Changes with Apache 2.4.18
+ *) core/util_script: making REDIRECT_URL a full URL is now opt-in
+ via new 'QualifyRedirectURL' directive.
+
*) mod_ssl: Extend expression parser registration to support ssl variables
in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
syntax "ssl(VARNAME)". [Rainer Jung]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * core: make the 2.4.17 behavior of fully qualifying REDIRECT_URL
- opt-in. Original PR PR57785
- trunk patch: http://svn.apache.org/r1710380
- http://svn.apache.org/r1710391
- 2.4.x trunk works (needs CHANGES)
- +1 covener, ylavic, jim
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
</usage>
</directivesynopsis>
+<directivesynopsis>
+<name>QualifyRedirectURL</name>
+<description>Controls whether the REDIRECT_URL environent variable is
+ fully qualified</description>
+<syntax>QualifyRedirectURL ON|OFF</syntax>
+<default>QualifyRedirectURL OFF</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>Directive supported in 2.4.18 and later. 2.4.17 acted
+as if 'QualifyRedirectURL ON' was configured.</compatibility>
+
+<usage>
+ <p>This directive controls whether the server will ensure that the
+ REDIRECT_URL environment variable is fully qualified. By default,
+ the variable contains the verbatim URL requested by the client,
+ such as "/index.html". With <directive module="core"
+ >QualifyRedirectURL ON</directive>, the same request would result in a
+ value such as "http://www.example.com/index.html".</p>
+ <p>Even without this directive set, when a request is issued against a
+ fully qualified URL, REDIRECT_URL will remain fully qualified.
+ </p>
+</usage>
+</directivesynopsis>
+
+
</modulesynopsis>
/* This is the default value used */
#define ETAG_BACKWARD (ETAG_MTIME | ETAG_SIZE)
+/* Generic ON/OFF/UNSET for unsigned int foo :2 */
+#define AP_CORE_CONFIG_OFF (0)
+#define AP_CORE_CONFIG_ON (1)
+#define AP_CORE_CONFIG_UNSET (2)
+
+/* Generic merge of flag */
+#define AP_CORE_MERGE_FLAG(field, to, base, over) to->field = \
+ over->field != AP_CORE_CONFIG_UNSET \
+ ? over->field \
+ : base->field
+
/**
* @brief Server Signature Enumeration
*/
* advice
*/
unsigned int cgi_pass_auth : 2;
+ unsigned int qualify_redirect_url :2;
+
} core_dir_config;
/* macro to implement off by default behaviour */
conf->max_reversals = AP_MAXRANGES_UNSET;
conf->cgi_pass_auth = AP_CGI_PASS_AUTH_UNSET;
+ conf->qualify_redirect_url = AP_CORE_CONFIG_UNSET;
return (void *)conf;
}
conf->cgi_pass_auth = new->cgi_pass_auth != AP_CGI_PASS_AUTH_UNSET ? new->cgi_pass_auth : base->cgi_pass_auth;
+ AP_CORE_MERGE_FLAG(qualify_redirect_url, conf, base, new);
+
return (void*)conf;
}
return NULL;
}
+static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag)
+{
+ core_dir_config *d = d_;
+
+ d->qualify_redirect_url = flag ? AP_CORE_CONFIG_ON : AP_CORE_CONFIG_OFF;
+
+ return NULL;
+}
+
static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
{
core_dir_config *d = d_;
AP_INIT_FLAG("CGIPassAuth", set_cgi_pass_auth, NULL, OR_AUTHCFG,
"Controls whether HTTP authorization headers, normally hidden, will "
"be passed to scripts"),
+AP_INIT_FLAG("QualifyRedirectURL", set_qualify_redirect_url, NULL, OR_FILEINFO,
+ "Controls whether HTTP authorization headers, normally hidden, will "
+ "be passed to scripts"),
+
AP_INIT_TAKE1("ForceType", ap_set_string_slot_lower,
(void *)APR_OFFSETOF(core_dir_config, mime_type), OR_FILEINFO,
"a mime type that overrides other configured type"),
/* Apache custom error responses. If we have redirected set two new vars */
if (r->prev) {
- /* PR#57785: reconstruct full URL here */
- apr_uri_t *uri = &r->prev->parsed_uri;
- if (!uri->scheme) {
- uri->scheme = (char*)ap_http_scheme(r->prev);
- }
- if (!uri->port) {
- uri->port = ap_get_server_port(r->prev);
- uri->port_str = apr_psprintf(r->pool, "%u", uri->port);
- }
- if (!uri->hostname) {
- uri->hostname = (char*)ap_get_server_name_for_url(r->prev);
+ if (conf->qualify_redirect_url != AP_CORE_CONFIG_ON) {
+ add_unless_null(e, "REDIRECT_URL", r->prev->uri);
+ }
+ else {
+ /* PR#57785: reconstruct full URL here */
+ apr_uri_t *uri = &r->prev->parsed_uri;
+ if (!uri->scheme) {
+ uri->scheme = (char*)ap_http_scheme(r->prev);
+ }
+ if (!uri->port) {
+ uri->port = ap_get_server_port(r->prev);
+ uri->port_str = apr_psprintf(r->pool, "%u", uri->port);
+ }
+ if (!uri->hostname) {
+ uri->hostname = (char*)ap_get_server_name_for_url(r->prev);
+ }
+ add_unless_null(e, "REDIRECT_URL",
+ apr_uri_unparse(r->pool, uri, 0));
}
add_unless_null(e, "REDIRECT_QUERY_STRING", r->prev->args);
- add_unless_null(e, "REDIRECT_URL",
- apr_uri_unparse(r->pool, uri, 0));
}
if (e != r->subprocess_env) {
projects / apache / commitdiff