]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0aad1ca)
Use ap_unescape_url_keep2f() in ap_expr unescape func. ap_unescape_url()
authorStefan Fritsch <sf@apache.org>
Wed, 27 Jul 2011 08:03:41 +0000 (08:03 +0000)
committerStefan Fritsch <sf@apache.org>
Wed, 27 Jul 2011 08:03:41 +0000 (08:03 +0000)
forbidding encoded slashes is not useful here.
Log failures.
Improve docs.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1151373 13f79535-47bb-0310-9956-ffa450edef68

docs/manual/expr.xml patch | blob | history
server/util_expr_eval.c patch | blob | history

diff --git a/docs/manual/expr.xml b/docs/manual/expr.xml
index fc412bfc5cb817c7965388d77b0b51c71bdb3546..b1f4ed1a42dac245e6e8da895d95ab7372d6cfae 100644 (file)
--- a/docs/manual/expr.xml
+++ b/docs/manual/expr.xml
@@ -436,8 +436,8 @@ listfunction ::= listfuncname "<strong>(</strong>" word "<strong>)</strong>"
     <tr><td><code>escape</code></td>
         <td>Escape special characters in %hex encoding</td><td></td></tr>
     <tr><td><code>unescape</code></td>
-        <td>Unescape %hex encoded string, leaving URL-special characters
-            encoded (XXX: describe better)</td><td></td></tr>
+        <td>Unescape %hex encoded string, leaving encoded slashes alone;
+            return empty string if %00 is found</td><td></td></tr>
     <tr><td><code>file</code></td>
         <td>Read contents from a file</td><td>yes</td></tr>
     <tr><td><code>filesize</code></td>
diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c
index 7f5fee380537c7a86f7c72581d556d75f0b28cdb..5730ebf3655a70a4dc225484382c5aa23535cb4c 100644 (file)
--- a/server/util_expr_eval.c
+++ b/server/util_expr_eval.c
@@ -985,11 +985,14 @@ static const char *unescape_func(ap_expr_eval_ctx_t *ctx, const void *data,
                                  const char *arg)
 {
     char *result = apr_pstrdup(ctx->p, arg);
-    if (ap_unescape_url(result))
-        return "";
-    else
+    int ret = ap_unescape_url_keep2f(result, 0);
+    if (ret == OK)
         return result;
-
+    ap_log_rerror(LOG_MARK(ctx->info), APLOG_DEBUG, 0, ctx->r,
+                      "%s %% escape in unescape('%s') at %s:%d", 
+                     ret == HTTP_BAD_REQUEST ? "Bad" : "Forbidden", arg,
+                     ctx->info->filename, ctx->info->line_number);
+    return "";
 }
 
 static int op_nz(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg)
Unnamed repository; edit this file 'description' to name the repository.