Apply the converse of the AcceptPathInfo patch for isapi's/cgi's.

author William A. Rowe Jr <wrowe@apache.org>

Thu, 13 Dec 2001 17:22:20 +0000 (17:22 +0000)

committer William A. Rowe Jr <wrowe@apache.org>

Thu, 13 Dec 2001 17:22:20 +0000 (17:22 +0000)
author William A. Rowe Jr <wrowe@apache.org>
Thu, 13 Dec 2001 17:22:20 +0000 (17:22 +0000)
committer William A. Rowe Jr <wrowe@apache.org>
Thu, 13 Dec 2001 17:22:20 +0000 (17:22 +0000)
diff --git a/modules/arch/win32/mod_isapi.c b/modules/arch/win32/mod_isapi.c

index d45502ad1d805a19ea8ffc0468f9ba8541c364e3..53d183accbd4b8991c28940cb259bcf85bd405e6 100644 (file)
--- a/modules/arch/win32/mod_isapi.c
+++ b/modules/arch/win32/mod_isapi.c
@@ -362,6 +362,9 @@ apr_status_t isapi_handler (request_rec *r)
      if (r->finfo.filetype != APR_REG)
          return HTTP_FORBIDDEN;
  
+    if (r->path_info && *r->path_info && !r->used_path_info)
+        return HTTP_NOT_FOUND;
+
      /* Load the isapi extention without caching (sconf == NULL) 
       * but note that we will recover an existing cached module.
       */
diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c

index 07a8548864f8b2d8c9269892ff2fc1822447aa33..9046bf38cfb8ffd5634dea4b854a0b55f67592a5 100644 (file)
--- a/modules/generators/mod_cgi.c
+++ b/modules/generators/mod_cgi.c
@@ -583,6 +583,10 @@ static int cgi_handler(request_rec *r)
         return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
                                "attempt to invoke directory as script");
  
+    if (r->path_info && *r->path_info && !r->used_path_info) {
+        return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
+                               "AcceptPathInfo off disallows user's path");
+    }
  /*
      if (!ap_suexec_enabled) {
         if (!ap_can_exec(&r->finfo))
diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c

index c279b30e8fa2cb7f99ea684ccad50c9de17462e5..637434eb8dfd109f75c5a11eb9b61fc96df17a13 100644 (file)
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -907,6 +907,11 @@ static int cgid_handler(request_rec *r)
      if (r->finfo.filetype == APR_DIR) 
          return log_scripterror(r, conf, HTTP_FORBIDDEN, 0, 
                                 "attempt to invoke directory as script"); 
+
+    if (r->path_info && *r->path_info && !r->used_path_info) {
+        return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
+                               "AcceptPathInfo off disallows user's path");
+    }
  /*
      if (!ap_suexec_enabled) { 
          if (!ap_can_exec(&r->finfo))
author	William A. Rowe Jr <wrowe@apache.org>
	Thu, 13 Dec 2001 17:22:20 +0000 (17:22 +0000)
committer	William A. Rowe Jr <wrowe@apache.org>
	Thu, 13 Dec 2001 17:22:20 +0000 (17:22 +0000)
modules/arch/win32/mod_isapi.c		patch \| blob \| history
modules/generators/mod_cgi.c		patch \| blob \| history
modules/generators/mod_cgid.c		patch \| blob \| history