From f895475da20f0f4db7dad7f9d09af445d1c98614 Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Wed, 27 Apr 2016 13:03:00 +0000
Subject: [PATCH] Merge r1734947, 1735952 from trunk:

(and adjust version info in CHANGES, ap_mmn comment, core.xml)

core: New CGIVar directive can configure REQUEST_URI to represent the
current URI being processed instead of always the original request.

Submitted by: trawick
Reviewed by: ylavic, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1741250 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                  |  4 ++++
 STATUS                   | 16 ----------------
 docs/manual/mod/core.xml | 26 ++++++++++++++++++++++++++
 include/ap_mmn.h         |  5 +++--
 include/http_core.h      |  3 +++
 server/core.c            | 36 ++++++++++++++++++++++++++++++++++++
 server/util_script.c     | 15 ++++++++++++++-
 7 files changed, 86 insertions(+), 19 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3c632d699a..243acb025c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.21
 
+  *) core: New CGIVar directive can configure REQUEST_URI to represent the
+     current URI being processed instead of always the original request.
+     [Jeff Trawick]
+
   *) scoreboard/status: Restore behavior of showing workers' previous Client,
      VHost and Request values when idle, like in 2.4.18 and earlier. 
 
diff --git a/STATUS b/STATUS
index 193aa5755c..8d47cf0640 100644
--- a/STATUS
+++ b/STATUS
@@ -114,22 +114,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) CGIVar for controlling building of REQUEST_URI (and future uses)
-     As mentioned on dev@:
-     * This is intended to replace existing methods of configuring how various
-       CGI vars should be built over the long term, though only REQUEST_URI is
-       handled for now.
-     * If the mechanism should be usable by third-party modules for its own
-       concerns, a check for recognized-envvar can be removed from the command
-       processor and the rest of the code will let the third-party module do
-       the right thing since the rule for a var is a character string in a table,
-       not a separate core_dir_config flag with enumerated values.
-     Trunk patch: r1734947, 1735952
-     2.4.x patch: https://emptyhammock.com/media/downloads/CGIVar-to-2.4.x.txt
-       Bad Jeff: The MMN change was missing originally, same patch updated :(
-     +1: trawick, ylavic, jim
-     trawick: If someone has an idea to make this more palatable, I'm all ears.
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index cb04f722c3..4ea46bb3d9 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -597,6 +597,32 @@ variables</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>CGIVar</name>
+<description>Controls how some CGI variables are set</description>
+<syntax>CGIVar <var>variable</var> <var>rule</var></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>Available in Apache HTTP Server 2.4.21 and later</compatibility>
+
+<usage>
+  <p>This directive controls how some CGI variables are set.</p>
+
+  <p><strong>REQUEST_URI</strong> rules:</p>
+  <dl>
+    <dt><code>original-uri</code> (default)</dt>
+    <dd>The value is taken from the original request line, and will not
+    reflect internal redirects or subrequests which change the requested
+    resource.</dd>
+    <dt><code>current-uri</code></dt>
+    <dd>The value reflects the resource currently being processed,
+    which may be different than the original request from the client
+    due to internal redirects or subrequests.</dd>
+  </dl>
+</usage>
+</directivesynopsis>
+
 <directivesynopsis>
 <name>ContentDigest</name>
 <description>Enables the generation of <code>Content-MD5</code> HTTP Response
diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index 999388c384..18d50450ab 100644
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -460,7 +460,7 @@
  *                          ap_get_protocol(). Add HTTP_MISDIRECTED_REQUEST.
  *                          Added ap_parse_token_list_strict() to httpd.h
  * 20120211.52 (2.4.17-dev) Add master conn_rec* member in conn_rec.
- * 20120211.53 (2.4.19-dev) Add epxr_hander to core_dir_config.
+ * 20120211.53 (2.4.19-dev) Add expr_handler to core_dir_config.
  * 20120211.54 (2.4.19-dev) Add ap_proxy_buckets_lifetime_transform and
  *                          ap_proxy_transfer_between_connections to
  *                          mod_proxy.h
@@ -471,6 +471,7 @@
  * 20120211.56 (2.4.19-dev) Split useragent_host from the conn_rec into
  *                          the request_rec, with ap_get_useragent_host()
  * 20120211.57 (2.4.19-dev) Add mod_ssl_openssl.h and OpenSSL-specific hooks
+ * 20120211.58 (2.4.21-dev) Add cgi_var_rules to core_dir_config.
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -478,7 +479,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20120211
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 57                   /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 58                   /* 0...n */
 
