www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

core, mod_proxy: If a kept_body is present, it becomes safe for

Browse Source 
subrequests to support message bodies. Make sure that safety
checks within the core and within the proxy are not triggered
when kept_body is present. This makes it possible to embed
proxied POST requests within mod_include.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@654968 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Graham Leggett
2008-05-09 22:40:01 +00:00
parent 00db8a73d2
commit 1d1c483317
3 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@@ -2,6 +2,12 @@
Changes with Apache 2.3.0 Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ] [ When backported to 2.2.x, remove entry from this file ]
*) core, mod_proxy: If a kept_body is present, it becomes safe for
subrequests to support message bodies. Make sure that safety
checks within the core and within the proxy are not triggered
when kept_body is present. This makes it possible to embed
proxied POST requests within mod_include. [Graham Leggett]
*) mod_auth_form: Make sure the input filter stack is properly set *) mod_auth_form: Make sure the input filter stack is properly set
up before reading the login form. Make sure the kept body filter up before reading the login form. Make sure the kept body filter
is correctly inserted to ensure the body can be read a second is correctly inserted to ensure the body can be read a second

9
modules/proxy/mod_proxy_http.c
View File

@@ -266,6 +266,10 @@ static int pass_brigade(apr_bucket_alloc_t *bucket_alloc,
apr_brigade_length(bb, 0, &transferred); apr_brigade_length(bb, 0, &transferred);
if (transferred != -1) if (transferred != -1)
conn->worker->s->transferred += transferred; conn->worker->s->transferred += transferred;
char tmp[1024000];
apr_size_t tlen = 1024000;
apr_brigade_flatten(bb, tmp, &tlen);
printf(tmp, NULL);
status = ap_pass_brigade(origin->output_filters, bb); status = ap_pass_brigade(origin->output_filters, bb);
if (status != APR_SUCCESS) { if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server,
@@ -893,8 +897,11 @@ int ap_proxy_http_request(apr_pool_t *p, request_rec *r,
* input_brigade and jump past all of the request body logic... * input_brigade and jump past all of the request body logic...
* Reading anything with ap_get_brigade is likely to consume the * Reading anything with ap_get_brigade is likely to consume the
* main request's body or read beyond EOS - which would be unplesant. * main request's body or read beyond EOS - which would be unplesant.
*
* An exception: when a kept_body is present, then subrequest CAN use
* pass request bodies, and we DONT skip the body.
*/ */
if (r->main) { if (!r->kept_body && r->main) {
/* XXX: Why DON'T sub-requests use keepalives? */ /* XXX: Why DON'T sub-requests use keepalives? */
p_conn->close++; p_conn->close++;
if (old_cl_val) { if (old_cl_val) {

4
server/protocol.c
View File

@@ -1084,8 +1084,8 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
/* did the original request have a body? (e.g. POST w/SSI tags) /* did the original request have a body? (e.g. POST w/SSI tags)
* if so, make sure the subrequest doesn't inherit body headers * if so, make sure the subrequest doesn't inherit body headers
*/ */
if (apr_table_get(r->headers_in, "Content-Length") if (!r->kept_body && (apr_table_get(r->headers_in, "Content-Length")
|| apr_table_get(r->headers_in, "Transfer-Encoding")) { || apr_table_get(r->headers_in, "Transfer-Encoding"))) {
clone_headers_no_body(rnew, r); clone_headers_no_body(rnew, r);
} else { } else {
/* no body (common case). clone headers the cheap way */ /* no body (common case). clone headers the cheap way */