diff options
author | Yann Ylavic <ylavic@apache.org> | 2020-06-24 12:23:15 +0000 |
---|---|---|
committer | Yann Ylavic <ylavic@apache.org> | 2020-06-24 12:23:15 +0000 |
commit | 574db2f781576f8f526532c2935cab5bda210038 (patch) | |
tree | 9027b5359a49ec235d1ed527aba1529afc34c24c /modules/dav | |
parent | eb24229d58bbb90ed6d19f4e5fc77011b4a7198d (diff) | |
download | httpd-574db2f781576f8f526532c2935cab5bda210038.tar.gz |
Follow up to r1879074: don't let dav_process_if_header() go above root.
And fall through as "/".
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879149 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/dav')
-rw-r--r-- | modules/dav/main/util.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c index 8cf3fe5234..08ebe2764e 100644 --- a/modules/dav/main/util.c +++ b/modules/dav/main/util.c @@ -665,6 +665,7 @@ static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih) /* clean up the URI a bit */ if (!ap_normalize_path(parsed_uri.path, + AP_NORMALIZE_NOT_ABOVE_ROOT | AP_NORMALIZE_DECODE_UNRESERVED)) { return dav_new_error(r->pool, HTTP_BAD_REQUEST, DAV_ERR_IF_TAGGED, rv, |