You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2012/03/25 23:11:14 UTC
svn commit: r1305137 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS
server/core.c
Author: minfrin
Date: Sun Mar 25 21:11:13 2012
New Revision: 1305137
URL: http://svn.apache.org/viewvc?rev=1305137&view=rev
Log:
Backport:
core: Disallow directives in AllowOverrideList which are only allowed
in VirtualHost or server context. These are usually not prepared to be
called in .htaccess files.
Submitted by: sf
Reviewed by: covener, druggeri
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/server/core.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1302665
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1305137&r1=1305136&r2=1305137&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sun Mar 25 21:11:13 2012
@@ -6,6 +6,10 @@ Changes with Apache 2.4.2
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
+ *) core: Disallow directives in AllowOverrideList which are only allowed
+ in VirtualHost or server context. These are usually not prepared to be
+ called in .htaccess files. [Stefan Fritsch]
+
*) core: In AllowOverrideList, do not allow 'None' together with other
directives. PR 52823. [Stefan Fritsch]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1305137&r1=1305136&r2=1305137&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sun Mar 25 21:11:13 2012
@@ -88,11 +88,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * core: In AllowOverrideList, disallow directives which are only allowed
- in VirtualHost or server context.
- Trunk patch: http://svn.apache.org/viewvc?rev=1302665&view=rev
- 2.4.x patch: Trunk patch works (skip docs/log-message-tags/next-number)
- +1: sf, covener, druggeri
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Modified: httpd/httpd/branches/2.4.x/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?rev=1305137&r1=1305136&r2=1305137&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/core.c (original)
+++ httpd/httpd/branches/2.4.x/server/core.c Sun Mar 25 21:11:13 2012
@@ -1679,14 +1679,25 @@ static const char *set_override_list(cmd
const command_rec *result = NULL;
module *mod = ap_top_module;
result = ap_find_command_in_modules(argv[i], &mod);
- if (result)
- apr_table_set(d->override_list, argv[i], "1");
- else
+ if (result == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
APLOGNO(00116) "Discarding unrecognized "
"directive `%s' in AllowOverrideList at %s:%d",
argv[i], cmd->directive->filename,
cmd->directive->line_num);
+ continue;
+ }
+ else if ((result->req_override & (OR_ALL|ACCESS_CONF)) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
+ APLOGNO(02304) "Discarding directive `%s' not "
+ "allowed in AllowOverrideList at %s:%d",
+ argv[i], cmd->directive->filename,
+ cmd->directive->line_num);
+ continue;
+ }
+ else {
+ apr_table_set(d->override_list, argv[i], "1");
+ }
}
}