|
|
bdaebd |
diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
|
|
|
bdaebd |
index 0a24bc8..20d1e5a 100644
|
|
|
bdaebd |
--- a/docs/manual/mod/core.html.en
|
|
|
bdaebd |
+++ b/docs/manual/mod/core.html.en
|
|
|
bdaebd |
@@ -97,6 +97,7 @@ available
|
|
|
bdaebd |
MaxRangeOverlaps
|
|
|
bdaebd |
MaxRangeReversals
|
|
|
bdaebd |
MaxRanges
|
|
|
bdaebd |
+ MergeSlashes
|
|
|
bdaebd |
MergeTrailers
|
|
|
bdaebd |
Mutex
|
|
|
bdaebd |
NameVirtualHost
|
|
|
bdaebd |
@@ -3465,6 +3466,30 @@ resource
|
|
|
bdaebd |
|
|
|
bdaebd |
|
|
|
bdaebd |
|
|
|
bdaebd |
+
|
|
|
bdaebd |
+
|
|
|
bdaebd |
+Description:Controls whether the server merges consecutive slashes in URLs.
|
|
|
bdaebd |
+Syntax:MergeSlashes ON | OFF
|
|
|
bdaebd |
+Default:MergeSlashes ON
|
|
|
bdaebd |
+Context:server config, virtual host
|
|
|
bdaebd |
+Status:Core
|
|
|
bdaebd |
+Module:core
|
|
|
bdaebd |
+Compatibility:Available in Apache HTTP Server 2.4.6 in Red Hat Enterprise Linux 7
|
|
|
bdaebd |
+
|
|
|
bdaebd |
+ By default, the server merges (or collapses) multiple consecutive slash
|
|
|
bdaebd |
+ ('/') characters in the path component of the request URL.
|
|
|
bdaebd |
+
|
|
|
bdaebd |
+ When mapping URL's to the filesystem, these multiple slashes are not
|
|
|
bdaebd |
+ significant. However, URL's handled other ways, such as by CGI or proxy,
|
|
|
bdaebd |
+ might prefer to retain the significance of multiple consecutive slashes.
|
|
|
bdaebd |
+ In these cases MergeSlashes can be set to
|
|
|
bdaebd |
+ OFF to retain the multiple consecutive slashes. In these
|
|
|
bdaebd |
+ configurations, regular expressions used in the configuration file that match
|
|
|
bdaebd |
+ the path component of the URL (LocationMatch ,
|
|
|
bdaebd |
+ RewriteRule , ...) need to take into account multiple
|
|
|
bdaebd |
+ consecutive slashes.
|
|
|
bdaebd |
+
|
|
|
bdaebd |
+
|
|
|
bdaebd |
|
|
|
bdaebd |
|
|
|
bdaebd |
Description:Determines whether trailers are merged into headers
|
|
|
bdaebd |
--- a/include/http_core.h 2019/03/18 08:49:19 1855736
|
|
|
bdaebd |
+++ b/include/http_core.h 2019/03/18 08:49:59 1855737
|
|
|
bdaebd |
@@ -740,7 +740,7 @@
|
|
|
bdaebd |
#define AP_HTTP_METHODS_LENIENT 1
|
|
|
bdaebd |
#define AP_HTTP_METHODS_REGISTERED 2
|
|
|
bdaebd |
char http_methods;
|
|
|
bdaebd |
-
|
|
|
bdaebd |
+ unsigned int merge_slashes;
|
|
|
bdaebd |
} core_server_config;
|
|
|
bdaebd |
|
|
|
bdaebd |
/* for AddOutputFiltersByType in core.c */
|
|
|
bdaebd |
diff --git a/include/httpd.h b/include/httpd.h
|
|
|
bdaebd |
index 65392f8..99f7f04 100644
|
|
|
bdaebd |
--- a/include/httpd.h
|
|
|
bdaebd |
+++ b/include/httpd.h
|
|
|
bdaebd |
@@ -1697,11 +1697,21 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes);
|
|
|
bdaebd |
AP_DECLARE(int) ap_unescape_urlencoded(char *query);
|
|
|
bdaebd |
|
|
|
bdaebd |
/**
|
|
|
bdaebd |
- * Convert all double slashes to single slashes
|
|
|
bdaebd |
- * @param name The string to convert
|
|
|
bdaebd |
+ * Convert all double slashes to single slashes, except where significant
|
|
|
bdaebd |
+ * to the filesystem on the current platform.
|
|
|
bdaebd |
+ * @param name The string to convert, assumed to be a filesystem path
|
|
|
bdaebd |
*/
|
|
|
bdaebd |
AP_DECLARE(void) ap_no2slash(char *name);
|
|
|
bdaebd |
|
|
|
bdaebd |
+/**
|
|
|
bdaebd |
+ * Convert all double slashes to single slashes, except where significant
|
|
|
bdaebd |
+ * to the filesystem on the current platform.
|
|
|
bdaebd |
+ * @param name The string to convert
|
|
|
bdaebd |
+ * @param is_fs_path if set to 0, the significance of any double-slashes is
|
|
|
bdaebd |
+ * ignored.
