static int fixup_dir(request_rec *r)
{
- /* only redirect for requests against directories or when we have
- * a note that says that this browser can not handle redirs on
- * non-GET requests (such as Microsoft's WebFolders). */
- if (r->finfo.filetype != APR_DIR || (r->method_number != M_GET &&
- apr_table_get(r->subprocess_env, "redirect-carefully"))) {
+ dir_config_rec *d;
+ char *dummy_ptr[1];
+ char **names_ptr;
+ int num_names;
+ int error_notfound = 0;
+
+ /* only handle requests against directories */
+ if (r->finfo.filetype != APR_DIR) {
return DECLINED;
}
+
+ /* In case mod_mime wasn't present, and no handler was assigned. */
+ if (!r->handler) {
+ r->handler = DIR_MAGIC_TYPE;
+ }
+
+ /* Never tollerate path_info on dir requests */
+ if (r->path_info && *r->path_info) {
+ return DECLINED;
+ }
- if (r->uri[0] == '\0' || r->uri[strlen(r->uri) - 1] != '/') {
+ /* Redirect requests that are not '/' terminated */
+ if (r->uri[0] == '\0' || r->uri[strlen(r->uri) - 1] != '/')
+ {
char *ifile;
+
+ /* Only redirect non-get requests if we have no note to warn
+ * that this browser cannot handle redirs on non-GET requests
+ * (such as Microsoft's WebFolders).
+ */
+ if (r->method_number != M_GET
+ && apr_table_get(r->subprocess_env, "redirect-carefully")) {
+ return DECLINED;
+ }
+
if (r->args != NULL)
ifile = apr_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
- "/", "?", r->args, NULL);
+ "/", "?", r->args, NULL);
else
ifile = apr_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
- "/", NULL);
+ "/", NULL);
apr_table_setn(r->headers_out, "Location",
- ap_construct_url(r->pool, ifile, r));
+ ap_construct_url(r->pool, ifile, r));
return HTTP_MOVED_PERMANENTLY;
}
- return OK;
-}
-
-static int handle_dir(request_rec *r)
-{
- dir_config_rec *d;
- char *dummy_ptr[1];
- char **names_ptr;
- int num_names;
- int error_notfound = 0;
-
if (strcmp(r->handler,DIR_MAGIC_TYPE)) {
return DECLINED;
}
d = (dir_config_rec *) ap_get_module_config(r->per_dir_config,
&dir_module);
- /* KLUDGE --- make the sub_req lookups happen in the right directory.
- * Fixing this in the sub_req_lookup functions themselves is difficult,
- * and would probably break virtual includes...
- */
-
- if (r->filename[strlen(r->filename) - 1] != '/') {
- if (r->filename != r->canonical_filename)
- r->canonical_filename = NULL;
- r->filename = apr_pstrcat(r->pool, r->filename, "/", NULL);
- if (r->canonical_filename)
- r->canonical_filename = r->filename;
- }
-
if (d->index_names) {
names_ptr = (char **)d->index_names->elts;
num_names = d->index_names->nelts;
}
for (; num_names; ++names_ptr, --num_names) {
+ /* XXX: Is this name_ptr considered escaped yet, or not??? */
char *name_ptr = *names_ptr;
- request_rec *rr = ap_sub_req_lookup_uri(name_ptr, r, NULL);
+ request_rec *rr;
- if (rr->status == HTTP_OK && rr->finfo.filetype == APR_REG) {
- char *new_uri = ap_escape_uri(r->pool, rr->uri);
+ /* Once upon a time args were handled _after_ the successful redirect.
+ * But that redirect might then _refuse_ the given r->args, creating
+ * a nasty tangle. It seems safer to consider the r->args while we
+ * determine if name_ptr is our viable index, and therefore set them
+ * up correctly on redirect.
+ */
+ if (r->args != NULL)
+ name_ptr = apr_pstrcat(r->pool, name_ptr, "?", r->args, NULL);
- if (rr->args != NULL)
- new_uri = apr_pstrcat(r->pool, new_uri, "?", rr->args, NULL);
- else if (r->args != NULL)
- new_uri = apr_pstrcat(r->pool, new_uri, "?", r->args, NULL);
+ rr = ap_sub_req_lookup_uri(name_ptr, r, NULL);
- ap_destroy_sub_req(rr);
- ap_internal_redirect(new_uri, r);
+ /* XXX: (filetype == APR_REG) - we can't use a non-file index??? */
+ if (rr->status == HTTP_OK && rr->finfo.filetype == APR_REG) {
+ ap_internal_fast_redirect(rr, r);
return OK;
}
-
+
/* If the request returned a redirect, propagate it to the client */
if (ap_is_HTTP_REDIRECT(rr->status) ||
/* If the request returned something other than 404 (or 200),
* it means the module encountered some sort of problem. To be
- * secure, we should return the error, rather than create
- * along a (possibly unsafe) directory index.
+ * secure, we should return the error, rather than allow autoindex
+ * to create a (possibly unsafe) directory index.
*
* So we store the error, and if none of the listed files
* exist, we return the last error response we got, instead
ap_destroy_sub_req(rr);
}
- if (error_notfound)
+ if (error_notfound) {
return error_notfound;
+ }
/* nothing for us to do, pass on through */
static const char * const aszSucc[]={"mod_autoindex.c", NULL};
ap_hook_fixups(fixup_dir,NULL,NULL,APR_HOOK_MIDDLE);
- ap_hook_handler(handle_dir,NULL,aszSucc,APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA dir_module = {
projects / apache / commitdiff