Hi folks,
I'd like to apply the attached patch to trunk.
It's based on the one in PR#33078, disallowing the mixing
of relative and absolute options (for combinations which
really don't make any sense).
This "feature" has been proven to be very costly: in support
hours - which is why I'd like to get rid of it.
Opinions?
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
Index: docs/manual/mod/core.xml
===================================================================
--- docs/manual/mod/core.xml (revision 1052524)
+++ docs/manual/mod/core.xml (working copy)
@@ -3088,10 +3088,10 @@
<code>-</code> are removed from the options currently in
force. </p>
- <note type="warning"><title>Warning</title>
+ <note><title>Note</title>
<p>Mixing <directive>Options</directive> with a <code>+</code> or
- <code>-</code> with those without is not valid syntax, and is likely
- to cause unexpected results.</p>
+ <code>-</code> with those without is not valid syntax, and will be
+ rejected during server startup by the syntax check with an abort.</p>
</note>
<p>For example, without any <code>+</code> and <code>-</code> symbols:</p>
Index: server/core.c
===================================================================
--- server/core.c (revision 1052524)
+++ server/core.c (working copy)
@@ -1409,6 +1409,8 @@
core_dir_config *d = d_;
allow_options_t opt;
int first = 1;
+ int merge = 0;
+ int all_none = 0;
char action;
while (l[0]) {
@@ -1417,11 +1419,17 @@
if (*w == '+' || *w == '-') {
action = *(w++);
+ if (!merge && !first && !all_none) {
+ return "Either all Options must start with + or -, or no Option may.";
+ }
+ merge = 1;
}
else if (first) {
d->opts = OPT_NONE;
- first = 0;
}
+ else if (merge) {
+ return "Either all Options must start with + or -, or no Option may.";
+ }
if (!strcasecmp(w, "Indexes")) {
opt = OPT_INDEXES;
@@ -1448,10 +1456,24 @@
opt = OPT_MULTI|OPT_EXECCGI;
}
else if (!strcasecmp(w, "None")) {
+ if (!first) {
+ return "'Options None' must be the first Option given.";
+ }
+ else if (merge) { /* Only works since None may not follow any other option. */
+ return "You may not use 'Options +None' or 'Options -None'.";
+ }
opt = OPT_NONE;
+ all_none = 1;
}
else if (!strcasecmp(w, "All")) {
+ if (!first) {
+ return "'Options All' must be the first option given.";
+ }
+ else if (merge) { /* Only works since All may not follow any other option. */
+ return "You may not use 'Options +All' or 'Options -All'.";
+ }
opt = OPT_ALL;
+ all_none = 1;
}
else {
return apr_pstrcat(cmd->pool, "Illegal option ", w, NULL);
@@ -1474,6 +1496,8 @@
else {
d->opts |= opt;
}
+
+ first = 0;
}
return NULL;
Index: CHANGES
===================================================================
--- CHANGES (revision 1052524)
+++ CHANGES (working copy)
@@ -2,6 +2,9 @@
Changes with Apache 2.3.11
+ *) core: Disallow the mixing of relative and absolute Options PR 33708.
+ [Sönke Tesch <st kino-fahrplan.de>]
+
*) core: In the absence of any Options directives, the default is now
"FollowSymlinks" instead of "All". [Igor GaliÄ]
