You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2009/12/18 17:03:16 UTC
svn commit: r892289 - in /httpd/httpd/trunk: CHANGES
modules/cache/cache_storage.c
Author: rpluem
Date: Fri Dec 18 16:03:13 2009
New Revision: 892289
URL: http://svn.apache.org/viewvc?rev=892289&view=rev
Log:
* Do an exact match of the keys defined by CacheIgnoreURLSessionIdentifiers
against the querystring instead of a partial match.
PR: 48401
Submitted by: Dodou Wang <wangdong.08 gmail.com>
Reviewed by: rpluem
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/cache/cache_storage.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=892289&r1=892288&r2=892289&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Dec 18 16:03:13 2009
@@ -2,6 +2,11 @@
Changes with Apache 2.3.5
+ *) mod_cache: Do an exact match of the keys defined by
+ CacheIgnoreURLSessionIdentifiers against the querystring instead of
+ a partial match. PR 48401.i
+ [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
+
*) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
*) mod_headers: Ensure that changes to the main request remain valid when
Modified: httpd/httpd/trunk/modules/cache/cache_storage.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c?rev=892289&r1=892288&r2=892289&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/cache/cache_storage.c (original)
+++ httpd/httpd/trunk/modules/cache/cache_storage.c Fri Dec 18 16:03:13 2009
@@ -503,21 +503,54 @@
/*
* Check if the identifier is in the querystring and cut it out.
*/
- if (querystring
- && (param = strstr(querystring, *identifier))
- && (*(param + len) == '=')
- ) {
- char *amp;
-
- if (querystring != param) {
- querystring = apr_pstrndup(p, querystring,
- param - querystring);
+ if (querystring) {
+ /*
+ * First check if the identifier is at the beginning of the
+ * querystring and followed by a '='
+ */
+ if (!strncmp(querystring, *identifier, len)
+ && (*(querystring + len) == '=')) {
+ param = querystring;
}
else {
- querystring = "";
+ char *complete;
+
+ /*
+ * In order to avoid subkey matching (PR 48401) prepend
+ * identifier with a '&' and append a '='
+ */
+ complete = apr_pstrcat(p, "&", *identifier, "=", NULL);
+ param = strstr(querystring, complete);
+ /* If we found something we are sitting on the '&' */
+ if (param) {
+ param++;
+ }
}
- if ((amp = strchr(param + len + 1, '&'))) {
- querystring = apr_pstrcat(p, querystring, amp + 1, NULL);
+ if (param) {
+ char *amp;
+
+ if (querystring != param) {
+ querystring = apr_pstrndup(p, querystring,
+ param - querystring);
+ }
+ else {
+ querystring = "";
+ }
+
+ if ((amp = strchr(param + len + 1, '&'))) {
+ querystring = apr_pstrcat(p, querystring, amp + 1, NULL);
+ }
+ else {
+ /*
+ * If querystring is not "", then we have the case
+ * that the identifier parameter we removed was the
+ * last one in the original querystring. Hence we have
+ * a trailing '&' which needs to be removed.
+ */
+ if (*querystring) {
+ querystring[strlen(querystring) - 1] = '\0';
+ }
+ }
}
break;
}