From: Ruediger Pluem Date: Tue, 2 Jul 2024 06:35:53 +0000 (+0000) Subject: * Always trust content types that we set literally X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa4b05ee0536fdbd62b02eaab91f31ae3a305129;p=thirdparty%2Fapache%2Fhttpd.git * Always trust content types that we set literally git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1918814 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/cluster/mod_heartmonitor.c b/modules/cluster/mod_heartmonitor.c index 53b650469d7..68db585181b 100644 --- a/modules/cluster/mod_heartmonitor.c +++ b/modules/cluster/mod_heartmonitor.c @@ -782,7 +782,7 @@ static int hm_handler(request_rec *r) hmserver.seen = apr_time_now(); hm_update_stat(ctx, &hmserver, r->pool); - ap_set_content_type(r, "text/plain"); + ap_set_content_type_ex(r, "text/plain", 1); ap_set_content_length(r, 2); ap_rputs("OK", r); ap_rflush(r); diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index 44b6d79f5bd..30f724ef781 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -395,7 +395,7 @@ static int dav_error_response(request_rec *r, int status, const char *body) r->status = status; r->status_line = ap_get_status_line(status); - ap_set_content_type(r, "text/html; charset=ISO-8859-1"); + ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1); /* begin the response now... */ ap_rvputs(r, @@ -426,7 +426,7 @@ static int dav_error_response_tag(request_rec *r, { r->status = err->status; - ap_set_content_type(r, DAV_XML_CONTENT_TYPE); + ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1); ap_rputs(DAV_XML_HEADER DEBUG_CR "status = status; - ap_set_content_type(r, DAV_XML_CONTENT_TYPE); + ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1); /* Send the headers and actual multistatus response now... */ ap_fputs(r->output_filters, bb, DAV_XML_HEADER DEBUG_CR @@ -2086,7 +2086,7 @@ static int dav_method_options(request_rec *r) /* send the options response */ r->status = HTTP_OK; - ap_set_content_type(r, DAV_XML_CONTENT_TYPE); + ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1); /* send the headers and response body */ ap_rputs(DAV_XML_HEADER DEBUG_CR @@ -3437,7 +3437,7 @@ static int dav_method_lock(request_rec *r) (*locks_hooks->close_lockdb)(lockdb); r->status = HTTP_OK; - ap_set_content_type(r, DAV_XML_CONTENT_TYPE); + ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1); ap_rputs(DAV_XML_HEADER DEBUG_CR "" DEBUG_CR, r); if (lock == NULL) diff --git a/modules/dav/main/ms_wdv.c b/modules/dav/main/ms_wdv.c index 3a5c5cc1822..ecb506d168e 100644 --- a/modules/dav/main/ms_wdv.c +++ b/modules/dav/main/ms_wdv.c @@ -572,7 +572,7 @@ static dav_error *mswdv_combined_propfind(request_rec *r) apr_brigade_printf(bb, NULL, NULL, "%016" APR_UINT64_T_HEX_FMT, (apr_uint64_t)rr->finfo.size); - ap_set_content_type(r, "multipart/MSDAVEXTPrefixEncoded"); + ap_set_content_type_ex(r, "multipart/MSDAVEXTPrefixEncoded", 1); ap_pass_brigade(r->output_filters, bb); diff --git a/modules/examples/mod_example_hooks.c b/modules/examples/mod_example_hooks.c index ff458df99f4..03ebb42e992 100644 --- a/modules/examples/mod_example_hooks.c +++ b/modules/examples/mod_example_hooks.c @@ -994,7 +994,7 @@ static int x_handler(request_rec *r) * Set the Content-type header. Note that we do not actually have to send * the headers: this is done by the http core. */ - ap_set_content_type(r, "text/html"); + ap_set_content_type_ex(r, "text/html", 1); /* * If we're only supposed to send header information (HEAD request), we're * already there. diff --git a/modules/filters/mod_crypto.c b/modules/filters/mod_crypto.c index