diff options
| author | Yann Ylavic <ylavic@apache.org> | 2020-06-22 12:29:27 +0200 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2020-06-22 12:29:27 +0200 |
| commit | 4c79fd280dfa3eede5a6f3baebc7ef2e55b3eb6a (patch) | |
| tree | b0a2d20a8bdbaef0d868fd2f3bc440ce1add089f /modules/generators | |
| parent | Backported to 2.4.x (diff) | |
| download | apache2-4c79fd280dfa3eede5a6f3baebc7ef2e55b3eb6a.tar.xz apache2-4c79fd280dfa3eede5a6f3baebc7ef2e55b3eb6a.zip | |
Add ap_normalize_path() to replace ap_getparents() (with options).
include/httpd.h: Declare ap_normalize_path() and flags.
AP_NORMALIZE_ALLOW_RELATIVE:
Don't require that the path be absolute as per RFC 7230.
This is needed for lookup subrequests.
AP_NORMALIZE_NOT_ABOVE_ROOT:
Check that directory traversal ("..") don't go above root, or
initial directory with relative paths.
AP_NORMALIZE_DECODE_UNRESERVED:
Decode unreserved characters (like '.') first since they have
the same semantics encoded and decoded.
AP_NORMALIZE_MERGE_SLASHES:
Merge multiple slahes into a single one.
AP_NORMALIZE_DROP_PARAMETERS:
Ignore path parameters (";foo=bar"). Not used by httpd but since
ap_normalize_path() is taken from mod_jk's jk_servlet_normalize()
it can allow them to use the upstream version now.
server/util.c: Implement ap_normalize_path().
modules/dav/main/util.c: Replace call to ap_getparents() using
ap_normalize_path() with AP_NORMALIZE_DECODE_UNRESERVED flag since
the path comes from an obsolute URL (thus potentially %-encoded).
modules/generators/mod_autoindex.c: Replace call to ap_getparents() using
ap_normalize_path() with AP_NORMALIZE_ALLOW_RELATIVE and
AP_NORMALIZE_NOT_ABOVE_ROOT flags to be consistent with original code.
include/ap_mmn.h: MINOR bump for ap_normalize_path().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879074 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/generators')
| -rw-r--r-- | modules/generators/mod_autoindex.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/generators/mod_autoindex.c b/modules/generators/mod_autoindex.c index f977b88324..e43ba91dee 100644 --- a/modules/generators/mod_autoindex.c +++ b/modules/generators/mod_autoindex.c @@ -1266,8 +1266,9 @@ static struct ent *make_parent_entry(apr_int32_t autoindex_opts, if (!(p->name = ap_make_full_path(r->pool, r->uri, "../"))) { return (NULL); } - ap_getparents(p->name); - if (!*p->name) { + if (!ap_normalize_path(p->name, AP_NORMALIZE_ALLOW_RELATIVE | + AP_NORMALIZE_NOT_ABOVE_ROOT) + || p->name[0] == '\0') { return (NULL); } |