diff options
author | Jim Jagielski <jim@apache.org> | 2015-11-03 12:02:43 +0000 |
---|---|---|
committer | Jim Jagielski <jim@apache.org> | 2015-11-03 12:02:43 +0000 |
commit | a8158eec0dd50abb116eb0e15ce2f80e69f994a2 (patch) | |
tree | c13789c59efa09b54f8b6d2891a2749f27c73e87 | |
parent | 8657ce9a198bb68ed855d3b625cf591dce577be1 (diff) | |
download | httpd-a8158eec0dd50abb116eb0e15ce2f80e69f994a2.tar.gz |
Merge r1710380, r1710391 from trunk:
Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in.
followup to r1710380 -- refactored name and didn't have 'make depend'
Submitted by: covener
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712268 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | STATUS | 7 | ||||
-rw-r--r-- | docs/manual/mod/core.xml | 27 | ||||
-rw-r--r-- | include/http_core.h | 13 | ||||
-rw-r--r-- | server/core.c | 16 | ||||
-rw-r--r-- | server/util_script.c | 31 |
6 files changed, 77 insertions, 20 deletions
@@ -2,6 +2,9 @@ Changes with Apache 2.4.18 + *) core/util_script: making REDIRECT_URL a full URL is now opt-in + via new 'QualifyRedirectURL' directive. + *) mod_ssl: Extend expression parser registration to support ssl variables in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function syntax "ssl(VARNAME)". [Rainer Jung] @@ -111,13 +111,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * core: make the 2.4.17 behavior of fully qualifying REDIRECT_URL - opt-in. Original PR PR57785 - trunk patch: http://svn.apache.org/r1710380 - http://svn.apache.org/r1710391 - 2.4.x trunk works (needs CHANGES) - +1 covener, ylavic, jim - PATCHES PROPOSED TO BACKPORT FROM TRUNK: diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 03fd555f12..a21d0d2085 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -4609,5 +4609,32 @@ hostname or IP address</description> </usage> </directivesynopsis> +<directivesynopsis> +<name>QualifyRedirectURL</name> +<description>Controls whether the REDIRECT_URL environent variable is + fully qualified</description> +<syntax>QualifyRedirectURL ON|OFF</syntax> +<default>QualifyRedirectURL OFF</default> +<contextlist><context>server config</context><context>virtual host</context> +<context>directory</context> +</contextlist> +<override>FileInfo</override> +<compatibility>Directive supported in 2.4.18 and later. 2.4.17 acted +as if 'QualifyRedirectURL ON' was configured.</compatibility> + +<usage> + <p>This directive controls whether the server will ensure that the + REDIRECT_URL environment variable is fully qualified. By default, + the variable contains the verbatim URL requested by the client, + such as "/index.html". With <directive module="core" + >QualifyRedirectURL ON</directive>, the same request would result in a + value such as "http://www.example.com/index.html".</p> + <p>Even without this directive set, when a request is issued against a + fully qualified URL, REDIRECT_URL will remain fully qualified. + </p> +</usage> +</directivesynopsis> + + </modulesynopsis> diff --git a/include/http_core.h b/include/http_core.h index 6ca53f76ed..85354552c1 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -465,6 +465,17 @@ typedef unsigned long etag_components_t; /* This is the default value used */ #define ETAG_BACKWARD (ETAG_MTIME | ETAG_SIZE) +/* Generic ON/OFF/UNSET for unsigned int foo :2 */ +#define AP_CORE_CONFIG_OFF (0) +#define AP_CORE_CONFIG_ON (1) +#define AP_CORE_CONFIG_UNSET (2) + +/* Generic merge of flag */ +#define AP_CORE_MERGE_FLAG(field, to, base, over) to->field = \ + over->field != AP_CORE_CONFIG_UNSET \ + ? over->field \ + : base->field + /** * @brief Server Signature Enumeration */ @@ -630,6 +641,8 @@ typedef struct { * advice */ unsigned int cgi_pass_auth : 2; + unsigned int qualify_redirect_url :2; + } core_dir_config; /* macro to implement off by default behaviour */ diff --git a/server/core.c b/server/core.c index 37484b66e6..803d4d4b6d 100644 --- a/server/core.c +++ b/server/core.c @@ -191,6 +191,7 @@ static void *create_core_dir_config(apr_pool_t *a, char *dir) conf->max_reversals = AP_MAXRANGES_UNSET; conf->cgi_pass_auth = AP_CGI_PASS_AUTH_UNSET; + conf->qualify_redirect_url = AP_CORE_CONFIG_UNSET; return (void *)conf; } @@ -405,6 +406,8 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv) conf->cgi_pass_auth = new->cgi_pass_auth != AP_CGI_PASS_AUTH_UNSET ? new->cgi_pass_auth : base->cgi_pass_auth; + AP_CORE_MERGE_FLAG(qualify_redirect_url, conf, base, new); + return (void*)conf; } @@ -1707,6 +1710,15 @@ static const char *set_cgi_pass_auth(cmd_parms *cmd, void *d_, int flag) return NULL; } +static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag) +{ + core_dir_config *d = d_; + + d->qualify_redirect_url = flag ? AP_CORE_CONFIG_ON : AP_CORE_CONFIG_OFF; + + return NULL; +} + static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[]) { core_dir_config *d = d_; @@ -4206,6 +4218,10 @@ AP_INIT_TAKE12("LimitInternalRecursion", set_recursion_limit, NULL, RSRC_CONF, AP_INIT_FLAG("CGIPassAuth", set_cgi_pass_auth, NULL, OR_AUTHCFG, "Controls whether HTTP authorization headers, normally hidden, will " "be passed to scripts"), +AP_INIT_FLAG("QualifyRedirectURL", set_qualify_redirect_url, NULL, OR_FILEINFO, + "Controls whether HTTP authorization headers, normally hidden, will " + "be passed to scripts"), + AP_INIT_TAKE1("ForceType", ap_set_string_slot_lower, (void *)APR_OFFSETOF(core_dir_config, mime_type), OR_FILEINFO, "a mime type that overrides other configured type"), diff --git a/server/util_script.c b/server/util_script.c index 14991cd0ff..7ac79301fb 100644 --- a/server/util_script.c +++ b/server/util_script.c @@ -282,21 +282,26 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r) /* Apache custom error responses. If we have redirected set two new vars */ if (r->prev) { - /* PR#57785: reconstruct full URL here */ - apr_uri_t *uri = &r->prev->parsed_uri; - if (!uri->scheme) { - uri->scheme = (char*)ap_http_scheme(r->prev); - } - if (!uri->port) { - uri->port = ap_get_server_port(r->prev); - uri->port_str = apr_psprintf(r->pool, "%u", uri->port); - } - if (!uri->hostname) { - uri->hostname = (char*)ap_get_server_name_for_url(r->prev); + if (conf->qualify_redirect_url != AP_CORE_CONFIG_ON) { + add_unless_null(e, "REDIRECT_URL", r->prev->uri); + } + else { + /* PR#57785: reconstruct full URL here */ + apr_uri_t *uri = &r->prev->parsed_uri; + if (!uri->scheme) { + uri->scheme = (char*)ap_http_scheme(r->prev); + } + if (!uri->port) { + uri->port = ap_get_server_port(r->prev); + uri->port_str = apr_psprintf(r->pool, "%u", uri->port); + } + if (!uri->hostname) { + uri->hostname = (char*)ap_get_server_name_for_url(r->prev); + } + add_unless_null(e, "REDIRECT_URL", + apr_uri_unparse(r->pool, uri, 0)); } add_unless_null(e, "REDIRECT_QUERY_STRING", r->prev->args); - add_unless_null(e, "REDIRECT_URL", - apr_uri_unparse(r->pool, uri, 0)); } if (e != r->subprocess_env) { |