You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2019/03/18 08:49:59 UTC
svn commit: r1855737 - in /httpd/httpd/branches/2.4.x: CHANGES
docs/manual/mod/core.xml include/ap_mmn.h include/http_core.h
include/httpd.h server/core.c server/request.c server/util.c
Author: icing
Date: Mon Mar 18 08:49:59 2019
New Revision: 1855737
URL: http://svn.apache.org/viewvc?rev=1855737&view=rev
Log:
Merge of r1855705 from trunk:
core: merge consecutive slashes in the path
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
httpd/httpd/branches/2.4.x/include/ap_mmn.h
httpd/httpd/branches/2.4.x/include/http_core.h
httpd/httpd/branches/2.4.x/include/httpd.h
httpd/httpd/branches/2.4.x/server/core.c
httpd/httpd/branches/2.4.x/server/request.c
httpd/httpd/branches/2.4.x/server/util.c
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1855737&r1=1855736&r2=1855737&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Mar 18 08:49:59 2019
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.39
+ *) core: new configuration option 'MergeSlashes on|off' that controls handling of
+ multiple, consecutive slash ('/') characters in the path component of the request URL.
+ [Eric Covener]
+
*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.
Fixed. [Michael Kaufmann]
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml?rev=1855737&r1=1855736&r2=1855737&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml Mon Mar 18 08:49:59 2019
@@ -5138,4 +5138,30 @@ recognized methods to modules.</p>
<seealso><directive module="mod_allowmethods">AllowMethods</directive></seealso>
</directivesynopsis>
+<directivesynopsis>
+<name>MergeSlashes</name>
+<description>Controls whether the server merges consecutive slashes in URLs.
+</description>
+<syntax>MergeSlashes ON|OFF</syntax>
+<default>MergeSlashes ON</default>
+<contextlist><context>server config</context><context>virtual host</context>
+</contextlist>
+<compatibility>Added in 2.5.1</compatibility>
+
+<usage>
+ <p>By default, the server merges (or collapses) multiple consecutive slash
+ ('/') characters in the path component of the request URL.</p>
+
+ <p>When mapping URL's to the filesystem, these multiple slashes are not
+ significant. However, URL's handled other ways, such as by CGI or proxy,
+ might prefer to retain the significance of multiple consecutive slashes.
+ In these cases <directive>MergeSlashes</directive> can be set to
+ <em>OFF</em> to retain the multiple consecutive slashes. In these
+ configurations, regular expressions used in the configuration file that match
+ the path component of the URL (<directive>LocationMatch</directive>,
+ <directive>RewriteRule</directive>, ...) need to take into account multiple
+ consecutive slashes.</p>
+</usage>
+</directivesynopsis>
+
</modulesynopsis>
Modified: httpd/httpd/branches/2.4.x/include/ap_mmn.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/ap_mmn.h?rev=1855737&r1=1855736&r2=1855737&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/include/ap_mmn.h (original)
+++ httpd/httpd/branches/2.4.x/include/ap_mmn.h Mon Mar 18 08:49:59 2019
@@ -523,6 +523,8 @@
* 20120211.82 (2.4.35-dev) Add optional function declaration for
* ap_proxy_balancer_get_best_worker to mod_proxy.h.
* 20120211.83 (2.4.35-dev) Add client64 field to worker_score struct
+ * 20120211.84 (2.4.35-dev) Add ap_no2slash_ex() and merge_slashes to
+ * core_server_conf.
*
*/
@@ -531,7 +533,7 @@
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20120211
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 83 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 84 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
Modified: httpd/httpd/branches/2.4.x/include/http_core.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/http_core.h?rev=1855737&r1=1855736&r2=1855737&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/include/http_core.h (original)
+++ httpd/httpd/branches/2.4.x/include/http_core.h Mon Mar 18 08:49:59 2019
@@ -740,7 +740,7 @@ typedef struct {
#define AP_HTTP_METHODS_LENIENT 1
#define AP_HTTP_METHODS_REGISTERED 2
char http_methods;
-
+ unsigned int merge_slashes;
} core_server_config;
/* for AddOutputFiltersByType in core.c */
Modified: httpd/httpd/branches/2.4.x/include/httpd.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/httpd.h?rev=1855737&r1=1855736&r2=1855737&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/include/httpd.h (original)
+++ httpd/httpd/branches/2.4.x/include/httpd.h Mon Mar 18 08:49:59 2019
@@ -1697,12 +1697,22 @@ AP_DECLARE(int) ap_unescape_url_keep2f(c
AP_DECLARE(int) ap_unescape_urlencoded(char *query);
/**
- * Convert all double slashes to single slashes
- * @param name The string to convert
+ * Convert all double slashes to single slashes, except where significant
+ * to the filesystem on the current platform.
+ * @param name The string to convert, assumed to be a filesystem path
*/
AP_DECLARE(void) ap_no2slash(char *name);
/**
+ * Convert all double slashes to single slashes, except where significant
+ * to the filesystem on the current platform.
