Backport:

core: Disallow directives in AllowOverrideList which are only allowed
in VirtualHost or server context. These are usually not prepared to be
called in .htaccess files.
Submitted by: sf
Reviewed by: covener, druggeri

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1305137 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 0a9500d4a450718fcfc95fc9d8285bb7c2aa3532..0080a01d78c6ef42905687cc05a87522b532a8c8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@ Changes with Apache 2.4.2
      envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
      current working directory to be searched for DSOs. [Stefan Fritsch]
 
+  *) core: Disallow directives in AllowOverrideList which are only allowed
+     in VirtualHost or server context. These are usually not prepared to be
+     called in .htaccess files. [Stefan Fritsch]
+
   *) core: In AllowOverrideList, do not allow 'None' together with other
      directives. PR 52823. [Stefan Fritsch]
 

diff --git a/STATUS b/STATUS
index b61f05f6a2d8ffdb7343691c40889a1ec6e311f4..4b3f74c549066b12f4e7c30b34e647851930498a 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -88,11 +88,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * core: In AllowOverrideList, disallow directives which are only allowed
-    in VirtualHost or server context.
-    Trunk patch: http://svn.apache.org/viewvc?rev=1302665&view=rev
-    2.4.x patch: Trunk patch works (skip docs/log-message-tags/next-number)
-    +1: sf, covener, druggeri
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:

diff --git a/server/core.c b/server/core.c
index 482acecb5a7292693440f72ca50bf25e0778c5e2..045f53511e85d3e1041e5f6d67b991f3bec7becb 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -1679,14 +1679,25 @@ static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *c
             const command_rec *result = NULL;
             module *mod = ap_top_module;
             result = ap_find_command_in_modules(argv[i], &mod);
-            if (result)
-                apr_table_set(d->override_list, argv[i], "1");
-            else
+            if (result == NULL) {
                 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
                              APLOGNO(00116) "Discarding unrecognized "
                              "directive `%s' in AllowOverrideList at %s:%d",
                              argv[i], cmd->directive->filename,
                              cmd->directive->line_num);
+                continue;
+            }
+            else if ((result->req_override & (OR_ALL|ACCESS_CONF)) == 0) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
+                             APLOGNO(02304) "Discarding directive `%s' not "
+                             "allowed in AllowOverrideList at %s:%d",
+                             argv[i], cmd->directive->filename,
+                             cmd->directive->line_num);
+                continue;
+            }
+            else {
+                apr_table_set(d->override_list, argv[i], "1");
+            }
         }
     }