From 48b5dfd6968cb076537b605d368d5fd889ebae86 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 7 Oct 2021 12:00:20 +0000
Subject: core: Add ap_unescape_url_ex() for better decoding control, and
 deprecate       unused AP_NORMALIZE_DROP_PARAMETERS flag.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893971 13f79535-47bb-0310-9956-ffa450edef68
---
 server/request.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'server/request.c')

diff --git a/server/request.c b/server/request.c
index df0ea6758f..cd2908da5d 100644
--- a/server/request.c
+++ b/server/request.c
@@ -243,14 +243,15 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
     /* Ignore URL unescaping for translated URIs already */
     if (access_status != DONE && r->parsed_uri.path) {
         core_dir_config *d = ap_get_core_module_config(r->per_dir_config);
-
-        if (d->allow_encoded_slashes) {
-            access_status = ap_unescape_url_keep2f(r->parsed_uri.path,
-                                                   d->decode_encoded_slashes);
+        /* Unreserved chars were already decoded by ap_normalize_path() */
+        unsigned int unescape_flags = AP_UNESCAPE_URL_KEEP_UNRESERVED;
+        if (!d->allow_encoded_slashes) {
+            unescape_flags |= AP_UNESCAPE_URL_FORBID_SLASHES;
         }
-        else {
-            access_status = ap_unescape_url(r->parsed_uri.path);
+        else if (!d->decode_encoded_slashes) {
+            unescape_flags |= AP_UNESCAPE_URL_KEEP_SLASHES;
         }
+        access_status = ap_unescape_url_ex(r->parsed_uri.path, unescape_flags);
         if (access_status) {
             if (access_status == HTTP_NOT_FOUND) {
                 if (! d->allow_encoded_slashes) {
-- 
cgit v1.2.3