You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ig...@apache.org on 2010/12/28 16:56:46 UTC
svn commit: r1053375 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/core.xml server/core.c
Author: igalic
Date: Tue Dec 28 15:56:46 2010
New Revision: 1053375
URL: http://svn.apache.org/viewvc?rev=1053375&view=rev
Log:
Applying patch from PR 33078 (with slight changes to its return values)
This patch disallows the mixing of relative (+/-) and absolute Options where insensible.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/manual/mod/core.xml
httpd/httpd/trunk/server/core.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1053375&r1=1053374&r2=1053375&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 28 15:56:46 2010
@@ -2,6 +2,9 @@
Changes with Apache 2.3.11
+ *) core: Disallow the mixing of relative and absolute Options PR 33708.
+ [Sönke Tesch <st kino-fahrplan.de>]
+
*) core: When exporting request headers to HTTP_* environment variables,
drop variables whose names contain invalid characters. Describe in the
docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1053375&r1=1053374&r2=1053375&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml Tue Dec 28 15:56:46 2010
@@ -3016,10 +3016,10 @@ directory</description>
<code>-</code> are removed from the options currently in
force. </p>
- <note type="warning"><title>Warning</title>
+ <note><title>Note</title>
<p>Mixing <directive>Options</directive> with a <code>+</code> or
- <code>-</code> with those without is not valid syntax, and is likely
- to cause unexpected results.</p>
+ <code>-</code> with those without is not valid syntax, and will be
+ rejected during server startup by the syntax check with an abort.</p>
</note>
<p>For example, without any <code>+</code> and <code>-</code> symbols:</p>
Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1053375&r1=1053374&r2=1053375&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Tue Dec 28 15:56:46 2010
@@ -1409,6 +1409,8 @@ static const char *set_options(cmd_parms
core_dir_config *d = d_;
allow_options_t opt;
int first = 1;
+ int merge = 0;
+ int all_none = 0;
char action;
while (l[0]) {
@@ -1417,10 +1419,16 @@ static const char *set_options(cmd_parms
if (*w == '+' || *w == '-') {
action = *(w++);
+ if (!merge && !first && !all_none) {
+ return "Either all Options must start with + or -, or no Option may.";
+ }
+ merge = 1;
}
else if (first) {
d->opts = OPT_NONE;
- first = 0;
+ }
+ else if (merge) {
+ return "Either all Options must start with + or -, or no Option may.";
}
if (!strcasecmp(w, "Indexes")) {
@@ -1448,10 +1456,24 @@ static const char *set_options(cmd_parms
opt = OPT_MULTI|OPT_EXECCGI;
}
else if (!strcasecmp(w, "None")) {
+ if (!first) {
+ return "'Options None' must be the first Option given.";
+ }
+ else if (merge) { /* Only works since None may not follow any other option. */
+ return "You may not use 'Options +None' or 'Options -None'.";
+ }
opt = OPT_NONE;
+ all_none = 1;
}
else if (!strcasecmp(w, "All")) {
+ if (!first) {
+ return "'Options All' must be the first option given.";
+ }
+ else if (merge) { /* Only works since All may not follow any other option. */
+ return "You may not use 'Options +All' or 'Options -All'.";
+ }
opt = OPT_ALL;
+ all_none = 1;
}
else {
return apr_pstrcat(cmd->pool, "Illegal option ", w, NULL);
@@ -1474,6 +1496,8 @@ static const char *set_options(cmd_parms
else {
d->opts |= opt;
}
+
+ first = 0;
}
return NULL;
Re: svn commit: r1053375 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/core.xml server/core.c
Posted by Eric Covener <co...@gmail.com>.
2011/1/7 Igor Galić <i....@brainsware.org>:
>
> ----- "Eric Covener" <co...@gmail.com> wrote:
>
>> Doesn't this preclude useful things like
>>
>> "All -Indexes" ?
>
> No, it doesn't.
>
> All +/-stuffhere
Sorry about that -- Thanks!
Re: svn commit: r1053375 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/core.xml server/core.c
Posted by Igor Galić <i....@brainsware.org>.
----- "Eric Covener" <co...@gmail.com> wrote:
> Doesn't this preclude useful things like
>
> "All -Indexes" ?
No, it doesn't.
All +/-stuffhere
and
None +/-stuffhere
are permitted.
