From 285bd508ef7d3fdfd8eb510378eb0ab6a0de9790 Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@apache.org>
Date: Mon, 19 Mar 2012 21:34:03 +0000
Subject: [PATCH] Disallow directives in AllowOverrideList which are only
 allowed in VirtualHost or server context. These are usually not prepared to
 be called in .htaccess files.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1302665 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                           |  4 ++++
 docs/log-message-tags/next-number |  2 +-
 server/core.c                     | 17 ++++++++++++++---
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 829a2be4ae..3aa170ef2f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: Disallow directives in AllowOverrideList which are only allowed
+     in VirtualHost or server context. These are usually not prepared to be
+     called in .htaccess files. [Stefan Fritsch]
+
   *) core: In AllowOverrideList, do not allow 'None' together with other
      directives. PR 52823. [Stefan Fritsch]
 
diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
index c801f0a47c..b0812e9d3f 100644
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-2304
+2305
diff --git a/server/core.c b/server/core.c
index 374a1f64eb..9617110920 100644
--- a/server/core.c
+++ b/server/core.c
@@ -1681,14 +1681,25 @@ static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *c
             const command_rec *result = NULL;
             module *mod = ap_top_module;
             result = ap_find_command_in_modules(argv[i], &mod);
-            if (result)
-                apr_table_set(d->override_list, argv[i], "1");
-            else
+            if (result == NULL) {
                 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
                              APLOGNO(00116) "Discarding unrecognized "
                              "directive `%s' in AllowOverrideList at %s:%d",
                              argv[i], cmd->directive->filename,
                              cmd->directive->line_num);
+                continue;
+            }
+            else if ((result->req_override & (OR_ALL|ACCESS_CONF)) == 0) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
+                             APLOGNO(02304) "Discarding directive `%s' not "
+                             "allowed in AllowOverrideList at %s:%d",
+                             argv[i], cmd->directive->filename,
+                             cmd->directive->line_num);
+                continue;
+            }
+            else {
+                apr_table_set(d->override_list, argv[i], "1");
+            }
         }
     }
 
-- 
2.40.0