Changes with Apache 2.0.48
+ *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
+ containing the .htaccess file is requested without a trailing slash.
+ PR 20195. [André Malo]
+
*) ab: Overlong credentials given via command line no longer clobber
the buffer. [André Malo]
APACHE 2.0 STATUS: -*-text-*-
-Last modified at [$Date: 2003/07/31 20:23:20 $]
+Last modified at [$Date: 2003/07/31 22:58:57 $]
Release:
modules/generators/mod_autoindex.c r1.120
+1: nd, trawick
- * Ignore RewriteRules in .htaccess files if the directory
- containing the .htaccess file is requested without a trailing slash.
- PR 20195.
- modules/mappers/mod_rewrite.c: r1.156, 1.168
- jerenkrantz says: We're doing 3 strlen's on the same value, can we please
- clean that up?
- nd replies: of course ..., 1.168 does.
- +1: nd, jerenkrantz, trawick
-
* ab: Handle conditions where connect() on non-blocking socket
doesn't complete immediately (i.e., restore functionality when
benchmarking non-local targets). This doesn't resolve some
char *cp2;
const char *ccp;
char *prefix;
- int l;
+ apr_size_t l;
int rulestatus;
int n;
char *ofilename;
return DECLINED;
}
+ /*
+ * .htaccess file is called before really entering the directory, i.e.:
+ * URL: http://localhost/foo and .htaccess is located in foo directory
+ * Ignore such attempts, since they may lead to undefined behaviour.
+ */
+ l = strlen(dconf->directory) - 1;
+ if (r->filename && strlen(r->filename) == l &&
+ (dconf->directory)[l] == '/' &&
+ !strncmp(r->filename, dconf->directory, l)) {
+ return DECLINED;
+ }
+
/*
* only do something under runtime if the engine is really enabled,
* for this directory, else return immediately!
projects / thirdparty / apache / httpd.git / commitdiff
