AcceptPathInfo was totally backwards... it would reject when set to on and

by default and accept when set to off for the default handler, and would
reject only if set to accept for mod_cgi(d) and mod_isapi.

PR: 8234

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94751 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index bcd711c8f1f872bf64f7395aa5a45181fb147878..1550de2b3af1f3f4c3ce50e4c378af71135e3436 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,7 @@
 Changes with Apache 2.0.36
+
+  *) Fix AcceptPathInfo. PR 8234  [Cliff Woolley]
+
   *) [Security] Added the APLOG_TOCLIENT flag to ap_log_rerror() to
      explicitly tell the server that warning messages should be sent 
      to the client in addition to being recorded in the error log. 

diff --git a/modules/arch/win32/mod_isapi.c b/modules/arch/win32/mod_isapi.c
index c53d2d0b7e2608ee165bcfc21810133687a4dcf8..7a155129e3f587b9324e36d449f2551585dd212f 100644 (file)
--- a/modules/arch/win32/mod_isapi.c
+++ b/modules/arch/win32/mod_isapi.c
@@ -362,8 +362,12 @@ apr_status_t isapi_handler (request_rec *r)
     if (r->finfo.filetype != APR_REG)
         return HTTP_FORBIDDEN;
 
-    if (r->path_info && *r->path_info && !r->used_path_info)
+    if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+        r->path_info && *r->path_info)
+    {
+        /* default to accept */
         return HTTP_NOT_FOUND;
+    }
 
     /* Load the isapi extention without caching (sconf == NULL) 
      * but note that we will recover an existing cached module.

diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c
index 92c766318595da3feb36917da5f75278c4e0150e..70cdf96cf2e3744ad0dac7a5685219680c930c04 100644 (file)
--- a/modules/generators/mod_cgi.c
+++ b/modules/generators/mod_cgi.c
@@ -627,7 +627,10 @@ static int cgi_handler(request_rec *r)
        return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
                               "attempt to invoke directory as script");
 
-    if (r->path_info && *r->path_info && !r->used_path_info) {
+    if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+        r->path_info && *r->path_info)
+    {
+        /* default to accept */
         return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
                                "AcceptPathInfo off disallows user's path");
     }

diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
index c20e78409134b370fa7a522dca66a61de00d63dd..82b26b4006693fe267447579bc4ac7cc3a46a3a7 100644 (file)
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -1063,7 +1063,10 @@ static int cgid_handler(request_rec *r)
         return log_scripterror(r, conf, HTTP_FORBIDDEN, 0, 
                                "attempt to invoke directory as script"); 
 
-    if (r->path_info && *r->path_info && !r->used_path_info) {
+    if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) &&
+        r->path_info && *r->path_info)
+    {
+        /* default to accept */
         return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
                                "AcceptPathInfo off disallows user's path");
     }

diff --git a/server/core.c b/server/core.c
index c5685b9de3ad2e7b8e7ea2827ebc6fca08a8e5e0..a83044d2a5ee3f78f84eea7c1917c942d4df9055 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -3102,11 +3102,11 @@ static int core_override_type(request_rec *r)
 
     /* Deal with the poor soul who is trying to force path_info to be
      * accepted within the core_handler, where they will let the subreq
-     * address it's contents.  This is toggled by the user in the very
+     * address its contents.  This is toggled by the user in the very
      * beginning of the fixup phase, so modules should override the user's
-     * discresion in their own module fixup phase.  It is tristate, if
+     * discretion in their own module fixup phase.  It is tristate, if
      * the user doesn't specify, the result is 2 (which the module may
-     * interpret to it's own customary behavior.)  It won't be tounched
+     * interpret to its own customary behavior.)  It won't be touched
      * if the value is no longer undefined (2), so any module changing
      * the value prior to the fixup phase OVERRIDES the user's choice.
      */
@@ -3187,7 +3187,10 @@ static int default_handler(request_rec *r)
         return HTTP_NOT_FOUND;
     }
 
-    if (!(r->used_path_info & 1) && r->path_info && *r->path_info) {
+    if ((r->used_path_info != AP_REQ_ACCEPT_PATH_INFO) &&
+        r->path_info && *r->path_info)
+    {
+        /* default to reject */
         ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
                       "File does not exist: %s",
                       apr_pstrcat(r->pool, r->filename, r->path_info, NULL));
@@ -3939,10 +3942,10 @@ static int core_create_req(request_rec *r)
 
     ap_set_module_config(r->request_config, &core_module, req_cfg);
 
-    /* Begin by presuming any module can make it's own path_info assumptions,
+    /* Begin by presuming any module can make its own path_info assumptions,
      * until some module interjects and changes the value.
      */
-    r->used_path_info = 2;
+    r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
 
     return OK;
 }