diff options
| author | Jan Kneschke <jan@kneschke.de> | 2007-06-15 14:46:17 +0000 |
|---|---|---|
| committer | Jan Kneschke <jan@kneschke.de> | 2007-06-15 14:46:17 +0000 |
| commit | 022760f07ded9f01b3373fb13e39e3977f818434 (patch) | |
| tree | 7c4ad96a9be676749c68a271cdb3272519e8b7dd /src/mod_access.c | |
| parent | 8b06b122b1c664f2191e6270a96e7705db7ea89c (diff) | |
| download | lighttpd-git-022760f07ded9f01b3373fb13e39e3977f818434.tar.gz | |
check the URL twice, before and after path-info handling. (fixes #1230)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1871 152afb58-edef-0310-8abb-c4023f1b3aa9
Diffstat (limited to 'src/mod_access.c')
| -rw-r--r-- | src/mod_access.c | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/src/mod_access.c b/src/mod_access.c index 3fc05996..f100c804 100644 --- a/src/mod_access.c +++ b/src/mod_access.c @@ -111,6 +111,15 @@ static int mod_access_patch_connection(server *srv, connection *con, plugin_data } #undef PATCH +/** + * URI handler + * + * we will get called twice: + * - after the clean up of the URL and + * - after the pathinfo checks are done + * + * this handles the issue of trailing slashes + */ URIHANDLER_FUNC(mod_access_uri_handler) { plugin_data *p = p_d; int s_len; @@ -122,28 +131,41 @@ URIHANDLER_FUNC(mod_access_uri_handler) { s_len = con->uri.path->used - 1; + if (con->conf.log_request_handling) { + log_error_write(srv, __FILE__, __LINE__, "s", + "-- mod_access_uri_handler called"); + } + for (k = 0; k < p->conf.access_deny->used; k++) { data_string *ds = (data_string *)p->conf.access_deny->data[k]; int ct_len = ds->value->used - 1; + int denied = 0; - if (ct_len > s_len) continue; + if (ct_len > s_len) continue; if (ds->value->used == 0) continue; /* if we have a case-insensitive FS we have to lower-case the URI here too */ if (con->conf.force_lowercase_filenames) { if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { - con->http_status = 403; - - return HANDLER_FINISHED; + denied = 1; } } else { if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { - con->http_status = 403; + denied = 1; + } + } - return HANDLER_FINISHED; + if (denied) { + con->http_status = 403; + + if (con->conf.log_request_handling) { + log_error_write(srv, __FILE__, __LINE__, "sb", + "url denied as we match:", ds->value); } + + return HANDLER_FINISHED; } } @@ -158,7 +180,8 @@ int mod_access_plugin_init(plugin *p) { p->init = mod_access_init; p->set_defaults = mod_access_set_defaults; - p->handle_uri_clean = mod_access_uri_handler; + p->handle_uri_clean = mod_access_uri_handler; + p->handle_subrequest_start = mod_access_uri_handler; p->cleanup = mod_access_free; p->data = NULL; |