You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2017/05/26 21:50:33 UTC

svn commit: r1796352 - in /httpd/httpd/trunk/modules: generators/mod_status.c proxy/mod_proxy.c

Author: covener
Date: Fri May 26 21:50:33 2017
New Revision: 1796352

URL: http://svn.apache.org/viewvc?rev=1796352&view=rev
Log:
remove r1792169 taint checks from proxy and status modules

Both of these checks are problematic without further
work.

status: even a .htaccess with no SetHandler blocks the handler.
proxy: RewriteRule ... ... [P] in htaccess is blocked.



Modified:
    httpd/httpd/trunk/modules/generators/mod_status.c
    httpd/httpd/trunk/modules/proxy/mod_proxy.c

Modified: httpd/httpd/trunk/modules/generators/mod_status.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?rev=1796352&r1=1796351&r2=1796352&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/generators/mod_status.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_status.c Fri May 26 21:50:33 2017
@@ -213,13 +213,6 @@ static int status_handler(request_rec *r
         return DECLINED;
     }
 
-    /* A request that has passed through .htaccess has no business
-     * landing up here.
-     */
-    if (ap_request_tainted(r, AP_TAINT_HTACCESS)) {
-        return DECLINED;
-    }
-
 #ifdef HAVE_TIMES
     times_per_thread = getpid() != child_pid;
 #endif

Modified: httpd/httpd/trunk/modules/proxy/mod_proxy.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?rev=1796352&r1=1796351&r2=1796352&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy.c Fri May 26 21:50:33 2017
@@ -932,14 +932,6 @@ static int proxy_fixup(request_rec *r)
     if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
         return DECLINED;
 
-    /* A request that has passed through .htaccess has no business
-     * serving contents from so far outside its directory.
-     * Since we're going to decline it, don't waste time here.
-     */
-    if (ap_request_tainted(r, AP_TAINT_HTACCESS)) {
-        return DECLINED;
-    }
-
     /* XXX: Shouldn't we try this before we run the proxy_walk? */
     url = &r->filename[6];