-*- coding: utf-8 -*-
Changes with Apache 2.0.56
+ *) keep the Content-Length header for a HEAD with no response body.
+ PR 18757 [Greg Ames]
+
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
http://svn.apache.org/viewcvs?view=rev&rev=154319
+1: stoddard, striker, wrowe (as corrected in subsequent patches)
- *) backport 327008 PR 18757. keep the proxied Content-Length
- header for a HEAD request. recently received a private email
- saying it also fixes a PHP HEAD request in 2.0.x.
- http://svn.apache.org/viewcvs?rev=327008&view=rev
- +1: gregames, trawick, niq
-
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ please place SVN revisions from trunk here, so it is easy to
identify exactly what the proposed changes are! Add all new
* We can only set a C-L in the response header if we haven't already
* sent any buckets on to the next output filter for this request.
*/
- if (ctx->data_sent == 0 && eos) {
+ if (ctx->data_sent == 0 && eos &&
+ /* don't whack the C-L if it has already been set for a HEAD
+ * by something like proxy. the brigade only has an EOS bucket
+ * in this case, making r->bytes_sent zero.
+ *
+ * if r->bytes_sent > 0 we have a (temporary) body whose length may
+ * have been changed by a filter. the C-L header might not have been
+ * updated so we do it here. long term it would be cleaner to have
+ * such filters update or remove the C-L header, and just use it
+ * if present.
+ */
+ !(r->header_only && r->bytes_sent == 0 &&
+ apr_table_get(r->headers_out, "Content-Length"))) {
ap_set_content_length(r, r->bytes_sent);
}
projects / thirdparty / apache / httpd.git / commitdiff
