* Do an exact match of the keys defined by CacheIgnoreURLSessionIdentifiers

  against the querystring instead of a partial match.

PR: 48401
Submitted by: Dodou Wang <wangdong.08 gmail.com>
Reviewed by: rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@892289 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 7acb0385423934b67910aded6cfdd91a7f21db0e..d4a6f08083970691eaf0061c2518c211fedf7ad7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,11 @@
 
 Changes with Apache 2.3.5
 
+  *) mod_cache: Do an exact match of the keys defined by
+     CacheIgnoreURLSessionIdentifiers against the querystring instead of
+     a partial match.  PR 48401.i
+     [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
+
   *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
 
   *) mod_headers: Ensure that changes to the main request remain valid when

diff --git a/modules/cache/cache_storage.c b/modules/cache/cache_storage.c
index c122bddbe0f2a0ab90a6bdaaae99bf27ae832e24..d5674428eabadfab97f9192e60de147c200969af 100644 (file)
--- a/modules/cache/cache_storage.c
+++ b/modules/cache/cache_storage.c
@@ -503,21 +503,54 @@ apr_status_t cache_generate_key_default(request_rec *r, apr_pool_t* p,
             /*
              * Check if the identifier is in the querystring and cut it out.
              */
-            if (querystring
-                && (param = strstr(querystring, *identifier))
-                && (*(param + len) == '=')
-                ) {
-                char *amp;
-
-                if (querystring != param) {
-                    querystring = apr_pstrndup(p, querystring,
-                                               param - querystring);
+            if (querystring) {
+                /*
+                 * First check if the identifier is at the beginning of the
+                 * querystring and followed by a '='
+                 */
+                if (!strncmp(querystring, *identifier, len)
+                    && (*(querystring + len) == '=')) {
+                    param = querystring;
                 }
                 else {
-                    querystring = "";
+                    char *complete;
+
+                    /*
+                     * In order to avoid subkey matching (PR 48401) prepend
+                     * identifier with a '&' and append a '='
+                     */
+                    complete = apr_pstrcat(p, "&", *identifier, "=", NULL);
+                    param = strstr(querystring, complete);
+                    /* If we found something we are sitting on the '&' */
+                    if (param) {
+                        param++;
+                    }
                 }
-                if ((amp = strchr(param + len + 1, '&'))) {
-                    querystring = apr_pstrcat(p, querystring, amp + 1, NULL);
+                if (param) {
+                    char *amp;
+
+                    if (querystring != param) {
+                        querystring = apr_pstrndup(p, querystring,
+                                               param - querystring);
+                    }
+                    else {
+                        querystring = "";
+                    }
+
+                    if ((amp = strchr(param + len + 1, '&'))) {
+                        querystring = apr_pstrcat(p, querystring, amp + 1, NULL);
+                    }
+                    else {
+                        /*
+                         * If querystring is not "", then we have the case
+                         * that the identifier parameter we removed was the
+                         * last one in the original querystring. Hence we have
+                         * a trailing '&' which needs to be removed.
+                         */
+                        if (*querystring) {
+                            querystring[strlen(querystring) - 1] = '\0';
+                        }
+                    }
                 }
                 break;
             }