From: André Malo Date: Tue, 15 Jul 2003 17:49:03 +0000 (+0000) Subject: Ignore RewriteRules in .htaccess files if the directory X-Git-Tag: pre_ajp_proxy~1418 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=742a08e31195d166ce1d6fa02aa9ee0f92dfb8ce;p=apache Ignore RewriteRules in .htaccess files if the directory containing the .htaccess file is requested without a trailing slash. PR: 20195 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100632 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index e5dc5ecb95..cb66f7628a 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory + containing the .htaccess file is requested without a trailing slash. + PR 20195. [André Malo] + *) mod_autoindex: If a directory contains a file listed in the DirectoryIndex directive, the folder icon is no longer replaced by the icon of that file. PR 9587. diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 32066f4c36..2d673bb825 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -1443,6 +1443,18 @@ static int hook_fixup(request_rec *r) return DECLINED; } + /* + * .htaccess file is called before really entering the directory, i.e.: + * URL: http://localhost/foo and .htaccess is located in foo directory + * Ignore such attempts, since they may lead to undefined behaviour. + */ + if (r->filename && + strlen(r->filename) == strlen(dconf->directory) - 1 && + (dconf->directory)[strlen(dconf->directory) - 1] == '/' && + !strncmp(r->filename, dconf->directory, strlen(dconf->directory) - 1)) { + return DECLINED; + } + /* * only do something under runtime if the engine is really enabled, * for this directory, else return immediately!