From 0158b2d4f321262b9311c3ae4dc6d2d0858a2c00 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Sun, 25 Mar 2012 21:11:13 +0000
Subject: [PATCH] Backport: core: Disallow directives in AllowOverrideList
 which are only allowed in VirtualHost or server context. These are usually
 not prepared to be called in .htaccess files. Submitted by: sf Reviewed by:
 covener, druggeri

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1305137 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES       |  4 ++++
 STATUS        |  5 -----
 server/core.c | 17 ++++++++++++++---
 3 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0a9500d4a4..0080a01d78 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@ Changes with Apache 2.4.2
      envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
      current working directory to be searched for DSOs. [Stefan Fritsch]
 
+  *) core: Disallow directives in AllowOverrideList which are only allowed
+     in VirtualHost or server context. These are usually not prepared to be
+     called in .htaccess files. [Stefan Fritsch]
+
   *) core: In AllowOverrideList, do not allow 'None' together with other
      directives. PR 52823. [Stefan Fritsch]
 
diff --git a/STATUS b/STATUS
index b61f05f6a2..4b3f74c549 100644
--- a/STATUS
+++ b/STATUS
@@ -88,11 +88,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * core: In AllowOverrideList, disallow directives which are only allowed
-    in VirtualHost or server context.
-    Trunk patch: http://svn.apache.org/viewvc?rev=1302665&view=rev
-    2.4.x patch: Trunk patch works (skip docs/log-message-tags/next-number)
-    +1: sf, covener, druggeri
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/server/core.c b/server/core.c
index 482acecb5a..045f53511e 100644
--- a/server/core.c
+++ b/server/core.c
@@ -1679,14 +1679,25 @@ static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *c
             const command_rec *result = NULL;
             module *mod = ap_top_module;
             result = ap_find_command_in_modules(argv[i], &mod);
-            if (result)
-                apr_table_set(d->override_list, argv[i], "1");
-            else
+            if (result == NULL) {
                 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
                              APLOGNO(00116) "Discarding unrecognized "
                              "directive `%s' in AllowOverrideList at %s:%d",
                              argv[i], cmd->directive->filename,
                              cmd->directive->line_num);
+                continue;
+            }
+            else if ((result->req_override & (OR_ALL|ACCESS_CONF)) == 0) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
+                             APLOGNO(02304) "Discarding directive `%s' not "
+                             "allowed in AllowOverrideList at %s:%d",
+                             argv[i], cmd->directive->filename,
+                             cmd->directive->line_num);
+                continue;
+            }
+            else {
+                apr_table_set(d->override_list, argv[i], "1");
+            }
         }
     }
 
-- 
2.40.0