From: Jim Jagielski <jim@apache.org>
Date: Fri, 17 Aug 2012 13:46:24 +0000 (+0000)
Subject: http://people.apache.org/~rjung/patches/x-www-form-urlencoded-content-type-checking... 
X-Git-Tag: 2.4.3~11
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5b8656955ce3ae5e67c8d62229d2b211836c679d;p=apache

http://people.apache.org/~rjung/patches/x-www-form-urlencoded-content-type-checking.patch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1374253 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 8ec80bd82d..56438e63e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,11 @@ Changes with Apache 2.4.3
   *) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
      authorization provider in lua. [Stefan Fritsch]
 
+  *) core: Be less strict when checking whether Content-Type is set to 
+     "application/x-www-form-urlencoded" when parsing POST data, 
+     or we risk losing data with an appended charset. PR 53698
+     [Petter Berntsen <petterb gmail.com>]
+
   *) httpd.conf: Added configuration directives to set a bad_DNT environment
      variable based on User-Agent and to remove the DNT header field from
      incoming requests when a match occurs. This currently has the effect of
diff --git a/STATUS b/STATUS
index d75540f809..8c958fce28 100644
--- a/STATUS
+++ b/STATUS
@@ -88,21 +88,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * core: make ap_parse_form_data less strict when checking for a correct 
-           Content-Type header when parsing POST, or we risk losing valid 
-           data with an appended charset.
-     Submitted by: Petter Berntsen <petterb gmail com>
-     (Changed since the original commit, hence the long list of revisions)
-     PR: 53698
-     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1372054
-                  http://svn.apache.org/viewvc?view=revision&revision=1372055
-                  http://svn.apache.org/viewvc?view=revision&revision=1372305
-                  http://svn.apache.org/viewvc?view=revision&revision=1372349
-                  http://svn.apache.org/viewvc?view=revision&revision=1372419
-     2.4.x patch: http://people.apache.org/~rjung/patches/x-www-form-urlencoded-content-type-checking.patch
-     +1: humbedooh, rjung, jim
-     rjung: I added a combined 2.4.x patch for convenience, because the change
-            is only one line
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/server/util.c b/server/util.c
index 177f3780fc..75e91a7b99 100644
--- a/server/util.c
+++ b/server/util.c
@@ -2393,7 +2393,7 @@ AP_DECLARE(int) ap_parse_form_data(request_rec *r, ap_filter_t *f,
 
     /* sanity check - we only support forms for now */
     ct = apr_table_get(r->headers_in, "Content-Type");
-    if (!ct || strcmp("application/x-www-form-urlencoded", ct)) {
+    if (!ct || strncasecmp("application/x-www-form-urlencoded", ct, 33)) {
         return ap_discard_request_body(r);
     }