util_script.c

Checkout Tools
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1748379 is being indexed.

Drop an invalid Last-Modified header value returned by a FCGI/CGI

script instead tranforming it to Unix Epoch.

This bug was mentioned in the users@ mailing list and outlined in

the following centos bug: https://bugs.centos.org/view.php?id=10940

To reproduce the issue it is sufficient to connect mod-fastcgi

to a PHP script that returns a HTTP response with

the header "Last-Modified: foo". The header will be modified by

script_util.c to "Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT".

Dropping an invalid header in this case seems to be the most

consistent and correct option in my opinion, plus it shouldn't

break existing configurations. Returning Unix Epoch might be

dangerous and should be avoided, but please let me know your opinions.

Moreover this is my first commit outside the documentation court,

I hope to have got the procedure right.

This fix has been tested also with the 2.4.x branch.

  1. … 1 more file in changeset.
Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygen
  1. … 49 more files in changeset.
Add CGIVar directive for configuring REQUEST_URI behavior

The goal is to use this one directive to handle any configurable

CGI variable behavior; only one CGI variable is supported initially.

  1. … 4 more files in changeset.
hostname: Test and log useragent_host per-request across various modules,

including the scoreboard, expression and rewrite engines, setenvif,

authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables.

PR55348 [William Rowe]

This is the complete change set which applies cleanly to 2.4.x as well,

the server/scoreboard.c will follow, which does not apply due to drift.

  1. … 9 more files in changeset.
Added many log numbers to log statements that

had none.

Those were not detected by the coccinelle script.

  1. … 34 more files in changeset.
Use new ap_casecmpstr[n]() functions where appropriate (not exhaustive).

  1. … 32 more files in changeset.
Revert r1715789: will re-commit without spurious functional changes.

  1. … 32 more files in changeset.
Use new ap_casecmpstr[n]() functions where appropriate (not exhaustive).

[Reverted by r1715869]

  1. … 32 more files in changeset.
followup to r1710380 -- refactored name and didn't have 'make depend'

Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in.

  1. … 3 more files in changeset.
core/util_script: relax alphanumeric filter of enviroment variable names

on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.

unadulterated in 64 bit versions of Windows. PR 46751.

  1. … 1 more file in changeset.
Make REDIRECT_URL a complete URL (where set).

PR 57785

  1. … 1 more file in changeset.
core: Add CGIPassAuth directive to control whether HTTP authorization

headers are passed to scripts as CGI variables.

PR: 56855

  1. … 5 more files in changeset.
Turn some APR_BUCKET_REMOVE(e)+apr_bucket_destroy(e) into the equivalent apr_bucket_delete(e) to reduce code verbosity

  1. … 4 more files in changeset.
Add missing APLOGNO.

Refactor some lines to keep APLOGNO on the same line as ap_log_error, when applicable.

Split lines longer than 80.

Improve alignment.

  1. … 14 more files in changeset.
Remove useless tests.

Turn

if (*x && apr_isspace(*x))

into

if (apr_isspace(*x))

  1. … 9 more files in changeset.
Avoid some memory allocation on error path in 'http2env' if TRACE1 logging is not activated.

Avoid a function call to 'apr_filepath_name_get' which ends up to a strrchr call, if TRACE1 logging is not activated.

remove an unnecessary check in a nest loop of ap_create_environment()

Apply the same length limit when logging Status header values

as used when logging invalid header lines.

Application of a limit on logged header data suggested by Jeff Trawick.

Log the value of Status header lines in script responses rather than

than just the fixed header name of "Status".

  1. … 1 more file in changeset.
Fix error handling in ap_scan_script_header_err_brigade() if there

is no EOS bucket in the brigade:

Also don't loop if there is a timeout when discarding the script output.

Thanks to Edgar Frank for the analysis.

PR: 48272 (partial fix)

  1. … 1 more file in changeset.
Make sure the getsfunc_*() functions used by ap_scan_script_header_err*()

NUL-terminate the resulting string, even in case of an error. mod_cgi

and mod_cgid try to log incomplete output from CGI scripts.

Handle cases, esp when using mod_proxy_fcgi, when we do not

want SCRIPT_FILENAME to include the query string.

  1. … 4 more files in changeset.
Further clarify the naming of the entity that directly connects to us by

calling that entity a client instead of a peer.

  1. … 15 more files in changeset.
Further clarify the naming of the entity that originates the request by

calling that entity a useragent instead of a client.

  1. … 4 more files in changeset.
Introduce a per connection "peer_ip" and a per request "client_ip" to

distinguish between the raw IP address of the connection and the effective

IP address of the request.

  1. … 23 more files in changeset.
Cleanup effort in prep for GA push:

Trim trailing whitespace... no func change

  1. … 118 more files in changeset.
Make the SERVER_NAME variable include [ ] for literal IPv6 addresses, as

mandated by RFC 3875

PR: 26005

  1. … 5 more files in changeset.
Add more (trace) logging to the ap_scan_script_header*() functions

Add ap_scan_script_header*_ex() functions that take a module index for

logging.

Make mod_cgi, mod_cgid, mod_proxy_fcgi, mod_proxy_scgi, mod_isapi use the

new functions.

  1. … 9 more files in changeset.
improve readability of 'malformed header from script' message and simplify code