dgaudet 98/07/20 09:33:58
Modified: src CHANGES
src/modules/standard mod_include.c
Log:
use sub_req_lookup_file for fsize and flastmod.
PR: 2355
Submitted by: Manoj Kasichainula <[EMAIL PROTECTED]>
Reviewed by: Brian, Dean
Revision Changes Path
1.971 +9 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.970
retrieving revision 1.971
diff -u -r1.970 -r1.971
--- CHANGES 1998/07/18 22:50:15 1.970
+++ CHANGES 1998/07/20 16:33:56 1.971
@@ -1,3 +1,12 @@
+Changes with Apache 1.3.2
+
+ *) mod_include had problems with the fsize and flastmod directives
+ under WIN32. Fix also avoids the minor security hole of using
+ ".." paths for fsize and flastmod.
+ [Manoj Kasichainula <[EMAIL PROTECTED]>] PR#2355
+
+ *) Fixed some Makefile dependency problems. [Dean Gaudet]
+
Changes with Apache 1.3.1
*) Disable the incorrect entry for application/msword in the
1.99 +24 -7 apache-1.3/src/modules/standard/mod_include.c
Index: mod_include.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_include.c,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- mod_include.c 1998/07/08 17:47:16 1.98
+++ mod_include.c 1998/07/20 16:33:57 1.99
@@ -1004,22 +1004,39 @@
char *tag_val, struct stat *finfo, const char *error)
{
char *to_send;
+ request_rec *rr;
+ int ret=0;
if (!strcmp(tag, "file")) {
ap_getparents(tag_val); /* get rid of any nasties */
- to_send = ap_make_full_path(r->pool, "./", tag_val);
- if (stat(to_send, finfo) == -1) {
+
+ rr = ap_sub_req_lookup_file(tag_val, r);
+
+ if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
+ to_send = rr->filename;
+ if ((ret = stat(to_send, finfo)) == -1) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
+ "unable to get information about \"%s\" "
+ "in parsed file %s",
+ to_send, r->filename);
+ ap_rputs(error, r);
+ }
+ }
+ else {
+ ret = -1;
ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
- "unable to get information about \"%s\" "
+ "unable to lookup information about \"%s\" "
"in parsed file %s",
- to_send, r->filename);
+ tag_val, r->filename);
ap_rputs(error, r);
- return -1;
}
- return 0;
+
+ ap_destroy_sub_req(rr);
+
+ return ret;
}
else if (!strcmp(tag, "virtual")) {
- request_rec *rr = ap_sub_req_lookup_uri(tag_val, r);
+ rr = ap_sub_req_lookup_uri(tag_val, r);
if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
memcpy((char *) finfo, (const char *) &rr->finfo,
