From: André Malo Date: Fri, 15 Oct 2004 23:38:54 +0000 (+0000) Subject: OR_ALL is not a good choice. Use more restrictive permissions for the X-Git-Tag: 2.1.1~133 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e093a6c7395d530a81d504f17320da186e990c1;p=thirdparty%2Fapache%2Fhttpd.git OR_ALL is not a good choice. Use more restrictive permissions for the mod_filter directives. OR_OPTIONS for all but FilterTrace, which isn't allowed in htaccess, because it could DoS the server (see docs). We should consider to introduce an allowoverride filters or so. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105477 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/experimental/mod_filter.c b/modules/experimental/mod_filter.c index 1014cbbd29a..ebc22c713ff 100644 --- a/modules/experimental/mod_filter.c +++ b/modules/experimental/mod_filter.c @@ -720,16 +720,17 @@ static void *filter_merge(apr_pool_t *pool, void *BASE, void *ADD) } static const command_rec filter_cmds[] = { - AP_INIT_TAKE23("FilterDeclare", filter_declare, NULL, OR_ALL, - "filter-name, dispatch-criterion [, filter-type]") , - AP_INIT_TAKE3("FilterProvider", filter_provider, NULL, OR_ALL, - "filter-name, provider-name, dispatch-match") , - AP_INIT_ITERATE("FilterChain", filter_chain, NULL, OR_ALL, - "list of filter names with optional [+-=!@]") , - AP_INIT_TAKE2("FilterTrace", filter_debug, NULL, OR_ALL, "Debug level") , + AP_INIT_TAKE23("FilterDeclare", filter_declare, NULL, OR_OPTIONS, + "filter-name, dispatch-criterion [, filter-type]"), + AP_INIT_TAKE3("FilterProvider", filter_provider, NULL, OR_OPTIONS, + "filter-name, provider-name, dispatch-match"), + AP_INIT_ITERATE("FilterChain", filter_chain, NULL, OR_OPTIONS, + "list of filter names with optional [+-=!@]"), + AP_INIT_TAKE2("FilterTrace", filter_debug, NULL, RSRC_CONF | ACCESS_CONF, + "Debug level"), #ifndef NO_PROTOCOL - AP_INIT_TAKE23("FilterProtocol", filter_protocol, NULL, OR_ALL, - "filter-name [provider-name] protocol-args") , + AP_INIT_TAKE23("FilterProtocol", filter_protocol, NULL, OR_OPTIONS, + "filter-name [provider-name] protocol-args"), #endif { NULL } };