Checkout Tools
  • last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1452128 is being indexed.

Remove useless tests.

Turn

if (*x && apr_isspace(*x))

into

if (apr_isspace(*x))

  1. … 7 more files in changeset.
Unbreak default case of RewriteBase not being set after r1410681

Contributed By: Evgeny Barsukov

Reviewed By: covener

  1. … 1 more file in changeset.
fix r1416889 a different way -- the referer should be const too.

const fixes for mod_imagemap, fatal on old xlc due to returning apr_table_get result

from non const function.

Fixed type mismatch.

CVE-2012-3499 and CVE-2012-4558

Be sure to escape potential troubled strings

  1. … 4 more files in changeset.
PR53963: don't merge the rewritebase down w/o an opt-in
  1. … 2 more files in changeset.
Remove warnings

mod_speling.c:400:41: warning: data argument not used by format string [-Wformat-extra-args]

r->uri, nuri, ref);

mod_speling.c:508:53: warning: data argument not used by format string [-Wformat-extra-args]

r->uri, candidates->nelts, ref);

cppcheck: arrayIndexThenCheck - change the order of the tests in order to avoid a

potential out-of-bound access. I think that this module is obsolete, but doing so reduces

the noise in cppcheck output...

ccpcheck: duplicateExpression - 'vary_by_language' is tested twice
FallbackResource : Support for the 'disabled' argument

NetWare build tweaks.

Make more use of internal makefile macros;

axed now obsolete include paths.

Submitted by: normw gknw net.

  1. … 96 more files in changeset.
remove now unecessary assignment

Use apr_pcalloc for rewritemap_entry struct, to avoid uninitialized entries.

PR: 53663

Submitted by: Mikhail T. <mi apache aldan algebra com>

style fix

add a pointer to 'rewriteoptions', without giving away the option name, if someone

happens to have rewrite trace on when mod_rewrite declines a non URL-path.

* modules/mappers/mod_rewrite.c (cmd_rewriteoptions, hook_uri2file):

Add "AllowAnyURI" flag which disables the strict URL-path input

string check introduced to fix CVE-2011-3368/CVE-2011-4317.

* docs/manual: Update docs.

Inspired by: covener

  1. … 2 more files in changeset.
SECURITY: CVE-2012-2687 (cve.mitre.org):

mod_negotiation: Escape filenames in variant list to prevent an

possible XSS for a site where untrusted users can upload files to a

location with MultiViews enabled.

* modules/mappers/mod_negotiation.c (make_variant_list): Escape

filenames in variant list.

Submitted by: Niels Heinen <heinenn google.com>

  1. … 1 more file in changeset.
Replace use of apr_file_write() with apr_file_write_full() to prevent

incomplete writes.

Add comments in some places where error handling/logging is missing.

PR: 53131.

Submitted by: Nicolas Viennot <apache viennot biz>, Stefan Fritsch

  1. … 9 more files in changeset.
mod_rewrite: Fix RewriteCond integer checks to be parsed correctly.

PR: 53023

Submitted by: Axel Reinhold <apache freakout.de>

Reviewed/Updated by: nd

  1. … 1 more file in changeset.
static scope for rewritemap_mutex_type.

PR52845: "DirectoryIndex disabled" should blow away the DirectoryIndex settings

in the current config section, not just override previous config sections.

  1. … 1 more file in changeset.
revert "overloaded" recent additions to mod_rewrite

  1. … 3 more files in changeset.
add an internal sleep map function that expands to an empty string.

  1. … 1 more file in changeset.
treat a rewriterule substitution that expands to "-" as if the rule

had a literal "-".

  1. … 1 more file in changeset.
https also needs QS

Adjust CVE-2011-3368/CVE-2011-4317 fixes to rely solely on

core's translate-name to fail unsupported URIs.

Rewrite and proxy now decline what they don't support rather

than fail the request.

Suggested by: trawick

Implemented by: jorton

Tweaked by: wrowe

  1. … 2 more files in changeset.
Further clarify the naming of the entity that originates the request by

calling that entity a useragent instead of a client.

  1. … 14 more files in changeset.
Add lots of unique tags to error log messages

  1. … 168 more files in changeset.
Fix for additional cases of URL rewriting with ProxyPassMatch or

RewriteRule, where particular request-URIs could result in undesired

backend network exposure in some configurations. (CVE-2011-4317)

Thanks to Prutha Parikh from Qualys for reporting this issue.

* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"

request-URI. Fail for cases where r->uri does not begin with a "/".

* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.

  1. … 1 more file in changeset.