You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2020/06/24 12:23:15 UTC
svn commit: r1879149 - /httpd/httpd/trunk/modules/dav/main/util.c
Author: ylavic
Date: Wed Jun 24 12:23:15 2020
New Revision: 1879149
URL: http://svn.apache.org/viewvc?rev=1879149&view=rev
Log:
Follow up to r1879074: don't let dav_process_if_header() go above root.
And fall through as "/".
Modified:
httpd/httpd/trunk/modules/dav/main/util.c
Modified: httpd/httpd/trunk/modules/dav/main/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?rev=1879149&r1=1879148&r2=1879149&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/util.c (original)
+++ httpd/httpd/trunk/modules/dav/main/util.c Wed Jun 24 12:23:15 2020
@@ -665,6 +665,7 @@ static dav_error * dav_process_if_header
/* clean up the URI a bit */
if (!ap_normalize_path(parsed_uri.path,
+ AP_NORMALIZE_NOT_ABOVE_ROOT |
AP_NORMALIZE_DECODE_UNRESERVED)) {
return dav_new_error(r->pool, HTTP_BAD_REQUEST,
DAV_ERR_IF_TAGGED, rv,