From: Yann Ylavic Date: Thu, 7 Sep 2017 22:43:41 +0000 (+0000) Subject: core: Disallow Methods' registration at run time (.htaccess), they may be X-Git-Tag: 2.5.0-alpha~159 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4cc27823899e070268b906ca677ee838d07cf67a;p=thirdparty%2Fapache%2Fhttpd.git core: Disallow Methods' registration at run time (.htaccess), they may be used only if registered at init time (httpd.conf). Calling ap_method_register() in children processes is not the right scope since it won't be shared for all requests. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 4ca0e4cc822..2b744675e78 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) core: Disallow Methods' registration at runtime (.htaccess), they may be + used only if registered at init time (httpd.conf). [Yann Ylavic] + *) mod_md: v0.9.1: - various fixes in MDRenewWindow handling when specifying percent. Serialization changed. If someone already used percent configurations, it is advised to change these to a new value, diff --git a/server/core.c b/server/core.c index 76adb4d8693..c9b6837bd41 100644 --- a/server/core.c +++ b/server/core.c @@ -2331,6 +2331,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd, /* method has not been registered yet, but resource restriction * is always checked before method handling, so register it. */ + if (cmd->pool == cmd->temp_pool) { + /* In .htaccess, we can't globally register new methods. */ + return apr_psprintf(cmd->pool, "Could not register method '%s' " + "for %s from .htaccess configuration", + method, cmd->cmd->name); + } methnum = ap_method_register(cmd->pool, apr_pstrdup(cmd->pool, method)); }