You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by yl...@apache.org on 2020/06/24 12:23:15 UTC

svn commit: r1879149 - /httpd/httpd/trunk/modules/dav/main/util.c

Author: ylavic
Date: Wed Jun 24 12:23:15 2020
New Revision: 1879149

URL: http://svn.apache.org/viewvc?rev=1879149&view=rev
Log:
Follow up to r1879074: don't let dav_process_if_header() go above root.

And fall through as "/".

Modified:
    httpd/httpd/trunk/modules/dav/main/util.c

Modified: httpd/httpd/trunk/modules/dav/main/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?rev=1879149&r1=1879148&r2=1879149&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/util.c (original)
+++ httpd/httpd/trunk/modules/dav/main/util.c Wed Jun 24 12:23:15 2020
@@ -665,6 +665,7 @@ static dav_error * dav_process_if_header
 
             /* clean up the URI a bit */
             if (!ap_normalize_path(parsed_uri.path,
+                                   AP_NORMALIZE_NOT_ABOVE_ROOT |
                                    AP_NORMALIZE_DECODE_UNRESERVED)) {
                 return dav_new_error(r->pool, HTTP_BAD_REQUEST,
                                      DAV_ERR_IF_TAGGED, rv,