You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2001/12/13 18:22:20 UTC
cvs commit: httpd-2.0/modules/generators mod_cgi.c mod_cgid.c
wrowe 01/12/13 09:22:20
Modified: modules/arch/win32 mod_isapi.c
modules/generators mod_cgi.c mod_cgid.c
Log:
Apply the converse of the AcceptPathInfo patch for isapi's/cgi's.
The default behavior remains, accept PATH_INFO, but it may be expressly
revoked with AcceptPathInfo Off
Revision Changes Path
1.55 +3 -0 httpd-2.0/modules/arch/win32/mod_isapi.c
Index: mod_isapi.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/arch/win32/mod_isapi.c,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- mod_isapi.c 2001/12/03 19:46:32 1.54
+++ mod_isapi.c 2001/12/13 17:22:19 1.55
@@ -362,6 +362,9 @@
if (r->finfo.filetype != APR_REG)
return HTTP_FORBIDDEN;
+ if (r->path_info && *r->path_info && !r->used_path_info)
+ return HTTP_NOT_FOUND;
+
/* Load the isapi extention without caching (sconf == NULL)
* but note that we will recover an existing cached module.
*/
1.113 +4 -0 httpd-2.0/modules/generators/mod_cgi.c
Index: mod_cgi.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/generators/mod_cgi.c,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -r1.112 -r1.113
--- mod_cgi.c 2001/11/24 00:17:01 1.112
+++ mod_cgi.c 2001/12/13 17:22:20 1.113
@@ -583,6 +583,10 @@
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
"attempt to invoke directory as script");
+ if (r->path_info && *r->path_info && !r->used_path_info) {
+ return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
+ "AcceptPathInfo off disallows user's path");
+ }
/*
if (!ap_suexec_enabled) {
if (!ap_can_exec(&r->finfo))
1.106 +5 -0 httpd-2.0/modules/generators/mod_cgid.c
Index: mod_cgid.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/generators/mod_cgid.c,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- mod_cgid.c 2001/11/26 14:38:03 1.105
+++ mod_cgid.c 2001/12/13 17:22:20 1.106
@@ -907,6 +907,11 @@
if (r->finfo.filetype == APR_DIR)
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
"attempt to invoke directory as script");
+
+ if (r->path_info && *r->path_info && !r->used_path_info) {
+ return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
+ "AcceptPathInfo off disallows user's path");
+ }
/*
if (!ap_suexec_enabled) {
if (!ap_can_exec(&r->finfo))