You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2001/12/13 18:22:20 UTC

cvs commit: httpd-2.0/modules/generators mod_cgi.c mod_cgid.c

wrowe       01/12/13 09:22:20

  Modified:    modules/arch/win32 mod_isapi.c
               modules/generators mod_cgi.c mod_cgid.c
  Log:
    Apply the converse of the AcceptPathInfo patch for isapi's/cgi's.
    The default behavior remains, accept PATH_INFO, but it may be expressly
    revoked with AcceptPathInfo Off
  
  Revision  Changes    Path
  1.55      +3 -0      httpd-2.0/modules/arch/win32/mod_isapi.c
  
  Index: mod_isapi.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/arch/win32/mod_isapi.c,v
  retrieving revision 1.54
  retrieving revision 1.55
  diff -u -r1.54 -r1.55
  --- mod_isapi.c	2001/12/03 19:46:32	1.54
  +++ mod_isapi.c	2001/12/13 17:22:19	1.55
  @@ -362,6 +362,9 @@
       if (r->finfo.filetype != APR_REG)
           return HTTP_FORBIDDEN;
   
  +    if (r->path_info && *r->path_info && !r->used_path_info)
  +        return HTTP_NOT_FOUND;
  +
       /* Load the isapi extention without caching (sconf == NULL) 
        * but note that we will recover an existing cached module.
        */
  
  
  
  1.113     +4 -0      httpd-2.0/modules/generators/mod_cgi.c
  
  Index: mod_cgi.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/generators/mod_cgi.c,v
  retrieving revision 1.112
  retrieving revision 1.113
  diff -u -r1.112 -r1.113
  --- mod_cgi.c	2001/11/24 00:17:01	1.112
  +++ mod_cgi.c	2001/12/13 17:22:20	1.113
  @@ -583,6 +583,10 @@
   	return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
   			       "attempt to invoke directory as script");
   
  +    if (r->path_info && *r->path_info && !r->used_path_info) {
  +        return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
  +                               "AcceptPathInfo off disallows user's path");
  +    }
   /*
       if (!ap_suexec_enabled) {
   	if (!ap_can_exec(&r->finfo))
  
  
  
  1.106     +5 -0      httpd-2.0/modules/generators/mod_cgid.c
  
  Index: mod_cgid.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/generators/mod_cgid.c,v
  retrieving revision 1.105
  retrieving revision 1.106
  diff -u -r1.105 -r1.106
  --- mod_cgid.c	2001/11/26 14:38:03	1.105
  +++ mod_cgid.c	2001/12/13 17:22:20	1.106
  @@ -907,6 +907,11 @@
       if (r->finfo.filetype == APR_DIR) 
           return log_scripterror(r, conf, HTTP_FORBIDDEN, 0, 
                                  "attempt to invoke directory as script"); 
  +
  +    if (r->path_info && *r->path_info && !r->used_path_info) {
  +        return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
  +                               "AcceptPathInfo off disallows user's path");
  +    }
   /*
       if (!ap_suexec_enabled) { 
           if (!ap_can_exec(&r->finfo))