Commit ae0b5278 authored by Cliff Woolley's avatar Cliff Woolley
Browse files

The consensus now is that mod_include should just butt out of any decisions 

about what to do with different request methods.  It's true that mod_include
in 1.3.x did not allow POST, but back then it was a handler.  Now it's a
filter and can be used to filter the output of dynamically generated responses,
even ones resulting from a POST request.  So if mod_include is in the filter
stack, it should just blindly parse the brigade regardless of request method.

This still fixes the security problem, it just fixes it by being more flexible
rather than less so.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90728 13f79535-47bb-0310-9956-ffa450edef68
parent 2c87dbc7

CHANGES

+4 −0
Original line number Diff line number Diff line
@@ -16,6 +16,10 @@ Changes with Apache 2.0.25-dev 
     only runs against real <Directory > blocks.

     [William Rowe]



  *) Fix a security problem in mod_include which would allow

     an SSI document to be passed to the client unparsed.

     [Cliff Woolley, Brian Pane]



  *) Introduce the map_to_storage hook, which allows modules to bypass

     the directory_walk and file_walk for non-file requests.  TRACE

     shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the

modules/filters/mod_include.c

+0 −12
Original line number Diff line number Diff line
@@ -2728,18 +2728,6 @@ static apr_status_t includes_filter(ap_filter_t *f, apr_bucket_brigade *b) 
    if (!(ap_allow_options(r) & OPT_INCLUDES)) {

        return ap_pass_brigade(f->next, b);

    }

    if (r->method_number != M_GET) {

        ap_allow_methods(r, REPLACE_ALLOW, "GET", "OPTIONS", NULL);

        if (r->method_number == M_OPTIONS) {

            /* it's too late to set the Allow header the "right way" */

            apr_table_setn(r->headers_out, "Allow",

                           "GET, HEAD, OPTIONS, TRACE");

            return ap_pass_brigade(f->next, b);

        }

        r->status = HTTP_METHOD_NOT_ALLOWED;

        ap_send_error_response(r, 0);

        return APR_SUCCESS;

    }



    if (!f->ctx) {

        f->ctx    = ctx      = apr_pcalloc(f->c->pool, sizeof(*ctx));