Checkout Tools
  • last updated 4 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Follow up to r1879079, r1879080: change to DONE semantics for pre_trans hooks.

Don't decode r->uri when pre_trans returns DONE instead of OK, which allows to

preserve previous behaviour where decoding was avoided for "ProxyRequests on"

or post_read_request RewriteRule [P] only, but not ProxyPass'ed requests.

This also preserves decoded location walk in most/same cases.

  1. … 2 more files in changeset.
Follow up to r1879076: axe stray copy/paste in pre_translate_name description.

Add pre_translate_name hook running before URI-path decoding.

This allows any module to work with un-decoded URI-path (besides

unreserved characters) in r->uri, and eventually to avoid decoding by

returning OK.

The first candidate is mod_proxy (following commit) when

ProxyMappingDecoded is disabled, such that the forwarded URI is

equivalent to the original one.

  1. … 2 more files in changeset.
Axe an empty line in a dox comment in order to synch with 2.4.x

[skip ci]

util_filter: axe misleading AP_BUCKET_IS_MORPHING() macro and fix comments.

Morphing buckets are not only those with ->length == -1, so the macro is

misleading. Modify comments to talk about opaque buckets when length == -1

and about morphing buckets (once) for opaque and FILE buckets.

  1. … 1 more file in changeset.
core: add r->flushed flag and set it when the response is sent.

By setting EOR->r->flushed in the core output filter, allow one to determine at

log_transaction hook time whether the request has been fully flushed through

the network, or not (network issue, filter error, n-th pipelined resposne...).

Introduce the ap_bucket_eor_request() helper to get the request bound to an EOR

bucket, and uses it in ap_core_output_filter() to mark the EOR's request just

before destroying it, after all the previous buckets have been sent.

While at it, rename the request_rec* member of struct ap_bucket_eor from "data"

to "r", which makes the code clearer (not to be confused with b->data).

Finally, add CustomLog format %F, showing "F" or "-" depending on r->flushed,

for admins to figure out for each request.

  1. … 6 more files in changeset.
core: handle morphing buckets setaside/reinstate and kill request core filter.

The purpose of ap_request_core_filter() is not clear, it seems to prevent

potential morphing buckets to go through AP_FTYPE_CONNECTION filters which

would fail to set them aside (ENOTIMPL), and read them (unbounded) in memory.

This patch allows ap_filter_setaside_brigade() to set morphing buckets aside

by simply moving them, assuming they have the correct lifetime (either until

some further EOR, or the connection lifetime, or whatever). IOW, the module is

responsible for sending morphing buckets whose lifetime needs not be changed

by the connection filters.

Now since morphing buckets consume no memory until (apr_bucket_)read, like FILE

buckets, we don't account for them in flush_max_threshold either. This changes

ap_filter_reinstate_brigade() to only account for in-memory and EOR buckets to


Also, since the EOR bucket is sent only to c->output_filters once the request

is processed, when all the filters < AP_FTYPE_CONNECTION have done their job

and stopped retaining data (after the EOS bucket, if ever), we prevent misuse

of ap_filter_{setaside,reinstate}_brigade() outside connection filters by

returning ENOTIMPL. This is not the right API for request filters as of now.

Finally, ap_request_core_filter() and co can be removed.

  1. … 6 more files in changeset.
Parentheses around AP_BUCKET_IS_EOR argument.

Fix spelling errors found by codespell. [skip ci]

  1. … 100 more files in changeset.
[mod_proxy_]http: follow up to r1750392.

Export [ap_]check_pipeline() and use it also for ap_proxy_check_connection(),

so that all the necessary checks on the connection are done before reusing it.

  1. … 7 more files in changeset.
Revert r1756064 and r1756060 until fixed (tests framework passes).
  1. … 7 more files in changeset.
[mod_proxy_]http: follow up to r1750392.

Export [ap_]check_pipeline() and use it also for ap_proxy_check_connection().

[Reverted by r1756065]

  1. … 7 more files in changeset.
Fix spelling in comments and text files.

No functional change.

PR 59990

  1. … 69 more files in changeset.
core: Extend support for asynchronous write completion from the

network filter to any connection or request filter.

  1. … 15 more files in changeset.
ap_process_request needs exportation for use in mod_h2 on Windows

  1. … 1 more file in changeset.
SECURITY: CVE-2015-3185 (

Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)

with new ap_some_authn_required and ap_force_authn hook.

Submitted by: breser

  1. … 2 more files in changeset.
Mention how "satisfy any" affects AAA hooks run after access_checker

(access_checker_ex, check_user_id, auth_checker)

access_checker_ex runs immediately after access_checker,

which both must run well before auth_checker. No other contrast is possible so

assuming this doc is just a typo.

access_checker vs. access_checker_ex is discussed here:

Subject: svn commit: r964156 - in /httpd/httpd/trunk: docs/manual/developer/ include/ modules/aaa/ server/

document params

add dirwalk_stat hook, for use by mpm-itk
  1. … 4 more files in changeset.
core: Add post_perdir_config hook.

Submitted by: Steinar Gunderson <sgunderson>

trawick added/fixed include/ pieces

  1. … 3 more files in changeset.
Rename ap_func_attr_* macros to AP_FN_ATTR_*

Add macro for attribute alloc_size on newer gcc's

  1. … 6 more files in changeset.
More cleanup: Expand tabs and some more indentation fixes

No functional change

  1. … 50 more files in changeset.
Cleanup effort in prep for GA push:

Trim trailing whitespace... no func change

  1. … 63 more files in changeset.
Avoid "`sentinel' attribute directive ignored" warning with gcc 3.x

  1. … 5 more files in changeset.
Add __attribute__((sentinel)) to a few functions that require a terminal NULL


  1. … 3 more files in changeset.
Cleanup... most don't need apr_hooks.h at all...
  1. … 15 more files in changeset.
Merge the <If> sections in a separate step ap_if_walk, after ap_location_walk.

This makes <If> apply to all requests, not only to file base requests and

it allows to use <If> inside <Directory>, <Location>, and <Files> sections.

The merging of <If> sections always happens after the merging of <Location>

sections, even if the <If> section is embedded inside a <Directory> or

<Files> section.

  1. … 5 more files in changeset.
The approach for allowing authorization by user or IP introduced in r956387,

etc. causes problems because the authentication module calls

note_*_auth_failure if authentication fails. This is inappropriate if access is

later allowed because of the IP.

So, instead of calling the auth_checker hook even if authentication failed, we

introduce a new access_checker_ex hook that runs between the access_checker and

the check_user_id hooks. If an access_checker_ex functions returns OK, the

request will be allowed without authentication.

To make use of this, change mod_authz_core to walk the require blocks in the

access_checker_ex phase and deny/allow the request if the authz result does not

depend on an authenticated user. To distinguish a real AUTHZ_DENIED from an

authz provider from an authz provider needing an authenticated user, the latter

must return the new AUTHZ_DENIED_NO_USER code.

  1. … 12 more files in changeset.
Add ap_process_request_after_handler to the exported list for mod_serf
  1. … 2 more files in changeset.