|
|
|
bdaebd |
+ */
|
|
|
bdaebd |
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
|
|
|
bdaebd |
+
|
|
|
bdaebd |
/**
|
|
|
bdaebd |
* Remove all ./ and xx/../ substrings from a file name. Also remove
|
|
|
bdaebd |
* any leading ../ or /../ substrings.
|
|
|
bdaebd |
diff --git a/server/request.c b/server/request.c
|
|
|
bdaebd |
index dbe3e07..d5c558a 100644
|
|
|
bdaebd |
--- a/server/request.c
|
|
|
bdaebd |
+++ b/server/request.c
|
|
|
bdaebd |
@@ -167,6 +167,8 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
|
|
|
bdaebd |
int file_req = (r->main && r->filename);
|
|
|
bdaebd |
int access_status;
|
|
|
bdaebd |
core_dir_config *d;
|
|
|
bdaebd |
+ core_server_config *sconf =
|
|
|
bdaebd |
+ ap_get_core_module_config(r->server->module_config);
|
|
|
bdaebd |
|
|
|
bdaebd |
/* Ignore embedded %2F's in path for proxy requests */
|
|
|
bdaebd |
if (!r->proxyreq && r->parsed_uri.path) {
|
|
|
bdaebd |
@@ -191,6 +193,12 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
|
|
|
bdaebd |
}
|
|
|
bdaebd |
|
|
|
bdaebd |
ap_getparents(r->uri); /* OK --- shrinking transformations... */
|
|
|
bdaebd |
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
|
|
|
bdaebd |
+ ap_no2slash(r->uri);
|
|
|
bdaebd |
+ if (r->parsed_uri.path) {
|
|
|
bdaebd |
+ ap_no2slash(r->parsed_uri.path);
|
|
|
bdaebd |
+ }
|
|
|
bdaebd |
+ }
|
|
|
bdaebd |
|
|
|
bdaebd |
/* All file subrequests are a huge pain... they cannot bubble through the
|
|
|
bdaebd |
* next several steps. Only file subrequests are allowed an empty uri,
|
|
|
bdaebd |
@@ -1411,20 +1419,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
|
|
|
bdaebd |
|
|
|
bdaebd |
cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
|
|
|
bdaebd |
cached = (cache->cached != NULL);
|
|
|
bdaebd |
-
|
|
|
bdaebd |
- /* Location and LocationMatch differ on their behaviour w.r.t. multiple
|
|
|
bdaebd |
- * slashes. Location matches multiple slashes with a single slash,
|
|
|
bdaebd |
- * LocationMatch doesn't. An exception, for backwards brokenness is
|
|
|
bdaebd |
- * absoluteURIs... in which case neither match multiple slashes.
|
|
|
bdaebd |
- */
|
|
|
bdaebd |
- if (r->uri[0] != '/') {
|
|
|
bdaebd |
- entry_uri = r->uri;
|
|
|
bdaebd |
- }
|
|
|
bdaebd |
- else {
|
|
|
bdaebd |
- char *uri = apr_pstrdup(r->pool, r->uri);
|
|
|
bdaebd |
- ap_no2slash(uri);
|
|
|
bdaebd |
- entry_uri = uri;
|
|
|
bdaebd |
- }
|
|
|
bdaebd |
+ entry_uri = r->uri;
|
|
|
bdaebd |
|
|
|
bdaebd |
/* If we have an cache->cached location that matches r->uri,
|
|
|
bdaebd |
* and the vhost's list of locations hasn't changed, we can skip
|
|
|
bdaebd |
@@ -1491,7 +1486,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
|
|
|
bdaebd |
pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
|
|
|
bdaebd |
}
|
|
|
bdaebd |
|
|
|
bdaebd |
- if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
|
|
|
bdaebd |
+ if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
|
|
|
bdaebd |
continue;
|
|
|
bdaebd |
}
|
|
|
bdaebd |
|
|
|
bdaebd |
@@ -1501,7 +1496,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
|
|
|
bdaebd |
apr_table_setn(r->subprocess_env,
|
|
|
bdaebd |
((const char **)entry_core->refs->elts)[i],
|
|
|
bdaebd |
apr_pstrndup(r->pool,
|
|
|
bdaebd |
- r->uri + pmatch[i].rm_so,
|
|
|
bdaebd |
+ entry_uri + pmatch[i].rm_so,
|
|
|
bdaebd |
pmatch[i].rm_eo - pmatch[i].rm_so));
|
|
|
bdaebd |
}
|
|
|
bdaebd |
}
|
|
|
bdaebd |
diff --git a/server/util.c b/server/util.c
|
|
|
bdaebd |
index fd7a0a1..e0c558c 100644
