You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/07/27 10:03:42 UTC
svn commit: r1151373 - in /httpd/httpd/trunk: docs/manual/expr.xml
server/util_expr_eval.c
Author: sf
Date: Wed Jul 27 08:03:41 2011
New Revision: 1151373
URL: http://svn.apache.org/viewvc?rev=1151373&view=rev
Log:
Use ap_unescape_url_keep2f() in ap_expr unescape func. ap_unescape_url()
forbidding encoded slashes is not useful here.
Log failures.
Improve docs.
Modified:
httpd/httpd/trunk/docs/manual/expr.xml
httpd/httpd/trunk/server/util_expr_eval.c
Modified: httpd/httpd/trunk/docs/manual/expr.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/expr.xml?rev=1151373&r1=1151372&r2=1151373&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/expr.xml (original)
+++ httpd/httpd/trunk/docs/manual/expr.xml Wed Jul 27 08:03:41 2011
@@ -436,8 +436,8 @@ listfunction ::= listfuncname "<strong>(
<tr><td><code>escape</code></td>
<td>Escape special characters in %hex encoding</td><td></td></tr>
<tr><td><code>unescape</code></td>
- <td>Unescape %hex encoded string, leaving URL-special characters
- encoded (XXX: describe better)</td><td></td></tr>
+ <td>Unescape %hex encoded string, leaving encoded slashes alone;
+ return empty string if %00 is found</td><td></td></tr>
<tr><td><code>file</code></td>
<td>Read contents from a file</td><td>yes</td></tr>
<tr><td><code>filesize</code></td>
Modified: httpd/httpd/trunk/server/util_expr_eval.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_expr_eval.c?rev=1151373&r1=1151372&r2=1151373&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_expr_eval.c (original)
+++ httpd/httpd/trunk/server/util_expr_eval.c Wed Jul 27 08:03:41 2011
@@ -985,11 +985,14 @@ static const char *unescape_func(ap_expr
const char *arg)
{
char *result = apr_pstrdup(ctx->p, arg);
- if (ap_unescape_url(result))
- return "";
- else
+ int ret = ap_unescape_url_keep2f(result, 0);
+ if (ret == OK)
return result;
-
+ ap_log_rerror(LOG_MARK(ctx->info), APLOG_DEBUG, 0, ctx->r,
+ "%s %% escape in unescape('%s') at %s:%d",
+ ret == HTTP_BAD_REQUEST ? "Bad" : "Forbidden", arg,
+ ctx->info->filename, ctx->info->line_number);
+ return "";
}
static int op_nz(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg)