From db6281fc33b20c7449721c97db3062cbddbee199 Mon Sep 17 00:00:00 2001 From: Andre Malo Date: Sun, 2 Mar 2003 18:06:16 +0000 Subject: [PATCH] Unescape the supplied wildcard pattern. Otherwise the pattern will not always match as desired. In order to be correct and safe, the pattern will be re-escaped for output. PR: 12596 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98885 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/generators/mod_autoindex.c | 31 ++++++++++++++++++------------ 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index aa0e1f751c..56e910562b 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise + the pattern will not always match as desired. PR 12596. + [André Malo] + *) mod_autoindex now emits and accepts modern query string parameter delimiters (;). Thus column headers no longer contain unescaped ampersands. PR 10880 [André Malo] diff --git a/modules/generators/mod_autoindex.c b/modules/generators/mod_autoindex.c index e246d569b5..93135b8127 100644 --- a/modules/generators/mod_autoindex.c +++ b/modules/generators/mod_autoindex.c @@ -2002,7 +2002,7 @@ static int index_directory(request_rec *r, colargs = ""; } else { - char fval[5], vval[5], *ppre = ""; + char fval[5], vval[5], *ppre = "", *epattern = ""; fval[0] = '\0'; vval[0] = '\0'; qstring = r->args; @@ -2065,26 +2065,33 @@ static int index_directory(request_rec *r, /* P= wildcard pattern (*.foo) */ else if (qstring[0] == 'P' && qstring[1] == '=') { - const char *eos = qstring + 2; + const char *eos = qstring += 2; /* for efficiency */ while (*eos && *eos != '&' && *eos != ';') { ++eos; } - if (*eos) { - pstring = apr_pstrndup(r->pool, qstring + 2, - eos - qstring - 2); - qstring = eos + 1; + if (eos == qstring) { + pstring = NULL; } else { - pstring = apr_pstrdup(r->pool, qstring + 2); - qstring = NULL; + pstring = apr_pstrndup(r->pool, qstring, eos - qstring); + if (ap_unescape_url(pstring) != OK) { + /* ignore the pattern, if it's bad. */ + pstring = NULL; + } + else { + ppre = ";P="; + /* be correct */ + epattern = ap_escape_uri(r->pool, pstring); + } } - if (*pstring) { - ppre = ";P="; + + if (*eos && *++eos) { + qstring = eos; } else { - pstring = NULL; + qstring = NULL; } } @@ -2093,7 +2100,7 @@ static int index_directory(request_rec *r, qstring = NULL; } } - colargs = apr_pstrcat(r->pool, fval, vval, ppre, pstring, NULL); + colargs = apr_pstrcat(r->pool, fval, vval, ppre, epattern, NULL); } /* Spew HTML preamble */ -- 2.40.0