*) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
way that per-directory rewrites append the previous notion of PATH_INFO
to each substitution before evaluating subsequent rules.
PR38642 [Eric Covener]
axe r->path_info in a more standard way, suggested by Aleksander Budzynowski
doc typo spotted by Vincent Bray
Submitted By: Eric Covner
Reviewed by: jorton, pgolluci
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@739600
13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.2.12
+ *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
+ way that per-directory rewrites append the previous notion of PATH_INFO
+ to each substitution before evaluating subsequent rules.
+ PR38642 [Eric Covener]
+
*) mod_authnz_ldap: Reduce number of initialization debug messages and make
information more clear. PR 46342 [Dan Poirier]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
- way that per-directory rewrites append the previous notion of PATH_INFO
- to each substitution before evaluating subsequent rules.
- PR38642
- trunk:
- http://svn.apache.org/viewvc?rev=728015&view=rev
- http://svn.apache.org/viewvc?rev=728220&view=rev
- http://svn.apache.org/viewvc?rev=728020&view=rev (doc typo)
- 2.2.x:
- trunk works
- +1 covener, jorton, pgollucci
- niq: Confused by this. path_info is used at line 3923 *before*
- being set to NULL at line 4046 in the same function. Not
- sure if there may be other issues of order.
- covener: 1 rule is executed between these two lines, and the flag
- prevents subsequent rules from spilling path_info back into
- the local URI. This preserves rulesets that are carefully
- watching %{PATH_INFO} in their substitutions. Not pretty
- by any means but I think necessary to require opt-in for 2.2.x.
-
* mod_ssl: Add SSLRenegBufferSize to configure the amount of memory that will
be used for buffering the request body if a per-location SSL renegotiationi
is required due to changed access control requirements.
<code>HttpOnly</code> flag is used, making the cookie not accessible
to JavaScript code on browsers that support this feature.</dd>
+ <dt>'<code>discardpathinfo|DPI'
+ (discard PATH_INFO)</code></dt><dd>
+ <p>In per-directory context, the URI each <code class="directive">RewriteRule</code>
+ compares against is the concatenation of the current values of the URI
+ and PATH_INFO.</p>
+
+ <p>The current URI can be the initial URI as requested by the client, the
+ result of a previous round of mod_rewrite processing, or the result of
+ a prior rule in the current round of mod_rewrite processing.</p>
+
+ <p>In contrast, the PATH_INFO that is appended to the URI before each
+ rule reflects only the value of PATH_INFO before this round of
+ mod_rewrite processing. As a consequence, if large portions
+ of the URI are matched and copied into a substitution in multiple
+ <code class="directive">RewriteRule</code> directives, without regard for
+ which parts of the URI came from the current PATH_INFO, the final
+ URI may have multiple copies of PATH_INFO appended to it.</p>
+
+ <p>Use this flag on any substitution where the PATH_INFO that resulted
+ from the previous mapping of this request to the filesystem is not of
+ interest. This flag permanently forgets the PATH_INFO established
+ before this round of mod_rewrite processing began. PATH_INFO will
+ not be recalculated until the current round of mod_rewrite processing
+ completes. Subsequent rules during this round of processing will see
+ only the direct result of substitutions, without any PATH_INFO
+ appended.</p></dd>
+
<dt>
'<code>env|E=</code><em>VAR</em>:<em>VAL</em>'
(set environment variable)</dt><dd>
<code>HttpOnly</code> flag is used, making the cookie not accessible
to JavaScript code on browsers that support this feature.</dd>
+ <dt>'<code>discardpathinfo|DPI'
+ (discard PATH_INFO)</code></dt><dd>
+ <p>In per-directory context, the URI each <directive>RewriteRule</directive>
+ compares against is the concatenation of the current values of the URI
+ and PATH_INFO.</p>
+
+ <p>The current URI can be the initial URI as requested by the client, the
+ result of a previous round of mod_rewrite processing, or the result of
+ a prior rule in the current round of mod_rewrite processing.</p>
+
+ <p>In contrast, the PATH_INFO that is appended to the URI before each
+ rule reflects only the value of PATH_INFO before this round of
+ mod_rewrite processing. As a consequence, if large portions
+ of the URI are matched and copied into a substitution in multiple
+ <directive>RewriteRule</directive> directives, without regard for
+ which parts of the URI came from the current PATH_INFO, the final
+ URI may have multiple copies of PATH_INFO appended to it.</p>
+
+ <p>Use this flag on any substitution where the PATH_INFO that resulted
+ from the previous mapping of this request to the filesystem is not of
+ interest. This flag permanently forgets the PATH_INFO established
+ before this round of mod_rewrite processing began. PATH_INFO will
+ not be recalculated until the current round of mod_rewrite processing
+ completes. Subsequent rules during this round of processing will see
+ only the direct result of substitutions, without any PATH_INFO
+ appended.</p></dd>
+
<dt>
'<code>env|E=</code><em>VAR</em>:<em>VAL</em>'
(set environment variable)</dt><dd>
#define RULEFLAG_NOSUB 1<<12
#define RULEFLAG_STATUS 1<<13
#define RULEFLAG_ESCAPEBACKREF 1<<14
+#define RULEFLAG_DISCARDPATHINFO 1<<15
/* return code of the rewrite rule
* the result may be escaped - or not
++error;
}
break;
-
+ case 'd':
+ case 'D':
+ if (!*key || !strcasecmp(key, "PI") || !strcasecmp(key,"iscardpath")) {
+ cfg->flags |= (RULEFLAG_DISCARDPATHINFO);
+ }
+ break;
case 'e':
case 'E':
if (!*key || !strcasecmp(key, "nv")) { /* env */
++error;
}
break;
-
case 'l':
case 'L':
if (!*key || !strcasecmp(key, "ast")) { /* last */
/* Now adjust API's knowledge about r->filename and r->args */
r->filename = newuri;
+
+ if (ctx->perdir && (p->flags & RULEFLAG_DISCARDPATHINFO)) {
+ r->path_info = NULL;
+ }
+
splitout_queryargs(r, p->flags & RULEFLAG_QSAPPEND);
/* Add the previously stripped per-directory location prefix, unless
projects / thirdparty / apache / httpd.git / commitdiff