> On Tue, Dec 28, 2010 at 10:56 AM, <ig...@apache.org> wrote:
> > Author: igalic
> > Date: Tue Dec 28 15:56:46 2010
> > New Revision: 1053375
> >
> > URL: http://svn.apache.org/viewvc?rev=1053375&view=rev
> > Log:
> > Applying patch from PR 33078 (with slight changes to its return
> values)
> > This patch disallows the mixing of relative (+/-) and absolute
> Options where insensible.
> >
> > Modified:
> > httpd/httpd/trunk/CHANGES
> > httpd/httpd/trunk/docs/manual/mod/core.xml
> > httpd/httpd/trunk/server/core.c
> >
> > Modified: httpd/httpd/trunk/CHANGES
> > URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1053375&r1=1053374&r2=1053375&view=diff
> >
> ==============================================================================
> > --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> > +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 28 15:56:46 2010
> > @@ -2,6 +2,9 @@
> >
> > Changes with Apache 2.3.11
> >
> > + *) core: Disallow the mixing of relative and absolute Options PR
> 33708.
> > + [Sönke Tesch <st kino-fahrplan.de>]
> > +
> > *) core: When exporting request headers to HTTP_* environment
> variables,
> > drop variables whose names contain invalid characters. Describe
> in the
> > docs how to restore the old behaviour. [Malte S. Stretz <mss
> apache org>]
> >
> > Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
> > URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1053375&r1=1053374&r2=1053375&view=diff
> >
> ==============================================================================
> > --- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
> > +++ httpd/httpd/trunk/docs/manual/mod/core.xml Tue Dec 28 15:56:46
> 2010
> > @@ -3016,10 +3016,10 @@ directory</description>
> > <code>-</code> are removed from the options currently in
> > force. </p>
> >
> > - <note type="warning"><title>Warning</title>
> > + <note><title>Note</title>
> > <p>Mixing <directive>Options</directive> with a <code>+</code>
> or
> > - <code>-</code> with those without is not valid syntax, and is
> likely
> > - to cause unexpected results.</p>
> > + <code>-</code> with those without is not valid syntax, and will
> be
> > + rejected during server startup by the syntax check with an
> abort.</p>
> > </note>
> >
> > <p>For example, without any <code>+</code> and <code>-</code>
> symbols:</p>
> >
> > Modified: httpd/httpd/trunk/server/core.c
> > URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1053375&r1=1053374&r2=1053375&view=diff
> >
> ==============================================================================
> > --- httpd/httpd/trunk/server/core.c (original)
> > +++ httpd/httpd/trunk/server/core.c Tue Dec 28 15:56:46 2010
> > @@ -1409,6 +1409,8 @@ static const char *set_options(cmd_parms
> > core_dir_config *d = d_;
> > allow_options_t opt;
> > int first = 1;
> > + int merge = 0;
> > + int all_none = 0;
> > char action;
> >
> > while (l[0]) {
> > @@ -1417,10 +1419,16 @@ static const char *set_options(cmd_parms
> >
> > if (*w == '+' || *w == '-') {
> > action = *(w++);
> > + if (!merge && !first && !all_none) {
> > + return "Either all Options must start with + or -,
> or no Option may.";
> > + }
> > + merge = 1;
> > }
> > else if (first) {
> > d->opts = OPT_NONE;
> > - first = 0;
> > + }
> > + else if (merge) {
> > + return "Either all Options must start with + or -, or
> no Option may.";
> > }
> >
> > if (!strcasecmp(w, "Indexes")) {
> > @@ -1448,10 +1456,24 @@ static const char *set_options(cmd_parms
> > opt = OPT_MULTI|OPT_EXECCGI;
> > }
> > else if (!strcasecmp(w, "None")) {
> > + if (!first) {
> > + return "'Options None' must be the first Option
> given.";
> > + }
> > + else if (merge) { /* Only works since None may not
> follow any other option. */
> > + return "You may not use 'Options +None' or 'Options
> -None'.";
> > + }
> > opt = OPT_NONE;
> > + all_none = 1;
> > }
> > else if (!strcasecmp(w, "All")) {
> > + if (!first) {
> > + return "'Options All' must be the first option
> given.";
> > + }
> > + else if (merge) { /* Only works since All may not
> follow any other option. */
> > + return "You may not use 'Options +All' or 'Options
> -All'.";
> > + }
> > opt = OPT_ALL;
> > + all_none = 1;
> > }
> > else {
> > return apr_pstrcat(cmd->pool, "Illegal option ", w,
> NULL);
> > @@ -1474,6 +1496,8 @@ static const char *set_options(cmd_parms
> > else {
> > d->opts |= opt;
> > }
> > +
> > + first = 0;
> > }
> >
> > return NULL;
> >
> >
> >
>
>
>
> --
> Eric Covener
> covener@gmail.com
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
Re: svn commit: r1053375 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/core.xml server/core.c
Posted by Eric Covener <co...@gmail.com>.