+ * @param name The string to convert
+ * @param is_fs_path if set to 0, the significance of any double-slashes is
+ * ignored.
+ */
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
+
+/**
* Remove all ./ and xx/../ substrings from a file name. Also remove
* any leading ../ or /../ substrings.
* @param name the file name to parse
Modified: httpd/httpd/branches/2.4.x/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?rev=1855737&r1=1855736&r2=1855737&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/core.c (original)
+++ httpd/httpd/branches/2.4.x/server/core.c Mon Mar 18 08:49:59 2019
@@ -490,6 +490,7 @@ static void *create_core_server_config(a
conf->protocols = apr_array_make(a, 5, sizeof(const char *));
conf->protocols_honor_order = -1;
+ conf->merge_slashes = AP_CORE_CONFIG_UNSET;
return (void *)conf;
}
@@ -555,6 +556,7 @@ static void *merge_core_server_configs(a
conf->protocols_honor_order = ((virt->protocols_honor_order < 0)?
base->protocols_honor_order :
virt->protocols_honor_order);
+ AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt);
return conf;
}
@@ -1863,6 +1865,13 @@ static const char *set_qualify_redirect_
return NULL;
}
+static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag)
+{
+ core_server_config *conf =
+ ap_get_core_module_config(cmd->server->module_config);
+ return ap_set_flag_slot(cmd, conf, flag);
+}
+
static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
{
core_dir_config *d = d_;
@@ -4562,6 +4571,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", s
"'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"),
AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
"Registers non-standard HTTP methods"),
+AP_INIT_FLAG("MergeSlashes", set_core_server_flag,
+ (void *)APR_OFFSETOF(core_server_config, merge_slashes),
+ RSRC_CONF,
+ "Controls whether consecutive slashes in the URI path are merged"),
{ NULL }
};
Modified: httpd/httpd/branches/2.4.x/server/request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/request.c?rev=1855737&r1=1855736&r2=1855737&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/request.c (original)
+++ httpd/httpd/branches/2.4.x/server/request.c Mon Mar 18 08:49:59 2019
@@ -167,6 +167,8 @@ AP_DECLARE(int) ap_process_request_inter
int file_req = (r->main && r->filename);
int access_status;
core_dir_config *d;
+ core_server_config *sconf =
+ ap_get_core_module_config(r->server->module_config);
/* Ignore embedded %2F's in path for proxy requests */
if (!r->proxyreq && r->parsed_uri.path) {
@@ -191,6 +193,10 @@ AP_DECLARE(int) ap_process_request_inter
}
ap_getparents(r->uri); /* OK --- shrinking transformations... */
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
+ ap_no2slash(r->uri);
+ ap_no2slash(r->parsed_uri.path);
+ }
/* All file subrequests are a huge pain... they cannot bubble through the
* next several steps. Only file subrequests are allowed an empty uri,
@@ -1411,20 +1417,7 @@ AP_DECLARE(int) ap_location_walk(request
cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
cached = (cache->cached != NULL);
-
- /* Location and LocationMatch differ on their behaviour w.r.t. multiple
- * slashes. Location matches multiple slashes with a single slash,
- * LocationMatch doesn't. An exception, for backwards brokenness is
- * absoluteURIs... in which case neither match multiple slashes.
- */
- if (r->uri[0] != '/') {
- entry_uri = r->uri;
- }
- else {
- char *uri = apr_pstrdup(r->pool, r->uri);
- ap_no2slash(uri);
- entry_uri = uri;
- }
+ entry_uri = r->uri;
/* If we have an cache->cached location that matches r->uri,
* and the vhost's list of locations hasn't changed, we can skip
@@ -1491,7 +1484,7 @@ AP_DECLARE(int) ap_location_walk(request
pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
}
- if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
+ if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
continue;
}
@@ -1501,7 +1494,7 @@ AP_DECLARE(int) ap_location_walk(request
apr_table_setn(r->subprocess_env,
((const char **)entry_core->refs->elts)[i],
apr_pstrndup(r->pool,
- r->uri + pmatch[i].rm_so,
+ entry_uri + pmatch[i].rm_so,
pmatch[i].rm_eo - pmatch[i].rm_so));
}
}
Modified: httpd/httpd/branches/2.4.x/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/util.c?rev=1855737&r1=1855736&r2=1855737&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/util.c (original)
