On Sat, 24 Oct 2009, Ruediger Pluem wrote:
Author: sf
Date: Sat Oct 24 13:29:03 2009
New Revision: 829362
URL: http://svn.apache.org/viewvc?rev=829362&view=rev
Log:
Only allow parens in filename if cachesize is given. Return error otherwise
to catch missing parens.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
Modified: httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c?rev=829362&r1=829361&r2=829362&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c (original)
+++ httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c Sat Oct 24 13:29:03 2009
@@ -280,11 +280,20 @@
cp = strrchr(path, '(');
cp2 = path + strlen(path) - 1;
- if (cp && (*cp2 == ')')) {
+ if (cp) {
+ char *endptr;
+ if (*cp2 != ')') {
+ return "Invalid argument: no closing parenthesis or cache size "
+ "missing after pathname with parenthesis";
+ }
Doesn't this bring us back to the start where filenames with ( ) are not
allowed?
Now we consistently allow ( ) in the file name if the cache size is given
at the end. Before my changes, we never allowed ( ) in the file name,
even if there was an additional (NUMBERS) at the end.
So somehere/some(parens)path is now forbidden. Why?
I would say that only the following patterns should be invalid:
somehere/some(NONUMBERS
somehere/some(NONUMBERS)
somehere/some(NUMBERS
everything else should be allowed and if we do end the string with (NUMBERS)
it should be assumed that no cache size was given
You mean "unless we do end the string with (NUMBERS)"?
I think the two variants I proposed are more predictable. Either allow
everything (which has the disadvantage that typos are not caught) or don't
allow parens in the path at all unless we also have a cache size.
But I don't really mind that much. If you think your variant is better,
I am fine with that, too.
Stefan
