Summary: | mod_dav: PROPFIND walker doesn't encode hrefs properly. | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Ben Reser <ben> |
Component: | mod_dav | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jun66j5 |
Priority: | P2 | ||
Version: | 2.4.9 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: |
potential patch
potential patch version 4 |
Description
Ben Reser
2014-05-01 20:44:00 UTC
Created attachment 31602 [details] potential patch The following patch should fix it. I'm still working on making sure there isn't some additional side-effects from it. Posting it here in case some finds it useful in the interim. [[[ Fix PR 56480: PROPFIND walker doesn't encode hrefs properly Reverts r1529559 partially (specifically the dav_xml_escape_uri) bit. Reverts r1531505 entirely. * modules/dav/main/mod_dav.c (dav_xml_escape_uri): Revert the piece of r1529559 that removes the URI escaping from this function. * modules/dav/main/mod_dav.h (dav_resource): Note the inconsistency in the documentation. * modules/dav/fs/repos.c (dav_fs_get_resource): Don't use the unparsed_uri to set the uri field of the resource. This is the correct fix for the double encoding in mod_dav_fs that led to the dav_xml_escape_uri() change and r1531505. (dav_fs_walker, dav_fs_append_uri): Revert r1531505 changes. ]]] Created attachment 31705 [details] potential patch version 4 Improved patch that fixes something I found in the process of writing a test suite for mod_dav_fs to validate the previous fix. [[[ Fix PR 56480: PROPFIND walker doesn't encode hrefs properly Reverts r1529559 partially (specifically the dav_xml_escape_uri) bit. Reverts r1531505 entirely. * modules/dav/main/mod_dav.c (dav_xml_escape_uri): Revert the piece of r1529559 that removes the URI escaping from this function. * modules/dav/main/props.c (dav_do_prop_subreq): Escape the URI before doing a sub request with it. This resolves some properties like getcontenttype from failing to be returned for files that contain characters that require encoding in their path. * modules/dav/main/mod_dav.h (dav_resource): Note the inconsistency in the documentation. * modules/dav/fs/repos.c (dav_fs_get_resource): Don't use the unparsed_uri to set the uri field of the resource. This is the correct fix for the double encoding in mod_dav_fs that led to the dav_xml_escape_uri() change and r1531505. (dav_fs_walker, dav_fs_append_uri): Revert r1531505 changes. ]]] Fixed and released in 2.4.10 |