Merge r649169, r649239, r649840, r649922, r650026, r661452, r661459 from trunk:

Make mod_proxy_ajp aware of the nocanon envvar

handle ? in cases where nocanon is in effect

* Do not add the query string again in the case that we are using the
  unparsed uri.

PR: 44803

Set at init time, and combine comments

Typo.

* Do not add the query string again in the case that we are using the
  unparsed uri.

PR: 44803

* Set at init time and combine comments.

Reviewed by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@663593 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 604da862d45fe325348b257e4146265099ba983a..2bc9d52e1f79b6578b0ce4666bb5f39f5005446f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@ Changes with Apache 2.2.9
      mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager
      interface.  [Joe Orton]
 
+  *) mod_proxy: Make all proxy modules nocanon aware and do not add the
+     query string again in this case. PR 44803.
+     [Jim Jagielski, Ruediger Pluem]
+
   *) mod_unique_id: Fix timestamp value in UNIQUE_ID.
      PR 37064 [Kobayashi <kobayashi firstserver.co.jp>]
 

diff --git a/STATUS b/STATUS
index dd5261d4bacc467e33be7ae7ca7949e8f081b3ea..2b89b5856193239f2879d4c2c914e7827d87ffc4 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -84,22 +84,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
- * mod_proxy_http, mod_proxy_ajp, mod_proxy_balancer: Make modules nocanon aware
-   and do not add the query string again in this case. PR 44803
-   [Jim Jagielski, Ruediger Pluem]
-    Trunk version of patch:
-       http://svn.apache.org/viewvc?rev=649169&view=rev
-       http://svn.apache.org/viewvc?rev=649239&view=rev
-       http://svn.apache.org/viewvc?rev=649840&view=rev
-       http://svn.apache.org/viewvc?rev=649922&view=rev
-       http://svn.apache.org/viewvc?rev=650026&view=rev
-       http://svn.apache.org/viewvc?rev=661452&view=rev
-       http://svn.apache.org/viewvc?rev=661459&view=rev
-    Backport version for 2.2.x of patch:
-       Trunk version of patch works
-       Rollup-patch for 2.2 available at:
-          http://people.apache.org/~jim/patches/nocanon-patch-2.2.txt
-    +1: rpluem, jim, jfclere
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
index ff83cdd181ac0379376856e209f05a634f55a0fd..80a6e0ab88e529cd564a26a8bdc683dbaeb792f1 100644 (file)
--- a/modules/proxy/mod_proxy_ajp.c
+++ b/modules/proxy/mod_proxy_ajp.c
@@ -29,7 +29,8 @@ module AP_MODULE_DECLARE_DATA proxy_ajp_module;
  */
 static int proxy_ajp_canon(request_rec *r, char *url)
 {
-    char *host, *path, *search, sport[7];
+    char *host, *path, sport[7];
+    char *search = NULL;
     const char *err;
     apr_port_t port = AJP13_DEF_PORT;
 
@@ -57,23 +58,18 @@ static int proxy_ajp_canon(request_rec *r, char *url)
     }
 
     /*
-     * now parse path/search args, according to rfc1738
-     *
-     * N.B. if this isn't a true proxy request, then the URL _path_
-     * has already been decoded.  True proxy requests have
-     * r->uri == r->unparsed_uri, and no others have that property.
+     * now parse path/search args, according to rfc1738:
+     * process the path. With proxy-noncanon set (by
+     * mod_proxy) we use the raw, unparsed uri
      */
-    if (r->uri == r->unparsed_uri) {
-        search = strchr(url, '?');
-        if (search != NULL)
-            *(search++) = '\0';
+    if (apr_table_get(r->notes, "proxy-nocanon")) {
+        path = url;   /* this is the raw path */
     }
-    else
+    else {
+        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+                                 r->proxyreq);
         search = r->args;
-
-    /* process path */
-    path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
-                             r->proxyreq);
+    }
     if (path == NULL)
         return HTTP_BAD_REQUEST;
 

diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index bb07a448c798086189c66d70bb7367146f1d3dab..c83a939a4b4e0abd1e59085aef6d35a5eab610d1 100644 (file)
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -31,7 +31,8 @@ static apr_uuid_t balancer_nonce;
 
 static int proxy_balancer_canon(request_rec *r, char *url)
 {
-    char *host, *path, *search;
+    char *host, *path;
+    char *search = NULL;
     const char *err;
     apr_port_t port = 0;
 
@@ -55,21 +56,19 @@ static int proxy_balancer_canon(request_rec *r, char *url)
                       url, err);
         return HTTP_BAD_REQUEST;
     }
-    /* now parse path/search args, according to rfc1738 */
-    /* N.B. if this isn't a true proxy request, then the URL _path_
-     * has already been decoded.  True proxy requests have r->uri
-     * == r->unparsed_uri, and no others have that property.
+    /*
+     * now parse path/search args, according to rfc1738:
+     * process the path. With proxy-noncanon set (by
+     * mod_proxy) we use the raw, unparsed uri
      */
-    if (r->uri == r->unparsed_uri) {
-        search = strchr(url, '?');
-        if (search != NULL)
-            *(search++) = '\0';
+    if (apr_table_get(r->notes, "proxy-nocanon")) {
+        path = url;   /* this is the raw path */
     }
-    else
+    else {
+        path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+                                 r->proxyreq);
         search = r->args;
-
-    /* process path */
-    path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq);
+    }
     if (path == NULL)
         return HTTP_BAD_REQUEST;
 

diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 3a0f2b86577b43169fc75927d19eb493d844cad3..b2c87b80d5fe6f52414b233e66d167afa859f5ed 100644 (file)
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -33,7 +33,8 @@ static apr_status_t ap_proxy_http_cleanup(const char *scheme,
  */
 static int proxy_http_canon(request_rec *r, char *url)
 {
-    char *host, *path, *search, sport[7];
+    char *host, *path, sport[7];
+    char *search = NULL;
     const char *err;
     const char *scheme;
     apr_port_t port, def_port;
@@ -67,21 +68,11 @@ static int proxy_http_canon(request_rec *r, char *url)
         return HTTP_BAD_REQUEST;
     }
 
-    /* now parse path/search args, according to rfc1738 */
-    /* N.B. if this isn't a true proxy request, then the URL _path_
-     * has already been decoded.  True proxy requests have r->uri
-     * == r->unparsed_uri, and no others have that property.
-     */
-    if (r->uri == r->unparsed_uri) {
-        search = strchr(url, '?');
-        if (search != NULL)
-            *(search++) = '\0';
-    }
-    else
-        search = r->args;
-
-    /* process path */
-    /* In a reverse proxy, our URL has been processed, so canonicalise
+    /*
+     * now parse path/search args, according to rfc1738:
+     * process the path.
+     *
+     * In a reverse proxy, our URL has been processed, so canonicalise
      * unless proxy-nocanon is set to say it's raw
      * In a forward proxy, we have and MUST NOT MANGLE the original.
      */
@@ -94,6 +85,7 @@ static int proxy_http_canon(request_rec *r, char *url)
         else {
             path = ap_proxy_canonenc(r->pool, url, strlen(url),
                                      enc_path, 0, r->proxyreq);
+            search = r->args;
         }
         break;
     case PROXYREQ_PROXY: