Changes with Apache 2.0.36
+
+ *) Fix AcceptPathInfo. PR 8234 [Cliff Woolley]
+
*) [Security] Added the APLOG_TOCLIENT flag to ap_log_rerror() to
explicitly tell the server that warning messages should be sent
to the client in addition to being recorded in the error log.
if (r->finfo.filetype != APR_REG)
return HTTP_FORBIDDEN;
- if (r->path_info && *r->path_info && !r->used_path_info)
+ if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+ r->path_info && *r->path_info)
+ {
+ /* default to accept */
return HTTP_NOT_FOUND;
+ }
/* Load the isapi extention without caching (sconf == NULL)
* but note that we will recover an existing cached module.
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
"attempt to invoke directory as script");
- if (r->path_info && *r->path_info && !r->used_path_info) {
+ if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+ r->path_info && *r->path_info)
+ {
+ /* default to accept */
return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
"AcceptPathInfo off disallows user's path");
}
return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
"attempt to invoke directory as script");
- if (r->path_info && *r->path_info && !r->used_path_info) {
+ if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+ r->path_info && *r->path_info)
+ {
+ /* default to accept */
return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
"AcceptPathInfo off disallows user's path");
}
/* Deal with the poor soul who is trying to force path_info to be
* accepted within the core_handler, where they will let the subreq
- * address it's contents. This is toggled by the user in the very
+ * address its contents. This is toggled by the user in the very
* beginning of the fixup phase, so modules should override the user's
- * discresion in their own module fixup phase. It is tristate, if
+ * discretion in their own module fixup phase. It is tristate, if
* the user doesn't specify, the result is 2 (which the module may
- * interpret to it's own customary behavior.) It won't be tounched
+ * interpret to its own customary behavior.) It won't be touched
* if the value is no longer undefined (2), so any module changing
* the value prior to the fixup phase OVERRIDES the user's choice.
*/
return HTTP_NOT_FOUND;
}
- if (!(r->used_path_info & 1) && r->path_info && *r->path_info) {
+ if ((r->used_path_info != AP_REQ_ACCEPT_PATH_INFO) &&
+ r->path_info && *r->path_info)
+ {
+ /* default to reject */
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
"File does not exist: %s",
apr_pstrcat(r->pool, r->filename, r->path_info, NULL));
ap_set_module_config(r->request_config, &core_module, req_cfg);
- /* Begin by presuming any module can make it's own path_info assumptions,
+ /* Begin by presuming any module can make its own path_info assumptions,
* until some module interjects and changes the value.
*/
- r->used_path_info = 2;
+ r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
return OK;
}