From 479da615a7004e195ed737e037e42ff3b5941832 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Sun, 2 Apr 2023 16:05:34 +0000 Subject: Post 2.4.57-rc1 tag updates git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.57-rc1-candidate@1908925 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_rewrite.html.en | 10 ++++ docs/manual/rewrite/flags.html.en | 96 ++++++++++++++++++++++++++----------- include/ap_release.h | 2 +- 3 files changed, 78 insertions(+), 30 deletions(-) diff --git a/docs/manual/mod/mod_rewrite.html.en b/docs/manual/mod/mod_rewrite.html.en index 1631fe0cc9..30d74341a3 100644 --- a/docs/manual/mod/mod_rewrite.html.en +++ b/docs/manual/mod/mod_rewrite.html.en @@ -1307,6 +1307,16 @@ cannot use $N in the substitution string! Escape non-alphanumeric characters in backreferences before applying the transformation. details ... + + BCTLS + Like [B], but only escape control characters and spaces. + details ... + + + BNE + Characters of [B] or [BCTLS] which should not be escaped. + details ... + backrefnoplus|BNP If backreferences are being escaped, spaces should be escaped to diff --git a/docs/manual/rewrite/flags.html.en b/docs/manual/rewrite/flags.html.en index caa4883f45..5e175f1772 100644 --- a/docs/manual/rewrite/flags.html.en +++ b/docs/manual/rewrite/flags.html.en @@ -34,6 +34,8 @@ providing detailed explanations and examples.

Support Apache!
top

BNP|backrefnoplus (don't escape space to +)

@@ -135,8 +139,40 @@ RewriteRule "^search/(.*)$" "/search.php?term=$1" "[B= ?]" in a backreference to %20 rather than '+'. Useful when the backreference will be used in the path component rather than the query string.

+
# Escape spaces to %20 in the path instead of + as used in form submission via
+# the query string
+RewriteRule "^search/(.*)$" "/search.php/$1" "[B,BNP]"
+ + +

This flag is available in version 2.4.26 and later.

+
top
+
+

BCTLS

+

The [BCTLS] flag is similar to the [B] flag, but only escapes +control characters and the space character. This is the same set of +characters rejected when they are copied into the query string unencoded. +

+ +
# Escape control characters and spaces
+RewriteRule "^search/(.*)$" "/search.php/$1" "[BCTLS]"
+ + +

This flag is available in version 2.4.57 and later.

+ +
top
+
+

BNE

+

The list of characters in [BNE=...] are treated as exclusions to the +characters of the [B] or [BCTLS] flags. The listed characters will not be +escaped. +

+ +
# Escape the default characters, but leave /
+RewriteRule "^search/(.*)$" "/search.php?term=$1" "[B,BNE=/]"
+ +

This flag is available in version 2.4.57 and later.

top

C|chain

@@ -218,7 +254,7 @@ attribute is set to the specified value. Typical values are None,

Consider this example:

RewriteEngine On
-RewriteRule "^/index\.html" "-" [CO=frontdoor:yes:.example.com:1440:/]
+RewriteRule "^/index\.html" "-" [CO=frontdoor:yes:.example.com:1440:/]

In the example give, the rule doesn't rewrite the request. @@ -303,8 +339,8 @@ value of '1' if the requested URI is an image file. Then, that environment variable is used to exclude those requests from the access log.

-
RewriteRule "\.(png|gif|jpg)$" "-" [E=image:1]
-CustomLog "logs/access_log" combined env=!image
+
RewriteRule "\.(png|gif|jpg)$"   "-" [E=image:1]
+CustomLog   "logs/access_log"    combined env=!image

Note that this same effect can be obtained using SetEnvIf. This technique is offered as @@ -329,7 +365,7 @@ allows more flexibility in assigning a Forbidden status.

The following rule will forbid .exe files from being downloaded from your server.

-
RewriteRule "\.exe" "-" [F]
+
RewriteRule "\.exe"   "-" [F]

This example uses the "-" syntax for the rewrite target, which means @@ -349,7 +385,7 @@ longer available.

As with the [F] flag, you will typically use the "-" syntax for the rewrite target when using the [G] flag:

-
RewriteRule "oldproduct" "-" [G,NC]
+
RewriteRule "oldproduct"   "-" [G,NC]

When using [G], an [L] is implied - that is, the response is returned @@ -362,7 +398,7 @@ immediately, and no further rules are evaluated.

handler. For example, one might use this to force all files without a file extension to be parsed by the php handler:

-
RewriteRule "!\." "-" [H=application/x-httpd-php]
+
RewriteRule "!\."  "-" [H=application/x-httpd-php]

@@ -424,8 +460,8 @@ argument to index.php, however, the index.php, the RewriteRule will be skipped.

RewriteBase "/"
-RewriteCond "%{REQUEST_URI}" "!=/index.php"
-RewriteRule "^(.*)" "/index.php?req=$1" [L,PT]
+RewriteCond "%{REQUEST_URI}" !=/index.php +RewriteRule "^(.*)" "/index.php?req=$1" [L,PT]
top
@@ -448,11 +484,11 @@ pattern still matches (i.e., while the URI still contains an A), perform this substitution (i.e., replace the A with a B).

-

In 2.4.8 and later, this module returns an error after 32,000 iterations to +

In 2.4.8 and later, this module returns an error after 10,000 iterations to protect against unintended looping. An alternative maximum number of iterations can be specified by adding to the N flag. 

# Be willing to replace 1 character in each pass of the loop
-RewriteRule "(.+)[><;]$" "$1" [N=64000]
+RewriteRule "(.+)[><;]$" "$1" [N=32000]
 # ... or, give up if after 10 loops
 RewriteRule "(.+)[><;]$" "$1" [N=10]
@@ -696,19 +732,21 @@ URI in request' warnings.

The [S] flag is used to skip rules that you don't want to run. The syntax of the skip flag is [S=N], where N signifies the number of rules to skip (provided the -RewriteRule matches). This can be thought of as a goto -statement in your rewrite ruleset. In the following example, we only want -to run the RewriteRule if the -requested URI doesn't correspond with an actual file.

+RewriteRule and any preceding +RewriteCond directives match). This can be thought of as a +goto statement in your rewrite ruleset. In the following +example, we only want to run the +RewriteRule if the requested URI doesn't correspond with an +actual file.

# Is the request for a non-existent file?
-RewriteCond "%{REQUEST_FILENAME}" "!-f"
-RewriteCond "%{REQUEST_FILENAME}" "!-d"
+RewriteCond "%{REQUEST_FILENAME}" !-f
+RewriteCond "%{REQUEST_FILENAME}" !-d
 # If so, skip these two RewriteRules
-RewriteRule ".?" "-" [S=2]
+RewriteRule ".?"                  "-" [S=2]
 
-RewriteRule "(.*\.gif)" "images.php?$1"
-RewriteRule "(.*\.html)" "docs.php?$1"
+RewriteRule "(.*\.gif)" "images.php?$1" +RewriteRule "(.*\.html)" "docs.php?$1"

This technique is useful because a RewriteCond only applies to the @@ -720,18 +758,18 @@ use this to make pseudo if-then-else constructs: The last rule of the then-clause becomes skip=N, where N is the number of rules in the else-clause:

# Does the file exist?
-RewriteCond "%{REQUEST_FILENAME}" "!-f"
-RewriteCond "%{REQUEST_FILENAME}" "!-d"
+RewriteCond "%{REQUEST_FILENAME}" !-f
+RewriteCond "%{REQUEST_FILENAME}" !-d
 # Create an if-then-else construct by skipping 3 lines if we meant to go to the "else" stanza.
-RewriteRule ".?" "-" [S=3]
+RewriteRule ".?"                  "-" [S=3]
 
 # IF the file exists, then:
-    RewriteRule "(.*\.gif)" "images.php?$1"
+    RewriteRule "(.*\.gif)"  "images.php?$1"
     RewriteRule "(.*\.html)" "docs.php?$1"
     # Skip past the "else" stanza.
-    RewriteRule ".?" "-" [S=1]
+    RewriteRule ".?"         "-" [S=1]
 # ELSE...
-    RewriteRule "(.*)" "404.php?file=$1"
+    RewriteRule "(.*)"       "404.php?file=$1"
 # END
@@ -748,7 +786,7 @@ sent. This has the same effect as the # Serve .pl files as plain text -RewriteRule "\.pl$" "-" [T=text/plain] +RewriteRule "\.pl$" "-" [T=text/plain]

Or, perhaps, if you have a camera that produces jpeg images without @@ -756,7 +794,7 @@ file extensions, you could force those images to be served with the correct MIME type by virtue of their file names:

# Files with 'IMG' in the name are jpg images.
-RewriteRule "IMG" "-" [T=image/jpg]
+RewriteRule "IMG" "-" [T=image/jpg]

Please note that this is a trivial example, and could be better done diff --git a/include/ap_release.h b/include/ap_release.h index ef0a3d5733..a5f511aebd 100644 --- a/include/ap_release.h +++ b/include/ap_release.h @@ -44,7 +44,7 @@ #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 4 #define AP_SERVER_PATCHLEVEL_NUMBER 57 -#define AP_SERVER_DEVBUILD_BOOLEAN 1 +#define AP_SERVER_DEVBUILD_BOOLEAN 0 /* Synchronize the above with docs/manual/style/version.ent */ -- cgit v1.2.1