You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2013/04/19 09:29:33 UTC
svn commit: r1469721 - in /httpd/httpd/branches/2.0.x: ./ CHANGES STATUS
modules/mappers/mod_rewrite.c
Author: rjung
Date: Fri Apr 19 07:29:32 2013
New Revision: 1469721
URL: http://svn.apache.org/r1469721
Log:
mod_rewrite: When evaluating a proxy rule in directory context,
do escape the filename by default, since mod_proxy will not
escape in that case due to the (deliberate) fixup hook ordering.
PR 46428
Backport of r757427 from trunk resp. r773351 from 2.2.x.
Submitted by: jorton/rpluem
Backported by: rjung
Reviewed by: wrowe, humbedooh
Modified:
httpd/httpd/branches/2.0.x/ (props changed)
httpd/httpd/branches/2.0.x/CHANGES
httpd/httpd/branches/2.0.x/STATUS
httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c
Propchange: httpd/httpd/branches/2.0.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r757427
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=1469721&r1=1469720&r2=1469721&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Fri Apr 19 07:29:32 2013
@@ -28,6 +28,9 @@ Changes with Apache 2.0.65
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]
+ *) mod_rewrite: When evaluating a proxy rule in directory context, do
+ escape the filename by default. PR 46428 [Joe Orton]
+
*) Improve platform detection for bundled PCRE by updating config.guess
and config.sub. [Rainer Jung]
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1469721&r1=1469720&r2=1469721&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Apr 19 07:29:32 2013
@@ -190,13 +190,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_rewrite: PR 46428 - whitespace/encoding for proxied URL
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=757427
- 2.2.x patch: http://svn.apache.org/viewvc?view=revision&revision=773351
- Backport: http://people.apache.org/~rjung/patches/pr-46428-2_0.patch
- Revert r1002110 and r1002161 in test framework, once this is fixed.
- +1: rjung, wrowe, humbedooh
-
* mod_include: PR 39369 - timefmt config not working in SSI when using
INCLUDES output filter and XBitHack On
Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=757376
Modified: httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c?rev=1469721&r1=1469720&r2=1469721&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c Fri Apr 19 07:29:32 2013
@@ -2203,6 +2203,20 @@ static int apply_rewrite_rule(request_re
* ourself).
*/
if (p->flags & RULEFLAG_PROXY) {
+ /* For rules evaluated in server context, the mod_proxy fixup
+ * hook can be relied upon to escape the URI as and when
+ * necessary, since it occurs later. If in directory context,
+ * the ordering of the fixup hooks is forced such that
+ * mod_proxy comes first, so the URI must be escaped here
+ * instead. See PR 39746, 46428, and other headaches. */
+ if (perdir && (p->flags & RULEFLAG_NOESCAPE) == 0) {
+ char *old_filename = r->filename;
+
+ r->filename = ap_escape_uri(r->pool, r->filename);
+ rewritelog(r, 2, "[per-dir %s] escaped URI in per-dir context "
+ "for proxy, %s -> %s", perdir, old_filename, r->filename);
+ }
+
fully_qualify_uri(r);
if (perdir == NULL) {
rewritelog(r, 2, "forcing proxy-throughput with %s", r->filename);