On Sun, Jan 18, 2015 at 11:00 PM, Eric Covener <[email protected]> wrote: > On Thu, Oct 30, 2014 at 4:34 AM, <[email protected]> wrote: >> Author: jkaluza >> Date: Thu Oct 30 08:34:12 2014 >> New Revision: 1635428 >> >> URL: http://svn.apache.org/r1635428 >> Log: >> core: Do not match files when using DirectoryMatch. PR41867. >> >> >> Modified: >> httpd/httpd/trunk/include/http_core.h >> httpd/httpd/trunk/server/core.c >> httpd/httpd/trunk/server/request.c >> >> Modified: httpd/httpd/trunk/include/http_core.h >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_core.h?rev=1635428&r1=1635427&r2=1635428&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/include/http_core.h (original) >> +++ httpd/httpd/trunk/include/http_core.h Thu Oct 30 08:34:12 2014 >> @@ -619,6 +619,7 @@ typedef struct { >> >> unsigned int allow_encoded_slashes_set : 1; >> unsigned int decode_encoded_slashes_set : 1; >> + unsigned int d_is_directory : 1; >> >> /** Named back references */ >> apr_array_header_t *refs; >> >> Modified: httpd/httpd/trunk/server/core.c >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1635428&r1=1635427&r2=1635428&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/server/core.c (original) >> +++ httpd/httpd/trunk/server/core.c Thu Oct 30 08:34:12 2014 >> @@ -2224,6 +2224,7 @@ static const char *dirsection(cmd_parms >> conf->r = r; >> conf->d = cmd->path; >> conf->d_is_fnmatch = (apr_fnmatch_test(conf->d) != 0); >> + conf->d_is_directory = 1; >> >> if (r) { >> conf->refs = apr_array_make(cmd->pool, 8, sizeof(char *)); >> >> Modified: httpd/httpd/trunk/server/request.c >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/server/request.c?rev=1635428&r1=1635427&r2=1635428&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/server/request.c (original) >> +++ httpd/httpd/trunk/server/request.c Thu Oct 30 08:34:12 2014 >> @@ -1216,6 +1216,13 @@ AP_DECLARE(int) ap_directory_walk(reques >> pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t)); >> } >> >> + /* core_dir_config is Directory*, but the requested file is >> + * not a directory, so although the regexp could match, >> + * we skip it. */ >> + if (entry_core->d_is_directory && r->finfo.filetype != APR_DIR) >> { >> + continue; >> + } >> + >> if (ap_regexec(entry_core->r, r->filename, nmatch, pmatch, 0)) { >> continue; >> } >> >> >
Arg. Sorry about previous incomplete email. The new code blocks stuff like this, where "private" is in some directory in the mapped path. <DirectoryMatch private> require all denied </DirectoryMatch> The PR is only referring to (IIUC) the case where we had e.g. /private.txt mappd to the document root and the DirectoryMatch would catch it in some cases. -- Eric Covener [email protected]
