diff --git a/CHANGES b/CHANGES index bcd711c8f1..1550de2b3a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,7 @@ Changes with Apache 2.0.36 + + *) Fix AcceptPathInfo. PR 8234 [Cliff Woolley] + *) [Security] Added the APLOG_TOCLIENT flag to ap_log_rerror() to explicitly tell the server that warning messages should be sent to the client in addition to being recorded in the error log. diff --git a/modules/arch/win32/mod_isapi.c b/modules/arch/win32/mod_isapi.c index c53d2d0b7e..7a155129e3 100644 --- a/modules/arch/win32/mod_isapi.c +++ b/modules/arch/win32/mod_isapi.c @@ -362,8 +362,12 @@ apr_status_t isapi_handler (request_rec *r) if (r->finfo.filetype != APR_REG) return HTTP_FORBIDDEN; - if (r->path_info && *r->path_info && !r->used_path_info) + if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) && + r->path_info && *r->path_info) + { + /* default to accept */ return HTTP_NOT_FOUND; + } /* Load the isapi extention without caching (sconf == NULL) * but note that we will recover an existing cached module. diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c index 92c7663185..70cdf96cf2 100644 --- a/modules/generators/mod_cgi.c +++ b/modules/generators/mod_cgi.c @@ -627,7 +627,10 @@ static int cgi_handler(request_rec *r) return log_scripterror(r, conf, HTTP_FORBIDDEN, 0, "attempt to invoke directory as script"); - if (r->path_info && *r->path_info && !r->used_path_info) { + if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) && + r->path_info && *r->path_info) + { + /* default to accept */ return log_scripterror(r, conf, HTTP_NOT_FOUND, 0, "AcceptPathInfo off disallows user's path"); } diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c index c20e784091..82b26b4006 100644 --- a/modules/generators/mod_cgid.c +++ b/modules/generators/mod_cgid.c @@ -1063,7 +1063,10 @@ static int cgid_handler(request_rec *r) return log_scripterror(r, conf, HTTP_FORBIDDEN, 0, "attempt to invoke directory as script"); - if (r->path_info && *r->path_info && !r->used_path_info) { + if ((r->used_path_info == AP_REQ_REJECT_PATH_INFO) && + r->path_info && *r->path_info) + { + /* default to accept */ return log_scripterror(r, conf, HTTP_NOT_FOUND, 0, "AcceptPathInfo off disallows user's path"); } diff --git a/server/core.c b/server/core.c index c5685b9de3..a83044d2a5 100644 --- a/server/core.c +++ b/server/core.c @@ -3102,11 +3102,11 @@ static int core_override_type(request_rec *r) /* Deal with the poor soul who is trying to force path_info to be * accepted within the core_handler, where they will let the subreq - * address it's contents. This is toggled by the user in the very + * address its contents. This is toggled by the user in the very * beginning of the fixup phase, so modules should override the user's - * discresion in their own module fixup phase. It is tristate, if + * discretion in their own module fixup phase. It is tristate, if * the user doesn't specify, the result is 2 (which the module may - * interpret to it's own customary behavior.) It won't be tounched + * interpret to its own customary behavior.) It won't be touched * if the value is no longer undefined (2), so any module changing * the value prior to the fixup phase OVERRIDES the user's choice. */ @@ -3187,7 +3187,10 @@ static int default_handler(request_rec *r) return HTTP_NOT_FOUND; } - if (!(r->used_path_info & 1) && r->path_info && *r->path_info) { + if ((r->used_path_info != AP_REQ_ACCEPT_PATH_INFO) && + r->path_info && *r->path_info) + { + /* default to reject */ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, "File does not exist: %s", apr_pstrcat(r->pool, r->filename, r->path_info, NULL)); @@ -3939,10 +3942,10 @@ static int core_create_req(request_rec *r) ap_set_module_config(r->request_config, &core_module, req_cfg); - /* Begin by presuming any module can make it's own path_info assumptions, + /* Begin by presuming any module can make its own path_info assumptions, * until some module interjects and changes the value. */ - r->used_path_info = 2; + r->used_path_info = AP_REQ_DEFAULT_PATH_INFO; return OK; }