|
Lines 4563-4568
Link Here
|
| 4563 |
if (strcmp(r->handler, DAV_HANDLER_NAME) != 0) |
4563 |
if (strcmp(r->handler, DAV_HANDLER_NAME) != 0) |
| 4564 |
return DECLINED; |
4564 |
return DECLINED; |
| 4565 |
|
4565 |
|
|
|
4566 |
/* At this point, we can safely assume that mod_dav is going to handle |
| 4567 |
* this request. So we can check existence of un-escaped # by checking |
| 4568 |
* URI fragment and reject requests with un-escaped # to avoid nasty results |
| 4569 |
*/ |
| 4570 |
if(r->parsed_uri.fragment != NULL){ |
| 4571 |
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, NULL, |
| 4572 |
"Faulty client : Un-escaped '#' detected in request URI"); |
| 4573 |
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, NULL, |
| 4574 |
"Denying the request to avoid nasty results"); |
| 4575 |
return dav_error_response(r, HTTP_FORBIDDEN, "Faulty client : " |
| 4576 |
"Un-escaped hash character detected in" |
| 4577 |
"request URI"); |
| 4578 |
} |
| 4579 |
|
| 4566 |
/* ### do we need to do anything with r->proxyreq ?? */ |
4580 |
/* ### do we need to do anything with r->proxyreq ?? */ |
| 4567 |
|
4581 |
|
| 4568 |
/* |
4582 |
/* |