|
|
1ee018 |
diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
|
|
|
1ee018 |
index 86d9bee..e08034b 100644
|
|
|
1ee018 |
--- a/docs/manual/mod/core.html.en
|
|
|
1ee018 |
+++ b/docs/manual/mod/core.html.en
|
|
|
1ee018 |
@@ -90,6 +90,7 @@ available
|
|
|
1ee018 |
MaxRangeOverlaps
|
|
|
1ee018 |
MaxRangeReversals
|
|
|
1ee018 |
MaxRanges
|
|
|
1ee018 |
+ MergeSlashes
|
|
|
1ee018 |
Mutex
|
|
|
1ee018 |
NameVirtualHost
|
|
|
1ee018 |
Options
|
|
|
1ee018 |
@@ -3170,6 +3171,30 @@ resource
|
|
|
1ee018 |
|
|
|
1ee018 |
|
|
|
1ee018 |
|
|
|
1ee018 |
+
|
|
|
1ee018 |
+
|
|
|
1ee018 |
+Description:Controls whether the server merges consecutive slashes in URLs.
|
|
|
1ee018 |
+Syntax:MergeSlashes ON | OFF
|
|
|
1ee018 |
+Default:MergeSlashes ON
|
|
|
1ee018 |
+Context:server config, virtual host
|
|
|
1ee018 |
+Status:Core
|
|
|
1ee018 |
+Module:core
|
|
|
1ee018 |
+Compatibility:Available in Apache HTTP Server 2.4.6 in Red Hat Enterprise Linux 7
|
|
|
1ee018 |
+
|
|
|
1ee018 |
+ By default, the server merges (or collapses) multiple consecutive slash
|
|
|
1ee018 |
+ ('/') characters in the path component of the request URL.
|
|
|
1ee018 |
+
|
|
|
1ee018 |
+ When mapping URL's to the filesystem, these multiple slashes are not
|
|
|
1ee018 |
+ significant. However, URL's handled other ways, such as by CGI or proxy,
|
|
|
1ee018 |
+ might prefer to retain the significance of multiple consecutive slashes.
|
|
|
1ee018 |
+ In these cases MergeSlashes can be set to
|
|
|
1ee018 |
+ OFF to retain the multiple consecutive slashes. In these
|
|
|
1ee018 |
+ configurations, regular expressions used in the configuration file that match
|
|
|
1ee018 |
+ the path component of the URL (LocationMatch ,
|
|
|
1ee018 |
+ RewriteRule , ...) need to take into account multiple
|
|
|
1ee018 |
+ consecutive slashes.
|
|
|
1ee018 |
+
|
|
|
1ee018 |
+
|
|
|
1ee018 |
|
|
|
1ee018 |
|
|
|
1ee018 |
Description:Configures mutex mechanism and lock file directory for all
|
|
|
1ee018 |
diff --git a/include/http_core.h b/include/http_core.h
|
|
|
1ee018 |
index c05d06e..76bf5a4 100644
|
|
|
1ee018 |
--- a/include/http_core.h
|
|
|
1ee018 |
+++ b/include/http_core.h
|
|
|
1ee018 |
@@ -465,6 +465,17 @@ typedef unsigned long etag_components_t;
|
|
|
1ee018 |
/* This is the default value used */
|
|
|
1ee018 |
#define ETAG_BACKWARD (ETAG_MTIME | ETAG_SIZE)
|
|
|
1ee018 |
|
|
|
1ee018 |
+/* Generic ON/OFF/UNSET for unsigned int foo :2 */
|
|
|
1ee018 |
+#define AP_CORE_CONFIG_OFF (0)
|
|
|
1ee018 |
+#define AP_CORE_CONFIG_ON (1)
|
|
|
1ee018 |
+#define AP_CORE_CONFIG_UNSET (2)
|
|
|
1ee018 |
+
|
|
|
1ee018 |
+/* Generic merge of flag */
|
|
|
1ee018 |
+#define AP_CORE_MERGE_FLAG(field, to, base, over) to->field = \
|
|
|
1ee018 |
+ over->field != AP_CORE_CONFIG_UNSET \
|
|
|
1ee018 |
+ ? over->field \
|
|
|
1ee018 |
+ : base->field
|
|
|
1ee018 |
+
|
|
|
1ee018 |
/**
