www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity
34,172 Commits 62 Branches 304 Tags
trunk
Commit Graph

43 Commits

Author SHA1 Message Date
Giovanni Bechis
08a65eee57 fix separator parsing, PR #333 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908658 13f79535-47bb-0310-9956-ffa450edef68
 2023-03-23 08:02:47 +00:00
Christophe Jaillet
caf4efca9f Harden mod_session and avoid overflow in case of indecently large session 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900335 13f79535-47bb-0310-9956-ffa450edef68
 2022-04-27 20:08:50 +00:00
Yann Ylavic
7e09dd714f mod_session: account for the '&' in identity_concat(). 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887052 13f79535-47bb-0310-9956-ffa450edef68
 2021-03-01 20:13:54 +00:00
Yann Ylavic
67bd9bfe6c mod_session: save one apr_strtok() in session_identity_decode(). 
When the encoding is invalid (missing '='), no need to parse further.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68
 2021-03-01 20:07:08 +00:00
Christophe Jaillet
737298605c Improve a message about SessionExpiryUpdateInterval values 
PR 64904

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883414 13f79535-47bb-0310-9956-ffa450edef68
 2020-11-14 07:53:02 +00:00
Eric Covener
2f1ab3e2e2 restore/explain new session creation 
followup to r1874673.  With the included providers for load/save this path should
not be taken.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874691 13f79535-47bb-0310-9956-ffa450edef68
 2020-03-02 12:03:26 +00:00
Eric Covener
2c8a4fe01c PR56052: resolve problems with expired sessions 
session_load providers cache the session_rec pointer, so hollow
them out and reuse them instead of replacing them.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874673 13f79535-47bb-0310-9956-ffa450edef68
 2020-03-01 22:39:11 +00:00
Mike Rumph
85760859ca Fix spelling errors found by codespell. [skip ci] 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873985 13f79535-47bb-0310-9956-ffa450edef68
 2020-02-13 18:15:57 +00:00
Eric Covener
0f5d0ad18e leave a hint about session expiration at TRACE2 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1865871 13f79535-47bb-0310-9956-ffa450edef68
 2019-08-25 01:54:39 +00:00
Hank Ibell
39fbba1eb0 Always decode session attributes early. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850947 13f79535-47bb-0310-9956-ffa450edef68
 2019-01-10 15:52:31 +00:00
Yann Ylavic
bf85d9079e mod_session: Strip Session header when SessionEnv is on. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824390 13f79535-47bb-0310-9956-ffa450edef68
 2018-02-16 00:22:38 +00:00
Jacob Champion
091f96ee10 Remove unnecessary apr_table_do() function casts 
Function casts can cause hard-to-debug corruption issues if a
declaration is accidentally changed to be incompatible. Luckily, most of
the function casts for apr_table_do() calls are unnecessary. Remove
them, and adjust the signatures for helpers that weren't taking void* as
the first argument.

The remaining helper that requires a cast is http_filter.c's
form_header_field(), which is probably where many of these casts were
copy-pasted from. I have left it as-is: it has other direct callers
besides apr_table_do(), and it's already documented with warnings not to
change the function signature.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769192 13f79535-47bb-0310-9956-ffa450edef68
 2016-11-10 20:53:21 +00:00
Yann Ylavic
a83e9b4d71 mod_session: Introduce SessionExpiryUpdateInterval which allows to 
configure the session/cookie expiry's update interval. PR 57300.

Submitted by: Paul Spangler <paul.spangler ni.com>
Reviewed/Committed by: ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1709121 13f79535-47bb-0310-9956-ffa450edef68
 2015-10-16 22:36:17 +00:00
Graham Leggett
48ebde687b mod_session: When we have a session we were unable to decode, behave as if there was no session at all. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1560977 13f79535-47bb-0310-9956-ffa450edef68
 2014-01-24 13:02:42 +00:00
Jeff Trawick
2ab66dcfb3 mod_session: Fix problems interpreting the SessionInclude and 
SessionExclude configuration.

PR: 56038
Submitted by: Erik Pearson <erik adaptations.com>
Reviewed by: trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1559828 13f79535-47bb-0310-9956-ffa450edef68
 2014-01-20 21:01:15 +00:00
Graham Leggett
c8b1ad8f55 mod_session: Reset the max-age on session save. PR 47476. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1531683 13f79535-47bb-0310-9956-ffa450edef68
 2013-10-13 13:07:19 +00:00
Graham Leggett
0d9b5c81a5 mod_session: After parsing the value of the header specified by the 
SessionHeader directive, remove the value from the response. PR 55279.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1531679 13f79535-47bb-0310-9956-ffa450edef68
 2013-10-13 12:27:54 +00:00
Graham Leggett
3eed634c9c CVE-2013-2249 
mod_session_dbd: Make sure that dirty flag is respected when saving 
sessions, and ensure the session ID is changed each time the session 
changes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1488158 13f79535-47bb-0310-9956-ffa450edef68
 2013-05-31 11:13:25 +00:00
Christophe Jaillet
2cf5acd15f s/;;/;/ 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1397636 13f79535-47bb-0310-9956-ffa450edef68
 2012-10-12 16:41:34 +00:00
Stefan Fritsch
8c960a8c15 Various code clean up 
Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>
PR: 52893 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1361801 13f79535-47bb-0310-9956-ffa450edef68
 2012-07-15 21:14:00 +00:00
Graham Leggett
720f5f4e43 mod_session: Sessions are encoded as application/x-www-form-urlencoded strings, however we 
do not handle the encoding of spaces properly. Fixed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1293658 13f79535-47bb-0310-9956-ffa450edef68
 2012-02-25 18:10:56 +00:00
Stefan Fritsch
92e366007c Add lots of unique tags to error log messages 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209766 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 23:02:04 +00:00
Graham Leggett
45eb1cdd06 mod_session: Use apr_status_t as a return code across the mod_session API, 
clarify where we ignore errors and why.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209603 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 17:47:05 +00:00
Stefan Fritsch
7ecccc1570 Remove some more now redundant log prefixes 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1208816 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-30 21:51:51 +00:00
Stefan Fritsch
59c52538f3 Code cleanup: replace apr_table_set with non-copying apr_table_setn 
in a few places

Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1137413 13f79535-47bb-0310-9956-ffa450edef68
 2011-06-19 18:50:12 +00:00
Jim Jagielski
e0d16cce4d Note for future dev.... 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1030496 13f79535-47bb-0310-9956-ffa450edef68
 2010-11-03 15:21:50 +00:00
Paul Querna
ad53d4dcbd CVE-2010-1452: Fix handling of missing path segments in the parsed URI structure. 
If a specially crafted request was sent, it is possible to crash mod_dav, 
mod_cache or mod_session, as they accessed a field that is set to NULL
by the URI parser, assuming that it always put in a valid string.

PR: 49246
Submitted by: Mark Drayton
Patch by: Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@966348 13f79535-47bb-0310-9956-ffa450edef68
 2010-07-21 18:25:01 +00:00
Stefan Fritsch
ebb62867fb Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take 
advantage of per-module loglevels


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@951895 13f79535-47bb-0310-9956-ffa450edef68
 2010-06-06 16:59:50 +00:00
Graham Leggett
c48364cabc mod_session: Session expiry was being initialised, but not updated 
on each session save, resulting in timed out sessions when there
should not have been. Fixed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@905490 13f79535-47bb-0310-9956-ffa450edef68
 2010-02-02 01:18:36 +00:00
Graham Leggett
b890238ef4 mod_session.c: Prevent a segfault when session is added but not 
configured.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814327 13f79535-47bb-0310-9956-ffa450edef68
 2009-09-13 14:59:28 +00:00
Graham Leggett
2a63c6013f Remove stray trailing whitespace from mod_session.c. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814325 13f79535-47bb-0310-9956-ffa450edef68
 2009-09-13 14:56:07 +00:00
Ruediger Pluem
dd3067baac * Prevent a segfault when a CGI script sets a cookie with a null value. 
Submitted by: David Shane Holden <dpejesh apache.org>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@678160 13f79535-47bb-0310-9956-ffa450edef68
 2008-07-19 14:00:23 +00:00
William A. Rowe Jr
acd6d4f502 You don't export the local registered functions 
when using optional fn's and hooks.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@664224 13f79535-47bb-0310-9956-ffa450edef68
 2008-06-07 00:59:04 +00:00
William A. Rowe Jr
11e672a797 mod_session has a different scope than the core. 
Replace the nonsense (see modules such as mod_dav,
mod_cache etc for similar examples).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@664165 13f79535-47bb-0310-9956-ffa450edef68
 2008-06-06 22:29:58 +00:00
Graham Leggett
563761538e Be defensive to ensure no segfault should the session entries table 
not be initialised.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@649111 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-17 14:01:21 +00:00
Graham Leggett
6919d5d261 Change the directives within the mod_session* modules to be valid 
both inside and outside the location/directory sections, as suggested
by wrowe.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@646304 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-09 12:39:33 +00:00
Graham Leggett
36500032fc Insert prototypes to remove compiler warnings. [Joe Orton] 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@646126 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-08 23:12:12 +00:00
Ruediger Pluem
3bd88fb853 * Fix eol-style property. 
Changes to mod_session.c only fix line endings again. No functional
  changes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645923 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-08 13:49:49 +00:00
Guenter Knauf
8671e9c09c No var declarations in the middle of the code. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645877 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-08 12:32:50 +00:00
Paul Querna
a324a1d72f Remove all references to CORE_PRIVATE. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645455 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-07 10:45:43 +00:00
Graham Leggett
3e0bf1c8a1 Rename the ap_escape_path_segment_b function as suggested by 
Ruediger Pluem (left off commit r645120 by accident).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645132 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-05 16:30:44 +00:00
Graham Leggett
f10397f26c Make sure we protect ourselves against the session being NULL, which it will be 
if no session is configured.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@645112 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-05 15:05:15 +00:00
Graham Leggett
2b7c89aab4 mod_session: Add a generic session interface to unify the different 
attempts at saving persistent sessions across requests.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644746 13f79535-47bb-0310-9956-ffa450edef68
 2008-04-04 15:58:15 +00:00