diff options
| author | Graham Leggett <minfrin@apache.org> | 2013-04-23 15:14:34 +0200 |
|---|---|---|
| committer | Graham Leggett <minfrin@apache.org> | 2013-04-23 15:14:34 +0200 |
| commit | 1416de62f5550f4af94f4c14dd488027de9aa28d (patch) | |
| tree | b160063c2120bc419bdca4944f54bd6b54e916e2 /modules/dav/main | |
| parent | simple MPM: Lift the restriction that prevents mod_ssl taking (diff) | |
| download | apache2-1416de62f5550f4af94f4c14dd488027de9aa28d.tar.xz apache2-1416de62f5550f4af94f4c14dd488027de9aa28d.zip | |
mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. PR 53910
Patch submitted by Timothy Wood <tjw omnigroup com>
Tested by William Lewis <wiml omnigroup com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1470940 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/dav/main')
| -rw-r--r-- | modules/dav/main/util.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c index 2f4ce8d8cf..d2aff57a28 100644 --- a/modules/dav/main/util.c +++ b/modules/dav/main/util.c @@ -663,6 +663,13 @@ static dav_error * dav_process_if_header(request_rec *r, dav_if_header **p_ih) if (uri_len > 1 && parsed_uri.path[uri_len - 1] == '/') parsed_uri.path[--uri_len] = '\0'; + /* the resources we will compare to have unencoded paths */ + if (ap_unescape_url(parsed_uri.path) != OK) { + return dav_new_error(r->pool, HTTP_BAD_REQUEST, + DAV_ERR_IF_TAGGED, rv, + "Invalid percent encoded URI in tagged If-header."); + } + uri = parsed_uri.path; list_type = tagged; break; |