You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2018/01/10 13:47:53 UTC

svn commit: r1820750 - in /httpd/httpd/trunk: CHANGES modules/metadata/mod_headers.c

Author: covener
Date: Wed Jan 10 13:47:53 2018
New Revision: 1820750

URL: http://svn.apache.org/viewvc?rev=1820750&view=rev
Log:
avoid ap_set_content_type when processing a _Request_Header set|edit|unset Content-Type.

identified by ylavic


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/metadata/mod_headers.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1820750&r1=1820749&r2=1820750&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jan 10 13:47:53 2018
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+
+  *) mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could 
+     inadvertently modify the Content-Type _response_ header. Applies to
+     Content-Type only and likely to only affect static file responses.
+     [Eric Covener]
+
   *) mod_cgi: Improve AH01215 messages to make it more clear that the message is
      the CGI scripts stderr output. PR 61980. [Hank Ibell <hwibell gmail.com>]
 

Modified: httpd/httpd/trunk/modules/metadata/mod_headers.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/metadata/mod_headers.c?rev=1820750&r1=1820749&r2=1820750&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/metadata/mod_headers.c (original)
+++ httpd/httpd/trunk/modules/metadata/mod_headers.c Wed Jan 10 13:47:53 2018
@@ -791,14 +791,16 @@ static int do_headers_fixup(request_rec
             }
             break;
         case hdr_set:
-            if (!ap_cstr_casecmp(hdr->header, "Content-Type")) {
+            if (r->headers_in != headers && 
+                !ap_cstr_casecmp(hdr->header, "Content-Type")) {
                  ap_set_content_type(r, process_tags(hdr, r));
             }
             apr_table_setn(headers, hdr->header, process_tags(hdr, r));
             break;
         case hdr_setifempty:
             if (NULL == apr_table_get(headers, hdr->header)) {
-                if (!ap_cstr_casecmp(hdr->header, "Content-Type")) {
+                if (r->headers_in != headers &&
+                    !ap_cstr_casecmp(hdr->header, "Content-Type")) {
                     ap_set_content_type(r, process_tags(hdr, r));
                 }
                 apr_table_setn(headers, hdr->header, process_tags(hdr, r));
@@ -806,7 +808,8 @@ static int do_headers_fixup(request_rec
             break;
         case hdr_unset:
             apr_table_unset(headers, hdr->header);
-            if (!ap_cstr_casecmp(hdr->header, "Content-Type")) {
+            if (r->headers_in != headers &&
+                !ap_cstr_casecmp(hdr->header, "Content-Type")) {
                 ap_set_content_type(r, NULL);
             }
             break;
@@ -821,7 +824,7 @@ static int do_headers_fixup(request_rec
                 const char *repl = process_regexp(hdr, r->content_type, r);
                 if (repl == NULL)
                     return 0;
-                ap_set_content_type(r, repl);
+                if (r->headers_in != headers) ap_set_content_type(r, repl);
             }
             if (apr_table_get(headers, hdr->header)) {
                 edit_do ed;