From e465e656be9cf5b69f6d100824d95fcd30c213a1 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Fri, 8 Sep 2017 13:13:11 +0000
Subject: [PATCH] Merge r1807655 from trunk:

core: Disallow Methods' registration at run time (.htaccess), they may be
used only if registered at init time (httpd.conf).

Calling ap_method_register() in children processes is not the right scope
since it won't be shared for all requests.

Reviewed by: ylavic, covener, icing


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1807754 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES       | 3 +++
 STATUS        | 7 -------
 server/core.c | 6 ++++++
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1988d2cca3..05626f2423 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.28
 
+  *) core: Disallow Methods' registration at runtime (.htaccess), they may be
+     used only if registered at init time (httpd.conf).  [Yann Ylavic]
+
   *) mod_ssl, ab: Fix compatibility with LibreSSL.  PR 61184.
      [Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>,
       Yann Ylavic]
diff --git a/STATUS b/STATUS
index 8c27a5fcd9..cbb7e165a7 100644
--- a/STATUS
+++ b/STATUS
@@ -161,13 +161,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.4.x patch svn merge -c 1745039 ^/httpd/httpd/trunk .
      +1: jim, ylavic, icing
 
-  *) core: Disallow Methods' registration at runtime (.htaccess), they may be
-     used only if registered at init time (httpd.conf).
-     trunk patch: http://svn.apache.org/r1807655
-     2.4.x patch: svn merge -c 1807655 ^/httpd/httpd/trunk .
-                  (modulo CHANGES)
-     +1: ylavic, covener, icing
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/server/core.c b/server/core.c
index de2400d92a..6516b09a05 100644
--- a/server/core.c
+++ b/server/core.c
@@ -2266,6 +2266,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
             /* method has not been registered yet, but resource restriction
              * is always checked before method handling, so register it.
              */
+            if (cmd->pool == cmd->temp_pool) {
+                /* In .htaccess, we can't globally register new methods. */
+                return apr_psprintf(cmd->pool, "Could not register method '%s' "
+                                   "for %s from .htaccess configuration",
+                                    method, cmd->cmd->name);
+            }
             methnum = ap_method_register(cmd->pool,
                                          apr_pstrdup(cmd->pool, method));
         }
-- 
2.40.0