From 433c97df4e100b7ae76bc3db406eeb4d901b9700 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Fri, 5 Nov 2010 20:21:09 +0000 Subject: [PATCH] PR49823: Make the hardcoded default for AllowOverride match the default config -- None. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1031776 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ docs/manual/mod/core.xml | 2 +- server/core.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index db498904c1..4019d5b7f1 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,9 @@ Changes with Apache 2.3.9 Fix a denial of service attack against mod_reqtimeout. [Stefan Fritsch] + *) core: In the absence of any AllowOverride directives, the default is now + "None" instead of "All". PR49823 [Eric Covener] + *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in or . PR47765 [Eric Covener] diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 9f91f0b969..878ecea993 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -300,7 +300,7 @@ be passed through .htaccess files AllowOverride All|None|directive-type [directive-type] ... -AllowOverride All +AllowOverride None (2.3.9 and later), AllowOverride All (2.3.8 and earlier) directory diff --git a/server/core.c b/server/core.c index 78cfb2e029..9f8d01d02d 100644 --- a/server/core.c +++ b/server/core.c @@ -114,7 +114,7 @@ static void *create_core_dir_config(apr_pool_t *a, char *dir) conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL; conf->opts_add = conf->opts_remove = OPT_NONE; - conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL; + conf->override = OR_NONE; conf->override_opts = OPT_UNSET | OPT_ALL | OPT_SYM_OWNER | OPT_MULTI; conf->content_md5 = 2; -- 2.50.0