ASF Bugzilla – Attachment 34156 Details for
Bug 60009
A local path reduced from an absolute URL that matched a virtual host is not prefixed with the DocumentRoot
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch
60009.patch (text/plain), 3.46 KB, created by
Hank Ibell
on 2016-08-16 19:26:15 UTC
(
hide
)
Description:
Proposed patch
Filename:
MIME Type:
Creator:
Hank Ibell
Created:
2016-08-16 19:26:15 UTC
Size:
3.46 KB
patch
obsolete
>Index: docs/manual/mod/mod_rewrite.xml >=================================================================== >--- docs/manual/mod/mod_rewrite.xml (revision 1754984) >+++ docs/manual/mod/mod_rewrite.xml (working copy) >@@ -272,6 +272,25 @@ > supply this extended context info. Available in 2.4.16 and later.</p> > </dd> > >+ >+ <dt><code>LegacyPrefixDocRoot</code></dt> >+ <dd> >+ >+ <p>Prior to 2.4.24, if a substitution was an absolute URL that matched >+ the current virtual host, the URL might first be reduced to a URL-path >+ and then later reduced to a local path. Since the URL can be reduced >+ to a local path, the path should be prefixed with the document root. >+ This prevents a file such as /tmp/myfile from being accessed when a >+ request is made to http://host/file/myfile with the following >+ <directive module="mod_rewrite">RewriteRule</directive>.</p> >+ <highlight language="config"> >+ RewriteRule /file/(.*) http://localhost/tmp/$1 >+ </highlight> >+ <p>This option allows the old behavior to be used where the document >+ root is not prefixed to a local path that was reduced from a >+ URL. Available in 2.4.24 and later.</p> >+ </dd> >+ > </dl> > </usage> > >Index: modules/mappers/mod_rewrite.c >=================================================================== >--- modules/mappers/mod_rewrite.c (revision 1754984) >+++ modules/mappers/mod_rewrite.c (working copy) >@@ -202,6 +202,7 @@ > #define OPTION_INHERIT_DOWN_BEFORE (1<<7) > #define OPTION_IGNORE_INHERIT (1<<8) > #define OPTION_IGNORE_CONTEXT_INFO (1<<9) >+#define OPTION_LEGACY_PREFIX_DOCROOT (1<<10) > > #ifndef RAND_MAX > #define RAND_MAX 32767 >@@ -870,8 +871,15 @@ > > /* now check whether we could reduce it to a local path... */ > if (ap_matches_request_vhost(r, host, port)) { >+ rewrite_server_conf *conf = >+ ap_get_module_config(r->server->module_config, &rewrite_module); > rewritelog((r, 3, NULL, "reduce %s -> %s", r->filename, url)); > r->filename = apr_pstrdup(r->pool, url); >+ >+ /* remember that the uri was reduced */ >+ if(!(conf->options & OPTION_LEGACY_PREFIX_DOCROOT)) { >+ apr_table_setn(r->notes, "mod_rewrite_uri_reduced", "true"); >+ } > } > } > >@@ -3026,6 +3034,9 @@ > else if (!strcasecmp(w, "ignorecontextinfo")) { > options |= OPTION_IGNORE_CONTEXT_INFO; > } >+ else if (!strcasecmp(w, "legacyprefixdocroot")) { >+ options |= OPTION_LEGACY_PREFIX_DOCROOT; >+ } > else { > return apr_pstrcat(cmd->pool, "RewriteOptions: unknown option '", > w, "'", NULL); >@@ -4793,6 +4804,7 @@ > } > else { > /* it was finally rewritten to a local path */ >+ const char *uri_reduced = NULL; > > /* expand "/~user" prefix */ > #if APR_HAS_USER >@@ -4828,7 +4840,12 @@ > * because we only do stat() on the first directory > * and this gets cached by the kernel for along time! > */ >- if (!prefix_stat(r->filename, r->pool)) { >+ >+ if(!(conf->options & OPTION_LEGACY_PREFIX_DOCROOT)) { >+ uri_reduced = apr_table_get(r->notes, "mod_rewrite_uri_reduced"); >+ } >+ >+ if (!prefix_stat(r->filename, r->pool) || uri_reduced != NULL) { > int res; > char *tmp = r->uri; >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 60009
: 34156