On Wed, Oct 11, 2017 at 11:02 PM, Yann Ylavic <ylavic....@gmail.com> wrote: > On Wed, Oct 11, 2017 at 10:49 PM, Yann Ylavic <ylavic....@gmail.com> wrote: >> On Wed, Oct 11, 2017 at 10:38 PM, Yann Ylavic <ylavic....@gmail.com> wrote: >>> >>> Thus, how about if there, for 2.4.x only (i.e. backport patch), we'd >>> instead check for: >>>> + || (((forbidden & NOT_IN_PROXY) >>>> + || (forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE >>>> + || (forbidden & GLOBAL_ONLY) == GLOBAL_ONLY) >>>> + && ((found = ...) >>>> + || ...))) >>> ? >> >> Looks like there are other usages of NOT_IN_DIR_LOC_FILE we should >> hack in ap_check_cmd_context() too, but you probably see the idea... > > Actually, I think the correct fix, even for 2.5/trunk, is something > for the attached patch. > WDYT?
Sorry, spoke^R patched too soon, this v2 is more correct I guess.
Index: include/http_config.h =================================================================== --- include/http_config.h (revision 1811703) +++ include/http_config.h (working copy) @@ -950,10 +950,12 @@ AP_DECLARE(const char *) ap_check_cmd_context(cmd_ #define NOT_IN_FILES 0x10 /**< Forbidden in <Files> or <If>*/ #define NOT_IN_HTACCESS 0x20 /**< Forbidden in .htaccess files */ #define NOT_IN_PROXY 0x40 /**< Forbidden in <Proxy> */ +/** Forbidden in <Directory>/<Location>/<Files><If>*/ +#define NOT_IN_DIR_LOC_FILE (NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES) /** Forbidden in <Directory>/<Location>/<Files><If><Proxy>*/ -#define NOT_IN_DIR_LOC_FILE (NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES|NOT_IN_PROXY) +#define NOT_IN_DIR_LOC_FILE_PROXY (NOT_IN_DIR_LOC_FILE|NOT_IN_PROXY) /** Forbidden in <VirtualHost>/<Limit>/<Directory>/<Location>/<Files>/<If><Proxy>*/ -#define GLOBAL_ONLY (NOT_IN_VIRTUALHOST|NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE) +#define GLOBAL_ONLY (NOT_IN_VIRTUALHOST|NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE_PROXY) /** @} */ Index: server/core.c =================================================================== --- server/core.c (revision 1811703) +++ server/core.c (working copy) @@ -1323,7 +1323,9 @@ AP_DECLARE(const char *) ap_check_cmd_context(cmd_ || (found = find_parent(cmd->directive, "<If")) || (found = find_parent(cmd->directive, "<ElseIf")) || (found = find_parent(cmd->directive, "<Else")))) - || ((forbidden & NOT_IN_PROXY) + || (((forbidden & NOT_IN_PROXY) + || (forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE + || (forbidden & GLOBAL_ONLY) == (GLOBAL_ONLY & ~NOT_IN_PROXY)) && ((found = find_parent(cmd->directive, "<Proxy")) || (found = find_parent(cmd->directive, "<ProxyMatch"))))) { return apr_pstrcat(cmd->pool, cmd->cmd->name, gt,