PR49823: Make the hardcoded default for AllowOverride match the default config -...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1031776 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index db498904c1d3427302e1aa8ba44794c62ddb76a8..4019d5b7f122ad8aa501af1470390ae4b25ee1ec 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,9 @@ Changes with Apache 2.3.9
      Fix a denial of service attack against mod_reqtimeout.
      [Stefan Fritsch]
 
+  *) core: In the absence of any AllowOverride directives, the default is now
+     "None" instead of "All".  PR49823 [Eric Covener]
+
   *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
      <Directory> or <Files>. PR47765 [Eric Covener]
 

diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 9f91f0b969c459491c18158680787cf148b0be91..878ecea993a5e3924ee02189463f315bf2d56aeb 100644 (file)
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -300,7 +300,7 @@ be passed through</description>
 <code>.htaccess</code> files</description>
 <syntax>AllowOverride All|None|<var>directive-type</var>
 [<var>directive-type</var>] ...</syntax>
-<default>AllowOverride All</default>
+<default>AllowOverride None (2.3.9 and later), AllowOverride All (2.3.8 and earlier)</default>
 <contextlist><context>directory</context></contextlist>
 
 <usage>

diff --git a/server/core.c b/server/core.c
index 78cfb2e0294e2934386ff0c843ba5b3683978af7..9f8d01d02d8a5bd69e6660ffe48c86c99932de18 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -114,7 +114,7 @@ static void *create_core_dir_config(apr_pool_t *a, char *dir)
 
     conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL;
     conf->opts_add = conf->opts_remove = OPT_NONE;
-    conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL;
+    conf->override = OR_NONE;
     conf->override_opts = OPT_UNSET | OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
 
     conf->content_md5 = 2;