bd383e68085..9829c8b1b71 100644 --- a/modules/filters/mod_crypto.c +++ b/modules/filters/mod_crypto.c @@ -1013,7 +1013,7 @@ static int crypto_handler(request_rec *r) return HTTP_INTERNAL_SERVER_ERROR; } - ap_set_content_type(r, "application/octet-stream"); + ap_set_content_type_ex(r, "application/octet-stream", 1); ap_set_content_length(r, rec->k.secret.secretLen); ap_rwrite(rec->k.secret.secret, rec->k.secret.secretLen, r); diff --git a/modules/filters/mod_data.c b/modules/filters/mod_data.c index ddadd1b3605..4e6e63606ca 100644 --- a/modules/filters/mod_data.c +++ b/modules/filters/mod_data.c @@ -117,7 +117,7 @@ static apr_status_t data_out_filter(ap_filter_t *f, apr_bucket_brigade *bb) } } - ap_set_content_type(r, "text/plain"); + ap_set_content_type_ex(r, "text/plain", 1); } diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c index 584d8fb311f..2c0cc67545c 100644 --- a/modules/filters/mod_include.c +++ b/modules/filters/mod_include.c @@ -3972,7 +3972,7 @@ static int include_fixup(request_rec *r) if (r->handler && (strcmp(r->handler, "server-parsed") == 0)) { if (!r->content_type || !*r->content_type) { - ap_set_content_type(r, "text/html"); + ap_set_content_type_ex(r, "text/html", 1); } r->handler = "default-handler"; } diff --git a/modules/filters/mod_proxy_html.c b/modules/filters/mod_proxy_html.c index 685cb8be574..b423ca67bf2 100644 --- a/modules/filters/mod_proxy_html.c +++ b/modules/filters/mod_proxy_html.c @@ -1009,7 +1009,7 @@ static apr_status_t proxy_html_filter(ap_filter_t *f, apr_bucket_brigade *bb) ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, f->r, APLOGNO(01422) "No i18n support found. Install mod_xml2enc if required"); enc = XML_CHAR_ENCODING_NONE; - ap_set_content_type(f->r, "text/html;charset=utf-8"); + ap_set_content_type_ex(f->r, "text/html;charset=utf-8", 1); } else { /* if we wanted a non-default charset_out, insert the @@ -1025,7 +1025,7 @@ static apr_status_t proxy_html_filter(ap_filter_t *f, apr_bucket_brigade *bb) cenc, NULL)); } else /* Normal case, everything worked, utf-8 output */ - ap_set_content_type(f->r, "text/html;charset=utf-8"); + ap_set_content_type_ex(f->r, "text/html;charset=utf-8", 1); } ap_fputs(f->next, ctxt->bb, ctxt->cfg->doctype); diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c index 3799b06ce33..61d888dd946 100644 --- a/modules/generators/mod_cgi.c +++ b/modules/generators/mod_cgi.c @@ -671,7 +671,7 @@ static apr_status_t include_cgi(include_ctx_t *ctx, ap_filter_t *f, /* Force sub_req to be treated as a CGI request, even if ordinary * typing rules would have called it something else. */ - ap_set_content_type(rr, CGI_MAGIC_TYPE); + ap_set_content_type_ex(rr, CGI_MAGIC_TYPE, 1); /* Run it. */ rr_status = ap_run_sub_req(rr); diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c index c3bee74809f..b27dd802d80 100644 --- a/modules/generators/mod_cgid.c +++ b/modules/generators/mod_cgid.c @@ -1671,7 +1671,7 @@ static apr_status_t include_cgi(include_ctx_t *ctx, ap_filter_t *f, /* Force sub_req to be treated as a CGI request, even if ordinary * typing rules would have called it something else. */ - ap_set_content_type(rr, CGI_MAGIC_TYPE); + ap_set_content_type_ex(rr, CGI_MAGIC_TYPE, 1); /* Run it. */ rr_status = ap_run_sub_req(rr); diff --git a/modules/generators/mod_info.c b/modules/generators/mod_info.c index 3b5ae7a7259..758d37404a3 100644 --- a/modules/generators/mod_info.c +++ b/modules/generators/mod_info.c @@ -784,7 +784,7 @@ static int display_info(request_rec * r) return DECLINED; } - ap_set_content_type(r, "text/html; charset=ISO-8859-1"); + ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1); ap_rputs(DOCTYPE_XHTML_1_0T "\n" diff --git a/modules/generators/mod_status.c b/modules/generators/mod_status.c index eda23298720..a2d23e280e0 100644 --- a/modules/generators/mod_status.c +++ b/modules/generators/mod_status.c @@ -273,7 +273,7 @@ static int status_handler(request_rec *r) if (r->method_number != M_GET) return DECLINED; - ap_set_content_type(r, "text/html; charset=ISO-8859-1"); + ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1); /* * Simple table-driven form data set parser that lets you alter the header @@ -301,7 +301,7 @@ static int status_handler(request_rec *r) no_table_report = 1; break; case STAT_OPT_AUTO: - ap_set_content_type(r, "text/plain; charset=ISO-8859-1"); + ap_set_content_type_ex(r, "text/plain; charset=ISO-8859-1", 1); short_report = 1; break; } diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index daf66407e2a..426fe2fcb97 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -1115,7 +1115,7 @@ AP_DECLARE_NONSTD(int) ap_send_http_trace(request_rec *r) } } - ap_set_content_type(r, "message/http"); + ap_set_content_type_ex(r, "message/http", 1); /* Now we recreate the request, and echo it back */ diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index 701a7dd6bc3..6684f91b508 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -1276,10 +1276,10 @@ AP_DECLARE(void) ap_send_error_response(request_rec *r, int recursive_error) request_conf->suppress_charset = 1; /* avoid adding default * charset later */ - ap_set_content_type(r, "text/html"); + ap_set_content_type_ex(r, "text/html", 1); } else { - ap_set_content_type(r, "text/html; charset=iso-8859-1"); + ap_set_content_type_ex(r, "text/html; charset=iso-8859-1", 1); } if ((status == HTTP_METHOD_NOT_ALLOWED) diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index 52a12912b4d..1cfa10eee48 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -200,7 +200,7 @@ static int util_ldap_handler(request_rec *r) st = (util_ldap_state_t *) ap_get_module_config(r->server->module_config, &ldap_module); - ap_set_content_type(r, "text/html; charset=ISO-8859-1"); + ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1); if (r->header_only) return OK; diff --git a/modules/mappers/mod_imagemap.c b/modules/mappers/mod_imagemap.c index e7d140ed427..9c3fafe746b 100644 --- a/modules/mappers/mod_imagemap.c +++ b/modules/mappers/mod_imagemap.c @@ -475,7 +475,7 @@ static int imap_reply(request_rec *r, const char *redirect) static void menu_header(request_rec *r, char *menu) { - ap_set_content_type(r, "text/html; charset=ISO-8859-1"); + ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1); ap_rvputs(r, DOCTYPE_HTML_4_01, "\nMenu for ", ap_escape_html(r->pool, r->uri), diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c index ea1b034d00e..400b723ee9d 100644 --- a/modules/proxy/mod_proxy_balancer.c +++ b/modules/proxy/mod_proxy_balancer.c @@ -1445,7 +1445,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, if (usexml) { char date[APR_RFC822_DATE_LEN]; - ap_set_content_type(r, "text/xml"); + ap_set_content_type_ex(r, "text/xml", 1); ap_rputs("<?xml version='1.0' encoding='UTF-8' ?>\n", r); ap_rputs("<httpd:manager xmlns:httpd='http://httpd.apache.org'>\n", r); ap_rputs(" <httpd:balancers>\n", r); @@ -1618,7 +1618,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf, ap_rputs("</httpd:manager>", r); } else { - ap_set_content_type(r, "text/html; charset=ISO-8859-1"); + ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1); ap_rputs(DOCTYPE_HTML_4_01 "<html><head><title>Balancer Manager\n", r); ap_rputs("