You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2013/04/19 09:35:23 UTC
svn commit: r1469722 - in /httpd/httpd/branches/2.0.x: ./ CHANGES STATUS
modules/filters/mod_include.c
Author: rjung
Date: Fri Apr 19 07:35:22 2013
New Revision: 1469722
URL: http://svn.apache.org/r1469722
Log:
Prevent a case of SSI timefmt-smashing with filter chains including
multiple INCLUDES filters:
* modules/filters/mod_include.c (add_include_vars): Drop unused
timefmt argument.
(add_include_vars_lazy): Take timefmt argument.
(get_include_var, handle_printenv): Pass time format from context.
PR: 39369
Backport of r757376 from trunk resp. r773352 from 2.2.x.
Submitted by: jorton
Backported by: rjung
Reviewed by: wrowe, humbedooh
Modified:
httpd/httpd/branches/2.0.x/ (props changed)
httpd/httpd/branches/2.0.x/CHANGES
httpd/httpd/branches/2.0.x/STATUS
httpd/httpd/branches/2.0.x/modules/filters/mod_include.c
Propchange: httpd/httpd/branches/2.0.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r757376
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=1469722&r1=1469721&r2=1469722&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Fri Apr 19 07:35:22 2013
@@ -28,6 +28,9 @@ Changes with Apache 2.0.65
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
+ *) mod_include: Prevent a case of SSI timefmt-smashing with filter chains
+ including multiple INCLUDES filters. PR 39369 [Joe Orton]
+
*) mod_rewrite: When evaluating a proxy rule in directory context, do
escape the filename by default. PR 46428 [Joe Orton]
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1469722&r1=1469721&r2=1469722&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Apr 19 07:35:22 2013
@@ -190,14 +190,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_include: PR 39369 - timefmt config not working in SSI when using
- INCLUDES output filter and XBitHack On
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=757376
- 2.2.x patch: http://svn.apache.org/viewvc?view=revision&revision=773352
- Backport: http://people.apache.org/~rjung/patches/pr-39369-2_0.patch
- Revert r1002174 in test framework, once this is fixed.
- +1: rjung, wrowe, humbedooh
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ please place SVN revisions from trunk here, so it is easy to
Modified: httpd/httpd/branches/2.0.x/modules/filters/mod_include.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/filters/mod_include.c?rev=1469722&r1=1469721&r2=1469722&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/filters/mod_include.c (original)
+++ httpd/httpd/branches/2.0.x/modules/filters/mod_include.c Fri Apr 19 07:35:22 2013
@@ -160,7 +160,7 @@ typedef struct {
static const char lazy_eval_sentinel;
#define LAZY_VALUE (&lazy_eval_sentinel)
-static void add_include_vars(request_rec *r, char *timefmt)
+static void add_include_vars(request_rec *r)
{
apr_table_t *e = r->subprocess_env;
char *t;
@@ -188,26 +188,17 @@ static void add_include_vars(request_rec
}
}
-static const char *add_include_vars_lazy(request_rec *r, const char *var)
+static const char *add_include_vars_lazy(request_rec *r, const char *var, const char *timefmt)
{
char *val;
if (!strcasecmp(var, "DATE_LOCAL")) {
- include_dir_config *conf =
- (include_dir_config *)ap_get_module_config(r->per_dir_config,
- &include_module);
- val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 0);
+ val = ap_ht_time(r->pool, r->request_time, timefmt, 0);
}
else if (!strcasecmp(var, "DATE_GMT")) {
- include_dir_config *conf =
- (include_dir_config *)ap_get_module_config(r->per_dir_config,
- &include_module);
- val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 1);
+ val = ap_ht_time(r->pool, r->request_time, timefmt, 1);
}
else if (!strcasecmp(var, "LAST_MODIFIED")) {
- include_dir_config *conf =
- (include_dir_config *)ap_get_module_config(r->per_dir_config,
- &include_module);
- val = ap_ht_time(r->pool, r->finfo.mtime, conf->default_time_fmt, 0);
+ val = ap_ht_time(r->pool, r->finfo.mtime, timefmt, 0);
}
else if (!strcasecmp(var, "USER_NAME")) {
if (apr_get_username(&val, r->finfo.user, r->pool) != APR_SUCCESS) {
@@ -252,7 +243,7 @@ static const char *get_include_var(reque
val = apr_table_get(r->subprocess_env, var);
if (val == LAZY_VALUE)
- val = add_include_vars_lazy(r, var);
+ val = add_include_vars_lazy(r, var, ctx->time_str);
}
return val;
}
@@ -2329,7 +2320,7 @@ static int handle_printenv(include_ctx_t
key_text = ap_escape_html(r->pool, elts[i].key);
val_text = elts[i].val;
if (val_text == LAZY_VALUE) {
- val_text = add_include_vars_lazy(r, elts[i].key);
+ val_text = add_include_vars_lazy(r, elts[i].key, ctx->time_str);
}
val_text = ap_escape_html(r->pool, elts[i].val);
k_len = strlen(key_text);
@@ -3548,7 +3539,7 @@ static apr_status_t includes_filter(ap_f
* environment */
ap_add_common_vars(r);
ap_add_cgi_vars(r);
- add_include_vars(r, conf->default_time_fmt);
+ add_include_vars(r);
}
/* Always unset the content-length. There is no way to know if
* the content will be modified at some point by send_parsed_content.