From: Ken Coar Date: Thu, 31 Jan 2002 18:44:48 +0000 (+0000) Subject: Fix RedirectMatch so it won't emit invalid Location fields. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ca3e62ac1397cd2b8b292b997411b408b4324d17;p=apache Fix RedirectMatch so it won't emit invalid Location fields. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93137 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 3550661f2e..a35f1ad07a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,11 @@ Changes with Apache 2.0.32-dev + *) The Location: response header field, used for external + redirect, *must* be an absoluteURI. The Redirect directive + tested for that, but RedirectMatch didn't -- it would allow + almost anything through. Now it, too, will correctly varf + if the redirection target isn't an absoluteURI. [Ken Coar] + Changes with Apache 2.0.31 *) Add a timeout option to the proxy code 'ProxyTimeout' diff --git a/modules/mappers/mod_alias.c b/modules/mappers/mod_alias.c index 7a3719bde2..d79917c16a 100644 --- a/modules/mappers/mod_alias.c +++ b/modules/mappers/mod_alias.c @@ -74,6 +74,7 @@ #include "httpd.h" #include "http_config.h" #include "http_request.h" +#include "http_log.h" typedef struct { @@ -433,8 +434,18 @@ static int fixup_redir(request_rec *r) /* It may have changed since last time, so try again */ if ((ret = try_alias_list(r, dirconf->redirects, 1, &status)) != NULL) { - if (ap_is_HTTP_REDIRECT(status)) - apr_table_setn(r->headers_out, "Location", ret); + if (ap_is_HTTP_REDIRECT(status)) { + if (!ap_is_url(ret)) { + status = HTTP_INTERNAL_SERVER_ERROR; + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, + "cannot redirect '%s' to '%s'; " + "target is not a valid absoluteURI", + r->uri, ret); + } + else { + apr_table_setn(r->headers_out, "Location", ret); + } + } return status; }