From 742a08e31195d166ce1d6fa02aa9ee0f92dfb8ce Mon Sep 17 00:00:00 2001 From: =?utf8?q?Andr=C3=A9=20Malo?= Date: Tue, 15 Jul 2003 17:49:03 +0000 Subject: [PATCH] Ignore RewriteRules in .htaccess files if the directory containing the .htaccess file is requested without a trailing slash. PR: 20195 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100632 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/mappers/mod_rewrite.c | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/CHANGES b/CHANGES index e5dc5ecb95..cb66f7628a 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory + containing the .htaccess file is requested without a trailing slash. + PR 20195. [André Malo] + *) mod_autoindex: If a directory contains a file listed in the DirectoryIndex directive, the folder icon is no longer replaced by the icon of that file. PR 9587. diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 32066f4c36..2d673bb825 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -1443,6 +1443,18 @@ static int hook_fixup(request_rec *r) return DECLINED; } + /* + * .htaccess file is called before really entering the directory, i.e.: + * URL: http://localhost/foo and .htaccess is located in foo directory + * Ignore such attempts, since they may lead to undefined behaviour. + */ + if (r->filename && + strlen(r->filename) == strlen(dconf->directory) - 1 && + (dconf->directory)[strlen(dconf->directory) - 1] == '/' && + !strncmp(r->filename, dconf->directory, strlen(dconf->directory) - 1)) { + return DECLINED; + } + /* * only do something under runtime if the engine is really enabled, * for this directory, else return immediately! -- 2.50.1