You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2013/05/26 21:43:24 UTC
svn commit: r1486454 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
modules/dav/main/util.c
Author: minfrin
Date: Sun May 26 19:43:23 2013
New Revision: 1486454
URL: http://svn.apache.org/r1486454
Log:
mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. PR 53910
trunk patch: http://svn.apache.org/r1470940
http://svn.apache.org/r1477530
Submitted by: Timothy Wood <tjw omnigroup.com>
Reviewed by: minfrin, jim, jorton
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/modules/dav/main/util.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1470940,1477530
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1486454&r1=1486453&r2=1486454&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sun May 26 19:43:23 2013
@@ -2,6 +2,9 @@
Changes with Apache 2.4.5
+ *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
+ we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]
+
*) 'AuthGroupFile' and 'AuthUserFile' do not accept anymore the optional
'standard' keyword . It was unused and not documented.
PR54463 [Tianyin Xu <tixu cs.ucsd.edu> and Christophe Jaillet]
Modified: httpd/httpd/branches/2.4.x/modules/dav/main/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/dav/main/util.c?rev=1486454&r1=1486453&r2=1486454&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/dav/main/util.c (original)
+++ httpd/httpd/branches/2.4.x/modules/dav/main/util.c Sun May 26 19:43:23 2013
@@ -635,9 +635,18 @@ static dav_error * dav_process_if_header
/* clean up the URI a bit */
ap_getparents(parsed_uri.path);
+
+ /* the resources we will compare to have unencoded paths */
+ if (ap_unescape_url(parsed_uri.path) != OK) {
+ return dav_new_error(r->pool, HTTP_BAD_REQUEST,
+ DAV_ERR_IF_TAGGED, rv,
+ "Invalid percent encoded URI in tagged If-header.");
+ }
+
uri_len = strlen(parsed_uri.path);
- if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/')
+ if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/') {
parsed_uri.path[--uri_len] = '\0';
+ }
uri = parsed_uri.path;
list_type = tagged;