possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
+ *) core: Add missing HTTP status codes registered with IANA.
+ [Julian Reschke <julian.reschke gmx.de>, Rainer Jung]
+
*) mod_ldap: Treat the "server unavailable" condition as a transient
error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
2.4.x patch: trunk patch works (ex. CHANGES)
+1: sf, humbedooh, rjung
- * core: Add missing HTTP status codes registered with IANA.
- trunk patch: http://svn.apache.org/viewvc?rev=1361784&view=rev
- http://svn.apache.org/viewvc?rev=1361791&view=rev
- http://svn.apache.org/viewvc?rev=1362020&view=rev
- 2.4.x patch: http://people.apache.org/~rjung/patches/httpd-2_4-status-codes-iana.patch
- +1: rjung, jorton, trawick
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
* 20120211.1 (2.4.2-dev) Add AP_HAVE_C99
* 20120211.2 (2.4.2-dev) Add ap_runtime_dir_relative
* 20120211.3 (2.4.2-dev) Add forcerecovery to proxy_balancer_shared struct
- * 20120211.4 (2.4.2-dev) Add ap_list_provider_groups()
+ * 20120211.4 (2.4.3-dev) Add ap_list_provider_groups()
+ * 20120211.5 (2.4.3-dev) Add missing HTTP status codes registered with IANA.
*/
#define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20120211
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 4 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 5 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
* @{
*/
/**
- * The size of the static array in http_protocol.c for storing
- * all of the potential response status-lines (a sparse table).
+ * The size of the static status_lines array in http_protocol.c for
+ * storing all of the potential response status-lines (a sparse table).
+ * When adding a new code here add it to status_lines as well.
* A future version should dynamically generate the apr_table_t at startup.
*/
-#define RESPONSE_CODES 57
-
-#define HTTP_CONTINUE 100
-#define HTTP_SWITCHING_PROTOCOLS 101
-#define HTTP_PROCESSING 102
-#define HTTP_OK 200
-#define HTTP_CREATED 201
-#define HTTP_ACCEPTED 202
-#define HTTP_NON_AUTHORITATIVE 203
-#define HTTP_NO_CONTENT 204
-#define HTTP_RESET_CONTENT 205
-#define HTTP_PARTIAL_CONTENT 206
-#define HTTP_MULTI_STATUS 207
-#define HTTP_MULTIPLE_CHOICES 300
-#define HTTP_MOVED_PERMANENTLY 301
-#define HTTP_MOVED_TEMPORARILY 302
-#define HTTP_SEE_OTHER 303
-#define HTTP_NOT_MODIFIED 304
-#define HTTP_USE_PROXY 305
-#define HTTP_TEMPORARY_REDIRECT 307
-#define HTTP_BAD_REQUEST 400
-#define HTTP_UNAUTHORIZED 401
-#define HTTP_PAYMENT_REQUIRED 402
-#define HTTP_FORBIDDEN 403
-#define HTTP_NOT_FOUND 404
-#define HTTP_METHOD_NOT_ALLOWED 405
-#define HTTP_NOT_ACCEPTABLE 406
-#define HTTP_PROXY_AUTHENTICATION_REQUIRED 407
-#define HTTP_REQUEST_TIME_OUT 408
-#define HTTP_CONFLICT 409
-#define HTTP_GONE 410
-#define HTTP_LENGTH_REQUIRED 411
-#define HTTP_PRECONDITION_FAILED 412
-#define HTTP_REQUEST_ENTITY_TOO_LARGE 413
-#define HTTP_REQUEST_URI_TOO_LARGE 414
-#define HTTP_UNSUPPORTED_MEDIA_TYPE 415
-#define HTTP_RANGE_NOT_SATISFIABLE 416
-#define HTTP_EXPECTATION_FAILED 417
