Re: cvs commit: httpd-2.0/server util.c
On 1 Sep 2004 15:14:33 -, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: trawick 2004/09/01 08:14:33 Modified:.CHANGES server util.c Log: Fix the handling of URIs containing %2F when AllowEncodedSlashes is enabled. Previously, such urls would still be rejected with 404. I can't see how this ever worked before :( Any comments from the crowd?
Re: cvs commit: httpd-2.0/server util.c
On Wed, 1 Sep 2004, Jeff Trawick wrote: I can't see how this ever worked before :( Any comments from the crowd? FWIW, I fised that one in the proxy context about two months ago. But I haven't looked at it in the general case. -- Nick Kew
Re: cvs commit: httpd-2.0/server util.c
On Wed, 1 Sep 2004 20:36:07 +0100 (BST), Nick Kew [EMAIL PROTECTED] wrote: On Wed, 1 Sep 2004, Jeff Trawick wrote: I can't see how this ever worked before :( Any comments from the crowd? FWIW, I fised that one in the proxy context about two months ago. But I haven't looked at it in the general case. was that this change entry? *) mod_proxy: multiple bugfixes, principally support cookies in ProxyPassReverse, and don't canonicalise URL passed to backend. Documentation correspondingly updated. [Nick Kew nick webthing.com]
Re: cvs commit: httpd-2.0/server util.c
On Wed, 1 Sep 2004, Jeff Trawick wrote: On Wed, 1 Sep 2004 20:36:07 +0100 (BST), Nick Kew [EMAIL PROTECTED] wrote: FWIW, I fised that one in the proxy context about two months ago. But I haven't looked at it in the general case. was that this change entry? *) mod_proxy: multiple bugfixes, principally support cookies in ProxyPassReverse, and don't canonicalise URL passed to backend. Documentation correspondingly updated. [Nick Kew nick webthing.com] Yes, that sounds right. Though I think the CHANGES entry may have lagged the actual update. A quick look at CVS shows a datestamp of Tue Jun 29 06:37:21 2004 UTC -- Nick Kew
cvs commit: httpd-2.0/server util.c
Note: given the role of this function in keeping requests inside the document root, I've tested this new code against the standard boundary cases like /./../foo and /foo/../../bar. If anyone has specific additional test cases or points of concern, though, please let me know. Thanks, --Brian [EMAIL PROTECTED] wrote: brianp 01/12/02 16:49:28 Modified:server util.c Log: Optimization for ap_getparents: skip past all the leading characters of the path that aren't '.' rather than copying those bytes onto themselves Revision ChangesPath 1.118 +7 -4 httpd-2.0/server/util.c Index: util.c === RCS file: /home/cvs/httpd-2.0/server/util.c,v retrieving revision 1.117 retrieving revision 1.118 diff -u -r1.117 -r1.118 --- util.c 2001/12/02 20:38:33 1.117 +++ util.c 2001/12/03 00:49:28 1.118 @@ -476,12 +476,15 @@ */ AP_DECLARE(void) ap_getparents(char *name) { -int l, w; +char *next; +int l, w, first_dot; /* Four paseses, as per RFC 1808 */ /* a) remove ./ path segments */ - -for (l = 0, w = 0; name[l] != '\0';) { +for (next = name; *next (*next != '.'); next++) { +} +l = w = first_dot = next - name; +while (name[l] != '\0') { if (name[l] == '.' name[l + 1] == '/' (l == 0 || name[l - 1] == '/')) l += 2; else @@ -496,7 +499,7 @@ name[w] = '\0'; /* c) remove all xx/../ segments. (including leading ../ and /../) */ -l = 0; +l = first_dot; while (name[l] != '\0') { if (name[l] == '.' name[l + 1] == '.' name[l + 2] == '/'