mod_negotiation.c

Checkout Tools
  • last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
core,modules: provide/use ap_parse_strict_length() helper.

It helps simplifying a lot of duplicated code based on apr_strtoff(), while

also rejecting leading plus/minus signs which are dissalowed in Content-Length

and (Content-)Range headers.

  1. … 18 more files in changeset.
LanguagePriority should be case-insensitive in order to match AddLanguage behavior. PR 39730

Test case added in r1850983

  1. … 1 more file in changeset.
* modules/mappers/mod_negotiation.c (set_language_quality): Remove

redundant branch (warning from Coverity).

Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"

comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>

Fix spelling in comments and text files.

No functional change.

PR 59990

  1. … 69 more files in changeset.
Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygen
  1. … 49 more files in changeset.
Use 'ap_array_str_contains' to simplify code.
Follow up to r1715880: revert abusive ap_casecmpstr[n]() usages.

  1. … 7 more files in changeset.
More ap_casecmpstr[n]() usages (follow up to r1715876).

  1. … 26 more files in changeset.
Remove some useless 'return' statements.

Fix style.

  1. … 1 more file in changeset.
mod_negotiation: simplify type-map body tag lookup, and be safe

should it contain a NUL byte.

s/\<\(\w\+\)\>\s\+\<\1\>/\1/g
  1. … 14 more files in changeset.
Silent some cppcheck warnings.
  1. … 3 more files in changeset.
Fix missing spaces in messages
  1. … 3 more files in changeset.
Remove useless tests.

Turn

if (*x && apr_isspace(*x))

into

if (apr_isspace(*x))

  1. … 9 more files in changeset.
ccpcheck: duplicateExpression - 'vary_by_language' is tested twice
SECURITY: CVE-2012-2687 (cve.mitre.org):

mod_negotiation: Escape filenames in variant list to prevent an

possible XSS for a site where untrusted users can upload files to a

location with MultiViews enabled.

* modules/mappers/mod_negotiation.c (make_variant_list): Escape

filenames in variant list.

Submitted by: Niels Heinen <heinenn google.com>

  1. … 1 more file in changeset.
Add lots of unique tags to error log messages

  1. … 172 more files in changeset.
Remove unused variable.

Use ap_pass_brigade_fchk()
  1. … 1 more file in changeset.
mod_negotiation: don't return non-AP_FILTER_ERROR filter return values

to ap_run_handler() when sending a body directly from a type-map.

refactor to pull setting of Accept-Ranges header into http_protocol.c which

had been copied to other handlers.

  1. … 7 more files in changeset.
Fix parsing of Content-Length in type maps

PR: 42203

Submitted by: Nagae Hidetake <nagae eagan jp>

  1. … 1 more file in changeset.
fix some dead assignments found by the clang analyzer

  1. … 11 more files in changeset.
Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take

advantage of per-module loglevels

  1. … 169 more files in changeset.
mod_negotiation: Preserve query string over multiviews negotiation.

PR 33112

Joergen Thomsen

  1. … 1 more file in changeset.
* Escape pathes of filenames in 406 responses to avoid HTML injections and

HTTP response splitting.

PR: 46837

Submitted by: Geoff Keating <geoffk apple.com>

Reviewed by: rpluem

  1. … 1 more file in changeset.
Disabled DefaultType directive and removed ap_default_type()

from core. We now exclude Content-Type from responses for which

a media type has not been configured via mime.types, AddType,

ForceType, or some other mechanism. MMN major bump to NZ time.

PR: 13986

  1. … 13 more files in changeset.
more tab cleanups

Sub-requests are created and used with two purposes; sometimes

simply to 'see' what a request would do; as to fill out an SSI,

validate access or similar - and is then discarded. And sometimes

as the precursor to becoming the actual request; e.g. when mod_dir

checks if an /index.html can be served for a '/'.

In the latter case it is important to preserve the output filters

'for real'; whereas in the first case they have to be reset to

purely the minimal proto filters (if at all). This patch instates

the output filters in 3 cases where sub-requests are/may in fact

be used as the real request later on.

This is a relatively risky change (which should not be back-ported

without further discussion) and may break caches in combination

with internal redirects/vary/negotiation in subtle ways.

See the thread starting at [1] and in particular the general

concerns of rpluem at [2] with respect to sub requests

and (fast_)internal redirects possibly needing a more

thorough overhaul.

1: http://mail-archives.apache.org/mod_mbox/httpd-dev/200802.mbox/ajax/%3c335D1A4B-25E2-4FF1-8CDF-5010A7FBD293@webweaving.org%3e

2: http://mail-archives.apache.org/mod_mbox/httpd-dev/200802.mbox/%3c47ACE1D4.4060702@apache.org%3e

  1. … 2 more files in changeset.