You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2012/08/17 15:46:25 UTC
svn commit: r1374253 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS
server/util.c
Author: jim
Date: Fri Aug 17 13:46:24 2012
New Revision: 1374253
URL: http://svn.apache.org/viewvc?rev=1374253&view=rev
Log:
http://people.apache.org/~rjung/patches/x-www-form-urlencoded-content-type-checking.patch
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/server/util.c
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1374253&r1=1374252&r2=1374253&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Aug 17 13:46:24 2012
@@ -10,6 +10,11 @@ Changes with Apache 2.4.3
*) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
authorization provider in lua. [Stefan Fritsch]
+ *) core: Be less strict when checking whether Content-Type is set to
+ "application/x-www-form-urlencoded" when parsing POST data,
+ or we risk losing data with an appended charset. PR 53698
+ [Petter Berntsen <petterb gmail.com>]
+
*) httpd.conf: Added configuration directives to set a bad_DNT environment
variable based on User-Agent and to remove the DNT header field from
incoming requests when a match occurs. This currently has the effect of
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1374253&r1=1374252&r2=1374253&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Fri Aug 17 13:46:24 2012
@@ -88,21 +88,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * core: make ap_parse_form_data less strict when checking for a correct
- Content-Type header when parsing POST, or we risk losing valid
- data with an appended charset.
- Submitted by: Petter Berntsen <petterb gmail com>
- (Changed since the original commit, hence the long list of revisions)
- PR: 53698
- trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1372054
- http://svn.apache.org/viewvc?view=revision&revision=1372055
- http://svn.apache.org/viewvc?view=revision&revision=1372305
- http://svn.apache.org/viewvc?view=revision&revision=1372349
- http://svn.apache.org/viewvc?view=revision&revision=1372419
- 2.4.x patch: http://people.apache.org/~rjung/patches/x-www-form-urlencoded-content-type-checking.patch
- +1: humbedooh, rjung, jim
- rjung: I added a combined 2.4.x patch for convenience, because the change
- is only one line
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.4.x/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/util.c?rev=1374253&r1=1374252&r2=1374253&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/util.c (original)
+++ httpd/httpd/branches/2.4.x/server/util.c Fri Aug 17 13:46:24 2012
@@ -2393,7 +2393,7 @@ AP_DECLARE(int) ap_parse_form_data(reque
/* sanity check - we only support forms for now */
ct = apr_table_get(r->headers_in, "Content-Type");
- if (!ct || strcmp("application/x-www-form-urlencoded", ct)) {
+ if (!ct || strncasecmp("application/x-www-form-urlencoded", ct, 33)) {
return ap_discard_request_body(r);
}