From: Yann Ylavic Date: Thu, 7 Sep 2017 22:43:41 +0000 (+0000) Subject: core: Disallow Methods' registration at run time (.htaccess), they may be X-Git-Tag: 2.5.0-alpha~159 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4cc27823899e070268b906ca677ee838d07cf67a;p=apache core: Disallow Methods' registration at run time (.htaccess), they may be used only if registered at init time (httpd.conf). Calling ap_method_register() in children processes is not the right scope since it won't be shared for all requests. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 4ca0e4cc82..2b744675e7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) core: Disallow Methods' registration at runtime (.htaccess), they may be + used only if registered at init time (httpd.conf). [Yann Ylavic] + *) mod_md: v0.9.1: - various fixes in MDRenewWindow handling when specifying percent. Serialization changed. If someone already used percent configurations, it is advised to change these to a new value, diff --git a/server/core.c b/server/core.c index 76adb4d869..c9b6837bd4 100644 --- a/server/core.c +++ b/server/core.c @@ -2331,6 +2331,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd, /* method has not been registered yet, but resource restriction * is always checked before method handling, so register it. */ + if (cmd->pool == cmd->temp_pool) { + /* In .htaccess, we can't globally register new methods. */ + return apr_psprintf(cmd->pool, "Could not register method '%s' " + "for %s from .htaccess configuration", + method, cmd->cmd->name); + } methnum = ap_method_register(cmd->pool, apr_pstrdup(cmd->pool, method)); }