You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ben Laurie <be...@gonzo.ben.algroup.co.uk> on 1997/01/13 21:57:45 UTC

Alt patch II

Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_request.c,v
retrieving revision 1.11
diff -c -r1.11 http_request.c
*** http_request.c      1996/07/01 18:10:29     1.11
--- http_request.c      1997/01/13 21:59:32
***************
*** 135,140 ****
--- 135,158 ----

  #endif
  }
+
+ char *collapse_path(pool *pool, char *path)
+     {
+     char *p,*d;
+     char *np;
+
+     for(p=path ; p[1] && (p[0] != '/' || p[1] !='/') ; ++p)
+       ;
+     if(!p[1])
+       return path;
+
+     np=palloc(pool,strlen(path));
+     for(d=np,p=path ; *d=*p ; ++p,++d)
+       while(p[0] == '/' && p[1] == '/')
+           ++p;
+
+     return np;
+     }

  /* Dealing with the file system to get PATH_INFO
   */
***************
*** 143,153 ****
  {
      char *cp;
      char *path = r->filename;
!     char *end = &path[strlen(path)];
      char *last_cp = NULL;
      int rv;
      /* Advance over trailing slashes ... NOT part of filename */

      for (cp = end; cp > path && cp[-1] == '/'; --cp)
        continue;
--- 161,175 ----
  {
      char *cp;
      char *path = r->filename;
!     char *end;
      char *last_cp = NULL;
      int rv;

      /* Advance over trailing slashes ... NOT part of filename */
+
+     path=collapse_path(r->pool,path);
+
+     end=&path[strlen(path)];

      for (cp = end; cp > path && cp[-1] == '/'; --cp)
        continue;


-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Re: Alt patch II

Posted by Marc Slemko <ma...@znep.com>.

Forgive me if some of the comments below are stupid, I haven't looked at
this in depth...

On Mon, 13 Jan 1997, Ben Laurie wrote:

> +
> + char *collapse_path(pool *pool, char *path)
> +     {
> +     char *p,*d;
> +     char *np;
> +
> +     for(p=path ; p[1] && (p[0] != '/' || p[1] !='/') ; ++p)
> +       ;

What is this doing that strstr() won't?

> +     if(!p[1])
> +       return path;
> +
> +     np=palloc(pool,strlen(path));

Could use a comment about why you only have to allocate strlen(path) (ie. 
no space for null termination)  bytes (ie. at this point you know you have
to remove at least one '/' so you have to have enough memory). 

I also have to echo Alexei's concern over what it does with path_info.  I
have not had time to look in depth, but from what I see if you access:

	http://server/cgi-bin/script/http://host/path/

with this patch, then path_info will be something like "http:/host/path/"
not "http://host/path/".  This can NOT be done without at LEAST checking
that out.  If you are running with the patch, try it.

In any case, get_path_info is supposed to get the path_info where
path_info is a specific thing, ie. stuff tacked to the end of the URL.
Putting unrelated functionality in there is incorrect.

Advantage of the way I suggested: I already screwed things up once, so
second time round can't be worse?  <sigh> I have heard of no bugs in the
method I proposed other than (possibly very valid) portability concerns.