|
|
|
1ee018 |
* @brief Server Signature Enumeration
|
|
|
1ee018 |
*/
|
|
|
1ee018 |
@@ -682,7 +693,7 @@ typedef struct {
|
|
|
1ee018 |
#define AP_HTTP_METHODS_LENIENT 1
|
|
|
1ee018 |
#define AP_HTTP_METHODS_REGISTERED 2
|
|
|
1ee018 |
char http_methods;
|
|
|
1ee018 |
-
|
|
|
1ee018 |
+ unsigned int merge_slashes;
|
|
|
1ee018 |
} core_server_config;
|
|
|
1ee018 |
|
|
|
1ee018 |
/* for AddOutputFiltersByType in core.c */
|
|
|
1ee018 |
diff --git a/include/httpd.h b/include/httpd.h
|
|
|
1ee018 |
index 176ef5e..a552358 100644
|
|
|
1ee018 |
--- a/include/httpd.h
|
|
|
1ee018 |
+++ b/include/httpd.h
|
|
|
1ee018 |
@@ -1622,11 +1622,21 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes);
|
|
|
1ee018 |
AP_DECLARE(int) ap_unescape_urlencoded(char *query);
|
|
|
1ee018 |
|
|
|
1ee018 |
/**
|
|
|
1ee018 |
- * Convert all double slashes to single slashes
|
|
|
1ee018 |
- * @param name The string to convert
|
|
|
1ee018 |
+ * Convert all double slashes to single slashes, except where significant
|
|
|
1ee018 |
+ * to the filesystem on the current platform.
|
|
|
1ee018 |
+ * @param name The string to convert, assumed to be a filesystem path
|
|
|
1ee018 |
*/
|
|
|
1ee018 |
AP_DECLARE(void) ap_no2slash(char *name);
|
|
|
1ee018 |
|
|
|
1ee018 |
+/**
|
|
|
1ee018 |
+ * Convert all double slashes to single slashes, except where significant
|
|
|
1ee018 |
+ * to the filesystem on the current platform.
|
|
|
1ee018 |
+ * @param name The string to convert
|
|
|
1ee018 |
+ * @param is_fs_path if set to 0, the significance of any double-slashes is
|
|
|
1ee018 |
+ * ignored.
|
|
|
1ee018 |
+ */
|
|
|
1ee018 |
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path);
|
|
|
1ee018 |
+
|
|
|
1ee018 |
/**
|
|
|
1ee018 |
* Remove all ./ and xx/../ substrings from a file name. Also remove
|
|
|
1ee018 |
* any leading ../ or /../ substrings.
|
|
|
1ee018 |
diff --git a/server/core.c b/server/core.c
|
|
|
1ee018 |
index 0e69f8c..67efd7e 100644
|
|
|
1ee018 |
--- a/server/core.c
|
|
|
1ee018 |
+++ b/server/core.c
|
|
|
1ee018 |
@@ -476,6 +476,7 @@ static void *create_core_server_config(apr_pool_t *a, server_rec *s)
|
|
|
1ee018 |
*/
|
|
|
1ee018 |
|
|
|
1ee018 |
conf->trace_enable = AP_TRACE_UNSET;
|
|
|
1ee018 |
+ conf->merge_slashes = AP_CORE_CONFIG_UNSET;
|
|
|
1ee018 |
|
|
|
1ee018 |
return (void *)conf;
|
|
|
1ee018 |
}
|
|
|
1ee018 |
@@ -536,6 +537,8 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
|
|
|
1ee018 |
? virt->merge_trailers
|
|
|
1ee018 |
: base->merge_trailers;
|
|
|
1ee018 |
|
|
|
1ee018 |
+ AP_CORE_MERGE_FLAG(merge_slashes, conf, base, virt);
|
|
|
1ee018 |
+
|
|
|
1ee018 |
return conf;
|
|
|
1ee018 |
}
|
|
|
1ee018 |
|
|
|
1ee018 |
@@ -1673,6 +1676,13 @@ static const char *set_override(cmd_parms *cmd, void *d_, const char *l)
|
|
|
1ee018 |
return NULL;
|
|
|
1ee018 |
}
|
|
|
1ee018 |
|
|
|
1ee018 |
