerlPassEnv", pass_env, "PerlPassEnv"),
-    MP_CMD_DIR_RAW_ARGS_ON_READ("<Perl", perl, "Perl Code"),
-    MP_CMD_DIR_RAW_ARGS("Perl", perldo, "Perl Code"),
+    MP_CMD_SRV_RAW_ARGS_ON_READ("<Perl", perl, "Perl Code"),
+    MP_CMD_SRV_RAW_ARGS("Perl", perldo, "Perl Code"),
 
     MP_CMD_DIR_TAKE1("PerlSetInputFilter", set_input_filter,
                      "filter[;filter]"),
     MP_CMD_DIR_TAKE1("PerlSetOutputFilter", set_output_filter,
                      "filter[;filter]"),
 
-    MP_CMD_DIR_RAW_ARGS_ON_READ("=pod", pod, "Start of POD"),
-    MP_CMD_DIR_RAW_ARGS_ON_READ("=back", pod, "End of =over"),
-    MP_CMD_DIR_RAW_ARGS_ON_READ("=cut", pod_cut, "End of POD"),
-    MP_CMD_DIR_RAW_ARGS_ON_READ("__END__", END, "Stop reading config"),
+    MP_CMD_SRV_RAW_ARGS_ON_READ("=pod", pod, "Start of POD"),
+    MP_CMD_SRV_RAW_ARGS_ON_READ("=back", pod, "End of =over"),
+    MP_CMD_SRV_RAW_ARGS_ON_READ("=cut", pod_cut, "End of POD"),
+    MP_CMD_SRV_RAW_ARGS_ON_READ("__END__", END, "Stop reading config"),
 
     MP_CMD_SRV_RAW_ARGS("PerlLoadModule", load_module, "A Perl module"),
 #ifdef MP_TRACE