Both of these checks are problematic without further
work.
status: even a .htaccess with no SetHandler blocks the handler.
proxy: RewriteRule ... ... [P] in htaccess is blocked.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1796352 13f79535-47bb-0310-9956-
ffa450edef68
return DECLINED;
}
- /* A request that has passed through .htaccess has no business
- * landing up here.
- */
- if (ap_request_tainted(r, AP_TAINT_HTACCESS)) {
- return DECLINED;
- }
-
#ifdef HAVE_TIMES
times_per_thread = getpid() != child_pid;
#endif
if (!r->proxyreq || !r->filename || strncmp(r->filename, "proxy:", 6) != 0)
return DECLINED;
- /* A request that has passed through .htaccess has no business
- * serving contents from so far outside its directory.
- * Since we're going to decline it, don't waste time here.
- */
- if (ap_request_tainted(r, AP_TAINT_HTACCESS)) {
- return DECLINED;
- }
-
/* XXX: Shouldn't we try this before we run the proxy_walk? */
url = &r->filename[6];