[Remove entries to the current 2.0 section below, when backported]
+ *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
+ the pattern will not always match as desired. PR 12596.
+ [André Malo]
+
*) mod_autoindex now emits and accepts modern query string parameter
delimiters (;). Thus column headers no longer contain unescaped
ampersands. PR 10880 [André Malo]
colargs = "";
}
else {
- char fval[5], vval[5], *ppre = "";
+ char fval[5], vval[5], *ppre = "", *epattern = "";
fval[0] = '\0'; vval[0] = '\0';
qstring = r->args;
/* P= wildcard pattern (*.foo) */
else if (qstring[0] == 'P' && qstring[1] == '=') {
- const char *eos = qstring + 2;
+ const char *eos = qstring += 2; /* for efficiency */
while (*eos && *eos != '&' && *eos != ';') {
++eos;
}
- if (*eos) {
- pstring = apr_pstrndup(r->pool, qstring + 2,
- eos - qstring - 2);
- qstring = eos + 1;
+ if (eos == qstring) {
+ pstring = NULL;
}
else {
- pstring = apr_pstrdup(r->pool, qstring + 2);
- qstring = NULL;
+ pstring = apr_pstrndup(r->pool, qstring, eos - qstring);
+ if (ap_unescape_url(pstring) != OK) {
+ /* ignore the pattern, if it's bad. */
+ pstring = NULL;
+ }
+ else {
+ ppre = ";P=";
+ /* be correct */
+ epattern = ap_escape_uri(r->pool, pstring);
+ }
}
- if (*pstring) {
- ppre = ";P=";
+
+ if (*eos && *++eos) {
+ qstring = eos;
}
else {
- pstring = NULL;
+ qstring = NULL;
}
}
qstring = NULL;
}
}
- colargs = apr_pstrcat(r->pool, fval, vval, ppre, pstring, NULL);
+ colargs = apr_pstrcat(r->pool, fval, vval, ppre, epattern, NULL);
}
/* Spew HTML preamble */