Also switch to the non-deprecated APR_FOPEN_* flags.
PR: 45923
Backport of r1369618 from trunk.
Submitted by: sf
Reviewed by: rjung, trawick, humbedooh
Backported by: rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1372373 13f79535-47bb-0310-9956-
ffa450edef68
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
+ *) htpasswd: Use correct file mode for checking if file is writable.
+ PR 45923. [Stefan Fritsch]
+
*) mod_rewrite: Fix crash with dbd RewriteMaps. PR 53663. [Mikhail T.
<mi apache aldan algebra com>]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * htpasswd: Use correct file mode for checking if file is writable.
- Also switch to the non-deprecated APR_FOPEN_* flags.
- PR: 45923
- trunk patch: http://svn.apache.org/viewvc?view=rev&rev=1369618
- 2.4.x patch: trunk patch works
- +1: rjung, trawick, humbedooh
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
/*
* Check that this existing file is readable and writable.
*/
- if (!accessible(pool, pwfilename, APR_READ | APR_APPEND)) {
+ if (!accessible(pool, pwfilename, APR_FOPEN_READ|APR_FOPEN_WRITE)) {
apr_file_printf(errfile, "%s: cannot open file %s for "
"read/write access" NL, argv[0], pwfilename);
exit(ERR_FILEPERM);
/*
* As it doesn't exist yet, verify that we can create it.
*/
- if (!accessible(pool, pwfilename, APR_CREATE | APR_WRITE)) {
+ if (!accessible(pool, pwfilename, APR_FOPEN_WRITE|APR_FOPEN_CREATE)) {
apr_file_printf(errfile, "%s: cannot create file %s" NL,
argv[0], pwfilename);
exit(ERR_FILEPERM);
projects / apache / commitdiff