You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jw...@apache.org on 2002/04/22 10:08:38 UTC
cvs commit: httpd-2.0/server core.c
jwoolley 02/04/22 01:08:38
Modified: . CHANGES
modules/arch/win32 mod_isapi.c
modules/generators mod_cgi.c mod_cgid.c
server core.c
Log:
AcceptPathInfo was totally backwards... it would reject when set to on and
by default and accept when set to off for the default handler, and would
reject only if set to accept for mod_cgi(d) and mod_isapi.
PR: 8234
Revision Changes Path
1.722 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.721
retrieving revision 1.722
diff -u -d -u -r1.721 -r1.722
--- CHANGES 22 Apr 2002 03:25:39 -0000 1.721
+++ CHANGES 22 Apr 2002 08:08:36 -0000 1.722
@@ -1,4 +1,7 @@
Changes with Apache 2.0.36
+
+ *) Fix AcceptPathInfo. PR 8234 [Cliff Woolley]
+
*) [Security] Added the APLOG_TOCLIENT flag to ap_log_rerror() to
explicitly tell the server that warning messages should be sent
to the client in addition to being recorded in the error log.
1.63 +5 -1 httpd-2.0/modules/arch/win32/mod_isapi.c
Index: mod_isapi.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/arch/win32/mod_isapi.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -d -u -r1.62 -r1.63
--- mod_isapi.c 29 Mar 2002 08:17:20 -0000 1.62
+++ mod_isapi.c 22 Apr 2002 08:08:37 -0000 1.63
@@ -362,8 +362,12 @@
if (r->finfo.filetype != APR_REG)
return HTTP_FORBIDDEN;
- if (r->path_info && *r->path_info && !r->used_path_info)
+ if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+ r->path_info && *r->path_info)
+ {
+ /* default to accept */
return HTTP_NOT_FOUND;
+ }
/* Load the isapi extention without caching (sconf == NULL)
* but note that we will recover an existing cached module.
1.134 +4 -1 httpd-2.0/modules/generators/mod_cgi.c
Index: mod_cgi.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/generators/mod_cgi.c,v
retrieving revision 1.133
retrieving revision 1.134
diff -u -d -u -r1.133 -r1.134
--- mod_cgi.c 13 Apr 2002 20:42:35 -0000 1.133
+++ mod_cgi.c 22 Apr 2002 08:08:37 -0000 1.134
@@ -627,7 +627,10 @@
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
"attempt to invoke directory as script");
- if (r->path_info && *r->path_info && !r->used_path_info) {
+ if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+ r->path_info && *r->path_info)
+ {
+ /* default to accept */
return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
"AcceptPathInfo off disallows user's path");
}
1.128 +4 -1 httpd-2.0/modules/generators/mod_cgid.c
Index: mod_cgid.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/generators/mod_cgid.c,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -d -u -r1.127 -r1.128
--- mod_cgid.c 22 Apr 2002 01:36:49 -0000 1.127
+++ mod_cgid.c 22 Apr 2002 08:08:38 -0000 1.128
@@ -1063,7 +1063,10 @@
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
"attempt to invoke directory as script");
- if (r->path_info && *r->path_info && !r->used_path_info) {
+ if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+ r->path_info && *r->path_info)
+ {
+ /* default to accept */
return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
"AcceptPathInfo off disallows user's path");
}
1.170 +9 -6 httpd-2.0/server/core.c
Index: core.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.169
retrieving revision 1.170
diff -u -d -u -r1.169 -r1.170
--- core.c 5 Apr 2002 20:54:59 -0000 1.169
+++ core.c 22 Apr 2002 08:08:38 -0000 1.170
@@ -3102,11 +3102,11 @@
/* Deal with the poor soul who is trying to force path_info to be
* accepted within the core_handler, where they will let the subreq
- * address it's contents. This is toggled by the user in the very
+ * address its contents. This is toggled by the user in the very
* beginning of the fixup phase, so modules should override the user's
- * discresion in their own module fixup phase. It is tristate, if
+ * discretion in their own module fixup phase. It is tristate, if
* the user doesn't specify, the result is 2 (which the module may
- * interpret to it's own customary behavior.) It won't be tounched
+ * interpret to its own customary behavior.) It won't be touched
* if the value is no longer undefined (2), so any module changing
* the value prior to the fixup phase OVERRIDES the user's choice.
*/
@@ -3187,7 +3187,10 @@
return HTTP_NOT_FOUND;
}
- if (!(r->used_path_info & 1) && r->path_info && *r->path_info) {
+ if ((r->used_path_info != AP_REQ_ACCEPT_PATH_INFO) &&
+ r->path_info && *r->path_info)
+ {
+ /* default to reject */
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
"File does not exist: %s",
apr_pstrcat(r->pool, r->filename, r->path_info, NULL));
@@ -3939,10 +3942,10 @@
ap_set_module_config(r->request_config, &core_module, req_cfg);
- /* Begin by presuming any module can make it's own path_info assumptions,
+ /* Begin by presuming any module can make its own path_info assumptions,
* until some module interjects and changes the value.
*/
- r->used_path_info = 2;
+ r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
return OK;
}