|
Lines 145-150
Link Here
|
| 145 |
#define RULEFLAG_NOESCAPE 1<<11 |
145 |
#define RULEFLAG_NOESCAPE 1<<11 |
| 146 |
#define RULEFLAG_NOSUB 1<<12 |
146 |
#define RULEFLAG_NOSUB 1<<12 |
| 147 |
#define RULEFLAG_STATUS 1<<13 |
147 |
#define RULEFLAG_STATUS 1<<13 |
|
|
148 |
#define RULEFLAG_ESCAPEBACKREF 1<<14 |
| 148 |
|
149 |
|
| 149 |
/* return code of the rewrite rule |
150 |
/* return code of the rewrite rule |
| 150 |
* the result may be escaped - or not |
151 |
* the result may be escaped - or not |
|
Lines 376-381
Link Here
|
| 376 |
/* Optional functions imported from mod_ssl when loaded: */ |
377 |
/* Optional functions imported from mod_ssl when loaded: */ |
| 377 |
static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL; |
378 |
static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL; |
| 378 |
static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL; |
379 |
static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL; |
|
|
380 |
static char *escape_uri(apr_pool_t *p, const char *path); |
| 379 |
|
381 |
|
| 380 |
/* |
382 |
/* |
| 381 |
* +-------------------------------------------------------+ |
383 |
* +-------------------------------------------------------+ |
|
Lines 624-629
Link Here
|
| 624 |
return 0; |
626 |
return 0; |
| 625 |
} |
627 |
} |
| 626 |
|
628 |
|
|
|
629 |
static const char c2x_table[] = "0123456789abcdef"; |
| 630 |
|
| 631 |
static APR_INLINE unsigned char *c2x(unsigned what, unsigned char prefix, |
| 632 |
unsigned char *where) |
| 633 |
{ |
| 634 |
#if APR_CHARSET_EBCDIC |
| 635 |
what = apr_xlate_conv_byte(ap_hdrs_to_ascii, (unsigned char)what); |
| 636 |
#endif /*APR_CHARSET_EBCDIC*/ |
| 637 |
*where++ = prefix; |
| 638 |
*where++ = c2x_table[what >> 4]; |
| 639 |
*where++ = c2x_table[what & 0xf]; |
| 640 |
return where; |
| 641 |
} |
| 642 |
|
| 643 |
/* |
| 644 |
* Escapes a uri in a similar way as php's urlencode does. |
| 645 |
* Based on ap_os_escape_path in server/util.c |
| 646 |
*/ |
| 647 |
static char *escape_uri(apr_pool_t *p, const char *path) { |
| 648 |
char *copy = apr_palloc(p, 3 * strlen(path) + 3); |
| 649 |
const unsigned char *s = (const unsigned char *)path; |
| 650 |
unsigned char *d = (unsigned char *)copy; |
| 651 |
unsigned c; |
| 652 |
|
| 653 |
while ((c = *s)) { |
| 654 |
if (apr_isalnum(c) || c == '_') { |
| 655 |
*d++ = c; |
| 656 |
} |
| 657 |
else if (c == ' ') { |
| 658 |
*d++ = '+'; |
| 659 |
} |
| 660 |
else { |
| 661 |
d = c2x(c, '%', d); |
| 662 |
} |
| 663 |
++s; |
| 664 |
} |
| 665 |
*d = '\0'; |
| 666 |
return copy; |
| 667 |
} |
| 668 |
|
| 627 |
/* |
669 |
/* |
| 628 |
* escape absolute uri, which may or may not be path oriented. |
670 |
* escape absolute uri, which may or may not be path oriented. |
| 629 |
* So let's handle them differently. |
671 |
* So let's handle them differently. |
|
Lines 2083-2089
Link Here
|
| 2083 |
* are interpreted by a later expansion, producing results that |
2125 |
* are interpreted by a later expansion, producing results that |
| 2084 |
* were not intended by the administrator. |
2126 |
* were not intended by the administrator. |
| 2085 |
*/ |
2127 |
*/ |
| 2086 |
static char *do_expand(char *input, rewrite_ctx *ctx) |
2128 |
static char *do_expand(char *input, rewrite_ctx *ctx, rewriterule_entry *entry) |
| 2087 |
{ |
2129 |
{ |
| 2088 |
result_list *result, *current; |
2130 |
result_list *result, *current; |
| 2089 |
result_list sresult[SMALL_EXPANSION]; |
2131 |
result_list sresult[SMALL_EXPANSION]; |
|
Lines 2195-2204
Link Here
|
| 2195 |
} |
2237 |
} |
| 2196 |
|
2238 |
|
| 2197 |
/* reuse of key variable as result */ |
2239 |
/* reuse of key variable as result */ |
| 2198 |
key = lookup_map(ctx->r, map, do_expand(key, ctx)); |
2240 |
key = lookup_map(ctx->r, map, do_expand(key, ctx, entry)); |
| 2199 |
|
2241 |
|
| 2200 |
if (!key && dflt && *dflt) { |
2242 |
if (!key && dflt && *dflt) { |
| 2201 |
key = do_expand(dflt, ctx); |
2243 |
key = do_expand(dflt, ctx, entry); |
| 2202 |
} |
2244 |
} |
| 2203 |
|
2245 |
|
| 2204 |
if (key) { |
2246 |
if (key) { |
|
Lines 2222-2230
Link Here
|
| 2222 |
if (bri->source && n < AP_MAX_REG_MATCH |
2264 |
if (bri->source && n < AP_MAX_REG_MATCH |
| 2223 |
&& bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) { |
2265 |
&& bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) { |
| 2224 |
span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so; |
2266 |
span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so; |
| 2225 |
|
2267 |
if (entry && (entry->flags & RULEFLAG_ESCAPEBACKREF)) { |
| 2226 |
current->len = span; |
2268 |
/* escape the backreference */ |
| 2227 |
current->string = bri->source + bri->regmatch[n].rm_so; |
2269 |
char *tmp2, *tmp; |
|
|
2270 |
tmp = apr_palloc(pool, span + 1); |
| 2271 |
strncpy(tmp, bri->source + bri->regmatch[n].rm_so, span); |
| 2272 |
tmp[span] = '\0'; |
| 2273 |
tmp2 = escape_uri(pool, tmp); |
| 2274 |
rewritelog((ctx->r, 5, ctx->perdir, "escaping backreference '%s' to '%s'", |
| 2275 |
tmp, tmp2)); |
| 2276 |
|
| 2277 |
current->len = span = strlen(tmp2); |
| 2278 |
current->string = tmp2; |
| 2279 |
} else { |
| 2280 |
current->len = span; |
| 2281 |
current->string = bri->source + bri->regmatch[n].rm_so; |
| 2282 |
} |
| 2283 |
|
| 2228 |
outlen += span; |
2284 |
outlen += span; |
| 2229 |
} |
2285 |
} |
| 2230 |
|
2286 |
|
|
Lines 2284-2290
Link Here
|
| 2284 |
char *name, *val; |
2340 |
char *name, *val; |
| 2285 |
|
2341 |
|
| 2286 |
while (env) { |
2342 |
while (env) { |
| 2287 |
name = do_expand(env->data, ctx); |
2343 |
name = do_expand(env->data, ctx, NULL); |
| 2288 |
if ((val = ap_strchr(name, ':')) != NULL) { |
2344 |
if ((val = ap_strchr(name, ':')) != NULL) { |
| 2289 |
*val++ = '\0'; |
2345 |
*val++ = '\0'; |
| 2290 |
|
2346 |
|
|
Lines 2373-2379
Link Here
|
| 2373 |
static void do_expand_cookie(data_item *cookie, rewrite_ctx *ctx) |
2429 |
static void do_expand_cookie(data_item *cookie, rewrite_ctx *ctx) |
| 2374 |
{ |
2430 |
{ |
| 2375 |
while (cookie) { |
2431 |
while (cookie) { |
| 2376 |
