From 8a66869e0c75674b7710014a9e9fe0efed9e9fce Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Fri, 18 Dec 2009 16:03:13 +0000 Subject: [PATCH] * Do an exact match of the keys defined by CacheIgnoreURLSessionIdentifiers against the querystring instead of a partial match. PR: 48401 Submitted by: Dodou Wang Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@892289 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++ modules/cache/cache_storage.c | 57 +++++++++++++++++++++++++++-------- 2 files changed, 50 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index 7acb038542..d4a6f08083 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.3.5 + *) mod_cache: Do an exact match of the keys defined by + CacheIgnoreURLSessionIdentifiers against the querystring instead of + a partial match. PR 48401.i + [Dodou Wang , Ruediger Pluem] + *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung] *) mod_headers: Ensure that changes to the main request remain valid when diff --git a/modules/cache/cache_storage.c b/modules/cache/cache_storage.c index c122bddbe0..d5674428ea 100644 --- a/modules/cache/cache_storage.c +++ b/modules/cache/cache_storage.c @@ -503,21 +503,54 @@ apr_status_t cache_generate_key_default(request_rec *r, apr_pool_t* p, /* * Check if the identifier is in the querystring and cut it out. */ - if (querystring - && (param = strstr(querystring, *identifier)) - && (*(param + len) == '=') - ) { - char *amp; - - if (querystring != param) { - querystring = apr_pstrndup(p, querystring, - param - querystring); + if (querystring) { + /* + * First check if the identifier is at the beginning of the + * querystring and followed by a '=' + */ + if (!strncmp(querystring, *identifier, len) + && (*(querystring + len) == '=')) { + param = querystring; } else { - querystring = ""; + char *complete; + + /* + * In order to avoid subkey matching (PR 48401) prepend + * identifier with a '&' and append a '=' + */ + complete = apr_pstrcat(p, "&", *identifier, "=", NULL); + param = strstr(querystring, complete); + /* If we found something we are sitting on the '&' */ + if (param) { + param++; + } } - if ((amp = strchr(param + len + 1, '&'))) { - querystring = apr_pstrcat(p, querystring, amp + 1, NULL); + if (param) { + char *amp; + + if (querystring != param) { + querystring = apr_pstrndup(p, querystring, + param - querystring); + } + else { + querystring = ""; + } + + if ((amp = strchr(param + len + 1, '&'))) { + querystring = apr_pstrcat(p, querystring, amp + 1, NULL); + } + else { + /* + * If querystring is not "", then we have the case + * that the identifier parameter we removed was the + * last one in the original querystring. Hence we have + * a trailing '&' which needs to be removed. + */ + if (*querystring) { + querystring[strlen(querystring) - 1] = '\0'; + } + } } break; } -- 2.50.0