From: Stefan Fritsch <sf@apache.org>
Date: Wed, 3 Aug 2011 22:10:27 +0000 (+0000)
Subject: Forbid some directives in .htaccess because of AllowOverrideList:
X-Git-Tag: 2.3.15~418
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9bd21d2c8aa0c848cd8f0ec52db087811dac6968;p=thirdparty%2Fapache%2Fhttpd.git

Forbid some directives in .htaccess because of AllowOverrideList:

core:          AllowOverride, AllowOverrideList
mod_authn_dbd: AuthDBDUserPWQuery, AuthDBDUserRealmQuery
mod_authz_dbd: AuthzDBDQuery, AuthzDBDRedirectQuery
mod_proxy:     BalancerMember, ProxySet

Adjust for use in .htaccess:
mod_actions:   Script


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1153687 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/aaa/mod_authn_dbd.c b/modules/aaa/mod_authn_dbd.c
index e868363dd68..75db852700e 100644
--- a/modules/aaa/mod_authn_dbd.c
+++ b/modules/aaa/mod_authn_dbd.c
@@ -64,6 +64,9 @@ static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *quer
 {
     static unsigned int label_num = 0;
     char *label;
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
+    if (err)
+        return err;
 
     if (authn_dbd_prepare_fn == NULL) {
         authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
diff --git a/modules/aaa/mod_authz_dbd.c b/modules/aaa/mod_authz_dbd.c
index 40de423a9a7..b3ae99c9101 100644
--- a/modules/aaa/mod_authz_dbd.c
+++ b/modules/aaa/mod_authz_dbd.c
@@ -78,6 +78,9 @@ static const char *authz_dbd_prepare(cmd_parms *cmd, void *cfg,
 {
     static unsigned int label_num = 0;
     char *label;
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
+    if (err)
+        return err;
 
     if (dbd_prepare == NULL) {
         dbd_prepare = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
diff --git a/modules/mappers/mod_actions.c b/modules/mappers/mod_actions.c
index 9d9faaac197..1c44879f0dc 100644
--- a/modules/mappers/mod_actions.c
+++ b/modules/mappers/mod_actions.c
@@ -111,11 +111,17 @@ static const char *set_script(cmd_parms *cmd, void *m_v,
                               const char *method, const char *script)
 {
     action_dir_config *m = (action_dir_config *)m_v;
-
-    /* ap_method_register recognizes already registered methods,
-     * so don't bother to check its previous existence explicitely.
-     */
-    int methnum = ap_method_register(cmd->pool, method);
+    int methnum;
+    if (cmd->pool == cmd->temp_pool) {
+        /* In .htaccess, we can't globally register new methods. */
+        methnum = ap_method_number_of(method);
+    }
+    else {
+        /* ap_method_register recognizes already registered methods,
+         * so don't bother to check its previous existence explicitely.
+         */
+        methnum = ap_method_register(cmd->pool, method);
+    }
 
     if (methnum == M_TRACE) {
         return "TRACE not allowed for Script";
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index d6ea2b73f8f..52c3ee7ae0b 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1860,7 +1860,10 @@ static const char *add_member(cmd_parms *cmd, void *dummy, const char *arg)
     const apr_table_entry_t *elts;
     int reuse = 0;
     int i;
-    const char *err;
+    /* XXX: Should this be NOT_IN_DIRECTORY|NOT_IN_FILES? */
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
+    if (err)
+        return err;
 
     if (cmd->path)
         path = apr_pstrdup(cmd->pool, cmd->path);
@@ -1949,8 +1952,11 @@ static const char *
     char *word, *val;
     proxy_balancer *balancer = NULL;
     proxy_worker *worker = NULL;
-    const char *err;
     int in_proxy_section = 0;
+    /* XXX: Should this be NOT_IN_DIRECTORY|NOT_IN_FILES? */
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
+    if (err)
+        return err;
 
     if (cmd->directive->parent &&
         strncasecmp(cmd->directive->parent->directive,
diff --git a/server/core.c b/server/core.c
index d11bbe60653..14b401b5879 100644
--- a/server/core.c
+++ b/server/core.c
@@ -1570,6 +1570,7 @@ static const char *set_override(cmd_parms *cmd, void *d_, const char *l)
     core_dir_config *d = d_;
     char *w;
     char *k, *v;
+    const char *err;
 
     /* Throw a warning if we're in <Location> or <Files> */
     if (ap_check_cmd_context(cmd, NOT_IN_LOCATION | NOT_IN_FILES)) {
@@ -1577,6 +1578,8 @@ static const char *set_override(cmd_parms *cmd, void *d_, const char *l)
                      "Useless use of AllowOverride in line %d of %s.",
                      cmd->directive->line_num, cmd->directive->filename);
     }
+    if ((err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS)) != NULL)
+        return err;
 
     d->override = OR_NONE;
     while (l[0]) {
@@ -1627,6 +1630,7 @@ static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *c
 {
     core_dir_config *d = d_;
     int i;
+    const char *err;
 
     /* Throw a warning if we're in <Location> or <Files> */
     if (ap_check_cmd_context(cmd, NOT_IN_LOCATION | NOT_IN_FILES)) {
@@ -1634,6 +1638,8 @@ static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *c
                      "Useless use of AllowOverrideList in line %d of %s.",
                      cmd->directive->line_num, cmd->directive->filename);
     }
+    if ((err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS)) != NULL)
+        return err;
 
     d->override_list = apr_table_make(cmd->pool, 1);