 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
diff --git a/include/http_core.h b/include/http_core.h
index d39546f733..2590b22d36 100644
--- a/include/http_core.h
+++ b/include/http_core.h
@@ -669,6 +669,9 @@ typedef struct {
     unsigned int cgi_pass_auth : 2;
     unsigned int qualify_redirect_url :2;
     ap_expr_info_t  *expr_handler;         /* forced with SetHandler */
+
+    /** Table of rules for building CGI variables, NULL if none configured */
+    apr_hash_t *cgi_var_rules;
 } core_dir_config;
 
 /* macro to implement off by default behaviour */
diff --git a/server/core.c b/server/core.c
index b3d72f434d..c590070972 100644
--- a/server/core.c
+++ b/server/core.c
@@ -409,6 +409,15 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv)
 
     conf->cgi_pass_auth = new->cgi_pass_auth != AP_CGI_PASS_AUTH_UNSET ? new->cgi_pass_auth : base->cgi_pass_auth;
 
+    if (new->cgi_var_rules) {
+        if (!conf->cgi_var_rules) {
+            conf->cgi_var_rules = new->cgi_var_rules;
+        }
+        else {
+            conf->cgi_var_rules = apr_hash_overlay(a, new->cgi_var_rules, conf->cgi_var_rules);
+        }
+    }
+
     AP_CORE_MERGE_FLAG(qualify_redirect_url, conf, base, new);
 
     return (void*)conf;
@@ -1796,6 +1805,31 @@ static const char *set_cgi_pass_auth(cmd_parms *cmd, void *d_, int flag)
     return NULL;
 }
 
+static const char *set_cgi_var(cmd_parms *cmd, void *d_,
+                               const char *var, const char *rule_)
+{
+    core_dir_config *d = d_;
+    char *rule = apr_pstrdup(cmd->pool, rule_);
+
+    ap_str_tolower(rule);
+
+    if (!strcmp(var, "REQUEST_URI")) {
+        if (strcmp(rule, "current-uri") && strcmp(rule, "original-uri")) {
+            return "Valid rules for REQUEST_URI are 'current-uri' and 'original-uri'";
+        }
+    }
+    else {
+        return apr_pstrcat(cmd->pool, "Unrecognized CGI variable: \"",
+                           var, "\"", NULL);
+    }
+
+    if (!d->cgi_var_rules) {
+        d->cgi_var_rules = apr_hash_make(cmd->pool);
+    }
+    apr_hash_set(d->cgi_var_rules, var, APR_HASH_KEY_STRING, rule);
+    return NULL;
+}
+
 static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag)
 {
     core_dir_config *d = d_;
@@ -4293,6 +4327,8 @@ AP_INIT_TAKE12("LimitInternalRecursion", set_recursion_limit, NULL, RSRC_CONF,
 AP_INIT_FLAG("CGIPassAuth", set_cgi_pass_auth, NULL, OR_AUTHCFG,
              "Controls whether HTTP authorization headers, normally hidden, will "
              "be passed to scripts"),
+AP_INIT_TAKE2("CGIVar", set_cgi_var, NULL, OR_FILEINFO,
+              "Controls how some CGI variables are set"),
 AP_INIT_FLAG("QualifyRedirectURL", set_qualify_redirect_url, NULL, OR_FILEINFO,
              "Controls whether HTTP authorization headers, normally hidden, will "
              "be passed to scripts"),
diff --git a/server/util_script.c b/server/util_script.c
index 9a03b02608..308e009a94 100644
--- a/server/util_script.c
+++ b/server/util_script.c
@@ -370,12 +370,25 @@ static char *original_uri(request_rec *r)
 AP_DECLARE(void) ap_add_cgi_vars(request_rec *r)
 {
     apr_table_t *e = r->subprocess_env;
+    core_dir_config *conf =
+        (core_dir_config *)ap_get_core_module_config(r->per_dir_config);
+    int request_uri_from_original = 1;
+    const char *request_uri_rule;
 
     apr_table_setn(e, "GATEWAY_INTERFACE", "CGI/1.1");
     apr_table_setn(e, "SERVER_PROTOCOL", r->protocol);
     apr_table_setn(e, "REQUEST_METHOD", r->method);
     apr_table_setn(e, "QUERY_STRING", r->args ? r->args : "");
-    apr_table_setn(e, "REQUEST_URI", original_uri(r));
+
+    if (conf->cgi_var_rules) {
+        request_uri_rule = apr_hash_get(conf->cgi_var_rules, "REQUEST_URI",
+                                        APR_HASH_KEY_STRING);
+        if (request_uri_rule && !strcmp(request_uri_rule, "current-uri")) {
+            request_uri_from_original = 0;
+        }
+    }
+    apr_table_setn(e, "REQUEST_URI",
+                   request_uri_from_original ? original_uri(r) : r->uri);
 
     /* Note that the code below special-cases scripts run from includes,
      * because it "knows" that the sub_request has been hacked to have the
-- 
2.40.0