cleanups related to new AllowOverrideList functionality:

- add new NOT_IN_HTACCESS flag for ap_check_cmd_context()
- describe the need for this in new_api_2_4.xml
- forbid Define and UnDefine in .htaccess

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1153676 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index f489b691ef89408e8e057535e7e0ebf25353d67d..5eb292c712aa8d14f5a71cd397d855cbc9c12e7a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.15
 
+  *) core: Add ap_check_cmd_context()-check if a command is executed in
+     .htaccess file. [Stefan Fritsch]
+
   *) mod_deflate: Fix endless loop if first bucket is metadata. PR 51590.
      [Torsten Foertsch <torsten foertsch gmx net>]
 

diff --git a/docs/manual/developer/new_api_2_4.html.en b/docs/manual/developer/new_api_2_4.html.en
index 9d5573cb82d840e3a4c081c8aeda37e072c89ff0..b11aad20335f2c74897c4dfa542e1267d5d01bca 100644 (file)
--- a/docs/manual/developer/new_api_2_4.html.en
+++ b/docs/manual/developer/new_api_2_4.html.en
@@ -111,6 +111,11 @@
       <li>New ap_process_fnmatch_configs() to process wildcards</li>
       <li>Change ap_configfile_t, ap_cfg_getline(), ap_cfg_getc() to return error
           code, new ap_pcfg_strerror().</li>
+      <li>Any config directive permitted in ACCESS_CONF context must now
+          correctly handle being called from an .htaccess file via the new
+          <code class="directive"><a href="../mod/core.html#allowoverridelist">AllowOverrideList</a></code> directive.
+          ap_check_cmd_context() accepts a new flag NOT_IN_HTACCESS to detect
+          this case.</li>
     </ul>
   
 

diff --git a/docs/manual/developer/new_api_2_4.xml b/docs/manual/developer/new_api_2_4.xml
index 284b4318e446e65868b11b6f5b182385ffc35935..3a57ccd31941254ad1730f16ae40c389e939bf3a 100644 (file)
--- a/docs/manual/developer/new_api_2_4.xml
+++ b/docs/manual/developer/new_api_2_4.xml
@@ -111,6 +111,11 @@
       <li>New ap_process_fnmatch_configs() to process wildcards</li>
       <li>Change ap_configfile_t, ap_cfg_getline(), ap_cfg_getc() to return error
           code, new ap_pcfg_strerror().</li>
+      <li>Any config directive permitted in ACCESS_CONF context must now
+          correctly handle being called from an .htaccess file via the new
+          <directive module="core">AllowOverrideList</directive> directive.
+          ap_check_cmd_context() accepts a new flag NOT_IN_HTACCESS to detect
+          this case.</li>
     </ul>
   </section>
 

diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index 14ef8020a1d8290b621ebf69a145f6c217f7554f..019b36347ba5dd45454d58ffb147b7d687672e0b 100644 (file)
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -345,6 +345,7 @@
  * 20110724.0 (2.3.14-dev) Add override_list as parameter to ap_parse_htaccess
  *                         Add member override_list to cmd_parms_struct,
  *                         core_dir_config and htaccess_result
+ * 20110724.1 (2.3.15-dev) add NOT_IN_HTACCESS
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -352,7 +353,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20110724
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 0                    /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 1                    /* 0...n */
 
 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a

diff --git a/include/http_config.h b/include/http_config.h
index 26949b7fb21dbb207319d91586808278158d0ced..2eef16a7108f267f3ad5105534d7504b1a80ba19 100644 (file)
--- a/include/http_config.h
+++ b/include/http_config.h
@@ -881,6 +881,7 @@ AP_DECLARE(const char *) ap_check_cmd_context(cmd_parms *cmd,
 #define  NOT_IN_DIRECTORY       0x04 /**< Forbidden in &lt;Directory&gt; */
 #define  NOT_IN_LOCATION        0x08 /**< Forbidden in &lt;Location&gt; */
 #define  NOT_IN_FILES           0x10 /**< Forbidden in &lt;Files&gt; */
+#define  NOT_IN_HTACCESS        0x20 /**< Forbidden in .htaccess files */
 /** Forbidden in &lt;Directory&gt;/&lt;Location&gt;/&lt;Files&gt;*/
 #define  NOT_IN_DIR_LOC_FILE    (NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES)
 /** Forbidden in &lt;VirtualHost&gt;/&lt;Limit&gt;/&lt;Directory&gt;/&lt;Location&gt;/&lt;Files&gt; */

diff --git a/server/core.c b/server/core.c
index 71c13da5fc4e33a66ec77044a99d86d2e3945a32..d11bbe60653192a72aff2519bb020661ca55fc92 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -1104,6 +1104,11 @@ AP_DECLARE(const char *) ap_check_cmd_context(cmd_parms *cmd,
                            "section", NULL);
     }
 
+    if ((forbidden & NOT_IN_HTACCESS) && (cmd->pool == cmd->temp_pool)) {
+         return apr_pstrcat(cmd->pool, cmd->cmd->name, gt,
+                            " cannot occur within htaccess files", NULL);
+    }
+
     if ((forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE) {
         if (cmd->path != NULL) {
             return apr_pstrcat(cmd->pool, cmd->cmd->name, gt,
@@ -1268,6 +1273,9 @@ static void init_config_defines(apr_pool_t *pconf)
 static const char *set_define(cmd_parms *cmd, void *dummy,
                               const char *name, const char *value)
 {
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
+    if (err)
+        return err;
     if (ap_strchr_c(name, ':') != NULL)
         return "Variable name must not contain ':'";
 
@@ -1291,6 +1299,9 @@ static const char *unset_define(cmd_parms *cmd, void *dummy,
 {
     int i;
     char **defines;
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
+    if (err)
+        return err;
     if (ap_strchr_c(name, ':') != NULL)
         return "Variable name must not contain ':'";