From: Graham Leggett <minfrin@apache.org>
Date: Sun, 26 Sep 2021 13:07:01 +0000 (+0000)
Subject: Backport:
X-Git-Tag: candidate-2.4.50-rc1~19
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=10b11e3c2892d88ca2d49161af227cfccc824272;p=thirdparty%2Fapache%2Fhttpd.git

Backport:

*) mod_speling: Backport CheckBasenameMatch for PR44221
   trunk patch: http://svn.apache.org/r1557580
                http://svn.apache.org/r1732273
                http://svn.apache.org/r1844598
   2.4.x patch: full resync of code/docs due to conflicts + changes
                http://people.apache.org/~covener/patches/speling-sync.diff
   +1 covener, rpluem, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1893649 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 0f5df27c450..33fab408c47 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.50
 
+  *) mod_speling: Add CheckBasenameMatch PR 44221.  [Christophe Jaillet]
+
 Changes with Apache 2.4.49
 
   *) SECURITY: CVE-2021-40438 (cve.mitre.org)
diff --git a/STATUS b/STATUS
index a2cac9c61de..3ce788a28c6 100644
--- a/STATUS
+++ b/STATUS
@@ -142,13 +142,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   *) mod_speling: Backport CheckBasenameMatch for PR44221
-      trunk patch: http://svn.apache.org/r1557580
-                   http://svn.apache.org/r1732273
-                   http://svn.apache.org/r1844598
-      2.4.x patch: full resync of code/docs due to conflicts + changes
-                   http://people.apache.org/~covener/patches/speling-sync.diff
-      +1 covener, rpluem, ylavic
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/docs/manual/mod/mod_speling.xml b/docs/manual/mod/mod_speling.xml
index 959b522684d..e430b400ce8 100644
--- a/docs/manual/mod/mod_speling.xml
+++ b/docs/manual/mod/mod_speling.xml
@@ -44,21 +44,23 @@ misspellings.</description>
     <strong>up to one misspelling</strong> (character insertion /
     omission / transposition or wrong character). A list is built
     with all document names which were matched using this
-    strategy.</p>
+    strategy. <strong>Erroneous extension</strong> can also be fixed
+    by this module.</p>
 
     <p>If, after scanning the directory,</p>
 
     <ul>
       <li>no matching document was found, Apache will proceed as
-      usual and return a "document not found" error.</li>
+      usual and return an error (<code>404 - document not found</code>).</li>
 
       <li>only one document is found that "almost" matches the
       request, then it is returned in the form of a redirection
-      response.</li>
+      response (<code>301 - Moved Permanently</code>).</li>
 
       <li>more than one document with a close match was found, then
       the list of the matches is returned to the client, and the
-      client can select the correct candidate.</li>
+      client can select the correct candidate (<code>300 - Multiple
+      Choices</code>).</li>
     </ul>
 
 </summary>
@@ -97,13 +99,13 @@ module</description>
       directory names.</li>
 
       <li>spelling corrections apply strictly to existing files, so
-      a request for the <code>&lt;Location "/status"&gt;</code> may
+      a request for the <code>&lt;Location /status&gt;</code> may
       get incorrectly treated as the negotiated file
       "<code>/stats.html</code>".</li>
     </ul>
 
     <!-- XXX: is that really true?! -nd -->
-    <p>mod_speling should not be enabled in <a href="mod_dav.html">DAV</a>
+    <p><module>mod_speling</module> should not be enabled in <a href="mod_dav.html">DAV</a>
     enabled directories, because it will try to "spell fix" newly created
     resource names against existing filenames, e.g., when trying to upload
     a new document <code>doc43.html</code> it might redirect to an existing
@@ -126,9 +128,31 @@ module</description>
 <override>Options</override>
 
 <usage>
-    <p>When set, this directive limits the action of the spelling correction to lower/upper case changes.
-    Other potential corrections are not performed.</p>
+    <p>When set, this directive limits the action of the spelling correction
+    to lower/upper case changes.  Other potential corrections are not performed,
+    except when <directive module="mod_speling">CheckBasenameMatch</directive> is also set.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>CheckBasenameMatch</name>
+<description>Also match files with differing file name extensions.</description>
+<syntax>CheckBasenameMatch on|off</syntax>
+<default>CheckBasenameMatch On</default>
+<contextlist>
+<context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+<override>Options</override>
 
