Follow up to r1879074: don't let dav_process_if_header() go above root.

author Yann Ylavic <ylavic@apache.org>

Wed, 24 Jun 2020 12:23:15 +0000 (12:23 +0000)

committer Yann Ylavic <ylavic@apache.org>

Wed, 24 Jun 2020 12:23:15 +0000 (12:23 +0000)
author Yann Ylavic <ylavic@apache.org>
Wed, 24 Jun 2020 12:23:15 +0000 (12:23 +0000)
committer Yann Ylavic <ylavic@apache.org>
Wed, 24 Jun 2020 12:23:15 +0000 (12:23 +0000)
diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c

index 8cf3fe5234ebbd4eabae591b40c5172ca5a3914e..08ebe2764e6c42b98af3c82b57d7e884b5a587da 100644 (file)
--- a/modules/dav/main/util.c
+++ b/modules/dav/main/util.c
@@ -665,6 +665,7 @@ static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih)
  
              /* clean up the URI a bit */
              if (!ap_normalize_path(parsed_uri.path,
+                                   AP_NORMALIZE_NOT_ABOVE_ROOT |
                                     AP_NORMALIZE_DECODE_UNRESERVED)) {
                  return dav_new_error(r->pool, HTTP_BAD_REQUEST,
                                       DAV_ERR_IF_TAGGED, rv,
author	Yann Ylavic <ylavic@apache.org>
	Wed, 24 Jun 2020 12:23:15 +0000 (12:23 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Wed, 24 Jun 2020 12:23:15 +0000 (12:23 +0000)