mod_dav: Make sure that when we prepare an If URL for Etag comparison,

we compare unencoded paths. PR 53910
Patch submitted by Timothy Wood <tjw omnigroup com>
Tested by William Lewis <wiml omnigroup com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1470940 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 8acdf1869979b4e4af06d6fbde6183b4ceb373b7..05376b54f7f23fc4c49bdae0dc231974770d0ad5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
+     we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]
+
   *) core, mod_ssl: Lift the restriction that prevents mod_ssl taking
      full advantage of the event MPM. Enable the ability for a module
      to reverse the sense of a poll event from a read to a write or vice

diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
index 2f4ce8d8cfeb8e26943a510dade9d133669750bc..d2aff57a282694db12b50ea67625b0dda32ef17d 100644 (file)
--- a/modules/dav/main/util.c
+++ b/modules/dav/main/util.c
@@ -663,6 +663,13 @@ static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih)
             if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/')
                 parsed_uri.path[--uri_len] = '\0';
 
+            /* the resources we will compare to have unencoded paths */
+            if (ap_unescape_url(parsed_uri.path) != OK) {
+                return dav_new_error(r->pool, HTTP_BAD_REQUEST,
+                        DAV_ERR_IF_TAGGED, rv,
+                        "Invalid percent encoded URI in tagged If-header.");
+            }
+
             uri = parsed_uri.path;
             list_type = tagged;
             break;