From: Jeff Trawick <trawick@apache.org>
Date: Sat, 18 Sep 2004 00:44:00 +0000 (+0000)
Subject: Fix the handling of URIs containing %2F when AllowEncodedSlashes
X-Git-Tag: 2.0.52~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa9476f788ed103d839852b83402ae0e37c7ca75;p=thirdparty%2Fapache%2Fhttpd.git

Fix the handling of URIs containing %2F when AllowEncodedSlashes
is enabled.  Previously, such urls would still be rejected with
404.

(original CHANGES entry tweaked to remove mention of status code;
404 is what you get with AllowEncodedSlashes Off, but with the
broken AllowEncodedSlashes On processing you actually got 400)

Submitted by:	trawick, stoddard
Reviewed by:	clar


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@105196 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index de21478aec4..9ccaf727b4c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.52
 
+  *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
+     is enabled.  Previously, such urls would still be rejected.
+     [Jeff Trawick, Bill Stoddard]
+
   *) mod_mem_cache: Fixed race condition causing segfault because of memory being
      freed twice, or reused after being freed.
      [J. Clar, W. Stoddard, G. Ames]
diff --git a/STATUS b/STATUS
index 6b15e5002c0..0f0b5fddbd0 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/09/17 15:28:07 $]
+Last modified at [$Date: 2004/09/18 00:43:59 $]
 
 Release:
 
@@ -113,12 +113,6 @@ PATCHES TO BACKPORT FROM 2.1
        jorton: ssl_var_lookup() returns "" in place of NULL, that was really
           a deliberate choice... but maybe you're right.
 
-    *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
-       is enabled.  Previously, such urls would still be rejected with
-       404.
-         server/util.c: r1.148, r1.149
-       +1: trawick, stoddard, clar
-
     *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
          modules/experimental/mod_auth_ldap.c: 1.28
          modules/experimental/util_ldap.c: 1.36
diff --git a/server/util.c b/server/util.c
index b7070241321..06ba8d1598a 100644
--- a/server/util.c
+++ b/server/util.c
@@ -1628,16 +1628,12 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url)
             else {
                 char decoded;
                 decoded = x2c(y + 1);
-                if (IS_SLASH(decoded)) {
-                    *x++ = *y++;
-                    *x = *y;
+                if (decoded == '\0') {
+                    badpath = 1;
                 }
                 else {
                     *x = decoded;
                     y += 2;
-                    if (decoded == '\0') {
-                        badpath = 1;
-                    }
                 }
             }
         }