You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2009/05/10 16:46:54 UTC
svn commit: r773347 - in /httpd/test/framework/trunk/t:
conf/include-ssi-exec.conf.in htdocs/modules/include/ssi-exec/121/
htdocs/modules/include/ssi-exec/121/subdir/
htdocs/modules/include/ssi-exec/121/subdir/exec.shtml
security/CVE-2009-1195.t
Author: rpluem
Date: Sun May 10 14:46:54 2009
New Revision: 773347
URL: http://svn.apache.org/viewvc?rev=773347&view=rev
Log:
* Add testcase for r773322 / r773342
Added:
httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/
httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/
httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml (with props)
Modified:
httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in
httpd/test/framework/trunk/t/security/CVE-2009-1195.t
Modified: httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in?rev=773347&r1=773346&r2=773347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in (original)
+++ httpd/test/framework/trunk/t/conf/include-ssi-exec.conf.in Sun May 10 14:46:54 2009
@@ -483,5 +483,13 @@
Options Includes
AllowOverride None
</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/121">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/120/subdir">
+# Just a dummy directive that is always available to make this a valid block
+ FileETag All
+</Directory>
</IfModule>
Added: httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml?rev=773347&view=auto
==============================================================================
--- httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml (added)
+++ httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml Sun May 10 14:46:54 2009
@@ -0,0 +1 @@
+<!--#exec cgi="/modules/cgi/perl.pl"-->
Propchange: httpd/test/framework/trunk/t/htdocs/modules/include/ssi-exec/121/subdir/exec.shtml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: httpd/test/framework/trunk/t/security/CVE-2009-1195.t
URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/security/CVE-2009-1195.t?rev=773347&r1=773346&r2=773347&view=diff
==============================================================================
--- httpd/test/framework/trunk/t/security/CVE-2009-1195.t (original)
+++ httpd/test/framework/trunk/t/security/CVE-2009-1195.t Sun May 10 14:46:54 2009
@@ -7,7 +7,7 @@
Apache::TestRequest::module('mod_include'); #use this module's port
-plan tests => 219;
+plan tests => 221;
my $r;
my $body;
@@ -1107,3 +1107,13 @@
ok t_cmp($body, 'perl cgi', "SSI should be evaluated with exec allowed for script #120");
+### Test #121, context: Options Includes : AllowOverride None : No options in subdir, no .htaccess
+
+$r = GET("/modules/include/ssi-exec/121/subdir/exec.shtml");
+ok t_cmp($r->code, 200, "Options should be allowed for script #121; 200 response expected");
+
+$body = $r->content;
+chomp $body;
+
+ok t_cmp($body, 'perl cgi', "SSI should be evaluated with exec allowed for script #121");
+