+static const char *set_core_server_flag(cmd_parms *cmd, void *s_, int flag)
|
|
|
1ee018 |
+{
|
|
|
1ee018 |
+ core_server_config *conf =
|
|
|
1ee018 |
+ ap_get_core_module_config(cmd->server->module_config);
|
|
|
1ee018 |
+ return ap_set_flag_slot(cmd, conf, flag);
|
|
|
1ee018 |
+}
|
|
|
1ee018 |
+
|
|
|
1ee018 |
static const char *set_override_list(cmd_parms *cmd, void *d_, int argc, char *const argv[])
|
|
|
1ee018 |
{
|
|
|
1ee018 |
core_dir_config *d = d_;
|
|
|
1ee018 |
@@ -4216,6 +4226,10 @@ AP_INIT_ITERATE("HttpProtocolOptions", set_http_protocol_options, NULL, RSRC_CON
|
|
|
1ee018 |
,
|
|
|
1ee018 |
AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
|
|
|
1ee018 |
"Registers non-standard HTTP methods"),
|
|
|
1ee018 |
+AP_INIT_FLAG("MergeSlashes", set_core_server_flag,
|
|
|
1ee018 |
+ (void *)APR_OFFSETOF(core_server_config, merge_slashes),
|
|
|
1ee018 |
+ RSRC_CONF,
|
|
|
1ee018 |
+ "Controls whether consecutive slashes in the URI path are merged"),
|
|
|
1ee018 |
{ NULL }
|
|
|
1ee018 |
};
|
|
|
1ee018 |
|
|
|
1ee018 |
diff --git a/server/request.c b/server/request.c
|
|
|
1ee018 |
index 4eef097..cba3891 100644
|
|
|
1ee018 |
--- a/server/request.c
|
|
|
1ee018 |
+++ b/server/request.c
|
|
|
1ee018 |
@@ -167,6 +167,8 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
|
|
|
1ee018 |
int file_req = (r->main && r->filename);
|
|
|
1ee018 |
int access_status;
|
|
|
1ee018 |
core_dir_config *d;
|
|
|
1ee018 |
+ core_server_config *sconf =
|
|
|
1ee018 |
+ ap_get_core_module_config(r->server->module_config);
|
|
|
1ee018 |
|
|
|
1ee018 |
/* Ignore embedded %2F's in path for proxy requests */
|
|
|
1ee018 |
if (!r->proxyreq && r->parsed_uri.path) {
|
|
|
1ee018 |
@@ -191,6 +193,12 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r)
|
|
|
1ee018 |
}
|
|
|
1ee018 |
|
|
|
1ee018 |
ap_getparents(r->uri); /* OK --- shrinking transformations... */
|
|
|
1ee018 |
+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
|
|
|
1ee018 |
+ ap_no2slash(r->uri);
|
|
|
1ee018 |
+ if (r->parsed_uri.path) {
|
|
|
1ee018 |
+ ap_no2slash(r->parsed_uri.path);
|
|
|
1ee018 |
+ }
|
|
|
1ee018 |
+ }
|
|
|
1ee018 |
|
|
|
1ee018 |
/* All file subrequests are a huge pain... they cannot bubble through the
|
|
|
1ee018 |
* next several steps. Only file subrequests are allowed an empty uri,
|
|
|
1ee018 |
@@ -1383,20 +1391,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
|
|
|
1ee018 |
|
|
|
1ee018 |
cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
|
|
|
1ee018 |
cached = (cache->cached != NULL);
|
|
|
1ee018 |
-
|
|
|
1ee018 |
- /* Location and LocationMatch differ on their behaviour w.r.t. multiple
|
|
|
1ee018 |
- * slashes. Location matches multiple slashes with a single slash,
|
|
|
1ee018 |
- * LocationMatch doesn't. An exception, for backwards brokenness is
|
|
|
1ee018 |
- * absoluteURIs... in which case neither match multiple slashes.
