For mod_access_compat, disable '#' in hostname completely.
For mod_authz_host, treat '#' as a comment and ignore everything after that.
This allows better handling of admin errors like
'Require host localhost# Add example.com later'.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1667676 13f79535-47bb-0310-9956-
ffa450edef68
return apr_psprintf(cmd->pool, "%pm", &rv);
a->type = T_IP;
}
+ else if (ap_strchr(where, '#')) {
+ return "No comments are allowed here";
+ }
else { /* no slash, didn't look like an IP address => must be a host */
a->type = T_HOST;
}
const char *require_line,
const void *parsed_require_line)
{
- const char *t, *w;
+ const char *t;
+ char *w, *hash_ptr;
const char *remotehost = NULL;
int remotehost_is_ip;
from the previous host based syntax. */
t = require;
while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+ /* '#' is not valid hostname character and admin could specify
+ * 'Require host localhost# Add example.com later'. We should not
+ * grant access to 'example.com' in that case. */
+ if ((hash_ptr = ap_strchr(w, '#'))) {
+ if (hash_ptr == w) {
+ break;
+ }
+ *hash_ptr = '\0';
+ }
if (in_domain(w, remotehost)) {
return AUTHZ_GRANTED;
}
+ if (hash_ptr) {
+ break;
+ }
}
}