absolute URI on the request line.
Using r->unparsed_uri is wrong since it might contain a scheme, hostname and
port. See section 5.1.2 of RFC 2616, an absolute URI is allowed. The
unparsed_uri field is absolutely unparsed. The current code causes the
Location header to end up having the scheme, host and port included twice.
* modules/dav/main/mod_dav.c
(dav_created): Call ap_escape_uri() on r->uri when caller doesn't provide a
location.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1592655 13f79535-47bb-0310-9956-ffa450edef68
mod_dav: Keep track of length of cdata properly when removing leading spaces.
* modules/dav/main/util.c
(dav_xml_get_cdata): reduce len variable when increasing cdata pointer.
Submitted by: Amin Tora <Amin.Tora neustar.biz>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1556428 13f79535-47bb-0310-9956-ffa450edef68
The change made for PR 54611 caused this field to be treated as
unescaped. mod_dav_svn however, provided escaped URIs. Essentially
breaking support for paths with non-URI safe characters in SVN.
Adjust the code so that dav_resource->uri is assumed to be escaped and
adjust mod_dav_fs so that it uses escaped URIs in this field.
* modules/dav/fs/repos.c
(dav_fs_get_resource): Use the unparsed_uri to contruct the resource uri.
* modules/dav/main/mod_dav.c
(dav_xml_escape_uri): Do not uri escape, just handle xml escaping.
(dav_created): Assume that locn if provided is escaped.
(dav_method_copymove, dav_method_bind): Use the unparsed_uri on the request
when calling dav_created() to adjust to locn assuming it is escaped.
* modules/dav/main/mod_dav.h
(dav_resource): Document that uri is escaped.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1529559 13f79535-47bb-0310-9956-ffa450edef68
Makes mod_dav no longer require that the lock token be provided when the
source of a COPY is locked. The prior behavior was in violating of
RFC 4918 which says that the lock token is only required on resources
that may be modified by the method.
* modules/dav/main/mod_dav.h
(DAV_VALIDATE_NO_MODIFY): New flag to be passed to dav_validate_* functions.
* modules/dav/main/mod_dav.c
(dav_method_copymove): Use the new flag when calling dav_validate_request()
on the COPY source.
* modules/dav/main/util.c
(dav_validate_resource_state): Use the flag to decide to ignore if the lock
token is not provided.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1528718 13f79535-47bb-0310-9956-ffa450edef68
In short: do not validate conditions of a COPY source's parent since
it is not modified during the operation.
* modules/dav/main/mod_dav.c:
(dav_method_copymove): adjust params to dav_validate_request()
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1506714 13f79535-47bb-0310-9956-ffa450edef68
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.
Submitted by: Ben Reser <ben reser.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1485668 13f79535-47bb-0310-9956-ffa450edef68
to the output filters, which is bogus in the proxy case. Create a
clean mapping from APR codes to HTTP status codes, and use it where
needed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1482522 13f79535-47bb-0310-9956-ffa450edef68
we compare unencoded paths. PR 53910
Patch submitted by Timothy Wood <tjw omnigroup com>
Tested by William Lewis <wiml omnigroup com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1470940 13f79535-47bb-0310-9956-ffa450edef68
are allocated from the request pool and not modified later on.
Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>
PR: 51358
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1135084 13f79535-47bb-0310-9956-ffa450edef68
remove some unused variables and dead assignments, reduce the scope of some
variables, add some parens to improve readability
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103459 13f79535-47bb-0310-9956-ffa450edef68
This was a forgotten prototype hanging around for close
to 11 years where no code for existed (see r85816);
now removed from all branches per wrowe's permission.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1083536 13f79535-47bb-0310-9956-ffa450edef68
remove remaining uses of sprintf() in the dav modules.
This is a regression in 2.3.7 introduced by r931434.
It calls sizeof() for a function parameter, which only returns the
pointer size, not the size of the char array. Thus the
"creationdate" property got truncated to three characters.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@987484 13f79535-47bb-0310-9956-ffa450edef68
- Move some declarations into the correct #ifdef scope.
I couldn't compile/test netware, but the changes look obvious enough.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@982016 13f79535-47bb-0310-9956-ffa450edef68
If a specially crafted request was sent, it is possible to crash mod_dav,
mod_cache or mod_session, as they accessed a field that is set to NULL
by the URI parser, assuming that it always put in a valid string.
PR: 49246
Submitted by: Mark Drayton
Patch by: Jeff Trawick
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@966348 13f79535-47bb-0310-9956-ffa450edef68
