Commit 3da6f01b authored by Rainer Jung's avatar Rainer Jung
Browse files

mod_rewrite: When evaluating a proxy rule in directory context, 

do escape the filename by default, since mod_proxy will not
escape in that case due to the (deliberate) fixup hook ordering.
PR 46428

Backport of r757427 from trunk resp. r773351 from 2.2.x.

Submitted by: jorton/rpluem
Backported by: rjung
Reviewed by: wrowe, humbedooh


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1469721 13f79535-47bb-0310-9956-ffa450edef68
parent c564e939

CHANGES

+3 −0
Original line number Diff line number Diff line
@@ -28,6 +28,9 @@ Changes with Apache 2.0.65 
     is enabled, could allow local users to gain privileges via a .htaccess

     file. [Stefan Fritsch, Greg Ames]



  *) mod_rewrite: When evaluating a proxy rule in directory context, do

     escape the filename by default. PR 46428 [Joe Orton]



  *) Improve platform detection for bundled PCRE by updating config.guess

     and config.sub.  [Rainer Jung]

STATUS

+0 −7
Original line number Diff line number Diff line
@@ -190,13 +190,6 @@ RELEASE SHOWSTOPPERS: 
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]



  * mod_rewrite: PR 46428 - whitespace/encoding for proxied URL

    Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=757427

    2.2.x patch: http://svn.apache.org/viewvc?view=revision&revision=773351

    Backport: http://people.apache.org/~rjung/patches/pr-46428-2_0.patch

    Revert r1002110 and r1002161 in test framework, once this is fixed.

    +1: rjung, wrowe, humbedooh



  * mod_include: PR 39369 - timefmt config not working in SSI when using

    INCLUDES output filter and XBitHack On

    Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=757376

modules/mappers/mod_rewrite.c

+14 −0
Original line number Diff line number Diff line
@@ -2203,6 +2203,20 @@ static int apply_rewrite_rule(request_rec *r, rewriterule_entry *p, 
     *  ourself).

     */

    if (p->flags & RULEFLAG_PROXY) {

        /* For rules evaluated in server context, the mod_proxy fixup

         * hook can be relied upon to escape the URI as and when

         * necessary, since it occurs later.  If in directory context,

         * the ordering of the fixup hooks is forced such that

         * mod_proxy comes first, so the URI must be escaped here

         * instead.  See PR 39746, 46428, and other headaches. */

        if (perdir && (p->flags & RULEFLAG_NOESCAPE) == 0) {

            char *old_filename = r->filename;



            r->filename = ap_escape_uri(r->pool, r->filename);

            rewritelog(r, 2, "[per-dir %s] escaped URI in per-dir context "

                        "for proxy, %s -> %s", perdir, old_filename, r->filename);

        }



        fully_qualify_uri(r);

        if (perdir == NULL) {

            rewritelog(r, 2, "forcing proxy-throughput with %s", r->filename);