diff options
-rw-r--r-- | src/mod_access.c | 37 | ||||
-rw-r--r-- | tests/docroot/www/Makefile.am | 2 | ||||
-rw-r--r-- | tests/docroot/www/index.html~ | 0 | ||||
-rwxr-xr-x | tests/mod-access.t | 9 | ||||
-rwxr-xr-x | tests/prepare.sh | 1 |
5 files changed, 40 insertions, 9 deletions
diff --git a/src/mod_access.c b/src/mod_access.c index 3fc05996..f100c804 100644 --- a/src/mod_access.c +++ b/src/mod_access.c @@ -111,6 +111,15 @@ static int mod_access_patch_connection(server *srv, connection *con, plugin_data } #undef PATCH +/** + * URI handler + * + * we will get called twice: + * - after the clean up of the URL and + * - after the pathinfo checks are done + * + * this handles the issue of trailing slashes + */ URIHANDLER_FUNC(mod_access_uri_handler) { plugin_data *p = p_d; int s_len; @@ -122,28 +131,41 @@ URIHANDLER_FUNC(mod_access_uri_handler) { s_len = con->uri.path->used - 1; + if (con->conf.log_request_handling) { + log_error_write(srv, __FILE__, __LINE__, "s", + "-- mod_access_uri_handler called"); + } + for (k = 0; k < p->conf.access_deny->used; k++) { data_string *ds = (data_string *)p->conf.access_deny->data[k]; int ct_len = ds->value->used - 1; + int denied = 0; - if (ct_len > s_len) continue; + if (ct_len > s_len) continue; if (ds->value->used == 0) continue; /* if we have a case-insensitive FS we have to lower-case the URI here too */ if (con->conf.force_lowercase_filenames) { if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { - con->http_status = 403; - - return HANDLER_FINISHED; + denied = 1; } } else { if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { - con->http_status = 403; + denied = 1; + } + } - return HANDLER_FINISHED; + if (denied) { + con->http_status = 403; + + if (con->conf.log_request_handling) { + log_error_write(srv, __FILE__, __LINE__, "sb", + "url denied as we match:", ds->value); } + + return HANDLER_FINISHED; } } @@ -158,7 +180,8 @@ int mod_access_plugin_init(plugin *p) { p->init = mod_access_init; p->set_defaults = mod_access_set_defaults; - p->handle_uri_clean = mod_access_uri_handler; + p->handle_uri_clean = mod_access_uri_handler; + p->handle_subrequest_start = mod_access_uri_handler; p->cleanup = mod_access_free; p->data = NULL; diff --git a/tests/docroot/www/Makefile.am b/tests/docroot/www/Makefile.am index 9198f56a..bcbd39c6 100644 --- a/tests/docroot/www/Makefile.am +++ b/tests/docroot/www/Makefile.am @@ -1,5 +1,5 @@ EXTRA_DIST=cgi.php cgi.pl dummydir index.html index.txt phpinfo.php \ redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \ nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \ - exec-date.shtml + exec-date.shtml index.html~ SUBDIRS=go indexfile expire diff --git a/tests/docroot/www/index.html~ b/tests/docroot/www/index.html~ new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/docroot/www/index.html~ diff --git a/tests/mod-access.t b/tests/mod-access.t index fb08db43..82275df3 100755 --- a/tests/mod-access.t +++ b/tests/mod-access.t @@ -8,7 +8,7 @@ BEGIN { use strict; use IO::Socket; -use Test::More tests => 3; +use Test::More tests => 4; use LightyTest; my $tf = LightyTest->new(); @@ -23,5 +23,12 @@ EOF $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; ok($tf->handle_http($t) == 0, 'forbid access to ...~'); +$t->{REQUEST} = ( <<EOF +GET /index.html~/ HTTP/1.0 +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; +ok($tf->handle_http($t) == 0, '#1230 - forbid access to ...~ - trailing slash'); + ok($tf->stop_proc == 0, "Stopping lighttpd"); diff --git a/tests/prepare.sh b/tests/prepare.sh index 040b6ee3..900ea16c 100755 --- a/tests/prepare.sh +++ b/tests/prepare.sh @@ -25,6 +25,7 @@ mkdir -p $tmpdir/cache/compress/ # copy everything into the right places cp $srcdir/docroot/www/*.html \ $srcdir/docroot/www/*.php \ + $srcdir/docroot/www/*.html~ \ $srcdir/docroot/www/*.pl \ $srcdir/docroot/www/*.fcgi \ $srcdir/docroot/www/*.shtml \ |