From 1416de62f5550f4af94f4c14dd488027de9aa28d Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Tue, 23 Apr 2013 13:14:34 +0000 Subject: [PATCH] mod_dav: Make sure that when we prepare an If URL for Etag comparison, we compare unencoded paths. PR 53910 Patch submitted by Timothy Wood Tested by William Lewis git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1470940 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/dav/main/util.c | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/CHANGES b/CHANGES index 8acdf18699..05376b54f7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_dav: Make sure that when we prepare an If URL for Etag comparison, + we compare unencoded paths. PR 53910 [Timothy Wood ] + *) core, mod_ssl: Lift the restriction that prevents mod_ssl taking full advantage of the event MPM. Enable the ability for a module to reverse the sense of a poll event from a read to a write or vice diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c index 2f4ce8d8cf..d2aff57a28 100644 --- a/modules/dav/main/util.c +++ b/modules/dav/main/util.c @@ -663,6 +663,13 @@ static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih) if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/') parsed_uri.path[--uri_len] = '\0'; + /* the resources we will compare to have unencoded paths */ + if (ap_unescape_url(parsed_uri.path) != OK) { + return dav_new_error(r->pool, HTTP_BAD_REQUEST, + DAV_ERR_IF_TAGGED, rv, + "Invalid percent encoded URI in tagged If-header."); + } + uri = parsed_uri.path; list_type = tagged; break; -- 2.50.1