+++ httpd/httpd/branches/2.4.x/server/util.c Mon Mar 18 08:49:59 2019
@@ -561,16 +561,16 @@ AP_DECLARE(void) ap_getparents(char *nam
name[l] = '\0';
}
}
-
-AP_DECLARE(void) ap_no2slash(char *name)
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
{
+
char *d, *s;
s = d = name;
#ifdef HAVE_UNC_PATHS
/* Check for UNC names. Leave leading two slashes. */
- if (s[0] == '/' && s[1] == '/')
+ if (is_fs_path && s[0] == '/' && s[1] == '/')
*d++ = *s++;
#endif
@@ -587,6 +587,10 @@ AP_DECLARE(void) ap_no2slash(char *name)
*d = '\0';
}
+AP_DECLARE(void) ap_no2slash(char *name)
+{
+ ap_no2slash_ex(name, 1);
+}
/*
* copy at most n leading directories of s into d
Re: svn commit: r1855737 - in /httpd/httpd/branches/2.4.x: CHANGES
docs/manual/mod/core.xml include/ap_mmn.h include/http_core.h include/httpd.h
server/core.c server/request.c server/util.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 03/18/2019 10:53 AM, Stefan Eissing wrote:
>
>
>> Am 18.03.2019 um 10:32 schrieb Ruediger Pluem <rp...@apache.org>:
>>
>>
>>
>> On 03/18/2019 09:49 AM, icing@apache.org wrote:
>>> Author: icing
>>> Date: Mon Mar 18 08:49:59 2019
>>> New Revision: 1855737
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1855737&view=rev
>>> Log:
>>> Merge of r1855705 from trunk:
>>>
>>> core: merge consecutive slashes in the path
>>>
>>>
>>> Modified:
>>> httpd/httpd/branches/2.4.x/CHANGES
>>> httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
>>> httpd/httpd/branches/2.4.x/include/ap_mmn.h
>>> httpd/httpd/branches/2.4.x/include/http_core.h
>>> httpd/httpd/branches/2.4.x/include/httpd.h
>>> httpd/httpd/branches/2.4.x/server/core.c
>>> httpd/httpd/branches/2.4.x/server/request.c
>>> httpd/httpd/branches/2.4.x/server/util.c
>>
>> Unfortunately I just detected that this will always SEGFAULT with CONNECT methods without
>> r1855743, r1855744 :-(
>>
>> Can we have two people review r1855743, r1855744 quickly to get this fixed?
>
> Just added my vote for it to STATUS.
Thanks for the paperwork.
Regards
Rüdiger
Re: svn commit: r1855737 - in /httpd/httpd/branches/2.4.x: CHANGES
docs/manual/mod/core.xml include/ap_mmn.h include/http_core.h include/httpd.h
server/core.c server/request.c server/util.c
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 18.03.2019 um 10:32 schrieb Ruediger Pluem <rp...@apache.org>:
>
>
>
> On 03/18/2019 09:49 AM, icing@apache.org wrote:
>> Author: icing
>> Date: Mon Mar 18 08:49:59 2019
>> New Revision: 1855737
>>
>> URL: http://svn.apache.org/viewvc?rev=1855737&view=rev
>> Log:
>> Merge of r1855705 from trunk:
>>
>> core: merge consecutive slashes in the path
>>
>>
>> Modified:
>> httpd/httpd/branches/2.4.x/CHANGES
>> httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
>> httpd/httpd/branches/2.4.x/include/ap_mmn.h
>> httpd/httpd/branches/2.4.x/include/http_core.h
>> httpd/httpd/branches/2.4.x/include/httpd.h
>> httpd/httpd/branches/2.4.x/server/core.c
>> httpd/httpd/branches/2.4.x/server/request.c
>> httpd/httpd/branches/2.4.x/server/util.c
>
> Unfortunately I just detected that this will always SEGFAULT with CONNECT methods without
> r1855743, r1855744 :-(
>
> Can we have two people review r1855743, r1855744 quickly to get this fixed?
Just added my vote for it to STATUS.
> Regards
>
> Rüdiger
>
Re: svn commit: r1855737 - in /httpd/httpd/branches/2.4.x: CHANGES
docs/manual/mod/core.xml include/ap_mmn.h include/http_core.h include/httpd.h
server/core.c server/request.c server/util.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 03/18/2019 09:49 AM, icing@apache.org wrote:
> Author: icing
> Date: Mon Mar 18 08:49:59 2019
> New Revision: 1855737
>
> URL: http://svn.apache.org/viewvc?rev=1855737&view=rev
> Log:
> Merge of r1855705 from trunk:
>
> core: merge consecutive slashes in the path
>
>
> Modified:
> httpd/httpd/branches/2.4.x/CHANGES
> httpd/httpd/branches/2.4.x/docs/manual/mod/core.xml
> httpd/httpd/branches/2.4.x/include/ap_mmn.h
> httpd/httpd/branches/2.4.x/include/http_core.h
> httpd/httpd/branches/2.4.x/include/httpd.h
> httpd/httpd/branches/2.4.x/server/core.c
> httpd/httpd/branches/2.4.x/server/request.c
> httpd/httpd/branches/2.4.x/server/util.c
Unfortunately I just detected that this will always SEGFAULT with CONNECT methods without
r1855743, r1855744 :-(
Can we have two people review r1855743, r1855744 quickly to get this fixed?
Regards
Rüdiger