You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/07/27 10:03:42 UTC

svn commit: r1151373 - in /httpd/httpd/trunk: docs/manual/expr.xml server/util_expr_eval.c

Author: sf
Date: Wed Jul 27 08:03:41 2011
New Revision: 1151373

URL: http://svn.apache.org/viewvc?rev=1151373&view=rev
Log:
Use ap_unescape_url_keep2f() in ap_expr unescape func. ap_unescape_url()
forbidding encoded slashes is not useful here.
Log failures.
Improve docs.

Modified:
    httpd/httpd/trunk/docs/manual/expr.xml
    httpd/httpd/trunk/server/util_expr_eval.c

Modified: httpd/httpd/trunk/docs/manual/expr.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/expr.xml?rev=1151373&r1=1151372&r2=1151373&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/expr.xml (original)
+++ httpd/httpd/trunk/docs/manual/expr.xml Wed Jul 27 08:03:41 2011
@@ -436,8 +436,8 @@ listfunction ::= listfuncname "<strong>(
     <tr><td><code>escape</code></td>
         <td>Escape special characters in %hex encoding</td><td></td></tr>
     <tr><td><code>unescape</code></td>
-        <td>Unescape %hex encoded string, leaving URL-special characters
-            encoded (XXX: describe better)</td><td></td></tr>
+        <td>Unescape %hex encoded string, leaving encoded slashes alone;
+            return empty string if %00 is found</td><td></td></tr>
     <tr><td><code>file</code></td>
         <td>Read contents from a file</td><td>yes</td></tr>
     <tr><td><code>filesize</code></td>

Modified: httpd/httpd/trunk/server/util_expr_eval.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_expr_eval.c?rev=1151373&r1=1151372&r2=1151373&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_expr_eval.c (original)
+++ httpd/httpd/trunk/server/util_expr_eval.c Wed Jul 27 08:03:41 2011
@@ -985,11 +985,14 @@ static const char *unescape_func(ap_expr
                                  const char *arg)
 {
     char *result = apr_pstrdup(ctx->p, arg);
-    if (ap_unescape_url(result))
-        return "";
-    else
+    int ret = ap_unescape_url_keep2f(result, 0);
+    if (ret == OK)
         return result;
-
+    ap_log_rerror(LOG_MARK(ctx->info), APLOG_DEBUG, 0, ctx->r,
+                      "%s %% escape in unescape('%s') at %s:%d", 
+		      ret == HTTP_BAD_REQUEST ? "Bad" : "Forbidden", arg,
+		      ctx->info->filename, ctx->info->line_number);
+    return "";
 }
 
 static int op_nz(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg)