From 9d2ca013b661cd1ecad9ccfa09767896d0e28891 Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@apache.org>
Date: Wed, 3 Aug 2011 21:36:18 +0000
Subject: [PATCH] cleanups related to new AllowOverrideList functionality: -
 add new NOT_IN_HTACCESS flag for ap_check_cmd_context() - describe the need
 for this in new_api_2_4.xml - forbid Define and UnDefine in .htaccess

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1153676 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                                   |  3 +++
 docs/manual/developer/new_api_2_4.html.en |  5 +++++
 docs/manual/developer/new_api_2_4.xml     |  5 +++++
 include/ap_mmn.h                          |  3 ++-
 include/http_config.h                     |  1 +
 server/core.c                             | 11 +++++++++++
 6 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index f489b691ef8..5eb292c712a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.15
 
+  *) core: Add ap_check_cmd_context()-check if a command is executed in
+     .htaccess file. [Stefan Fritsch]
+
   *) mod_deflate: Fix endless loop if first bucket is metadata. PR 51590.
      [Torsten Foertsch <torsten foertsch gmx net>]
 
diff --git a/docs/manual/developer/new_api_2_4.html.en b/docs/manual/developer/new_api_2_4.html.en
index 9d5573cb82d..b11aad20335 100644
--- a/docs/manual/developer/new_api_2_4.html.en
+++ b/docs/manual/developer/new_api_2_4.html.en
@@ -111,6 +111,11 @@
       <li>New ap_process_fnmatch_configs() to process wildcards</li>
       <li>Change ap_configfile_t, ap_cfg_getline(), ap_cfg_getc() to return error
           code, new ap_pcfg_strerror().</li>
+      <li>Any config directive permitted in ACCESS_CONF context must now
+          correctly handle being called from an .htaccess file via the new
+          <code class="directive"><a href="../mod/core.html#allowoverridelist">AllowOverrideList</a></code> directive.
+          ap_check_cmd_context() accepts a new flag NOT_IN_HTACCESS to detect
+          this case.</li>
     </ul>
   
 
diff --git a/docs/manual/developer/new_api_2_4.xml b/docs/manual/developer/new_api_2_4.xml
index 284b4318e44..3a57ccd3194 100644
--- a/docs/manual/developer/new_api_2_4.xml
+++ b/docs/manual/developer/new_api_2_4.xml
@@ -111,6 +111,11 @@
       <li>New ap_process_fnmatch_configs() to process wildcards</li>
       <li>Change ap_configfile_t, ap_cfg_getline(), ap_cfg_getc() to return error
           code, new ap_pcfg_strerror().</li>
+      <li>Any config directive permitted in ACCESS_CONF context must now
+          correctly handle being called from an .htaccess file via the new
+          <directive module="core">AllowOverrideList</directive> directive.
+          ap_check_cmd_context() accepts a new flag NOT_IN_HTACCESS to detect
+          this case.</li>
     </ul>
   </section>
 
diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index 14ef8020a1d..019b36347ba 100644
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -345,6 +345,7 @@
  * 20110724.0 (2.3.14-dev) Add override_list as parameter to ap_parse_htaccess
  *                         Add member override_list to cmd_parms_struct,
  *                         core_dir_config and htaccess_result
+ * 20110724.1 (2.3.15-dev) add NOT_IN_HTACCESS
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -352,7 +353,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20110724
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 0                    /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 1                    /* 0...n */
 
 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
diff --git a/include/http_config.h b/include/http_config.h
index 26949b7fb21..2eef16a7108 100644
--- a/include/http_config.h
+++ b/include/http_config.h
@@ -881,6 +881,7 @@ AP_DECLARE(const char *) ap_check_cmd_context(cmd_parms *cmd,
 #define  NOT_IN_DIRECTORY       0x04 /**< Forbidden in &lt;Directory&gt; */
 #define  NOT_IN_LOCATION        0x08 /**< Forbidden in &lt;Location&gt; */
 #define  NOT_IN_FILES           0x10 /**< Forbidden in &lt;Files&gt; */
+#define  NOT_IN_HTACCESS        0x20 /**< Forbidden in .htaccess files */
 /** Forbidden in &lt;Directory&gt;/&lt;Location&gt;/&lt;Files&gt;*/
 #define  NOT_IN_DIR_LOC_FILE    (NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES)
 /** Forbidden in &lt;VirtualHost&gt;/&lt;Limit&gt;/&lt;Directory&gt;/&lt;Location&gt;/&lt;Files&gt; */
diff --git a/server/core.c b/server/core.c
index 71c13da5fc4..d11bbe60653 100644
--- a/server/core.c
+++ b/server/core.c
@@ -1104,6 +1104,11 @@ AP_DECLARE(const char *) ap_check_cmd_context(cmd_parms *cmd,
                            "section", NULL);
     }
 
+    if ((forbidden & NOT_IN_HTACCESS) && (cmd->pool == cmd->temp_pool)) {
+         return apr_pstrcat(cmd->pool, cmd->cmd->name, gt,
+                            " cannot occur within htaccess files", NULL);
+    }
+
     if ((forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE) {
         if (cmd->path != NULL) {
             return apr_pstrcat(cmd->pool, cmd->cmd->name, gt,
@@ -1268,6 +1273,9 @@ static void init_config_defines(apr_pool_t *pconf)
 static const char *set_define(cmd_parms *cmd, void *dummy,
                               const char *name, const char *value)
 {
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
+    if (err)
+        return err;
     if (ap_strchr_c(name, ':') != NULL)
         return "Variable name must not contain ':'";
 
@@ -1291,6 +1299,9 @@ static const char *unset_define(cmd_parms *cmd, void *dummy,
 {
     int i;
     char **defines;
+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
+    if (err)
+        return err;
     if (ap_strchr_c(name, ':') != NULL)
         return "Variable name must not contain ':'";
 
-- 
2.47.2