Follow up to r1879074: don't let dav_process_if_header() go above root.

And fall through as "/". git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879149 13f79535-47bb-0310-9956-ffa450edef68
author: Yann Ylavic <ylavic@apache.org> 2020-06-24 12:23:15 +0000
committer: Yann Ylavic <ylavic@apache.org> 2020-06-24 12:23:15 +0000
commit: 574db2f781576f8f526532c2935cab5bda210038 (patch)
tree: 9027b5359a49ec235d1ed527aba1529afc34c24c /modules/dav
parent: eb24229d58bbb90ed6d19f4e5fc77011b4a7198d (diff)
download: httpd-574db2f781576f8f526532c2935cab5bda210038.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
index 8cf3fe5234..08ebe2764e 100644
--- a/modules/dav/main/util.c
+++ b/modules/dav/main/util.c
@@ -665,6 +665,7 @@ static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih)
 
             /* clean up the URI a bit */
             if (!ap_normalize_path(parsed_uri.path,
+                                   AP_NORMALIZE_NOT_ABOVE_ROOT |
                                    AP_NORMALIZE_DECODE_UNRESERVED)) {
                 return dav_new_error(r->pool, HTTP_BAD_REQUEST,
                                      DAV_ERR_IF_TAGGED, rv,
author	Yann Ylavic <ylavic@apache.org>	2020-06-24 12:23:15 +0000
committer	Yann Ylavic <ylavic@apache.org>	2020-06-24 12:23:15 +0000
commit	574db2f781576f8f526532c2935cab5bda210038 (patch)
tree	9027b5359a49ec235d1ed527aba1529afc34c24c /modules/dav
parent	eb24229d58bbb90ed6d19f4e5fc77011b4a7198d (diff)
download	httpd-574db2f781576f8f526532c2935cab5bda210038.tar.gz