From fb5675a5b8922bc9c605a589b795c37aa14a2f75 Mon Sep 17 00:00:00 2001 From: Ben Reser Date: Tue, 6 May 2014 05:00:21 +0000 Subject: mod_dav: Fix invalid Location header when a resource is created by passing an absolute URI on the request line. Using r->unparsed_uri is wrong since it might contain a scheme, hostname and port. See section 5.1.2 of RFC 2616, an absolute URI is allowed. The unparsed_uri field is absolutely unparsed. The current code causes the Location header to end up having the scheme, host and port included twice. * modules/dav/main/mod_dav.c (dav_created): Call ap_escape_uri() on r->uri when caller doesn't provide a location. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1592655 13f79535-47bb-0310-9956-ffa450edef68 --- modules/dav/main/mod_dav.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/dav') diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index 93346250c1..77a3b12a12 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -611,7 +611,7 @@ static int dav_created(request_rec *r, const char *locn, const char *what, const char *body; if (locn == NULL) { - locn = r->unparsed_uri; + locn = ap_escape_uri(r->pool, r->uri); } /* did the target resource already exist? */ -- cgit v1.2.3