From: Ken Coar Date: Thu, 31 Jan 2002 18:28:01 +0000 (+0000) Subject: Fix RedirectMatch so it won't emit invalid Location fields. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43154ec5da93763100a1ec81feb79a95e2e75449;p=thirdparty%2Fapache%2Fhttpd.git Fix RedirectMatch so it won't emit invalid Location fields. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@93134 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/CHANGES b/src/CHANGES index 74282654806..4e0f37621e4 100644 --- a/src/CHANGES +++ b/src/CHANGES @@ -1,5 +1,11 @@ Changes with Apache 1.3.24 + *) The Location: response header field, used for external + redirect, *must* be an absoluteURI. The Redirect directive + tested for that, but RedirectMatch didn't -- it would allow + almost anything through. Now it, too, will correctly varf + if the redirection target isn't an absoluteURI. [Ken Coar] + *) apxs: fix bug that prevented -S option from containing quotes. [Ben Laurie] diff --git a/src/modules/standard/mod_alias.c b/src/modules/standard/mod_alias.c index 3d31d43c8f4..f6ae1bcc5c8 100644 --- a/src/modules/standard/mod_alias.c +++ b/src/modules/standard/mod_alias.c @@ -66,6 +66,7 @@ #include "httpd.h" #include "http_config.h" +#include "http_log.h" typedef struct { char *real; @@ -391,8 +392,18 @@ static int fixup_redir(request_rec *r) /* It may have changed since last time, so try again */ if ((ret = try_alias_list(r, dirconf->redirects, 1, &status)) != NULL) { - if (ap_is_HTTP_REDIRECT(status)) - ap_table_setn(r->headers_out, "Location", ret); + if (ap_is_HTTP_REDIRECT(status)) { + if (!ap_is_url(ret)) { + status = HTTP_INTERNAL_SERVER_ERROR; + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r, + "cannot redirect '%s' to '%s'; " + "target is not a valid absoluteURI", + r->uri, ret); + } + else { + ap_table_setn(r->headers_out, "Location", ret); + } + } return status; }