You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2021/09/26 13:07:02 UTC
svn commit: r1893649 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS
docs/manual/mod/mod_speling.xml modules/mappers/mod_speling.c
Author: minfrin
Date: Sun Sep 26 13:07:01 2021
New Revision: 1893649
URL: http://svn.apache.org/viewvc?rev=1893649&view=rev
Log:
Backport:
*) mod_speling: Backport CheckBasenameMatch for PR44221
trunk patch: http://svn.apache.org/r1557580
http://svn.apache.org/r1732273
http://svn.apache.org/r1844598
2.4.x patch: full resync of code/docs due to conflicts + changes
http://people.apache.org/~covener/patches/speling-sync.diff
+1 covener, rpluem, ylavic
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_speling.xml
httpd/httpd/branches/2.4.x/modules/mappers/mod_speling.c
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1893649&r1=1893648&r2=1893649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sun Sep 26 13:07:01 2021
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.50
+ *) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet]
+
Changes with Apache 2.4.49
*) SECURITY: CVE-2021-40438 (cve.mitre.org)
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1893649&r1=1893648&r2=1893649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sun Sep 26 13:07:01 2021
@@ -142,13 +142,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_speling: Backport CheckBasenameMatch for PR44221
- trunk patch: http://svn.apache.org/r1557580
- http://svn.apache.org/r1732273
- http://svn.apache.org/r1844598
- 2.4.x patch: full resync of code/docs due to conflicts + changes
- http://people.apache.org/~covener/patches/speling-sync.diff
- +1 covener, rpluem, ylavic
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_speling.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_speling.xml?rev=1893649&r1=1893648&r2=1893649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_speling.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_speling.xml Sun Sep 26 13:07:01 2021
@@ -44,21 +44,23 @@ misspellings.</description>
<strong>up to one misspelling</strong> (character insertion /
omission / transposition or wrong character). A list is built
with all document names which were matched using this
- strategy.</p>
+ strategy. <strong>Erroneous extension</strong> can also be fixed
+ by this module.</p>
<p>If, after scanning the directory,</p>
<ul>
<li>no matching document was found, Apache will proceed as
- usual and return a "document not found" error.</li>
+ usual and return an error (<code>404 - document not found</code>).</li>
<li>only one document is found that "almost" matches the
request, then it is returned in the form of a redirection
- response.</li>
+ response (<code>301 - Moved Permanently</code>).</li>
<li>more than one document with a close match was found, then
the list of the matches is returned to the client, and the
- client can select the correct candidate.</li>
+ client can select the correct candidate (<code>300 - Multiple
+ Choices</code>).</li>
</ul>
</summary>
@@ -97,13 +99,13 @@ module</description>
directory names.</li>
<li>spelling corrections apply strictly to existing files, so
- a request for the <code><Location "/status"></code> may
+ a request for the <code><Location /status></code> may
get incorrectly treated as the negotiated file
"<code>/stats.html</code>".</li>
</ul>
<!-- XXX: is that really true?! -nd -->
- <p>mod_speling should not be enabled in <a href="mod_dav.html">DAV</a>
+ <p><module>mod_speling</module> should not be enabled in <a href="mod_dav.html">DAV</a>
enabled directories, because it will try to "spell fix" newly created
resource names against existing filenames, e.g., when trying to upload
a new document <code>doc43.html</code> it might redirect to an existing
@@ -126,9 +128,31 @@ module</description>
<override>Options</override>
<usage>
- <p>When set, this directive limits the action of the spelling correction to lower/upper case changes.
