PR60009: RewriteRule local prefix checking update
*) mod_rewrite: When a substitution is a fully qualified URL, and the
scheme/host/port matches the current virtual host, stop interpreting the
path component as a local path just because the first component of the
path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot"
to revert to previous behavior. PR60009.
Submitted By: Hank Ibell <hwibell gmail.com>
Submitted by: covener
Reviewed by: covener, jim, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1796852 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.26
+ *) mod_rewrite: When a substitution is a fully qualified URL, and the
+ scheme/host/port matches the current virtual host, stop interpreting the
+ path component as a local path just because the first component of the
+ path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot"
+ to revert to previous behavior. PR60009.
+ [Hank Ibell <hwibell gmail.com>]
+
*) core: ap_parse_form_data() URL-decoding doesn't work on EBCDIC
platforms. PR61124. [Hank Ibell <hwibell gmail.com>]
*) mod_autoindex: Add IndexOptions UseOldDateFormat to allow the date
format from 2.2 in the Last Modified column. PR60846.
[Hank Ibell <hwibell gmail.com>]
-
+
*) core: Add %{REMOTE_PORT} to the expression parser. PR59938
[Hank Ibell <hwibell gmail.com>]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_rewrite: When a substitution is a fully qualified URL, and the
- scheme/host/port matches the current virtual host, stop interpreting the
- path component as a local path just because the first component of the
- path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot"
- to revert to previous behavior. PR60009.
- trunk patch: http://svn.apache.org/r1776463
- 2.4.x patch: svn merge -c 1776463 1776708 ^/httpd/httpd/trunk .
- +1: covener, jim, ylavic
-
*) mod_env: When processing a 'SetEnv' directive, warn if the environment
variable name includes a '='. It is likely a configuration error.
PR 60249.
supply this extended context info. Available in 2.4.16 and later.</p>
</dd>
+
+ <dt><code>LegacyPrefixDocRoot</code></dt>
+ <dd>
+
+ <p>Prior to 2.4.25, if a substitution was an absolute URL that matched
+ the current virtual host, the URL might first be reduced to a URL-path
+ and then later reduced to a local path. Since the URL can be reduced
+ to a local path, the path should be prefixed with the document root.
+ This prevents a file such as /tmp/myfile from being accessed when a
+ request is made to http://host/file/myfile with the following
+ <directive module="mod_rewrite">RewriteRule</directive>.</p>
+ <highlight language="config">
+ RewriteRule /file/(.*) http://localhost/tmp/$1
+ </highlight>
+ <p>This option allows the old behavior to be used where the document
+ root is not prefixed to a local path that was reduced from a
+ URL. Available in 2.4.25 and later.</p>
+ </dd>
+
</dl>
</usage>
#define OPTION_INHERIT_DOWN_BEFORE (1<<7)
#define OPTION_IGNORE_INHERIT (1<<8)
#define OPTION_IGNORE_CONTEXT_INFO (1<<9)
+#define OPTION_LEGACY_PREFIX_DOCROOT (1<<10)
#ifndef RAND_MAX
#define RAND_MAX 32767
/* now check whether we could reduce it to a local path... */
if (ap_matches_request_vhost(r, host, port)) {
+ rewrite_server_conf *conf =
+ ap_get_module_config(r->server->module_config, &rewrite_module);
rewritelog((r, 3, NULL, "reduce %s -> %s", r->filename, url));
r->filename = apr_pstrdup(r->pool, url);
+
+ /* remember that the uri was reduced */
+ if(!(conf->options & OPTION_LEGACY_PREFIX_DOCROOT)) {
+ apr_table_setn(r->notes, "mod_rewrite_uri_reduced", "true");
+ }
}
}
else if (!strcasecmp(w, "ignorecontextinfo")) {
options |= OPTION_IGNORE_CONTEXT_INFO;
}
+ else if (!strcasecmp(w, "legacyprefixdocroot")) {
+ options |= OPTION_LEGACY_PREFIX_DOCROOT;
+ }
else {
return apr_pstrcat(cmd->pool, "RewriteOptions: unknown option '",
w, "'", NULL);
}
else {
/* it was finally rewritten to a local path */
+ const char *uri_reduced = NULL;
/* expand "/~user" prefix */
#if APR_HAS_USER
* because we only do stat() on the first directory
* and this gets cached by the kernel for along time!
*/
- if (!prefix_stat(r->filename, r->pool)) {
+
+ if(!(conf->options & OPTION_LEGACY_PREFIX_DOCROOT)) {
+ uri_reduced = apr_table_get(r->notes, "mod_rewrite_uri_reduced");
+ }
+
+ if (!prefix_stat(r->filename, r->pool) || uri_reduced != NULL) {
int res;
char *tmp = r->uri;
projects / apache / commitdiff