From 4cc27823899e070268b906ca677ee838d07cf67a Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Thu, 7 Sep 2017 22:43:41 +0000 Subject: [PATCH] core: Disallow Methods' registration at run time (.htaccess), they may be used only if registered at init time (httpd.conf). Calling ap_method_register() in children processes is not the right scope since it won't be shared for all requests. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ server/core.c | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/CHANGES b/CHANGES index 4ca0e4cc82..2b744675e7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) core: Disallow Methods' registration at runtime (.htaccess), they may be + used only if registered at init time (httpd.conf). [Yann Ylavic] + *) mod_md: v0.9.1: - various fixes in MDRenewWindow handling when specifying percent. Serialization changed. If someone already used percent configurations, it is advised to change these to a new value, diff --git a/server/core.c b/server/core.c index 76adb4d869..c9b6837bd4 100644 --- a/server/core.c +++ b/server/core.c @@ -2331,6 +2331,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd, /* method has not been registered yet, but resource restriction * is always checked before method handling, so register it. */ + if (cmd->pool == cmd->temp_pool) { + /* In .htaccess, we can't globally register new methods. */ + return apr_psprintf(cmd->pool, "Could not register method '%s' " + "for %s from .htaccess configuration", + method, cmd->cmd->name); + } methnum = ap_method_register(cmd->pool, apr_pstrdup(cmd->pool, method)); } -- 2.40.0