- Other potential corrections are not performed.</p>
+ <p>When set, this directive limits the action of the spelling correction
+ to lower/upper case changes. Other potential corrections are not performed,
+ except when <directive module="mod_speling">CheckBasenameMatch</directive> is also set.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>CheckBasenameMatch</name>
+<description>Also match files with differing file name extensions.</description>
+<syntax>CheckBasenameMatch on|off</syntax>
+<default>CheckBasenameMatch On</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>Options</override>
+<usage>
+ <p>When set, this directive extends the action of the spelling correction
+ to the file name extension. For example a file <code>foo.gif</code> will
+ match a request for <code>foo</code> or <code>foo.jpg</code>. This can be
+ particularly useful in conjunction with
+ <a href="../content-negotiation.html">MultiViews</a>.</p>
</usage>
</directivesynopsis>
Modified: httpd/httpd/branches/2.4.x/modules/mappers/mod_speling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/mappers/mod_speling.c?rev=1893649&r1=1893648&r2=1893649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/mappers/mod_speling.c (original)
+++ httpd/httpd/branches/2.4.x/modules/mappers/mod_speling.c Sun Sep 26 13:07:01 2021
@@ -22,8 +22,6 @@
#define APR_WANT_STRFUNC
#include "apr_want.h"
-#define WANT_BASENAME_MATCH
-
#include "httpd.h"
#include "http_core.h"
#include "http_config.h"
@@ -59,7 +57,8 @@ module AP_MODULE_DECLARE_DATA speling_mo
typedef struct {
int enabled;
- int case_only;
+ int check_case_only;
+ int check_basename_match;
} spconfig;
/*
@@ -76,7 +75,8 @@ static void *mkconfig(apr_pool_t *p)
spconfig *cfg = apr_pcalloc(p, sizeof(spconfig));
cfg->enabled = 0;
- cfg->case_only = 0;
+ cfg->check_case_only = 0;
+ cfg->check_basename_match = 1;
return cfg;
}
@@ -107,8 +107,11 @@ static const command_rec speling_cmds[]
(void*)APR_OFFSETOF(spconfig, enabled), OR_OPTIONS,
"whether or not to fix miscapitalized/misspelled requests"),
AP_INIT_FLAG("CheckCaseOnly", ap_set_flag_slot,
- (void*)APR_OFFSETOF(spconfig, case_only), OR_OPTIONS,
+ (void*)APR_OFFSETOF(spconfig, check_case_only), OR_OPTIONS,
"whether or not to fix only miscapitalized requests"),
+ AP_INIT_FLAG("CheckBasenameMatch", ap_set_flag_slot,
+ (void*)APR_OFFSETOF(spconfig, check_basename_match), OR_OPTIONS,
+ "whether or not to fix files with the same base name"),
{ NULL }
};
@@ -302,7 +305,7 @@ static int check_speling(request_rec *r)
* simple typing errors are checked next (like, e.g.,
* missing/extra/transposed char)
*/
- else if ((cfg->case_only == 0)
+ else if ((cfg->check_case_only == 0)
&& ((q = spdist(bad, dirent.name)) != SP_VERYDIFFERENT)) {
misspelled_file *sp_new;
@@ -316,22 +319,14 @@ static int check_speling(request_rec *r)
* requests. It is of questionable use to continue looking for
* files with the same base name, but potentially of totally wrong
* type (index.html <-> index.db).
- * I would propose to not set the WANT_BASENAME_MATCH define.
- * 08-Aug-1997 <Ma...@Mch.SNI.De>
*
- * However, Alexei replied giving some reasons to add it anyway:
- * > Oh, by the way, I remembered why having the
- * > extension-stripping-and-matching stuff is a good idea:
- * >
- * > If you're using MultiViews, and have a file named foobar.html,
- * > which you refer to as "foobar", and someone tried to access
- * > "Foobar", mod_speling won't find it, because it won't find
- * > anything matching that spelling. With the extension-munging,
- * > it would locate "foobar.html". Not perfect, but I ran into
- * > that problem when I first wrote the module.
+ * If you're using MultiViews, and have a file named foobar.html,
+ * which you refer to as "foobar", and someone tried to access
+ * "Foobar", without CheckBasenameMatch, mod_speling won't find it,
+ * because it won't find anything matching that spelling.
+ * With the extension-munging, it would locate "foobar.html".
*/
- else {
-#ifdef WANT_BASENAME_MATCH
+ else if (cfg->check_basename_match == 1) {
/*
* Okay... we didn't find anything. Now we take out the hard-core
* power tools. There are several cases here. Someone might have
@@ -356,7 +351,6 @@ static int check_speling(request_rec *r)
sp_new->name = apr_pstrdup(r->pool, dirent.name);
sp_new->quality = SP_VERYDIFFERENT;
}
-#endif
}
}
apr_dir_close(dir);