+<usage>
+    <p>When set, this directive extends the action of the spelling correction
+    to the file name extension. For example a file <code>foo.gif</code> will
+    match a request for <code>foo</code> or <code>foo.jpg</code>. This can be
+    particularly useful in conjunction with
+    <a href="../content-negotiation.html">MultiViews</a>.</p>
 </usage>
 </directivesynopsis>
 
diff --git a/modules/mappers/mod_speling.c b/modules/mappers/mod_speling.c
index a0b2d2a3893..2ed65eb8101 100644
--- a/modules/mappers/mod_speling.c
+++ b/modules/mappers/mod_speling.c
@@ -22,8 +22,6 @@
 #define APR_WANT_STRFUNC
 #include "apr_want.h"
 
-#define WANT_BASENAME_MATCH
-
 #include "httpd.h"
 #include "http_core.h"
 #include "http_config.h"
@@ -59,7 +57,8 @@ module AP_MODULE_DECLARE_DATA speling_module;
 
 typedef struct {
     int enabled;
-    int case_only;
+    int check_case_only;
+    int check_basename_match;
 } spconfig;
 
 /*
@@ -76,7 +75,8 @@ static void *mkconfig(apr_pool_t *p)
     spconfig *cfg = apr_pcalloc(p, sizeof(spconfig));
 
     cfg->enabled = 0;
-    cfg->case_only = 0;
+    cfg->check_case_only = 0;
+    cfg->check_basename_match = 1;
     return cfg;
 }
 
@@ -107,8 +107,11 @@ static const command_rec speling_cmds[] =
                   (void*)APR_OFFSETOF(spconfig, enabled), OR_OPTIONS,
                  "whether or not to fix miscapitalized/misspelled requests"),
     AP_INIT_FLAG("CheckCaseOnly", ap_set_flag_slot,
-                  (void*)APR_OFFSETOF(spconfig, case_only), OR_OPTIONS,
+                  (void*)APR_OFFSETOF(spconfig, check_case_only), OR_OPTIONS,
                  "whether or not to fix only miscapitalized requests"),
+    AP_INIT_FLAG("CheckBasenameMatch", ap_set_flag_slot,
+                  (void*)APR_OFFSETOF(spconfig, check_basename_match), OR_OPTIONS,
+                 "whether or not to fix files with the same base name"),
     { NULL }
 };
 
@@ -302,7 +305,7 @@ static int check_speling(request_rec *r)
          * simple typing errors are checked next (like, e.g.,
          * missing/extra/transposed char)
          */
-        else if ((cfg->case_only == 0)
+        else if ((cfg->check_case_only == 0)
                  && ((q = spdist(bad, dirent.name)) != SP_VERYDIFFERENT)) {
             misspelled_file *sp_new;
 
@@ -316,22 +319,14 @@ static int check_speling(request_rec *r)
          * requests.  It is of questionable use to continue looking for
          * files with the same base name, but potentially of totally wrong
          * type (index.html <-> index.db).
-         * I would propose to not set the WANT_BASENAME_MATCH define.
-         *      08-Aug-1997 <Martin.Kraemer@Mch.SNI.De>
          *
-         * However, Alexei replied giving some reasons to add it anyway:
-         * > Oh, by the way, I remembered why having the
-         * > extension-stripping-and-matching stuff is a good idea:
-         * >
-         * > If you're using MultiViews, and have a file named foobar.html,
-         * > which you refer to as "foobar", and someone tried to access
-         * > "Foobar", mod_speling won't find it, because it won't find
-         * > anything matching that spelling. With the extension-munging,
-         * > it would locate "foobar.html". Not perfect, but I ran into
-         * > that problem when I first wrote the module.
+         * If you're using MultiViews, and have a file named foobar.html,
+         * which you refer to as "foobar", and someone tried to access
+         * "Foobar", without CheckBasenameMatch, mod_speling won't find it,
+         * because it won't find anything matching that spelling.
+         * With the extension-munging, it would locate "foobar.html".
          */
-        else {
-#ifdef WANT_BASENAME_MATCH
+        else if (cfg->check_basename_match == 1) {
             /*
              * Okay... we didn't find anything. Now we take out the hard-core
              * power tools. There are several cases here. Someone might have
@@ -356,7 +351,6 @@ static int check_speling(request_rec *r)
                 sp_new->name = apr_pstrdup(r->pool, dirent.name);
                 sp_new->quality = SP_VERYDIFFERENT;
             }
-#endif
         }
     }
     apr_dir_close(dir);