merge leading slashes by default

author Eric Covener <covener@apache.org>

Mon, 15 Jul 2024 12:05:57 +0000 (12:05 +0000)

committer Eric Covener <covener@apache.org>

Mon, 15 Jul 2024 12:05:57 +0000 (12:05 +0000)
author Eric Covener <covener@apache.org>
Mon, 15 Jul 2024 12:05:57 +0000 (12:05 +0000)
committer Eric Covener <covener@apache.org>
Mon, 15 Jul 2024 12:05:57 +0000 (12:05 +0000)
diff --git a/docs/manual/mod/mod_rewrite.xml b/docs/manual/mod/mod_rewrite.xml

index fd55811347e1efe6b35f97e58abb4ad96b3b5cbe..0cfc2f42ec5c3ee96b7bd7b516e81a5096045bba 100644 (file)
--- a/docs/manual/mod/mod_rewrite.xml
+++ b/docs/manual/mod/mod_rewrite.xml
@@ -1508,6 +1508,13 @@ cannot use <code>$N</code> in the substitution string!
          <em><a href="../rewrite/flags.html#flag_unsafe_prefix_stat">details ...</a></em>
          </td>
      </tr>
+    <tr>
+        <td>UNC</td>
+        <td>Prevents the merging of multiple leading slashes, as used by Windows UNC paths.
+        <em><a href="../rewrite/flags.html#flag_unc">details ...</a></em>
+        </td>
+    </tr>
+
      </table>
  
  <note><title>Home directory expansion</title>
diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml

index 59eb4cd0c937d24871ea2ff716ef67109c719738..0b9ccfa9a89c7e0fb01166a1edc979dda1b9bebb 100644 (file)
--- a/docs/manual/rewrite/flags.xml
+++ b/docs/manual/rewrite/flags.xml
@@ -866,6 +866,10 @@ The <code>L</code> flag can be useful in this context to end the
      This protects from a malicious URL causing the expanded substitution to
      map to an unexpected filesystem location.</p>
  </section>
-
+<section id="flag_unc"><title>UNC</title>
+    <p> Setting this flag prevents the merging of multiple leading slashes,
+    as used in Windows UNC paths.  The flag is not necessary when the rules
+    substitution starts with multiple literal slashes. </p>
+</section>
  
  </manualpage>
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c

index 0d928e4b99756c2b079bd0138005d49da73f211a..439af886ba9d1a495cfbd43e4ef9c0e5d5f8c891 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -179,6 +179,7 @@ static const char* really_last_key = "rewrite_really_last";
  #define RULEFLAG_ESCAPECTLS         (1<<21)
  #define RULEFLAG_UNSAFE_PREFIX_STAT (1<<22)
  #define RULEFLAG_UNSAFE_ALLOW3F     (1<<23)
+#define RULEFLAG_UNC                (1<<24)
  
  /* return code of the rewrite rule
   * the result may be escaped - or not
@@ -3884,6 +3885,9 @@ static const char *cmd_rewriterule_setflag(apr_pool_t *p, void *_cfg,
          else if(!strcasecmp(key, "nsafeAllow3F")) {
              cfg->flags |= RULEFLAG_UNSAFE_ALLOW3F;
          }
+        else if(!strcasecmp(key, "NC")) {
+            cfg->flags |= RULEFLAG_UNC;
+        }
          else {
              ++error;
          }
@@ -4508,6 +4512,16 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p,
          return RULE_RC_MATCH;
      }
  
+    if (!(p->flags & RULEFLAG_UNC)) {
+        /* merge leading slashes, unless they were literals in the sub */
+        if (!AP_IS_SLASH(p->output[0]) || !AP_IS_SLASH(p->output[1])) {
+            while (AP_IS_SLASH(r->filename[0]) &&
+                   AP_IS_SLASH(r->filename[1])) {
+                r->filename++;
+            }
+        }
+    }
+
      /* Finally remember the forced mime-type */
      force_type_handler(p, ctx);
author	Eric Covener <covener@apache.org>
	Mon, 15 Jul 2024 12:05:57 +0000 (12:05 +0000)
committer	Eric Covener <covener@apache.org>
	Mon, 15 Jul 2024 12:05:57 +0000 (12:05 +0000)
docs/manual/mod/mod_rewrite.xml		patch \| blob \| blame \| history
docs/manual/rewrite/flags.xml		patch \| blob \| blame \| history
modules/mappers/mod_rewrite.c		patch \| blob \| blame \| history