-#define HTTP_UNPROCESSABLE_ENTITY 422
-#define HTTP_LOCKED 423
-#define HTTP_FAILED_DEPENDENCY 424
-#define HTTP_UPGRADE_REQUIRED 426
-#define HTTP_INTERNAL_SERVER_ERROR 500
-#define HTTP_NOT_IMPLEMENTED 501
-#define HTTP_BAD_GATEWAY 502
-#define HTTP_SERVICE_UNAVAILABLE 503
-#define HTTP_GATEWAY_TIME_OUT 504
-#define HTTP_VERSION_NOT_SUPPORTED 505
-#define HTTP_VARIANT_ALSO_VARIES 506
-#define HTTP_INSUFFICIENT_STORAGE 507
-#define HTTP_NOT_EXTENDED 510
+#define RESPONSE_CODES 83
+
+#define HTTP_CONTINUE 100
+#define HTTP_SWITCHING_PROTOCOLS 101
+#define HTTP_PROCESSING 102
+#define HTTP_OK 200
+#define HTTP_CREATED 201
+#define HTTP_ACCEPTED 202
+#define HTTP_NON_AUTHORITATIVE 203
+#define HTTP_NO_CONTENT 204
+#define HTTP_RESET_CONTENT 205
+#define HTTP_PARTIAL_CONTENT 206
+#define HTTP_MULTI_STATUS 207
+#define HTTP_ALREADY_REPORTED 208
+#define HTTP_IM_USED 226
+#define HTTP_MULTIPLE_CHOICES 300
+#define HTTP_MOVED_PERMANENTLY 301
+#define HTTP_MOVED_TEMPORARILY 302
+#define HTTP_SEE_OTHER 303
+#define HTTP_NOT_MODIFIED 304
+#define HTTP_USE_PROXY 305
+#define HTTP_TEMPORARY_REDIRECT 307
+#define HTTP_PERMANENT_REDIRECT 308
+#define HTTP_BAD_REQUEST 400
+#define HTTP_UNAUTHORIZED 401
+#define HTTP_PAYMENT_REQUIRED 402
+#define HTTP_FORBIDDEN 403
+#define HTTP_NOT_FOUND 404
+#define HTTP_METHOD_NOT_ALLOWED 405
+#define HTTP_NOT_ACCEPTABLE 406
+#define HTTP_PROXY_AUTHENTICATION_REQUIRED 407
+#define HTTP_REQUEST_TIME_OUT 408
+#define HTTP_CONFLICT 409
+#define HTTP_GONE 410
+#define HTTP_LENGTH_REQUIRED 411
+#define HTTP_PRECONDITION_FAILED 412
+#define HTTP_REQUEST_ENTITY_TOO_LARGE 413
+#define HTTP_REQUEST_URI_TOO_LARGE 414
+#define HTTP_UNSUPPORTED_MEDIA_TYPE 415
+#define HTTP_RANGE_NOT_SATISFIABLE 416
+#define HTTP_EXPECTATION_FAILED 417
+#define HTTP_UNPROCESSABLE_ENTITY 422
+#define HTTP_LOCKED 423
+#define HTTP_FAILED_DEPENDENCY 424
+#define HTTP_UPGRADE_REQUIRED 426
+#define HTTP_PRECONDITION_REQUIRED 428
+#define HTTP_TOO_MANY_REQUESTS 429
+#define HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE 431
+#define HTTP_INTERNAL_SERVER_ERROR 500
+#define HTTP_NOT_IMPLEMENTED 501
+#define HTTP_BAD_GATEWAY 502
+#define HTTP_SERVICE_UNAVAILABLE 503
+#define HTTP_GATEWAY_TIME_OUT 504
+#define HTTP_VERSION_NOT_SUPPORTED 505
+#define HTTP_VARIANT_ALSO_VARIES 506
+#define HTTP_INSUFFICIENT_STORAGE 507
+#define HTTP_LOOP_DETECTED 508
+#define HTTP_NOT_EXTENDED 510
+#define HTTP_NETWORK_AUTHENTICATION_REQUIRED 511
/** is the status code informational */
#define ap_is_HTTP_INFO(x) (((x) >= 100)&&((x) < 200))
/* New Apache routine to map status codes into array indicies
* e.g. 100 -> 0, 101 -> 1, 200 -> 2 ...
- * The number of status lines must equal the value of RESPONSE_CODES (httpd.h)
- * and must be listed in order.
+ * The number of status lines must equal the value of
+ * RESPONSE_CODES (httpd.h) and must be listed in order.
+ * No gaps are allowed between X00 and the largest Xnn
+ * for any X (see ap_index_of_response).
+ * When adding a new code here, add a define to httpd.h
+ * as well.
*/
static const char * const status_lines[RESPONSE_CODES] =
"205 Reset Content",
"206 Partial Content",
"207 Multi-Status",
-#define LEVEL_300 11
+ "208 Already Reported",
+ NULL, /* 209 */
+ NULL, /* 210 */
+ NULL, /* 211 */
+ NULL, /* 212 */
+ NULL, /* 213 */
+ NULL, /* 214 */
+ NULL, /* 215 */
+ NULL, /* 216 */
+ NULL, /* 217 */
+ NULL, /* 218 */
+ NULL, /* 219 */
+ NULL, /* 220 */
+ NULL, /* 221 */
+ NULL, /* 222 */
+ NULL, /* 223 */
+ NULL, /* 224 */
+ NULL, /* 225 */
+ "226 IM Used",
+#define LEVEL_300 30
"300 Multiple Choices",
"301 Moved Permanently",
"302 Found",
"303 See Other",
"304 Not Modified",
"305 Use Proxy",
- "306 unused",
+ NULL, /* 306 */
"307 Temporary Redirect",
-#define LEVEL_400 19
+ "308 Permanent Redirect",
+#define LEVEL_400 39
"400 Bad Request",
- "401 Authorization Required",
+ "401 Unauthorized",
"402 Payment Required",
"403 Forbidden",
"404 Not Found",
"405 Method Not Allowed",
"406 Not Acceptable",
"407 Proxy Authentication Required",
- "408 Request Time-out",
+ "408 Request Timeout",
"409 Conflict",
"410 Gone",
"411 Length Required",
"412 Precondition Failed",
"413 Request Entity Too Large",
- "414 Request-URI Too Large",
+ "414 Request-URI Too Long",
"415 Unsupported Media Type",
"416 Requested Range Not Satisfiable",
"417 Expectation Failed",
- "418 unused",
- "419 unused",
- "420 unused",
- "421 unused",
+ NULL, /* 418 */
+ NULL, /* 419 */
+ NULL, /* 420 */
+ NULL, /* 421 */
"422 Unprocessable Entity",
"423 Locked",
"424 Failed Dependency",
- /* This is a hack, but it is required for ap_index_of_response
- * to work with 426.
- */
- "425 No code",
+ NULL, /* 425 */
"426 Upgrade Required",
-#define LEVEL_500 46
+ NULL, /* 427 */
+ "428 Precondition Required",
+ "429 Too Many Requests",
+ NULL, /* 430 */
+ "431 Request Header Fields Too Large",
+#define LEVEL_500 71
"500 Internal Server Error",
- "501 Method Not Implemented",
+ "501 Not Implemented",
"502 Bad Gateway",
- "503 Service Temporarily Unavailable",
- "504 Gateway Time-out",
+ "503 Service Unavailable",
+ "504 Gateway Timeout",
"505 HTTP Version Not Supported",
"506 Variant Also Negotiates",
"507 Insufficient Storage",
- "508 unused",
- "509 unused",
- "510 Not Extended"
+ "508 Loop Detected",
+ NULL, /* 509 */
+ "510 Not Extended",
+ "511 Network Authentication Required"
};
APR_HOOK_STRUCT(
* decides to define a high-numbered code before the lower numbers.
* If that sad event occurs, replace the code below with a linear search
* from status_lines[shortcut[i]] to status_lines[shortcut[i+1]-1];
+ * or use NULL to fill the gaps.
