From 9967bf49599f9be6eaaf9c5de5c84f15bb07df9f Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 15 Jul 2024 12:07:57 +0000
Subject: [PATCH] Merge r1919246 from trunk:

merge leading slashes by default

Submitted By: ylavic, covener
Reviewed By: ylavic, covener, gbechis



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1919248 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_rewrite.xml |  7 +++++++
 docs/manual/rewrite/flags.xml   |  6 +++++-
 modules/mappers/mod_rewrite.c   | 14 ++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/docs/manual/mod/mod_rewrite.xml b/docs/manual/mod/mod_rewrite.xml
index b0e996268af..69efd70f616 100644
--- a/docs/manual/mod/mod_rewrite.xml
+++ b/docs/manual/mod/mod_rewrite.xml
@@ -1497,6 +1497,13 @@ cannot use <code>$N</code> in the substitution string!
         <em><a href="../rewrite/flags.html#flag_unsafe_prefix_stat">details ...</a></em>
         </td>
     </tr>
+    <tr>
+        <td>UNC</td>
+        <td>Prevents the merging of multiple leading slashes, as used by Windows UNC paths.
+        <em><a href="../rewrite/flags.html#flag_unc">details ...</a></em>
+        </td>
+    </tr>
+
     </table>
 
 <note><title>Home directory expansion</title>
diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml
index da0f60af16f..7d638aaf875 100644
--- a/docs/manual/rewrite/flags.xml
+++ b/docs/manual/rewrite/flags.xml
@@ -866,6 +866,10 @@ The <code>L</code> flag can be useful in this context to end the
     This protects from a malicious URL causing the expanded substitution to
     map to an unexpected filesystem location.</p>
 </section>
-
+<section id="flag_unc"><title>UNC</title>
+    <p> Setting this flag prevents the merging of multiple leading slashes,
+    as used in Windows UNC paths.  The flag is not necessary when the rules
+    substitution starts with multiple literal slashes. </p>
+</section>
 
 </manualpage>
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 3fc2bafed01..f1c22e3235b 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -179,6 +179,7 @@ static const char* really_last_key = "rewrite_really_last";
 #define RULEFLAG_ESCAPECTLS         (1<<21)
 #define RULEFLAG_UNSAFE_PREFIX_STAT (1<<22)
 #define RULEFLAG_UNSAFE_ALLOW3F     (1<<23)
+#define RULEFLAG_UNC                (1<<24)
 
 /* return code of the rewrite rule
  * the result may be escaped - or not
@@ -3843,6 +3844,9 @@ static const char *cmd_rewriterule_setflag(apr_pool_t *p, void *_cfg,
         else if(!strcasecmp(key, "nsafeAllow3F")) {
             cfg->flags |= RULEFLAG_UNSAFE_ALLOW3F;
         }
+        else if(!strcasecmp(key, "NC")) {
+            cfg->flags |= RULEFLAG_UNC;
+        }
         else {
             ++error;
         }
@@ -4462,6 +4466,16 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p,
         return RULE_RC_MATCH;
     }
 
+    if (!(p->flags & RULEFLAG_UNC)) {
+        /* merge leading slashes, unless they were literals in the sub */
+        if (!AP_IS_SLASH(p->output[0]) || !AP_IS_SLASH(p->output[1])) {
+            while (AP_IS_SLASH(r->filename[0]) &&
+                   AP_IS_SLASH(r->filename[1])) {
+                r->filename++;
+            }
+        }
+    }
+
     /* Finally remember the forced mime-type */
     force_type_handler(p, ctx);
 
-- 
2.47.2