You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by br...@apache.org on 2014/06/13 10:34:05 UTC
svn commit: r1602338 - in /httpd/httpd/trunk/modules/dav: fs/repos.c
main/mod_dav.c main/mod_dav.h main/props.c
Author: breser
Date: Fri Jun 13 08:34:05 2014
New Revision: 1602338
URL: http://svn.apache.org/r1602338
Log:
Fix PR 56480: PROPFIND walker doesn't encode hrefs properly
Reverts r1529559 partially (specifically the dav_xml_escape_uri) bit.
Reverts r1531505 entirely.
* modules/dav/main/mod_dav.c
(dav_xml_escape_uri): Revert the piece of r1529559 that removes the URI
escaping from this function.
* modules/dav/main/props.c
(dav_do_prop_subreq): Escape the URI before doing a sub request with it.
This resolves some properties like getcontenttype from failing to be
returned for files that contain characters that require encoding in their
path.
* modules/dav/main/mod_dav.h
(dav_resource): Note the inconsistency in the documentation.
* modules/dav/fs/repos.c
(dav_fs_get_resource): Don't use the unparsed_uri to set the uri field of
the resource. This is the correct fix for the double encoding in mod_dav_fs
that led to the dav_xml_escape_uri() change and r1531505.
(dav_fs_walker, dav_fs_append_uri): Revert r1531505 changes.
Modified:
httpd/httpd/trunk/modules/dav/fs/repos.c
httpd/httpd/trunk/modules/dav/main/mod_dav.c
httpd/httpd/trunk/modules/dav/main/mod_dav.h
httpd/httpd/trunk/modules/dav/main/props.c
Modified: httpd/httpd/trunk/modules/dav/fs/repos.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/fs/repos.c?rev=1602338&r1=1602337&r2=1602338&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/fs/repos.c (original)
+++ httpd/httpd/trunk/modules/dav/fs/repos.c Fri Jun 13 08:34:05 2014
@@ -717,13 +717,13 @@ static dav_error * dav_fs_get_resource(
resource->pool = r->pool;
/* make sure the URI does not have a trailing "/" */
- len = strlen(r->unparsed_uri);
- if (len > 1 && r->unparsed_uri[len - 1] == '/') {
- s = apr_pstrmemdup(r->pool, r->unparsed_uri, len-1);
+ len = strlen(r->uri);
+ if (len > 1 && r->uri[len - 1] == '/') {
+ s = apr_pstrmemdup(r->pool, r->uri, len-1);
resource->uri = s;
}
else {
- resource->uri = r->unparsed_uri;
+ resource->uri = r->uri;
}
if (r->finfo.filetype != APR_NOFILE) {
@@ -1482,18 +1482,6 @@ static dav_error * dav_fs_remove_resourc
return dav_fs_deleteset(info->pool, resource);
}
-/* Take an unescaped path component and escape it and append it onto a
- * dav_buffer for a URI */
-static apr_size_t dav_fs_append_uri(apr_pool_t *p, dav_buffer *pbuf,
- const char *path, apr_size_t pad)
-{
- const char *epath = ap_escape_uri(p, path);
- apr_size_t epath_len = strlen(epath);
-
- dav_buffer_place_mem(p, pbuf, epath, epath_len + 1, pad);
- return epath_len;
-}
-
/* ### move this to dav_util? */
/* Walk recursively down through directories, *
* including lock-null resources as we go. */
@@ -1549,7 +1537,6 @@ static dav_error * dav_fs_walker(dav_fs_
}
while ((apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp)) == APR_SUCCESS) {
apr_size_t len;
- apr_size_t escaped_len;
len = strlen(dirent.name);
@@ -1592,7 +1579,7 @@ static dav_error * dav_fs_walker(dav_fs_
/* copy the file to the URI, too. NOTE: we will pad an extra byte
for the trailing slash later. */
- escaped_len = dav_fs_append_uri(pool, &fsctx->uri_buf, dirent.name, 1);
+ dav_buffer_place_mem(pool, &fsctx->uri_buf, dirent.name, len + 1, 1);
/* if there is a secondary path, then do that, too */
