Disallow directives in AllowOverrideList which are only allowed

author Stefan Fritsch <sf@apache.org>

Mon, 19 Mar 2012 21:34:03 +0000 (21:34 +0000)

committer Stefan Fritsch <sf@apache.org>

Mon, 19 Mar 2012 21:34:03 +0000 (21:34 +0000)
author Stefan Fritsch <sf@apache.org>
Mon, 19 Mar 2012 21:34:03 +0000 (21:34 +0000)
committer Stefan Fritsch <sf@apache.org>
Mon, 19 Mar 2012 21:34:03 +0000 (21:34 +0000)
diff --git a/CHANGES b/CHANGES

index 829a2be4aee9cd379ef0c884d8d89df030da54c9..3aa170ef2fb79e623ad921f7abf23a7bd05f5bc8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.0
  
+  *) core: Disallow directives in AllowOverrideList which are only allowed
+     in VirtualHost or server context. These are usually not prepared to be
+     called in .htaccess files. [Stefan Fritsch]
+
    *) core: In AllowOverrideList, do not allow 'None' together with other
       directives. PR 52823. [Stefan Fritsch]
  
diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number

index c801f0a47cc391e99fbf07ba0ce65785291ef461..b0812e9d3fe3ace8a0ef7282163a5a8a45a51246 100644 (file)
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-2304
+2305
diff --git a/server/core.c b/server/core.c

index 374a1f64ebd9c860df216b51824d5f085264f85f..96171109205ab763c0ade4976d9f6f8e2e5cc679 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -1681,14 +1681,25 @@ static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *c
              const command_rec *result = NULL;
              module *mod = ap_top_module;
              result = ap_find_command_in_modules(argv[i], &mod);
-            if (result)
-                apr_table_set(d->override_list, argv[i], "1");
-            else
+            if (result == NULL) {
                  ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
                               APLOGNO(00116) "Discarding unrecognized "
                               "directive `%s' in AllowOverrideList at %s:%d",
                               argv[i], cmd->directive->filename,
                               cmd->directive->line_num);
+                continue;
+            }
+            else if ((result->req_override & (OR_ALL|ACCESS_CONF)) == 0) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
+                             APLOGNO(02304) "Discarding directive `%s' not "
+                             "allowed in AllowOverrideList at %s:%d",
+                             argv[i], cmd->directive->filename,
+                             cmd->directive->line_num);
+                continue;
+            }
+            else {
+                apr_table_set(d->override_list, argv[i], "1");
+            }
          }
      }
author	Stefan Fritsch <sf@apache.org>
	Mon, 19 Mar 2012 21:34:03 +0000 (21:34 +0000)
committer	Stefan Fritsch <sf@apache.org>
	Mon, 19 Mar 2012 21:34:03 +0000 (21:34 +0000)
CHANGES		patch \| blob \| history
docs/log-message-tags/next-number		patch \| blob \| history
server/core.c		patch \| blob \| history