|
|
|
bdaebd |
--- a/server/util.c
|
|
|
bdaebd |
+++ b/server/util.c
|
|
|
bdaebd |
@@ -561,16 +561,20 @@ AP_DECLARE(void) ap_getparents(char *name)
|
|
|
bdaebd |
name[l] = '\0';
|
|
|
bdaebd |
}
|
|
|
bdaebd |
}
|
|
|
bdaebd |
-
|
|
|
bdaebd |
-AP_DECLARE(void) ap_no2slash(char *name)
|
|
|
bdaebd |
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
|
|
|
bdaebd |
{
|
|
|
bdaebd |
+
|
|
|
bdaebd |
char *d, *s;
|
|
|
bdaebd |
|
|
|
bdaebd |
+ if (!*name) {
|
|
|
bdaebd |
+ return;
|
|
|
bdaebd |
+ }
|
|
|
bdaebd |
+
|
|
|
bdaebd |
s = d = name;
|
|
|
bdaebd |
|
|
|
bdaebd |
#ifdef HAVE_UNC_PATHS
|
|
|
bdaebd |
/* Check for UNC names. Leave leading two slashes. */
|
|
|
bdaebd |
- if (s[0] == '/' && s[1] == '/')
|
|
|
bdaebd |
+ if (is_fs_path && s[0] == '/' && s[1] == '/')
|
|
|
bdaebd |
*d++ = *s++;
|
|
|
bdaebd |
#endif
|
|
|
bdaebd |
|
|
|
bdaebd |
@@ -587,6 +591,10 @@ AP_DECLARE(void) ap_no2slash(char *name)
|
|
|
bdaebd |
*d = '\0';
|
|
|
bdaebd |
}
|
|
|
bdaebd |
|
|
|
bdaebd |
+AP_DECLARE(void) ap_no2slash(char *name)
|
|
|
bdaebd |
+{
|
|
|
bdaebd |
+ ap_no2slash_ex(name, 1);
|
|
|
bdaebd |
+}
|
|
|
bdaebd |
|
|
|
bdaebd |
/*
|
|
|
bdaebd |
* copy at most n leading directories of s into d
|
|
|
fa0499 |
diff --git a/server/core.c b/server/core.c
|
|
|
fa0499 |
index b5ab429..a31f1e4 100644
|
|
|
fa0499 |
--- a/server/core.c
|
|
|
fa0499 |
+++ b/server/core.c
|
|
|
fa0499 |
@@ -493,6 +493,7 @@ static void *create_core_server_config(apr_pool_t *a, server_rec *s)
|
|
|
fa0499 |
*/
|
|
|
fa0499 |
|
|
|
fa0499 |
conf->trace_enable = AP_TRACE_UNSET;
|
|
|
fa0499 |
+ conf->merge_slashes = AP_CORE_CONFIG_UNSET;
|
|
|
fa0499 |
|
|
|
fa0499 |
conf->protocols = apr_array_make(a, 5, sizeof(const char *));
|
|
|
fa0499 |
conf->protocols_honor_order = -1;
|
|
|
fa0499 |
@@ -561,7 +562,9 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
|
|
|
fa0499 |
conf->protocols_honor_order = ((virt->protocols_honor_order < 0)?
|
|
|
fa0499 |
base->protocols_honor_order :
|
|
|
fa0499 |
virt->protocols_honor_order);
|
|
|
fa0499 |
-
|
|
|
fa0499 |
+
|
|
|
fa0499 |
+ AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt);
|
|
|
fa0499 |
+
|
|
|
fa0499 |
return conf;
|
|
|
fa0499 |
}
|
|
|
fa0499 |
|
|
|
fa0499 |
@@ -1872,6 +1875,13 @@ static const char *set_qualify_redirect_url(cmd_parms *cmd, void *d_, int flag)
|
|
|
fa0499 |
return NULL;
|
|
|
fa0499 |
}
|
|
|
fa0499 |
|
|
|
fa0499 |
+static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag)
|
|
|
fa0499 |
+{
|
|
|
fa0499 |
+ core_server_config *conf =
|
|
|
fa0499 |
+ ap_get_core_module_config(cmd->server->module_config);
|
|
|
fa0499 |
+ return ap_set_flag_slot(cmd, conf, flag);
|
|
|
fa0499 |
+}
|
|
|
fa0499 |
+
|
|
|
fa0499 |
static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
|
|
|
fa0499 |
{
|
|
|
fa0499 |
core_dir_config *d = d_;
|
|
|
fa0499 |
@@ -4598,6 +4608,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", set_http_protocol_options, NULL, RSRC_CON
|
|
|
fa0499 |
"'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"),
|
|
|
fa0499 |
AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
|
|
|
fa0499 |
"Registers non-standard HTTP methods"),
|
|
|
fa0499 |
+AP_INIT_FLAG("MergeSlashes", set_core_server_flag,
|
|
|
fa0499 |
+ (void *)APR_OFFSETOF(core_server_config, merge_slashes),
|
|
|
fa0499 |
+ RSRC_CONF,
|
|
|
fa0499 |
+ "Controls whether consecutive slashes in the URI path are merged"),
|
|
|
fa0499 |
{ NULL }
|
|
|
fa0499 |
};
|
|
|
fa0499 |
|