if (fsctx->path2.buf != NULL) {
@@ -1625,7 +1612,7 @@ static dav_error * dav_fs_walker(dav_fs_
fsctx->path2.cur_len += len;
/* adjust URI length to incorporate subdir and a slash */
- fsctx->uri_buf.cur_len += escaped_len + 1;
+ fsctx->uri_buf.cur_len += len + 1;
fsctx->uri_buf.buf[fsctx->uri_buf.cur_len - 1] = '/';
fsctx->uri_buf.buf[fsctx->uri_buf.cur_len] = '\0';
@@ -1691,8 +1678,8 @@ static dav_error * dav_fs_walker(dav_fs_
*/
dav_buffer_place_mem(pool, &fsctx->path1,
fsctx->locknull_buf.buf + offset, len + 1, 0);
- dav_fs_append_uri(pool, &fsctx->uri_buf,
- fsctx->locknull_buf.buf + offset, 0);
+ dav_buffer_place_mem(pool, &fsctx->uri_buf,
+ fsctx->locknull_buf.buf + offset, len + 1, 0);
if (fsctx->path2.buf != NULL) {
dav_buffer_place_mem(pool, &fsctx->path2,
fsctx->locknull_buf.buf + offset,
Modified: httpd/httpd/trunk/modules/dav/main/mod_dav.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?rev=1602338&r1=1602337&r2=1602338&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/mod_dav.c (original)
+++ httpd/httpd/trunk/modules/dav/main/mod_dav.c Fri Jun 13 08:34:05 2014
@@ -397,9 +397,11 @@ static int dav_error_response_tag(reques
*/
static const char *dav_xml_escape_uri(apr_pool_t *p, const char *uri)
{
+ const char *e_uri = ap_escape_uri(p, uri);
+
/* check the easy case... */
- if (ap_strchr_c(uri, '&') == NULL)
- return uri;
+ if (ap_strchr_c(e_uri, '&') == NULL)
+ return e_uri;
/* there was a '&', so more work is needed... sigh. */
@@ -407,7 +409,7 @@ static const char *dav_xml_escape_uri(ap
* Note: this is a teeny bit of overkill since we know there are no
* '<' or '>' characters, but who cares.
*/
- return apr_xml_quote_string(p, uri, 0);
+ return apr_xml_quote_string(p, e_uri, 0);
}
Modified: httpd/httpd/trunk/modules/dav/main/mod_dav.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.h?rev=1602338&r1=1602337&r2=1602338&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/mod_dav.h (original)
+++ httpd/httpd/trunk/modules/dav/main/mod_dav.h Fri Jun 13 08:34:05 2014
@@ -386,7 +386,9 @@ typedef struct dav_resource {
* REGULAR and WORKSPACE resources,
* and is always 1 for WORKING */
- const char *uri; /* the escaped URI for this resource */
+ const char *uri; /* the URI for this resource;
+ * currently has an ABI flaw where sometimes it is
+ * assumed to be encoded and sometimes not */
dav_resource_private *info; /* the provider's private info */
Modified: httpd/httpd/trunk/modules/dav/main/props.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/props.c?rev=1602338&r1=1602337&r2=1602338&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/props.c (original)
+++ httpd/httpd/trunk/modules/dav/main/props.c Fri Jun 13 08:34:05 2014
@@ -321,10 +321,14 @@ static int dav_rw_liveprop(dav_propdb *p
/* do a sub-request to fetch properties for the target resource's URI. */
static void dav_do_prop_subreq(dav_propdb *propdb)
{
+ /* need to escape the uri that's in the resource struct because during
+ * the property walker it's not encoded. */
+ const char *e_uri = ap_escape_uri(propdb->resource->pool,
+ propdb->resource->uri);
+
/* perform a "GET" on the resource's URI (note that the resource
may not correspond to the current request!). */
- propdb->subreq = ap_sub_req_lookup_uri(propdb->resource->uri, propdb->r,
- NULL);
+ propdb->subreq = ap_sub_req_lookup_uri(e_uri, propdb->r, NULL);
}
static dav_error * dav_insert_coreprop(dav_propdb *propdb,