From: Ruediger Pluem Date: Sun, 10 May 2009 15:09:45 +0000 (+0000) Subject: Merge r757376 from trunk: X-Git-Tag: 2.2.12~135 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b5d996b2c29e1d036191aa70978cb6f94d5e4f3;p=thirdparty%2Fapache%2Fhttpd.git Merge r757376 from trunk: Prevent a case of SSI timefmt-smashing with filter chains including multiple INCLUDES filters: * modules/filters/mod_include.c (add_include_vars): Drop unused timefmt argument. (add_include_vars_lazy): Take timefmt argument. (get_include_var, handle_printenv): Pass time format from context. PR: 39369 Submitted by: jorton Reviewed by: rpluem, jim, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@773352 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 4900abb56ac..b2bbb37ea9c 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,9 @@ Changes with Apache 2.2.12 mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body. PR 46949 [Ruediger Pluem] + *) mod_include: Prevent a case of SSI timefmt-smashing with filter chains + including multiple INCLUDES filters. PR 39369 [Joe Orton] + *) mod_rewrite: When evaluating a proxy rule in directory context, do escape the filename by default. PR 46428 [Joe Orton] diff --git a/STATUS b/STATUS index 372f09072bf..5a0a19afe5f 100644 --- a/STATUS +++ b/STATUS @@ -87,14 +87,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_include: Prevent a case of SSI timefmt-smashing with filter chains - including multiple INCLUDES filters - Trunk version of patch: - http://svn.apache.org/viewvc?rev=757376&view=rev - Backport version for 2.2.x of patch: - Trunk version of patch works - +1: rpluem, jim, wrowe - * mod_negotiation: Escape pathes of filenames in 406 responses to avoid HTML injections and HTTP response splitting Trunk version of patch: diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c index acb3010472c..a174529e191 100644 --- a/modules/filters/mod_include.c +++ b/modules/filters/mod_include.c @@ -580,7 +580,7 @@ static void decodehtml(char *s) *p = '\0'; } -static void add_include_vars(request_rec *r, const char *timefmt) +static void add_include_vars(request_rec *r) { apr_table_t *e = r->subprocess_env; char *t; @@ -608,26 +608,17 @@ static void add_include_vars(request_rec *r, const char *timefmt) } } -static const char *add_include_vars_lazy(request_rec *r, const char *var) +static const char *add_include_vars_lazy(request_rec *r, const char *var, const char *timefmt) { char *val; if (!strcasecmp(var, "DATE_LOCAL")) { - include_dir_config *conf = - (include_dir_config *)ap_get_module_config(r->per_dir_config, - &include_module); - val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 0); + val = ap_ht_time(r->pool, r->request_time, timefmt, 0); } else if (!strcasecmp(var, "DATE_GMT")) { - include_dir_config *conf = - (include_dir_config *)ap_get_module_config(r->per_dir_config, - &include_module); - val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 1); + val = ap_ht_time(r->pool, r->request_time, timefmt, 1); } else if (!strcasecmp(var, "LAST_MODIFIED")) { - include_dir_config *conf = - (include_dir_config *)ap_get_module_config(r->per_dir_config, - &include_module); - val = ap_ht_time(r->pool, r->finfo.mtime, conf->default_time_fmt, 0); + val = ap_ht_time(r->pool, r->finfo.mtime, timefmt, 0); } else if (!strcasecmp(var, "USER_NAME")) { if (apr_uid_name_get(&val, r->finfo.user, r->pool) != APR_SUCCESS) { @@ -684,7 +675,7 @@ static const char *get_include_var(const char *var, include_ctx_t *ctx) val = apr_table_get(r->subprocess_env, var); if (val == LAZY_VALUE) { - val = add_include_vars_lazy(r, var); + val = add_include_vars_lazy(r, var, ctx->time_str); } } @@ -2424,7 +2415,7 @@ static apr_status_t handle_printenv(include_ctx_t *ctx, ap_filter_t *f, /* get value */ val_text = elts[i].val; if (val_text == LAZY_VALUE) { - val_text = add_include_vars_lazy(r, elts[i].key); + val_text = add_include_vars_lazy(r, elts[i].key, ctx->time_str); } val_text = ap_escape_html(ctx->dpool, elts[i].val); v_len = strlen(val_text); @@ -3609,7 +3600,7 @@ static apr_status_t includes_filter(ap_filter_t *f, apr_bucket_brigade *b) * environment */ ap_add_common_vars(r); ap_add_cgi_vars(r); - add_include_vars(r, conf->default_time_fmt); + add_include_vars(r); } /* Always unset the content-length. There is no way to know if * the content will be modified at some point by send_parsed_content.