From: Stefan Eissing <icing@apache.org>
Date: Thu, 17 Mar 2016 09:28:51 +0000 (+0000)
Subject: Merge r1735088 from trunk:
X-Git-Tag: 2.4.19~54
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=087c534b18c243df34da74c63ad1e27b0f4e276a;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1735088 from trunk:

[PATCH] mod_rewrite: double escaping of query strings in server context
(like PR50447, for server context)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1735379 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index a76dcaf545c..caf8a8df27c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.19
 
+  *) mod_rewrite: Don't implicitly URL-escape the original query string
+     when no substitution has changed it (like PR50447 but server context)
+     [Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
+
   *) mod_http2: fixes problem with wrong lifetime of file buckets on main
      connection. [Stefan Eissing]
      
diff --git a/STATUS b/STATUS
index bc3207e13b6..398f4522ce3 100644
--- a/STATUS
+++ b/STATUS
@@ -112,12 +112,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_rewrite: Don't escape an unchanged query string, in server context. 
-                  Was fixed in 2010 for directory context.
-     trunk patch: http://svn.apache.org/r1735088
-     2.4.x patch: trunk works
-     +1 covener, ylavic, icing
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 1cf110be6c2..d31b1c24632 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -4493,6 +4493,7 @@ static int hook_uri2file(request_rec *r)
     unsigned int port;
     int rulestatus;
     void *skipdata;
+    const char *oargs;
 
     /*
      *  retrieve the config structures
@@ -4542,6 +4543,12 @@ static int hook_uri2file(request_rec *r)
         return DECLINED;
     }
 
+    /*
+     *  remember the original query string for later check, since we don't
+     *  want to apply URL-escaping when no substitution has changed it.
+     */
+    oargs = r->args;
+
     /*
      *  add the SCRIPT_URL variable to the env. this is a bit complicated
      *  due to the fact that apache uses subrequests and internal redirects
@@ -4676,11 +4683,21 @@ static int hook_uri2file(request_rec *r)
 
             /* append the QUERY_STRING part */
             if (r->args) {
+                char *escaped_args = NULL;
+                int noescape = (rulestatus == ACTION_NOESCAPE ||
+                                (oargs && !strcmp(r->args, oargs)));
+
                 r->filename = apr_pstrcat(r->pool, r->filename, "?",
-                                          (rulestatus == ACTION_NOESCAPE)
+                                          noescape
                                             ? r->args
-                                            : ap_escape_uri(r->pool, r->args),
+                                            : (escaped_args =
+                                               ap_escape_uri(r->pool, r->args)),
                                           NULL);
+
+                rewritelog((r, 1, NULL, "%s %s to query string for redirect %s",
+                            noescape ? "copying" : "escaping",
+                            r->args ,
+                            noescape ? "" : escaped_args));
             }
 
             /* determine HTTP redirect response code */