You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ma...@apache.org on 2002/05/29 19:39:24 UTC
cvs commit: apache-1.3/src/modules/standard mod_rewrite.c
martin 02/05/29 10:39:23
Modified: src CHANGES
src/modules/standard mod_rewrite.c
Log:
Fix a problem in mod_rewrite which would lead to 400 Bad Request
responses for rewriting rules which resulted in a local path.
Revision Changes Path
1.1823 +4 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1822
retrieving revision 1.1823
diff -u -r1.1822 -r1.1823
--- CHANGES 21 May 2002 13:03:55 -0000 1.1822
+++ CHANGES 29 May 2002 17:39:22 -0000 1.1823
@@ -1,5 +1,9 @@
Changes with Apache 1.3.25
+ *) Fix a problem in mod_rewrite which would lead to 400 Bad Request
+ responses for rewriting rules which resulted in a local path.
+ [Martin Kraemer]
+
*) Disallow anything but whitespace on the request line after the
HTTP/x.y protocol string. That prevents arbitrary user input
from ending up in the access_log and error_log. Also, special
1.177 +2 -2 apache-1.3/src/modules/standard/mod_rewrite.c
Index: mod_rewrite.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_rewrite.c,v
retrieving revision 1.176
retrieving revision 1.177
diff -u -r1.176 -r1.177
--- mod_rewrite.c 22 Apr 2002 17:06:35 -0000 1.176
+++ mod_rewrite.c 29 May 2002 17:39:23 -0000 1.177
@@ -1220,7 +1220,7 @@
rewritelog(r, 2, "local path result: %s", r->filename);
/* the filename has to start with a slash! */
- if (ap_os_is_path_absolute(r->filename)) {
+ if (!ap_os_is_path_absolute(r->filename)) {
return BAD_REQUEST;
}
@@ -1505,7 +1505,7 @@
}
/* the filename has to start with a slash! */
- if (ap_os_is_path_absolute(r->filename)) {
+ if (!ap_os_is_path_absolute(r->filename)) {
return BAD_REQUEST;
}
Re: cvs commit: apache-1.3/src/modules/standard mod_rewrite.c
Posted by Cliff Woolley <jw...@virginia.edu>.
On Wed, 29 May 2002, Martin Kraemer wrote:
> In 2.0, they were correct since 21-Oct-01 already.
>
> Although this was a hasty 1.3.25 commit, I think I did the Right Thing.
+1 ... you might want to have a **warning** in the CHANGES entry since
this could break old (incorrect) configs that worked by magic before.
Typically it should be because a rule that was missing the [PT] flag
magically worked before.
--Cliff
Re: cvs commit: apache-1.3/src/modules/standard mod_rewrite.c
Posted by Martin Kraemer <Ma...@Fujitsu-Siemens.com>.
On Wed, May 29, 2002 at 05:39:24PM -0000, martin@apache.org wrote:
> Fix a problem in mod_rewrite which would lead to 400 Bad Request
> responses for rewriting rules which resulted in a local path.
>
> diff -u -r1.176 -r1.177
I hand-checked the other changes that had sneaked into rev 1.176; only
the two invocations of ap_os_is_path_absolute() were incorrect.
In 2.0, they were correct since 21-Oct-01 already.
Although this was a hasty 1.3.25 commit, I think I did the Right Thing.
Martin
--
<Ma...@Fujitsu-Siemens.com> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
Re: cvs commit: apache-1.3/src/modules/standard mod_rewrite.c
Posted by Cliff Woolley <jw...@virginia.edu>.
On 29 May 2002 martin@apache.org wrote:
> martin 02/05/29 10:39:23
>
> Modified: src CHANGES
> src/modules/standard mod_rewrite.c
> Log:
> Fix a problem in mod_rewrite which would lead to 400 Bad Request
> responses for rewriting rules which resulted in a local path.
>
AHA!!! That would explain why I just yesterday had to close a bug report
on 2.0 which complained about some (invalid) config that "worked" under
1.3 causing 400's under 2.0. I didn't understand how it could have ever
worked under 1.3, but I didn't actually go look. Having that conditional
backwards in 1.3 would definitely explain it. :))
Good catch.
--Cliff
Re: cvs commit: apache-1.3/src/modules/standard mod_rewrite.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
>martin 02/05/29 10:39:23
>
> Modified: src CHANGES
> src/modules/standard mod_rewrite.c
> Log:
> Fix a problem in mod_rewrite which would lead to 400 Bad Request
> responses for rewriting rules which resulted in a local path.
It seems I did in fact transpose the tests... good call and thank you
for your good eyes in resolving this bug.
Bill