use AP_EXPR_FLAG_RESTRICTED in htaccess

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1933349 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 638682a375c22127ccab9b7738ba013b631d71d1..75b41110b31b01635bf67373d9fc441afebf716f 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -3686,12 +3686,17 @@ static const char *cmd_rewritecond(cmd_parms *cmd, void *in_dconf,
         newcond->regexp  = regexp;
     }
     else if (newcond->ptype == CONDPAT_AP_EXPR) {
+        int in_htaccess = cmd->pool == cmd->temp_pool;
         unsigned int flags = newcond->flags & CONDFLAG_NOVARY ?
                              AP_EXPR_FLAG_DONT_VARY : 0;
+        /* Use restricted ap_expr() parser in htaccess context. */
+        if (in_htaccess) flags |= AP_EXPR_FLAG_RESTRICTED;
         newcond->expr = ap_expr_parse_cmd(cmd, a2, flags, &err, NULL);
         if (err)
             return apr_psprintf(cmd->pool, "RewriteCond: cannot compile "
-                                "expression \"%s\": %s", a2, err);
+                                "expression%s \"%s\" %s",
+                                in_htaccess ? " in htaccess context" : "",
+                                a2, err);
     }
 
     return NULL;

diff --git a/modules/metadata/mod_setenvif.c b/modules/metadata/mod_setenvif.c
index 97e6106d966088695466b196b79c970cb9ca7b48..89dd394e74df6e735a0a3f5eefab734acd532a26 100644 (file)
--- a/modules/metadata/mod_setenvif.c
+++ b/modules/metadata/mod_setenvif.c
@@ -435,6 +435,12 @@ static const char *add_setenvifexpr(cmd_parms *cmd, void *mconfig,
     sei_cfg_rec *sconf;
     sei_entry *new;
     const char *err;
+    unsigned int flags = 0;
+
+    /* Use restricted ap_expr() parser in htaccess context. */
+    if (cmd->pool == cmd->temp_pool) {
+        flags |= AP_EXPR_FLAG_RESTRICTED;
+    }
 
     /*
      * Determine from our context into which record to put the entry.
@@ -458,7 +464,7 @@ static const char *add_setenvifexpr(cmd_parms *cmd, void *mconfig,
     new->regex = NULL;
     new->pattern = NULL;
     new->preg = NULL;
-    new->expr = ap_expr_parse_cmd(cmd, expr, 0, &err, NULL);
+    new->expr = ap_expr_parse_cmd(cmd, expr, flags, &err, NULL);
     if (err)
         return apr_psprintf(cmd->pool, "Could not parse expression \"%s\": %s",
                             expr, err);

diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index d5a525969695266e1769d9f8a09d2b2c54352d05..af3fb896bc0c63881f618c2246ade783270283bd 100644 (file)
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -1342,9 +1342,15 @@ static const char *cmd_setenv(cmd_parms *cmd, void *in_dconf,
     const char *err;
     sei_entry *new;
     const char *envvar = arg2;
+    unsigned int flags = 0;
+
+    /* Use restricted ap_expr() parser in htaccess context. */
+    if (cmd->pool == cmd->temp_pool) {
+        flags |= AP_EXPR_FLAG_RESTRICTED;
+    }
 
     new = apr_array_push(dconf->env_fixups);
-    new->cond = ap_expr_parse_cmd(cmd, arg1, 0, &err, NULL);
+    new->cond = ap_expr_parse_cmd(cmd, arg1, flags, &err, NULL);
     if (err) {
         return apr_psprintf(cmd->pool, "Could not parse expression \"%s\": %s",
                             arg1, err);
@@ -1371,7 +1377,8 @@ static const char *cmd_setenv(cmd_parms *cmd, void *in_dconf,
             arg3 = "";
         }
 
-        new->subst = ap_expr_parse_cmd(cmd, arg3, AP_EXPR_FLAG_STRING_RESULT, &err, NULL);
+        flags |= AP_EXPR_FLAG_STRING_RESULT;
+        new->subst = ap_expr_parse_cmd(cmd, arg3, flags, &err, NULL);
         if (err) {
             return apr_psprintf(cmd->pool, "Could not parse expression \"%s\": %s",
                                 arg3, err);