[Remove entries to the current 2.0 section below, when backported]
+ *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
+ is set in r->subprocess_env allow mismatched query strings to pass.
+ PR 27758. [Paul Querna <chip force-elite.com>, Geoffrey Young]
+
*) logresolve: Allow size of log line buffer to be overridden at
build time (MAXLINE). PR 27793. [Jeff Trawick]
if (d_uri.path) {
ap_unescape_url(d_uri.path);
}
+
if (d_uri.query) {
ap_unescape_url(d_uri.query);
}
+ else if (r_uri.query) {
+ /* MSIE compatibility hack. MSIE has some RFC issues - doesn't
+ * include the query string in the uri Authorization component
+ * or when computing the response component. the second part
+ * works out ok, since we can hash the header and get the same
+ * result. however, the uri from the request line won't match
+ * the uri Authorization component since the header lacks the
+ * query string, leaving us incompatable with a (broken) MSIE.
+ *
+ * the workaround is to fake a query string match if in the proper
+ * environment - BrowserMatch MSIE, for example. the cool thing
+ * is that if MSIE ever fixes itself the simple match ought to
+ * work and this code won't be reached anyway, even if the
+ * environment is set.
+ */
+
+ if (apr_table_get(r->subprocess_env,
+ "AuthDigestEnableQueryStringHack")) {
+
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Digest: "
+ "applying AuthDigestEnableQueryStringHack "
+ "to uri <%s>", resp->raw_request_uri);
+
+ d_uri.query = r_uri.query;
+ }
+ }
if (r->method_number == M_CONNECT) {
if (strcmp(resp->uri, r_uri.hostinfo)) {
projects / apache / commitdiff