*/
AP_DECLARE(int) ap_index_of_response(int status)
{
status -= 100;
if (status < 100) {
pos = (status + shortcut[i]);
- if (pos < shortcut[i + 1]) {
+ if (pos < shortcut[i + 1] && status_lines[pos] != NULL) {
return pos;
}
else {
case HTTP_MOVED_PERMANENTLY:
case HTTP_MOVED_TEMPORARILY:
case HTTP_TEMPORARY_REDIRECT:
+ case HTTP_PERMANENT_REDIRECT:
return(apr_pstrcat(p,
"<p>The document has moved <a href=\"",
ap_escape_html(r->pool, location),
"connection to SSL, but your client doesn't support it.\n"
"Either upgrade your client, or try requesting the page\n"
"using https://\n");
+ case HTTP_PRECONDITION_REQUIRED:
+ return("<p>The request is required to be conditional.</p>\n");
+ case HTTP_TOO_MANY_REQUESTS:
+ return("<p>The user has sent too many requests\n"
+ "in a given amount of time.</p>\n");
+ case HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE:
+ return("<p>The server refused this request because\n"
+ "the request header fields are too large.</p>\n");
case HTTP_INSUFFICIENT_STORAGE:
return("<p>The method could not be performed on the resource\n"
"because the server is unable to store the\n"
case HTTP_GATEWAY_TIME_OUT:
return("<p>The gateway did not receive a timely response\n"
"from the upstream server or application.</p>\n");
+ case HTTP_LOOP_DETECTED:
+ return("<p>The server terminated an operation because\n"
+ "it encountered an infinite loop.</p>\n");
case HTTP_NOT_EXTENDED:
return("<p>A mandatory extension policy in the request is not\n"
"accepted by the server for this resource.</p>\n");
+ case HTTP_NETWORK_AUTHENTICATION_REQUIRED:
+ return("<p>The client needs to authenticate to gain\n"
+ "network access.</p>\n");
default: /* HTTP_INTERNAL_SERVER_ERROR */
/*
* This comparison to expose error-notes could be modified to
lua_setfield(L, -2, "HTTP_PARTIAL_CONTENT");
lua_pushinteger(L, HTTP_MULTI_STATUS);
lua_setfield(L, -2, "HTTP_MULTI_STATUS");
+ lua_pushinteger(L, HTTP_ALREADY_REPORTED);
+ lua_setfield(L, -2, "HTTP_ALREADY_REPORTED");
+ lua_pushinteger(L, HTTP_IM_USED);
+ lua_setfield(L, -2, "HTTP_IM_USED");
lua_pushinteger(L, HTTP_MULTIPLE_CHOICES);
lua_setfield(L, -2, "HTTP_MULTIPLE_CHOICES");
lua_pushinteger(L, HTTP_MOVED_PERMANENTLY);
lua_setfield(L, -2, "HTTP_MOVED_PERMANENTLY");
+ lua_pushinteger(L, HTTP_MOVED_TEMPORARILY);
+ lua_setfield(L, -2, "HTTP_MOVED_TEMPORARILY");
lua_pushinteger(L, HTTP_SEE_OTHER);
lua_setfield(L, -2, "HTTP_SEE_OTHER");
lua_pushinteger(L, HTTP_NOT_MODIFIED);
lua_setfield(L, -2, "HTTP_USE_PROXY");
lua_pushinteger(L, HTTP_TEMPORARY_REDIRECT);
lua_setfield(L, -2, "HTTP_TEMPORARY_REDIRECT");
+ lua_pushinteger(L, HTTP_PERMANENT_REDIRECT);
+ lua_setfield(L, -2, "HTTP_PERMANENT_REDIRECT");
lua_pushinteger(L, HTTP_BAD_REQUEST);
lua_setfield(L, -2, "HTTP_BAD_REQUEST");
lua_pushinteger(L, HTTP_UNAUTHORIZED);
lua_setfield(L, -2, "HTTP_FAILED_DEPENDENCY");
lua_pushinteger(L, HTTP_UPGRADE_REQUIRED);
lua_setfield(L, -2, "HTTP_UPGRADE_REQUIRED");
+ lua_pushinteger(L, HTTP_PRECONDITION_REQUIRED);
+ lua_setfield(L, -2, "HTTP_PRECONDITION_REQUIRED");
+ lua_pushinteger(L, HTTP_TOO_MANY_REQUESTS);
+ lua_setfield(L, -2, "HTTP_TOO_MANY_REQUESTS");
+ lua_pushinteger(L, HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
+ lua_setfield(L, -2, "HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE");
lua_pushinteger(L, HTTP_INTERNAL_SERVER_ERROR);
lua_setfield(L, -2, "HTTP_INTERNAL_SERVER_ERROR");
lua_pushinteger(L, HTTP_NOT_IMPLEMENTED);
lua_setfield(L, -2, "HTTP_VARIANT_ALSO_VARIES");
lua_pushinteger(L, HTTP_INSUFFICIENT_STORAGE);
lua_setfield(L, -2, "HTTP_INSUFFICIENT_STORAGE");
+ lua_pushinteger(L, HTTP_LOOP_DETECTED);
+ lua_setfield(L, -2, "HTTP_LOOP_DETECTED");
lua_pushinteger(L, HTTP_NOT_EXTENDED);
lua_setfield(L, -2, "HTTP_NOT_EXTENDED");
+ lua_pushinteger(L, HTTP_NETWORK_AUTHENTICATION_REQUIRED);
+ lua_setfield(L, -2, "HTTP_NETWORK_AUTHENTICATION_REQUIRED");
*/
}