Prevent a case of SSI timefmt-smashing with filter chains including

multiple INCLUDES filters:

* modules/filters/mod_include.c (add_include_vars): Drop unused
  timefmt argument.
  (add_include_vars_lazy): Take timefmt argument.
  (get_include_var, handle_printenv): Pass time format from context.

PR: 39369

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@757376 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c
index 302155e23ba6450ffa0aeea83e7b06cadff160b7..8aaa3e66a2abfcd02ca3054137e0f0cf39404a29 100644 (file)
--- a/modules/filters/mod_include.c
+++ b/modules/filters/mod_include.c
@@ -537,7 +537,7 @@ static void decodehtml(char *s)
     *p = '\0';
 }
 
-static void add_include_vars(request_rec *r, const char *timefmt)
+static void add_include_vars(request_rec *r)
 {
     apr_table_t *e = r->subprocess_env;
     char *t;
@@ -565,26 +565,17 @@ static void add_include_vars(request_rec *r, const char *timefmt)
     }
 }
 
-static const char *add_include_vars_lazy(request_rec *r, const char *var)
+static const char *add_include_vars_lazy(request_rec *r, const char *var, const char *timefmt)
 {
     char *val;
     if (!strcasecmp(var, "DATE_LOCAL")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 0);
+        val = ap_ht_time(r->pool, r->request_time, timefmt, 0);
     }
     else if (!strcasecmp(var, "DATE_GMT")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 1);
+        val = ap_ht_time(r->pool, r->request_time, timefmt, 1);
     }
     else if (!strcasecmp(var, "LAST_MODIFIED")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->finfo.mtime, conf->default_time_fmt, 0);
+        val = ap_ht_time(r->pool, r->finfo.mtime, timefmt, 0);
     }
     else if (!strcasecmp(var, "USER_NAME")) {
         if (apr_uid_name_get(&val, r->finfo.user, r->pool) != APR_SUCCESS) {
@@ -641,7 +632,7 @@ static const char *get_include_var(const char *var, include_ctx_t *ctx)
         val = apr_table_get(r->subprocess_env, var);
 
         if (val == LAZY_VALUE) {
-            val = add_include_vars_lazy(r, var);
+            val = add_include_vars_lazy(r, var, ctx->time_str);
         }
     }
 
@@ -1806,7 +1797,7 @@ static apr_status_t handle_printenv(include_ctx_t *ctx, ap_filter_t *f,
         /* get value */
         val_text = elts[i].val;
         if (val_text == LAZY_VALUE) {
-            val_text = add_include_vars_lazy(r, elts[i].key);
+            val_text = add_include_vars_lazy(r, elts[i].key, ctx->time_str);
         }
         val_text = ap_escape_html(ctx->dpool, elts[i].val);
         v_len = strlen(val_text);
@@ -3005,7 +2996,7 @@ static apr_status_t includes_filter(ap_filter_t *f, apr_bucket_brigade *b)
          * environment */
         ap_add_common_vars(r);
         ap_add_cgi_vars(r);
-        add_include_vars(r, conf->default_time_fmt);
+        add_include_vars(r);
     }
     /* Always unset the content-length.  There is no way to know if
      * the content will be modified at some point by send_parsed_content.