don't propagate input headers describing a body to a subrequest. this can cause a

author Greg Ames <gregames@apache.org>

Wed, 23 Mar 2005 16:36:45 +0000 (16:36 +0000)

committer Greg Ames <gregames@apache.org>

Wed, 23 Mar 2005 16:36:45 +0000 (16:36 +0000)
author Greg Ames <gregames@apache.org>
Wed, 23 Mar 2005 16:36:45 +0000 (16:36 +0000)
committer Greg Ames <gregames@apache.org>
Wed, 23 Mar 2005 16:36:45 +0000 (16:36 +0000)
diff --git a/CHANGES b/CHANGES

index 98f4a3b5d5116e4070394552698165b9e8a42761..898e131c0b5e8ed3f340bc77671253f39d6b0098 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@ Changes with Apache 2.1.5
  
  Changes with Apache 2.1.4
  
+  *) Don't let a subrequest inherit headers describing the original request's
+     body.  [Greg Ames]
+
    *) Fix Windows CompContext buff size miscalculation
       [Allan Edwards]
  
diff --git a/server/protocol.c b/server/protocol.c

index 1950068182163925c355d617b0c759b71b0cdef8..4d7d54ace9a74cf1a9de327f3a7dd642edf4a231 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -987,6 +987,21 @@ request_rec *ap_read_request(conn_rec *conn)
      return r;
  }
  
+/* if a request with a body creates a subrequest, clone the original request's
+ * input headers minus any headers pertaining to the body which has already
+ * been read.  out-of-line helper function for ap_set_sub_req_protocol.
+ */
+
+static void clone_headers_no_body(request_rec *rnew,
+                                  const request_rec *r)
+{
+    rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
+    apr_table_unset(rnew->headers_in, "Content-Length");
+    apr_table_unset(rnew->headers_in, "Transfer-Encoding");
+    apr_table_unset(rnew->headers_in, "Content-Type");
+    apr_table_unset(rnew->headers_in, "Content-Encoding");
+}        
+
  /*
   * A couple of other functions which initialize some of the fields of
   * a request structure, as appropriate for adjuncts of one kind or another
@@ -1008,7 +1023,15 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
  
      rnew->status          = HTTP_OK;
  
-    rnew->headers_in      = r->headers_in;
+    /* did the original request have a body?  (e.g. POST w/SSI tags)
+     * if so, make sure the subrequest doesn't inherit body headers
+     */
+    if (r->read_length) {
+        clone_headers_no_body(rnew, r);
+    } else {
+        /* no body (common case).  clone headers the cheap way */
+        rnew->headers_in      = r->headers_in;
+    }
      rnew->subprocess_env  = apr_table_copy(rnew->pool, r->subprocess_env);
      rnew->headers_out     = apr_table_make(rnew->pool, 5);
      rnew->err_headers_out = apr_table_make(rnew->pool, 5);
author	Greg Ames <gregames@apache.org>
	Wed, 23 Mar 2005 16:36:45 +0000 (16:36 +0000)
committer	Greg Ames <gregames@apache.org>
	Wed, 23 Mar 2005 16:36:45 +0000 (16:36 +0000)
CHANGES		patch \| blob \| history
server/protocol.c		patch \| blob \| history