From: Yann Ylavic Date: Mon, 22 Jun 2015 12:48:02 +0000 (+0000) Subject: mod_alias: follow up to r1653941. X-Git-Tag: 2.5.0-alpha~3054 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3c694b33e5d2381d9e5cfd1396c6c4144b01ccce;p=apache mod_alias: follow up to r1653941. Limit Redirect expressions to directory (Location) context and redirect statuses (implicit or explicit). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1686853 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index ad7a1aee8f..10d626c013 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_alias: Limit Redirect expressions to directory (Location) context + and redirect statuses (implicit or explicit). + [Yann Ylavic, Ruediger Pluem] + *) mod_ext_filter, mod_charset_lite: Avoid inadvertent filtering of protocol data during read of chunked request bodies. PR 58049. [Edward Lu ] diff --git a/modules/mappers/mod_alias.c b/modules/mappers/mod_alias.c index 3eb899bb92..2c679bbca5 100644 --- a/modules/mappers/mod_alias.c +++ b/modules/mappers/mod_alias.c @@ -252,25 +252,37 @@ static const char *add_redirect_internal(cmd_parms *cmd, status = HTTP_MOVED_TEMPORARILY; else if (!strcasecmp(arg1, "seeother")) status = HTTP_SEE_OTHER; - else if (!strcasecmp(arg1, "gone")) + else if (!strcasecmp(arg1, "gone")) { status = HTTP_GONE; - else if (apr_isdigit(*arg1)) + grokarg1 = -1; + } + else if (apr_isdigit(*arg1)) { status = atoi(arg1); - else + if (!ap_is_HTTP_REDIRECT(status)) { + grokarg1 = -1; + } + } + else { grokarg1 = 0; + } if (arg3 && !grokarg1) return "Redirect: invalid first argument (of three)"; /* - * if we have the 2nd arg and we understand the 1st one, or if we have the + * if we have the 2nd arg and we understand the 1st one as a redirect + * status (3xx, but not things like 404 /robots.txt), or if we have the * 1st arg but don't understand it, we use the expression syntax assuming * a path from the location. * * if we understand the first arg but have no second arg, we are dealing - * with a status like "GONE". + * with a status like "GONE" or a non-redirect status (e.g. 404, 503). */ - if (grokarg1 && arg2 && !arg3 && HTTP_GONE != status) { + if (!cmd->path) { + /* context only for now */ + ; + } + else if (grokarg1 > 0 && arg2 && !arg3) { const char *expr_err = NULL; dirconf->redirect = @@ -288,7 +300,7 @@ static const char *add_redirect_internal(cmd_parms *cmd, return NULL; } - else if (grokarg1 && !arg2 && HTTP_GONE == status) { + else if (grokarg1 < 0 && !arg2) { dirconf->redirect_status = status; dirconf->redirect_set = 1;