* Always trust content types that we set literally

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1918814 13f79535-47bb-0310-9956-ffa450edef68

modules/cluster/mod_heartmonitor.c

@@ -782,7 +782,7 @@ static int hm_handler(request_rec *r)
     hmserver.seen = apr_time_now();
     hm_update_stat(ctx, &hmserver, r->pool);
 
-    ap_set_content_type(r, "text/plain");
+    ap_set_content_type_ex(r, "text/plain", 1);
     ap_set_content_length(r, 2);
     ap_rputs("OK", r);
     ap_rflush(r);

modules/dav/main/mod_dav.c

@@ -395,7 +395,7 @@ static int dav_error_response(request_rec *r, int status, const char *body)
     r->status = status;
     r->status_line = ap_get_status_line(status);
 
-    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+    ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
 
     /* begin the response now... */
     ap_rvputs(r,
@@ -426,7 +426,7 @@ static int dav_error_response_tag(request_rec *r,
 {
     r->status = err->status;
 
-    ap_set_content_type(r, DAV_XML_CONTENT_TYPE);
+    ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1);
 
     ap_rputs(DAV_XML_HEADER DEBUG_CR
              "<D:error xmlns:D=\"DAV:\"", r);
@@ -584,7 +584,7 @@ DAV_DECLARE(void) dav_begin_multistatus(apr_bucket_brigade *bb,
 {
     /* Set the correct status and Content-Type */
     r->status = status;
-    ap_set_content_type(r, DAV_XML_CONTENT_TYPE);
+    ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1);
 
     /* Send the headers and actual multistatus response now... */
     ap_fputs(r->output_filters, bb, DAV_XML_HEADER DEBUG_CR
@@ -2086,7 +2086,7 @@ static int dav_method_options(request_rec *r)
 
     /* send the options response */
     r->status = HTTP_OK;
-    ap_set_content_type(r, DAV_XML_CONTENT_TYPE);
+    ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1);
 
     /* send the headers and response body */
     ap_rputs(DAV_XML_HEADER DEBUG_CR
@@ -3437,7 +3437,7 @@ static int dav_method_lock(request_rec *r)
     (*locks_hooks->close_lockdb)(lockdb);
 
     r->status = HTTP_OK;
-    ap_set_content_type(r, DAV_XML_CONTENT_TYPE);
+    ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1);
 
     ap_rputs(DAV_XML_HEADER DEBUG_CR "<D:prop xmlns:D=\"DAV:\">" DEBUG_CR, r);
     if (lock == NULL)

modules/dav/main/ms_wdv.c

@@ -572,7 +572,7 @@ static dav_error *mswdv_combined_propfind(request_rec *r)
     apr_brigade_printf(bb, NULL, NULL, "%016" APR_UINT64_T_HEX_FMT,
                        (apr_uint64_t)rr->finfo.size);
 
-    ap_set_content_type(r, "multipart/MSDAVEXTPrefixEncoded");
+    ap_set_content_type_ex(r, "multipart/MSDAVEXTPrefixEncoded", 1);
 
     ap_pass_brigade(r->output_filters, bb);
 

modules/examples/mod_example_hooks.c

@@ -994,7 +994,7 @@ static int x_handler(request_rec *r)
      * Set the Content-type header. Note that we do not actually have to send
      * the headers: this is done by the http core.
      */
-    ap_set_content_type(r, "text/html");
+    ap_set_content_type_ex(r, "text/html", 1);
     /*
      * If we're only supposed to send header information (HEAD request), we're
      * already there.

modules/filters/mod_crypto.c

@@ -1013,7 +1013,7 @@ static int crypto_handler(request_rec *r)
             return HTTP_INTERNAL_SERVER_ERROR;
         }
 
-        ap_set_content_type(r, "application/octet-stream");
+        ap_set_content_type_ex(r, "application/octet-stream", 1);
         ap_set_content_length(r, rec->k.secret.secretLen);
         ap_rwrite(rec->k.secret.secret, rec->k.secret.secretLen, r);
 

modules/filters/mod_data.c

@@ -117,7 +117,7 @@ static apr_status_t data_out_filter(ap_filter_t *f, apr_bucket_brigade *bb)
             }
         }
 
-        ap_set_content_type(r, "text/plain");
+        ap_set_content_type_ex(r, "text/plain", 1);
 
     }
 

modules/filters/mod_include.c

@@ -3972,7 +3972,7 @@ static int include_fixup(request_rec *r)
     if (r->handler && (strcmp(r->handler, "server-parsed") == 0))
     {
         if (!r->content_type || !*r->content_type) {
-            ap_set_content_type(r, "text/html");
+            ap_set_content_type_ex(r, "text/html", 1);
         }
         r->handler = "default-handler";
     }

modules/filters/mod_proxy_html.c

@@ -1009,7 +1009,7 @@ static apr_status_t proxy_html_filter(ap_filter_t *f, apr_bucket_brigade *bb)
                         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, f->r, APLOGNO(01422)
                                       "No i18n support found.  Install mod_xml2enc if required");
                     enc = XML_CHAR_ENCODING_NONE;
-                    ap_set_content_type(f->r, "text/html;charset=utf-8");
+                    ap_set_content_type_ex(f->r, "text/html;charset=utf-8", 1);
                 }
                 else {
                     /* if we wanted a non-default charset_out, insert the
@@ -1025,7 +1025,7 @@ static apr_status_t proxy_html_filter(ap_filter_t *f, apr_bucket_brigade *bb)
                                                         cenc, NULL));
                     }
                     else /* Normal case, everything worked, utf-8 output */
-                        ap_set_content_type(f->r, "text/html;charset=utf-8");
+                        ap_set_content_type_ex(f->r, "text/html;charset=utf-8", 1);
                 }
 
                 ap_fputs(f->next, ctxt->bb, ctxt->cfg->doctype);

modules/generators/mod_cgi.c

@@ -671,7 +671,7 @@ static apr_status_t include_cgi(include_ctx_t *ctx, ap_filter_t *f,
     /* Force sub_req to be treated as a CGI request, even if ordinary
      * typing rules would have called it something else.
      */
-    ap_set_content_type(rr, CGI_MAGIC_TYPE);
+    ap_set_content_type_ex(rr, CGI_MAGIC_TYPE, 1);
 
     /* Run it. */
     rr_status = ap_run_sub_req(rr);

modules/generators/mod_cgid.c

@@ -1671,7 +1671,7 @@ static apr_status_t include_cgi(include_ctx_t *ctx, ap_filter_t *f,
     /* Force sub_req to be treated as a CGI request, even if ordinary
      * typing rules would have called it something else.
      */
-    ap_set_content_type(rr, CGI_MAGIC_TYPE);
+    ap_set_content_type_ex(rr, CGI_MAGIC_TYPE, 1);
 
     /* Run it. */
     rr_status = ap_run_sub_req(rr);

modules/generators/mod_info.c

@@ -784,7 +784,7 @@ static int display_info(request_rec * r)
         return DECLINED;
     }
 
-    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+    ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
 
     ap_rputs(DOCTYPE_XHTML_1_0T
              "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"

modules/generators/mod_status.c

@@ -273,7 +273,7 @@ static int status_handler(request_rec *r)
     if (r->method_number != M_GET)
         return DECLINED;
 
-    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+    ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
 
     /*
      * Simple table-driven form data set parser that lets you alter the header
@@ -301,7 +301,7 @@ static int status_handler(request_rec *r)
                     no_table_report = 1;
                     break;
                 case STAT_OPT_AUTO:
-                    ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
+                    ap_set_content_type_ex(r, "text/plain; charset=ISO-8859-1", 1);
                     short_report = 1;
                     break;
                 }

modules/http/http_filters.c

@@ -1115,7 +1115,7 @@ AP_DECLARE_NONSTD(int) ap_send_http_trace(request_rec *r)
         }
     }
 
-    ap_set_content_type(r, "message/http");
+    ap_set_content_type_ex(r, "message/http", 1);
 
     /* Now we recreate the request, and echo it back */
 

modules/http/http_protocol.c

@@ -1276,10 +1276,10 @@ AP_DECLARE(void) ap_send_error_response(request_rec *r, int recursive_error)
             request_conf->suppress_charset = 1; /* avoid adding default
                                                  * charset later
                                                  */
-            ap_set_content_type(r, "text/html");
+            ap_set_content_type_ex(r, "text/html", 1);
         }
         else {
-            ap_set_content_type(r, "text/html; charset=iso-8859-1");
+            ap_set_content_type_ex(r, "text/html; charset=iso-8859-1", 1);
         }
 
         if ((status == HTTP_METHOD_NOT_ALLOWED)

modules/ldap/util_ldap.c

@@ -200,7 +200,7 @@ static int util_ldap_handler(request_rec *r)
     st = (util_ldap_state_t *) ap_get_module_config(r->server->module_config,
             &ldap_module);
 
-    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+    ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
 
     if (r->header_only)
         return OK;

modules/mappers/mod_imagemap.c

@@ -475,7 +475,7 @@ static int imap_reply(request_rec *r, const char *redirect)
 
 static void menu_header(request_rec *r, char *menu)
 {
-    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+    ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
 
     ap_rvputs(r, DOCTYPE_HTML_4_01, "<html><head>\n<title>Menu for ",
               ap_escape_html(r->pool, r->uri),

modules/proxy/mod_proxy_balancer.c

@@ -1445,7 +1445,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf,
 
     if (usexml) {
         char date[APR_RFC822_DATE_LEN];
-        ap_set_content_type(r, "text/xml");
+        ap_set_content_type_ex(r, "text/xml", 1);
         ap_rputs("<?xml version='1.0' encoding='UTF-8' ?>\n", r);
         ap_rputs("<httpd:manager xmlns:httpd='http://httpd.apache.org'>\n", r);
         ap_rputs("  <httpd:balancers>\n", r);
@@ -1618,7 +1618,7 @@ static void balancer_display_page(request_rec *r, proxy_server_conf *conf,
         ap_rputs("</httpd:manager>", r);
     }
     else {
-        ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+        ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
         ap_rputs(DOCTYPE_HTML_4_01
                  "<html><head><title>Balancer Manager</title>\n", r);
         ap_rputs("<style type='text/css'>\n"