Doesn't this preclude useful things like
"All -Indexes" ?
On Tue, Dec 28, 2010 at 10:56 AM, <ig...@apache.org> wrote:
> Author: igalic
> Date: Tue Dec 28 15:56:46 2010
> New Revision: 1053375
>
> URL: http://svn.apache.org/viewvc?rev=1053375&view=rev
> Log:
> Applying patch from PR 33078 (with slight changes to its return values)
> This patch disallows the mixing of relative (+/-) and absolute Options where insensible.
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/docs/manual/mod/core.xml
> httpd/httpd/trunk/server/core.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1053375&r1=1053374&r2=1053375&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 28 15:56:46 2010
> @@ -2,6 +2,9 @@
>
> Changes with Apache 2.3.11
>
> + *) core: Disallow the mixing of relative and absolute Options PR 33708.
> + [Sönke Tesch <st kino-fahrplan.de>]
> +
> *) core: When exporting request headers to HTTP_* environment variables,
> drop variables whose names contain invalid characters. Describe in the
> docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
>
> Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1053375&r1=1053374&r2=1053375&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/core.xml Tue Dec 28 15:56:46 2010
> @@ -3016,10 +3016,10 @@ directory</description>
> <code>-</code> are removed from the options currently in
> force. </p>
>
> - <note type="warning"><title>Warning</title>
> + <note><title>Note</title>
> <p>Mixing <directive>Options</directive> with a <code>+</code> or
> - <code>-</code> with those without is not valid syntax, and is likely
> - to cause unexpected results.</p>
> + <code>-</code> with those without is not valid syntax, and will be
> + rejected during server startup by the syntax check with an abort.</p>
> </note>
>
> <p>For example, without any <code>+</code> and <code>-</code> symbols:</p>
>
> Modified: httpd/httpd/trunk/server/core.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1053375&r1=1053374&r2=1053375&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/core.c (original)
> +++ httpd/httpd/trunk/server/core.c Tue Dec 28 15:56:46 2010
> @@ -1409,6 +1409,8 @@ static const char *set_options(cmd_parms
> core_dir_config *d = d_;
> allow_options_t opt;
> int first = 1;
> + int merge = 0;
> + int all_none = 0;
> char action;
>
> while (l[0]) {
> @@ -1417,10 +1419,16 @@ static const char *set_options(cmd_parms
>
> if (*w == '+' || *w == '-') {
> action = *(w++);
> + if (!merge && !first && !all_none) {
> + return "Either all Options must start with + or -, or no Option may.";
> + }
> + merge = 1;
> }
> else if (first) {
> d->opts = OPT_NONE;
> - first = 0;
> + }
> + else if (merge) {
> + return "Either all Options must start with + or -, or no Option may.";
> }
>
> if (!strcasecmp(w, "Indexes")) {
> @@ -1448,10 +1456,24 @@ static const char *set_options(cmd_parms
> opt = OPT_MULTI|OPT_EXECCGI;
> }
> else if (!strcasecmp(w, "None")) {
> + if (!first) {
> + return "'Options None' must be the first Option given.";
> + }
> + else if (merge) { /* Only works since None may not follow any other option. */
> + return "You may not use 'Options +None' or 'Options -None'.";
> + }
> opt = OPT_NONE;
> + all_none = 1;
> }
> else if (!strcasecmp(w, "All")) {
> + if (!first) {
> + return "'Options All' must be the first option given.";
> + }
> + else if (merge) { /* Only works since All may not follow any other option. */
> + return "You may not use 'Options +All' or 'Options -All'.";
> + }
> opt = OPT_ALL;
> + all_none = 1;
> }
> else {
> return apr_pstrcat(cmd->pool, "Illegal option ", w, NULL);
> @@ -1474,6 +1496,8 @@ static const char *set_options(cmd_parms
> else {
> d->opts |= opt;
> }
> +
> + first = 0;
> }
>
> return NULL;
>
>
>
--
Eric Covener
covener@gmail.com