dgaudet 98/07/20 09:33:58
Modified: src CHANGES src/modules/standard mod_include.c Log: use sub_req_lookup_file for fsize and flastmod. PR: 2355 Submitted by: Manoj Kasichainula <[EMAIL PROTECTED]> Reviewed by: Brian, Dean Revision Changes Path 1.971 +9 -0 apache-1.3/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.970 retrieving revision 1.971 diff -u -r1.970 -r1.971 --- CHANGES 1998/07/18 22:50:15 1.970 +++ CHANGES 1998/07/20 16:33:56 1.971 @@ -1,3 +1,12 @@ +Changes with Apache 1.3.2 + + *) mod_include had problems with the fsize and flastmod directives + under WIN32. Fix also avoids the minor security hole of using + ".." paths for fsize and flastmod. + [Manoj Kasichainula <[EMAIL PROTECTED]>] PR#2355 + + *) Fixed some Makefile dependency problems. [Dean Gaudet] + Changes with Apache 1.3.1 *) Disable the incorrect entry for application/msword in the 1.99 +24 -7 apache-1.3/src/modules/standard/mod_include.c Index: mod_include.c =================================================================== RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_include.c,v retrieving revision 1.98 retrieving revision 1.99 diff -u -r1.98 -r1.99 --- mod_include.c 1998/07/08 17:47:16 1.98 +++ mod_include.c 1998/07/20 16:33:57 1.99 @@ -1004,22 +1004,39 @@ char *tag_val, struct stat *finfo, const char *error) { char *to_send; + request_rec *rr; + int ret=0; if (!strcmp(tag, "file")) { ap_getparents(tag_val); /* get rid of any nasties */ - to_send = ap_make_full_path(r->pool, "./", tag_val); - if (stat(to_send, finfo) == -1) { + + rr = ap_sub_req_lookup_file(tag_val, r); + + if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) { + to_send = rr->filename; + if ((ret = stat(to_send, finfo)) == -1) { + ap_log_error(APLOG_MARK, APLOG_ERR, r->server, + "unable to get information about \"%s\" " + "in parsed file %s", + to_send, r->filename); + ap_rputs(error, r); + } + } + else { + ret = -1; ap_log_error(APLOG_MARK, APLOG_ERR, r->server, - "unable to get information about \"%s\" " + "unable to lookup information about \"%s\" " "in parsed file %s", - to_send, r->filename); + tag_val, r->filename); ap_rputs(error, r); - return -1; } - return 0; + + ap_destroy_sub_req(rr); + + return ret; } else if (!strcmp(tag, "virtual")) { - request_rec *rr = ap_sub_req_lookup_uri(tag_val, r); + rr = ap_sub_req_lookup_uri(tag_val, r); if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) { memcpy((char *) finfo, (const char *) &rr->finfo,