From f0cf7722ba1591a26bb4706f1154851f059db8ea Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Wed, 27 Jul 2011 08:03:41 +0000 Subject: [PATCH] Use ap_unescape_url_keep2f() in ap_expr unescape func. ap_unescape_url() forbidding encoded slashes is not useful here. Log failures. Improve docs. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1151373 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/expr.xml | 4 ++-- server/util_expr_eval.c | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/manual/expr.xml b/docs/manual/expr.xml index fc412bfc5c..b1f4ed1a42 100644 --- a/docs/manual/expr.xml +++ b/docs/manual/expr.xml @@ -436,8 +436,8 @@ listfunction ::= listfuncname "(" word ")" escape Escape special characters in %hex encoding unescape - Unescape %hex encoded string, leaving URL-special characters - encoded (XXX: describe better) + Unescape %hex encoded string, leaving encoded slashes alone; + return empty string if %00 is found file Read contents from a fileyes filesize diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c index 7f5fee3805..5730ebf365 100644 --- a/server/util_expr_eval.c +++ b/server/util_expr_eval.c @@ -985,11 +985,14 @@ static const char *unescape_func(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg) { char *result = apr_pstrdup(ctx->p, arg); - if (ap_unescape_url(result)) - return ""; - else + int ret = ap_unescape_url_keep2f(result, 0); + if (ret == OK) return result; - + ap_log_rerror(LOG_MARK(ctx->info), APLOG_DEBUG, 0, ctx->r, + "%s %% escape in unescape('%s') at %s:%d", + ret == HTTP_BAD_REQUEST ? "Bad" : "Forbidden", arg, + ctx->info->filename, ctx->info->line_number); + return ""; } static int op_nz(ap_expr_eval_ctx_t *ctx, const void *data, const char *arg) -- 2.40.0