|
|
|
1ee018 |
- */
|
|
|
1ee018 |
- if (r->uri[0] != '/') {
|
|
|
1ee018 |
- entry_uri = r->uri;
|
|
|
1ee018 |
- }
|
|
|
1ee018 |
- else {
|
|
|
1ee018 |
- char *uri = apr_pstrdup(r->pool, r->uri);
|
|
|
1ee018 |
- ap_no2slash(uri);
|
|
|
1ee018 |
- entry_uri = uri;
|
|
|
1ee018 |
- }
|
|
|
1ee018 |
+ entry_uri = r->uri;
|
|
|
1ee018 |
|
|
|
1ee018 |
/* If we have an cache->cached location that matches r->uri,
|
|
|
1ee018 |
* and the vhost's list of locations hasn't changed, we can skip
|
|
|
1ee018 |
@@ -1449,7 +1444,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
|
|
|
1ee018 |
* terminated (or at the end of the string) to match.
|
|
|
1ee018 |
*/
|
|
|
1ee018 |
if (entry_core->r
|
|
|
1ee018 |
- ? ap_regexec(entry_core->r, r->uri, 0, NULL, 0)
|
|
|
1ee018 |
+ ? ap_regexec(entry_core->r, entry_uri, 0, NULL, 0)
|
|
|
1ee018 |
: (entry_core->d_is_fnmatch
|
|
|
1ee018 |
? apr_fnmatch(entry_core->d, cache->cached, APR_FNM_PATHNAME)
|
|
|
1ee018 |
: (strncmp(entry_core->d, cache->cached, len)
|
|
|
1ee018 |
diff --git a/server/util.c b/server/util.c
|
|
|
1ee018 |
index f9e3b51..4eac462 100644
|
|
|
1ee018 |
--- a/server/util.c
|
|
|
1ee018 |
+++ b/server/util.c
|
|
|
1ee018 |
@@ -561,16 +561,20 @@ AP_DECLARE(void) ap_getparents(char *name)
|
|
|
1ee018 |
name[l] = '\0';
|
|
|
1ee018 |
}
|
|
|
1ee018 |
}
|
|
|
1ee018 |
-
|
|
|
1ee018 |
-AP_DECLARE(void) ap_no2slash(char *name)
|
|
|
1ee018 |
+AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path)
|
|
|
1ee018 |
{
|
|
|
1ee018 |
+
|
|
|
1ee018 |
char *d, *s;
|
|
|
1ee018 |
|
|
|
1ee018 |
+ if (!*name) {
|
|
|
1ee018 |
+ return;
|
|
|
1ee018 |
+ }
|
|
|
1ee018 |
+
|
|
|
1ee018 |
s = d = name;
|
|
|
1ee018 |
|
|
|
1ee018 |
#ifdef HAVE_UNC_PATHS
|
|
|
1ee018 |
/* Check for UNC names. Leave leading two slashes. */
|
|
|
1ee018 |
- if (s[0] == '/' && s[1] == '/')
|
|
|
1ee018 |
+ if (is_fs_path && s[0] == '/' && s[1] == '/')
|
|
|
1ee018 |
*d++ = *s++;
|
|
|
1ee018 |
#endif
|
|
|
1ee018 |
|
|
|
1ee018 |
@@ -587,6 +591,10 @@ AP_DECLARE(void) ap_no2slash(char *name)
|
|
|
1ee018 |
*d = '\0';
|
|
|
1ee018 |
}
|
|
|
1ee018 |
|
|
|
1ee018 |
+AP_DECLARE(void) ap_no2slash(char *name)
|
|
|
1ee018 |
+{
|
|
|
1ee018 |
+ ap_no2slash_ex(name, 1);
|
|
|
1ee018 |
+}
|
|
|
1ee018 |
|
|
|
1ee018 |
/*
|
|
|
1ee018 |
* copy at most n leading directories of s into d
|