Re: cvs commit: httpd-2.0/server util.c
On 1 Sep 2004 15:14:33 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: trawick 2004/09/01 08:14:33 Modified:.CHANGES server util.c Log: Fix the handling of URIs containing %2F when AllowEncodedSlashes is enabled. Previously, such urls would still be rejected with 404. I can't see how this ever worked before :( Any comments from the crowd?
Re: cvs commit: httpd-2.0/server util.c
On Wed, 1 Sep 2004, Jeff Trawick wrote: I can't see how this ever worked before :( Any comments from the crowd? FWIW, I fised that one in the proxy context about two months ago. But I haven't looked at it in the general case. -- Nick Kew
Re: cvs commit: httpd-2.0/server util.c
On Wed, 1 Sep 2004 20:36:07 +0100 (BST), Nick Kew [EMAIL PROTECTED] wrote: On Wed, 1 Sep 2004, Jeff Trawick wrote: I can't see how this ever worked before :( Any comments from the crowd? FWIW, I fised that one in the proxy context about two months ago. But I haven't looked at it in the general case. was that this change entry? *) mod_proxy: multiple bugfixes, principally support cookies in ProxyPassReverse, and don't canonicalise URL passed to backend. Documentation correspondingly updated. [Nick Kew nick webthing.com]
Re: cvs commit: httpd-2.0/server util.c
On Wed, 1 Sep 2004, Jeff Trawick wrote: On Wed, 1 Sep 2004 20:36:07 +0100 (BST), Nick Kew [EMAIL PROTECTED] wrote: FWIW, I fised that one in the proxy context about two months ago. But I haven't looked at it in the general case. was that this change entry? *) mod_proxy: multiple bugfixes, principally support cookies in ProxyPassReverse, and don't canonicalise URL passed to backend. Documentation correspondingly updated. [Nick Kew nick webthing.com] Yes, that sounds right. Though I think the CHANGES entry may have lagged the actual update. A quick look at CVS shows a datestamp of Tue Jun 29 06:37:21 2004 UTC -- Nick Kew
cvs commit: httpd-2.0/server util.c
Note: given the role of this function in keeping requests inside the
document root, I've tested this new code against the standard boundary
cases like /./../foo and /foo/../../bar. If anyone has specific
additional test cases or points of concern, though, please let me know.
Thanks,
--Brian
[EMAIL PROTECTED] wrote:
brianp 01/12/02 16:49:28
Modified:server util.c
Log:
Optimization for ap_getparents: skip past all the leading
characters of the path that aren't '.' rather than copying
those bytes onto themselves
Revision ChangesPath
1.118 +7 -4 httpd-2.0/server/util.c
Index: util.c
===
RCS file: /home/cvs/httpd-2.0/server/util.c,v
retrieving revision 1.117
retrieving revision 1.118
diff -u -r1.117 -r1.118
--- util.c 2001/12/02 20:38:33 1.117
+++ util.c 2001/12/03 00:49:28 1.118
@@ -476,12 +476,15 @@
*/
AP_DECLARE(void) ap_getparents(char *name)
{
-int l, w;
+char *next;
+int l, w, first_dot;
/* Four paseses, as per RFC 1808 */
/* a) remove ./ path segments */
-
-for (l = 0, w = 0; name[l] != '\0';) {
+for (next = name; *next (*next != '.'); next++) {
+}
+l = w = first_dot = next - name;
+while (name[l] != '\0') {
if (name[l] == '.' name[l + 1] == '/' (l == 0 || name[l - 1] == '/'))
l += 2;
else
@@ -496,7 +499,7 @@
name[w] = '\0';
/* c) remove all xx/../ segments. (including leading ../ and /../) */
-l = 0;
+l = first_dot;
while (name[l] != '\0') {
if (name[l] == '.' name[l + 1] == '.' name[l + 2] == '/'
