Note: given the role of this function in keeping requests inside the document root, I've tested this new code against the standard boundary cases like "/./../foo" and "/foo/../../bar". If anyone has specific additional test cases or points of concern, though, please let me know. Thanks, --Brian
[EMAIL PROTECTED] wrote: >brianp 01/12/02 16:49:28 > > Modified: server util.c > Log: > Optimization for ap_getparents: skip past all the leading > characters of the path that aren't '.' rather than copying > those bytes onto themselves > > Revision Changes Path > 1.118 +7 -4 httpd-2.0/server/util.c > > Index: util.c > =================================================================== > RCS file: /home/cvs/httpd-2.0/server/util.c,v > retrieving revision 1.117 > retrieving revision 1.118 > diff -u -r1.117 -r1.118 > --- util.c 2001/12/02 20:38:33 1.117 > +++ util.c 2001/12/03 00:49:28 1.118 > @@ -476,12 +476,15 @@ > */ > AP_DECLARE(void) ap_getparents(char *name) > { > - int l, w; > + char *next; > + int l, w, first_dot; > > /* Four paseses, as per RFC 1808 */ > /* a) remove ./ path segments */ > - > - for (l = 0, w = 0; name[l] != '\0';) { > + for (next = name; *next && (*next != '.'); next++) { > + } > + l = w = first_dot = next - name; > + while (name[l] != '\0') { > if (name[l] == '.' && name[l + 1] == '/' && (l == 0 || name[l - 1] == '/')) > l += 2; > else > @@ -496,7 +499,7 @@ > name[w] = '\0'; > > /* c) remove all xx/../ segments. (including leading ../ and /../) */ > - l = 0; > + l = first_dot; > > while (name[l] != '\0') { > if (name[l] == '.' && name[l + 1] == '.' && name[l + 2] == '/' && > > > >