From: Eric Covener <covener@apache.org>
Date: Tue, 2 Jun 2026 17:11:08 +0000 (+0000)
Subject: Merge r1934852 from trunk:
X-Git-Tag: 2.4.68-rc1-candidate~28
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=67003f03e73cb4f01ccf2a821e6297f0b970fdea;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1934852 from trunk:

expr parse fail should hide conditional content

these are neither true or false, the enclosing content should not
be printed


Submitted by: covener
Reviewed by: covener, jorton, rpluem

Github: closes #658


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1934899 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 8fc2d62a8a..199f7d8567 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.68
 
+  *) mod_include: Don't print any of if/elsif/else content when
+     a conditional evaluation returns an error. [Eric Covener]
+
   *) mod_unixd: CoreDumpDirectory requires enabling tracing on FreeBSD 11+.
      PR 65819.  [David CARLIER <devnexen gmail.com>]
 
diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c
index 2c0cc67545..0333d5c882 100644
--- a/modules/filters/mod_include.c
+++ b/modules/filters/mod_include.c
@@ -2329,6 +2329,8 @@ static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
 
     if (ctx->argc != 1) {
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2338,6 +2340,8 @@ static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01354) "unknown parameter \"%s\" "
                       "to tag if in %s", tag, r->filename);
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2345,6 +2349,8 @@ static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01355) "missing expr value for if "
                       "element in %s", r->filename);
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2356,6 +2362,8 @@ static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
         expr_ret = parse_ap_expr(ctx, expr, &was_error);
 
     if (was_error) {
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
         return APR_SUCCESS;
     }
@@ -2401,6 +2409,8 @@ static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
 
     if (ctx->argc != 1) {
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2410,6 +2420,8 @@ static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01358) "unknown parameter \"%s\" "
                       "to tag if in %s", tag, r->filename);
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2417,6 +2429,8 @@ static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01359) "missing expr in elif "
                       "statement: %s", r->filename);
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2434,6 +2448,8 @@ static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
         expr_ret = parse_ap_expr(ctx, expr, &was_error);
 
     if (was_error) {
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
         return APR_SUCCESS;
     }
@@ -2480,6 +2496,11 @@ static apr_status_t handle_else(include_ctx_t *ctx, ap_filter_t *f,
 
     DEBUG_DUMP_COND(ctx, " else");
 
+    /* Don't toggle printing if there was an expression evaluation error */
+    if (ctx->flags & SSI_FLAG_COND_ERROR) {
+        return APR_SUCCESS;
+    }
+
     if (ctx->flags & SSI_FLAG_COND_TRUE) {
         ctx->flags &= SSI_FLAG_CLEAR_PRINTING;
     }
@@ -2519,6 +2540,7 @@ static apr_status_t handle_endif(include_ctx_t *ctx, ap_filter_t *f,
     DEBUG_DUMP_COND(ctx, "endif");
 
     ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
+    ctx->flags &= ~SSI_FLAG_COND_ERROR;
 
     return APR_SUCCESS;
 }
diff --git a/modules/filters/mod_include.h b/modules/filters/mod_include.h
index 73714a298b..cf969e941d 100644
--- a/modules/filters/mod_include.h
+++ b/modules/filters/mod_include.h
@@ -57,6 +57,7 @@
 #define SSI_FLAG_COND_TRUE        (1<<1)  /* Conditional eval'd to true. */
 #define SSI_FLAG_SIZE_IN_BYTES    (1<<2)  /* Sizes displayed in bytes.   */
 #define SSI_FLAG_NO_EXEC          (1<<3)  /* No Exec in current context. */
+#define SSI_FLAG_COND_ERROR       (1<<4)  /* Conditional evaluation was in error */
 
 #define SSI_FLAG_SIZE_ABBREV      (~(SSI_FLAG_SIZE_IN_BYTES))
 #define SSI_FLAG_CLEAR_PRINT_COND (~((SSI_FLAG_PRINTING) | \