You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2013/05/26 21:43:24 UTC

svn commit: r1486454 - in /httpd/httpd/branches/2.4.x: ./ CHANGES modules/dav/main/util.c

Author: minfrin
Date: Sun May 26 19:43:23 2013
New Revision: 1486454

URL: http://svn.apache.org/r1486454
Log:
mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. PR 53910

trunk patch: http://svn.apache.org/r1470940
             http://svn.apache.org/r1477530
Submitted by: Timothy Wood <tjw omnigroup.com>
Reviewed by: minfrin, jim, jorton

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/modules/dav/main/util.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1470940,1477530

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1486454&r1=1486453&r2=1486454&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sun May 26 19:43:23 2013
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.5
 
+  *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
+     we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]
+
   *) 'AuthGroupFile' and 'AuthUserFile' do not accept anymore the optional
      'standard' keyword . It was unused and not documented.
      PR54463 [Tianyin Xu <tixu cs.ucsd.edu> and Christophe Jaillet]

Modified: httpd/httpd/branches/2.4.x/modules/dav/main/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/dav/main/util.c?rev=1486454&r1=1486453&r2=1486454&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/dav/main/util.c (original)
+++ httpd/httpd/branches/2.4.x/modules/dav/main/util.c Sun May 26 19:43:23 2013
@@ -635,9 +635,18 @@ static dav_error * dav_process_if_header
 
             /* clean up the URI a bit */
             ap_getparents(parsed_uri.path);
+
+            /* the resources we will compare to have unencoded paths */
+            if (ap_unescape_url(parsed_uri.path) != OK) {
+                return dav_new_error(r->pool, HTTP_BAD_REQUEST,
+                        DAV_ERR_IF_TAGGED, rv,
+                        "Invalid percent encoded URI in tagged If-header.");
+            }
+
             uri_len = strlen(parsed_uri.path);
-            if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/')
+            if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/') {
                 parsed_uri.path[--uri_len] = '\0';
+            }
 
             uri = parsed_uri.path;
             list_type = tagged;