-*- coding: utf-8 -*-
Changes with Apache 2.5.1
- *) core: Allow an optional expression to be specified for an effective
- path in the DirectoryMatch and LocationMatch directives. This allows
- modules like mod_dav to map URLs to URL spaces or to directories on
- the filesystem. [Graham Leggett]
-
*) http: Enforce that fully qualified uri-paths not to be forward-proxied
have an http(s) scheme, and that the ones to be forward proxied have a
hostname, per HTTP specifications. [Ruediger Pluem, Yann Ylavic]
the corresponding <directive type="section">Directory</directive> will
be applied.</p>
- <p>Some modules require the directory-path prefix in order to do their work,
- and when a regular expression is provided the directory-path is no longer
- available. From 2.5.1 onwards, an expression can be specified in addition
- to the regular expression that resolves to the directory-path prefix. This
- can allow complex mappings from the URL space to an effective directory.
- This funcionality is identical to that provided by the
- <directive>DirectoryMatch</directive> directive below.</p>
-
- <highlight language="config">
-<Directory ~ /home/%{env:MATCH_PARTITIONNAME}/dav/ ^/dav/(?<PARTITIONNAME>[^/]+)/>
- Dav on
-</Directory>
- </highlight>
-
<p><strong>Note that the default access for
<code><Directory "/"></code> is to permit all access.
This means that Apache httpd will serve any file mapped from an URL. It is
<name>DirectoryMatch</name>
<description>Enclose directives that apply to
the contents of file-system directories matching a regular expression.</description>
-<syntax><DirectoryMatch [<var>expr</var>] <var>regex</var>>
+<syntax><DirectoryMatch <var>regex</var>>
... </DirectoryMatch></syntax>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
<highlight language="config">
<DirectoryMatch "^/var/www/combined/(?<sitename>[^/]+)">
Require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example
-</DirectoryMatch>
- </highlight>
-
- <p>Some modules require the directory-path prefix in order to do their work,
- and when a regular expression is provided the directory-path is no longer
- available. From 2.5.1 onwards, an expression can be specified in addition
- to the regular expression that resolves to the directory-path prefix. This
- can allow complex mappings from the URL space to an effective directory.</p>
-
- <highlight language="config">
-<DirectoryMatch /home/%{env:MATCH_PARTITIONNAME}/dav/ ^/dav/(?<PARTITIONNAME>[^/]+)/>
- Dav on
</DirectoryMatch>
</highlight>
</usage>
</Location>
</highlight>
- <p>Some modules require the URL-path prefix in order to do their work, and when
- a regular expression is provided the URL-path is no longer available. From
- 2.5.1 onwards, an expression can be specified in addition to the regular
- expression that resolves to the URL-path prefix. This can allow complex
- mappings from the URL space to an effective path. This funcionality is identical
- to that provided by the <directive>LocationMatch</directive> directive below.</p>
-
- <highlight language="config">
-<Location ~ /dav/%{env:MATCH_PARTITIONNAME} ^/dav/(?<PARTITIONNAME>[^/]+)/>
- Dav on
-</Location>
- </highlight>
-
<note><title>Note about / (slash)</title>
<p>The slash character has special meaning depending on where in a
URL it appears. People may be used to its behavior in the filesystem
<description>Applies the enclosed directives only to regular-expression
matching URLs</description>
<syntax><LocationMatch
- [<var>expr</var>] <var>regex</var>> ... </LocationMatch></syntax>
+ <var>regex</var>> ... </LocationMatch></syntax>
<contextlist><context>server config</context><context>virtual host</context>
</contextlist>
</LocationMatch>
</highlight>
- <p>Some modules require the URL-path prefix in order to do their work, and when
- a regular expression is provided the URL-path is no longer available. From
- 2.5.1 onwards, an expression can be specified in addition to the regular
- expression that resolves to the URL-path prefix. This can allow complex
- mappings from the URL space to an effective path.</p>
-
- <highlight language="config">
-<LocationMatch /dav/%{env:MATCH_PARTITIONNAME} ^/dav/(?<PARTITIONNAME>[^/]+)/>
- Dav on
-</LocationMatch>
- </highlight>
-
<note><title>Note about / (slash)</title>
<p>The slash character has special meaning depending on where in a
URL it appears. People may be used to its behavior in the filesystem
const char *dir;
int locktimeout;
int allow_depthinfinity;
- const ap_expr_info_t *dir_expr;
} dav_dir_conf;
newconf->dir = DAV_INHERIT_VALUE(parent, child, dir);
newconf->allow_depthinfinity = DAV_INHERIT_VALUE(parent, child,
allow_depthinfinity);
- newconf->dir_expr = DAV_INHERIT_VALUE(parent, child, dir_expr);
return newconf;
}
}
}
- if (!conf->dir_expr) {
- const char *expr_err = NULL;
-
- conf->dir_expr = ap_expr_parse_cmd(cmd, conf->dir, AP_EXPR_FLAG_STRING_RESULT,
- &expr_err, NULL);
- if (expr_err) {
- return apr_pstrcat(cmd->temp_pool,
- "Cannot parse Directory/Location expression '", conf->dir, "': ",
- expr_err, NULL);
- }
- }
-
return NULL;
}
return -1;
}
-static int uripath_is_canonical(const char *uripath)
-{
- const char *dot_pos, *ptr = uripath;
- apr_size_t i, len;
- unsigned pattern = 0;
-
- /* URIPATH is canonical if it has:
- * - no '.' segments
- * - no closing '/'
- * - no '//'
- */
-
- if (ptr[0] == '.'
- && (ptr[1] == '/' || ptr[1] == '\0'
- || (ptr[1] == '.' && (ptr[2] == '/' || ptr[2] == '\0')))) {
- return 0;
- }
-
- /* valid special cases */
- len = strlen(ptr);
- if (len < 2) {
- return 1;
- }
-
- /* invalid endings */
- if (ptr[len - 1] == '/' || (ptr[len - 1] == '.' && ptr[len - 2] == '/')) {
- return 0;
- }
-
- /* '.' are rare. So, search for them globally. There will often be no
- * more than one hit. Also note that we already checked for invalid
- * starts and endings, i.e. we only need to check for "/./"
- */
- for (dot_pos = memchr(ptr, '.', len); dot_pos;
- dot_pos = ap_strchr_c(dot_pos + 1, '.')) {
- if (dot_pos > ptr && dot_pos[-1] == '/' && dot_pos[1] == '/') {
- return 0;
- }
- }
-
- /* Now validate the rest of the path. */
- for (i = 0; i < len - 1; ++i) {
- pattern = ((pattern & 0xff) << 8) + (unsigned char) ptr[i];
- if (pattern == 0x101 * (unsigned char) ('/')) {
- return 0;
- }
- }
-
- return 1;
-}
-
/* resolve a request URI to a resource descriptor.
*
* If label_allowed != 0, then allow the request target to be altered by
{
dav_dir_conf *conf;
const char *label = NULL;
- const char *dir;
dav_error *err;
/* if the request target can be overridden, get any target selector */
ap_escape_html(r->pool, r->uri)));
}
- if (conf->dir_expr) {
- const char *err = NULL;
-
- dir = ap_expr_str_exec(r, conf->dir_expr, &err);
- if (err) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10367)
- "Director/Location expression '%s' could not be parsed: %s", conf->dir, err);
- return dav_new_error(r->pool, HTTP_INTERNAL_SERVER_ERROR, 0, 0,
- apr_psprintf(r->pool,
- "Directory/Location expression could not be parsed: %s", err));
- }
-
- /* safety check - is our path canonical? */
- if (!uripath_is_canonical(dir)) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10368)
- "Directory/Location is not canonical ('.', '..' and '//' not allowed): %s", dir);
- return dav_new_error(r->pool, HTTP_BAD_REQUEST, 0, 0,
- apr_psprintf(r->pool, "Directory/Location is not canonical for: %s",
- ap_escape_html(r->pool, r->uri)));
- }
-
- }
- else {
- dir = conf->dir;
- }
-
/* resolve the resource */
- err = (*conf->provider->repos->get_resource)(r, dir, label, use_checked_in,
+ err = (*conf->provider->repos->get_resource)(r, conf->dir,
+ label, use_checked_in,
res_p);
if (err != NULL) {
err = dav_push_error(r->pool, err->status, 0,
char *old_path = cmd->path;
core_dir_config *conf;
ap_conf_vector_t *new_dir_conf = ap_create_per_dir_config(cmd->pool);
- const char *regex;
ap_regex_t *r = NULL;
const command_rec *thiscmd = cmd->cmd;
if (!strcmp(cmd->path, "~")) {
cmd->path = ap_getword_conf(cmd->pool, &arg);
- if (!*cmd->path) {
- return "<Directory ~ > block must specify a regex";
- }
- regex = ap_getword_conf(cmd->pool, &arg);
- r = ap_pregcomp(cmd->pool, *regex ? regex : cmd->path,
- AP_REG_EXTENDED | USE_ICASE);
+ if (!cmd->path)
+ return "<Directory ~ > block must specify a path";
+ r = ap_pregcomp(cmd->pool, cmd->path, AP_REG_EXTENDED|USE_ICASE);
if (!r) {
return "Regex could not be compiled";
}
}
else if (thiscmd->cmd_data) { /* <DirectoryMatch> */
- regex = ap_getword_conf(cmd->pool, &arg);
- r = ap_pregcomp(cmd->pool, *regex ? regex : cmd->path,
- AP_REG_EXTENDED | USE_ICASE);
+ r = ap_pregcomp(cmd->pool, cmd->path, AP_REG_EXTENDED|USE_ICASE);
if (!r) {
return "Regex could not be compiled";
}
ap_add_per_dir_conf(cmd->server, new_dir_conf);
if (*arg != '\0') {
- return apr_pstrcat(cmd->pool, "Additional ", thiscmd->name,
- "> arguments not (yet) supported: ", arg, NULL);
+ return apr_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
+ "> arguments not (yet) supported.", NULL);
}
cmd->path = old_path;
int old_overrides = cmd->override;
char *old_path = cmd->path;
core_dir_config *conf;
- const char *regex;
ap_regex_t *r = NULL;
const command_rec *thiscmd = cmd->cmd;
ap_conf_vector_t *new_url_conf = ap_create_per_dir_config(cmd->pool);
cmd->override = OR_ALL|ACCESS_CONF;
if (thiscmd->cmd_data) { /* <LocationMatch> */
- regex = ap_getword_conf(cmd->pool, &arg);
- r = ap_pregcomp(cmd->pool, *regex ? regex : cmd->path,
- AP_REG_EXTENDED);
+ r = ap_pregcomp(cmd->pool, cmd->path, AP_REG_EXTENDED);
if (!r) {
return "Regex could not be compiled";
}
}
else if (!strcmp(cmd->path, "~")) {
cmd->path = ap_getword_conf(cmd->pool, &arg);
- if (!*cmd->path) {
- return "<Location ~ > block must specify a regex";
- }
- regex = ap_getword_conf(cmd->pool, &arg);
- r = ap_pregcomp(cmd->pool, *regex ? regex : cmd->path,
- AP_REG_EXTENDED);
+ r = ap_pregcomp(cmd->pool, cmd->path, AP_REG_EXTENDED);
if (!r) {
return "Regex could not be compiled";
}
ap_add_per_url_conf(cmd->server, new_url_conf);
if (*arg != '\0') {
- return apr_pstrcat(cmd->pool, "Additional ", thiscmd->name,
- "> arguments not (yet) supported: ", arg, NULL);
+ return apr_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
+ "> arguments not (yet) supported.", NULL);
}
cmd->path = old_path;
int old_overrides = cmd->override;
char *old_path = cmd->path;
core_dir_config *conf;
- const char *regex;
ap_regex_t *r = NULL;
const command_rec *thiscmd = cmd->cmd;
ap_conf_vector_t *new_file_conf = ap_create_per_dir_config(cmd->pool);
}
if (thiscmd->cmd_data) { /* <FilesMatch> */
- regex = ap_getword_conf(cmd->pool, &arg);
- r = ap_pregcomp(cmd->pool, *regex ? regex : cmd->path,
- AP_REG_EXTENDED | USE_ICASE);
+ r = ap_pregcomp(cmd->pool, cmd->path, AP_REG_EXTENDED|USE_ICASE);
if (!r) {
return "Regex could not be compiled";
}
}
else if (!strcmp(cmd->path, "~")) {
cmd->path = ap_getword_conf(cmd->pool, &arg);
- regex = ap_getword_conf(cmd->pool, &arg);
- r = ap_pregcomp(cmd->pool, *regex ? regex : cmd->path,
- AP_REG_EXTENDED | USE_ICASE);
+ r = ap_pregcomp(cmd->pool, cmd->path, AP_REG_EXTENDED|USE_ICASE);
if (!r) {
return "Regex could not be compiled";
}
ap_add_file_conf(cmd->pool, (core_dir_config *)mconfig, new_file_conf);
if (*arg != '\0') {
- return apr_pstrcat(cmd->pool, "Additional ", thiscmd->name,
- "> arguments not (yet) supported: ", arg, NULL);
+ return apr_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
+ "> arguments not (yet) supported.", NULL);
}
cmd->path = old_path;
return errmsg;
if (*arg != '\0') {
- return apr_pstrcat(cmd->pool, "Additional ", thiscmd->name,
- "> arguments not supported: ", arg, NULL);
+ return apr_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
+ "> arguments not supported.", NULL);
}
cmd->path = old_path;
projects / thirdparty / apache / httpd.git / commitdiff
