Merge r1710380, r1710391 from trunk:

Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in. 




followup to r1710380 -- refactored name and didn't have 'make depend'


Submitted by: covener
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712268 13f79535-47bb-0310-9956-ffa450edef68

6 files changed, 77 insertions, 20 deletions

diff --git a/CHANGES b/CHANGES
index f2a2ff5722..195bf88bd0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.18
 
+  *) core/util_script: making REDIRECT_URL a full URL is now opt-in
+     via new 'QualifyRedirectURL' directive.
+
   *) mod_ssl: Extend expression parser registration to support ssl variables
      in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
      syntax "ssl(VARNAME)". [Rainer Jung]
diff --git a/STATUS b/STATUS
index a2378b3be4..e77e2d35da 100644
--- a/STATUS
+++ b/STATUS
@@ -111,13 +111,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * core: make the 2.4.17 behavior of fully qualifying REDIRECT_URL
-     opt-in.  Original PR PR57785
-     trunk patch: http://svn.apache.org/r1710380
-                  http://svn.apache.org/r1710391
-     2.4.x trunk works (needs CHANGES)
-     +1 covener, ylavic, jim
-
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 03fd555f12..a21d0d2085 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -4609,5 +4609,32 @@ hostname or IP address</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>QualifyRedirectURL</name>
+<description>Controls whether the REDIRECT_URL environent variable is 
+             fully qualified</description>
+<syntax>QualifyRedirectURL ON|OFF</syntax>
+<default>QualifyRedirectURL OFF</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context>
+</contextlist>
+<override>FileInfo</override>
+<compatibility>Directive supported in 2.4.18 and later. 2.4.17 acted
+as if 'QualifyRedirectURL ON' was configured.</compatibility>
+
+<usage>
+    <p>This directive controls whether the server will ensure that the 
+    REDIRECT_URL environment variable is fully qualified.  By default, 
+    the variable contains the verbatim URL requested by the client, 
+    such as "/index.html".  With <directive module="core"
+    >QualifyRedirectURL ON</directive>, the same request would result in a
+    value such as "http://www.example.com/index.html".</p>
+    <p>Even without this directive set, when a request is issued against a 
+    fully qualified URL, REDIRECT_URL will remain fully qualified.
+    </p>
+</usage>
+</directivesynopsis>
+
+
 
 </modulesynopsis>
diff --git a/include/http_core.h b/include/http_core.h
index 6ca53f76ed..85354552c1 100644
--- a/include/http_core.h
+++ b/include/http_core.h
@@ -465,6 +465,17 @@ typedef unsigned long etag_components_t;
 /* This is the default value used */
 #define ETAG_BACKWARD (ETAG_MTIME | ETAG_SIZE)
 
+/* Generic ON/OFF/UNSET for unsigned int foo :2 */
+#define AP_CORE_CONFIG_OFF   (0)
+#define AP_CORE_CONFIG_ON    (1)
+#define AP_CORE_CONFIG_UNSET (2)
+
+/* Generic merge of flag */
+#define AP_CORE_MERGE_FLAG(field, to, base, over) to->field = \
+               over->field != AP_CORE_CONFIG_UNSET            \
+               ? over->field                                  \
+               : base->field                                   
+
 /**
  * @brief Server Signature Enumeration
  */
@@ -630,6 +641,8 @@ typedef struct {
      * advice
      */
     unsigned int cgi_pass_auth : 2;
+    unsigned int qualify_redirect_url :2;
+
 } core_dir_config;
 
 /* macro to implement off by default behaviour */
diff --git a/server/core.c b/server/core.c
index 37484b66e6..803d4d4b6d 100644
--- a/server/core.c
+++ b/server/core.c
@@ -191,6 +191,7 @@ static void *create_core_dir_config(apr_pool_t *a, char *dir)
     conf->max_reversals = AP_MAXRANGES_UNSET;
 
     conf->cgi_pass_auth = AP_CGI_PASS_AUTH_UNSET;
+    conf->qualify_redirect_url = AP_CORE_CONFIG_UNSET; 
 
     return (void *)conf;
 }
@@ -405,6 +406,8 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv)
 
     conf->cgi_pass_auth = new->cgi_pass_auth != AP_CGI_PASS_AUTH_UNSET ? new->cgi_pass_auth : base->cgi_pass_auth;
 
+    AP_CORE_MERGE_FLAG(qualify_redirect_url, conf, base, new);
+
     return (void*)conf;
 }
 
@@ -1707,6 +1710,15 @@ static const char *set_cgi_pass_auth(cmd_parms *cmd, void *d_, int flag)
     return NULL;
 }
 
+static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag)
+{
+    core_dir_config *d = d_;
+
+    d->qualify_redirect_url = flag ? AP_CORE_CONFIG_ON : AP_CORE_CONFIG_OFF;
+
+    return NULL;
+}
+
 static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
 {
     core_dir_config *d = d_;
@@ -4206,6 +4218,10 @@ AP_INIT_TAKE12("LimitInternalRecursion", set_recursion_limit, NULL, RSRC_CONF,
 AP_INIT_FLAG("CGIPassAuth", set_cgi_pass_auth, NULL, OR_AUTHCFG,
              "Controls whether HTTP authorization headers, normally hidden, will "
              "be passed to scripts"),
+AP_INIT_FLAG("QualifyRedirectURL", set_qualify_redirect_url, NULL, OR_FILEINFO,
+             "Controls whether HTTP authorization headers, normally hidden, will "
+             "be passed to scripts"),
+
 AP_INIT_TAKE1("ForceType", ap_set_string_slot_lower,
        (void *)APR_OFFSETOF(core_dir_config, mime_type), OR_FILEINFO,
      "a mime type that overrides other configured type"),
diff --git a/server/util_script.c b/server/util_script.c
index 14991cd0ff..7ac79301fb 100644
--- a/server/util_script.c
+++ b/server/util_script.c
@@ -282,21 +282,26 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
     /* Apache custom error responses. If we have redirected set two new vars */
 
     if (r->prev) {
-        /* PR#57785: reconstruct full URL here */
-        apr_uri_t *uri = &r->prev->parsed_uri;
-        if (!uri->scheme) {
-            uri->scheme = (char*)ap_http_scheme(r->prev);
-        }
-        if (!uri->port) {
-            uri->port = ap_get_server_port(r->prev);
-            uri->port_str = apr_psprintf(r->pool, "%u", uri->port);
-        }
-        if (!uri->hostname) {
-            uri->hostname = (char*)ap_get_server_name_for_url(r->prev);
+        if (conf->qualify_redirect_url != AP_CORE_CONFIG_ON) { 
+            add_unless_null(e, "REDIRECT_URL", r->prev->uri);
+        }
+        else { 
+            /* PR#57785: reconstruct full URL here */
+            apr_uri_t *uri = &r->prev->parsed_uri;
+            if (!uri->scheme) {
+                uri->scheme = (char*)ap_http_scheme(r->prev);
+            }
+            if (!uri->port) {
+                uri->port = ap_get_server_port(r->prev);
+                uri->port_str = apr_psprintf(r->pool, "%u", uri->port);
+            }
+            if (!uri->hostname) {
+                uri->hostname = (char*)ap_get_server_name_for_url(r->prev);
+            }
+            add_unless_null(e, "REDIRECT_URL",
+                            apr_uri_unparse(r->pool, uri, 0));
         }
         add_unless_null(e, "REDIRECT_QUERY_STRING", r->prev->args);
-        add_unless_null(e, "REDIRECT_URL",
-                        apr_uri_unparse(r->pool, uri, 0));
     }
 
     if (e != r->subprocess_env) {