add_cookie(ctx->r, do_expand(cookie->data, ctx)); |
2432 |
add_cookie(ctx->r, do_expand(cookie->data, ctx, NULL)); |
| 2377 |
cookie = cookie->next; |
2433 |
cookie = cookie->next; |
| 2378 |
} |
2434 |
} |
| 2379 |
|
2435 |
|
|
Lines 3153-3158
Link Here
|
| 3153 |
int error = 0; |
3209 |
int error = 0; |
| 3154 |
|
3210 |
|
| 3155 |
switch (*key++) { |
3211 |
switch (*key++) { |
|
|
3212 |
case 'b': |
| 3213 |
case 'B': |
| 3214 |
if (!*key || !strcasecmp(key, "ackrefescaping")) { |
| 3215 |
cfg->flags |= RULEFLAG_ESCAPEBACKREF; |
| 3216 |
} |
| 3217 |
else { |
| 3218 |
++error; |
| 3219 |
} |
| 3220 |
break; |
| 3156 |
case 'c': |
3221 |
case 'c': |
| 3157 |
case 'C': |
3222 |
case 'C': |
| 3158 |
if (!*key || !strcasecmp(key, "hain")) { /* chain */ |
3223 |
if (!*key || !strcasecmp(key, "hain")) { /* chain */ |
|
Lines 3354-3360
Link Here
|
| 3354 |
++error; |
3419 |
++error; |
| 3355 |
} |
3420 |
} |
| 3356 |
break; |
3421 |
break; |
| 3357 |
|
|
|
| 3358 |
default: |
3422 |
default: |
| 3359 |
++error; |
3423 |
++error; |
| 3360 |
break; |
3424 |
break; |
|
Lines 3490-3496
Link Here
|
| 3490 |
*/ |
3554 |
*/ |
| 3491 |
static int apply_rewrite_cond(rewritecond_entry *p, rewrite_ctx *ctx) |
3555 |
static int apply_rewrite_cond(rewritecond_entry *p, rewrite_ctx *ctx) |
| 3492 |
{ |
3556 |
{ |
| 3493 |
char *input = do_expand(p->input, ctx); |
3557 |
char *input = do_expand(p->input, ctx, NULL); |
| 3494 |
apr_finfo_t sb; |
3558 |
apr_finfo_t sb; |
| 3495 |
request_rec *rsub, *r = ctx->r; |
3559 |
request_rec *rsub, *r = ctx->r; |
| 3496 |
ap_regmatch_t regmatch[AP_MAX_REG_MATCH]; |
3560 |
ap_regmatch_t regmatch[AP_MAX_REG_MATCH]; |
|
Lines 3613-3619
Link Here
|
| 3613 |
char *expanded; |
3677 |
char *expanded; |
| 3614 |
|
3678 |
|
| 3615 |
if (p->forced_mimetype) { |
3679 |
if (p->forced_mimetype) { |
| 3616 |
expanded = do_expand(p->forced_mimetype, ctx); |
3680 |
expanded = do_expand(p->forced_mimetype, ctx, p); |
| 3617 |
|
3681 |
|
| 3618 |
if (*expanded) { |
3682 |
if (*expanded) { |
| 3619 |
ap_str_tolower(expanded); |
3683 |
ap_str_tolower(expanded); |
|
Lines 3627-3633
Link Here
|
| 3627 |
} |
3691 |
} |
| 3628 |
|
3692 |
|
| 3629 |
if (p->forced_handler) { |
3693 |
if (p->forced_handler) { |
| 3630 |
expanded = do_expand(p->forced_handler, ctx); |
3694 |
expanded = do_expand(p->forced_handler, ctx, p); |
| 3631 |
|
3695 |
|
| 3632 |
if (*expanded) { |
3696 |
if (*expanded) { |
| 3633 |
ap_str_tolower(expanded); |
3697 |
ap_str_tolower(expanded); |
|
Lines 3759-3765
Link Here
|
| 3759 |
|
3823 |
|
| 3760 |
/* expand the result */ |
3824 |
/* expand the result */ |
| 3761 |
if (!(p->flags & RULEFLAG_NOSUB)) { |
3825 |
if (!(p->flags & RULEFLAG_NOSUB)) { |
| 3762 |
newuri = do_expand(p->output, ctx); |
3826 |
newuri = do_expand(p->output, ctx, p); |
| 3763 |
rewritelog((r, 2, ctx->perdir, "rewrite '%s' -> '%s'", ctx->uri, |
3827 |
rewritelog((r, 2, ctx->perdir, "rewrite '%s' -> '%s'", ctx->uri, |
| 3764 |
newuri)); |
3828 |
newuri)); |
| 3765 |
} |
3829 |
} |