(4f4c4c20) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

Commit 4f4c4c20 authored Aug 31, 2001 by William A. Rowe Jr

Can it be this simple? No, probably not, but this fast-hack will get
us going again for a while.

We are currently rejecting some internal file_sub_req()'s in the
translate phase. I don't like this hack because of risks it potentially
exposes, but for today, if we have a filename - and we are a subrequest,
then let it fly without further mapping. This allows us to serve up
the default "/" request (run through mod_dir->mod_negotiation->mod_mime)
without a 400 error. The right solution is to set up some traps and
escapes for the subreq mechanism, possibly with a subreq translate hook,
and drop the URI entirely for these cases.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90847 13f79535-47bb-0310-9956-ffa450edef68

parent 56067b97

server/core.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -2867,13 +2867,19 @@ AP_DECLARE_NONSTD(int) ap_core_translate(request_rec *r)
		void *sconf = r->server->module_config;
		core_server_config *conf = ap_get_module_config(sconf, &core_module);

		/* XXX We have already been here, or another module did the work
		* for us. At this moment, we will enable only file subrequests.
		*/
		if (r->main && r->filename)
		return OK;

		/* XXX this seems too specific, this should probably become
		* some general-case test
		*/
		if (r->proxyreq) {
		return HTTP_FORBIDDEN;
		}
		if ((r->uri[0] != '/') && strcmp(r->uri, "*")) {
		if (!r->uri \|\| ((r->uri[0] != '/') && strcmp(r->uri, "*"))) {
		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO\|APLOG_ERR, 0, r,
		"Invalid URI in request %s", r->the_request);
		return HTTP_BAD_REQUEST;