r1052419 changed the default value of Options to FollowSymlinks,
but inadvertently made "AllowOverride Options" behave like
"AllowOverride Options=FollowSymLinks".
PR53444
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1361377 13f79535-47bb-0310-9956-
ffa450edef68
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
+ *) core: Fix spurious "not allowed here" error returned when the Options
+ directive is used in .htaccess and "AllowOverride Options" (with no
+ specific options restricted) is configured. PR 53444. [Eric Covener]
+
*) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
PR 53048. [Stefan Fritsch]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * core: "AllowOverride Options" inadvertently treated like
- "AllowOverride Options=FollowSymlinks" after r1052419
- PR53444
- trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1359976
- 2.4.x patch: trunk works (+ CHANGES)
- +1: covener, jim, humbedooh
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
if (v)
set_allow_opts(cmd, &(d->override_opts), v);
else
- d->override_opts = OPT_SYM_LINKS;
+ d->override_opts = OPT_ALL;
}
else if (!strcasecmp(w, "FileInfo")) {
d->override |= OR_FILEINFO;
projects / apache / commitdiff