Doesn't this preclude useful things like "All -Indexes" ?
On Tue, Dec 28, 2010 at 10:56 AM, <[email protected]> wrote: > Author: igalic > Date: Tue Dec 28 15:56:46 2010 > New Revision: 1053375 > > URL: http://svn.apache.org/viewvc?rev=1053375&view=rev > Log: > Applying patch from PR 33078 (with slight changes to its return values) > This patch disallows the mixing of relative (+/-) and absolute Options where > insensible. > > Modified: > httpd/httpd/trunk/CHANGES > httpd/httpd/trunk/docs/manual/mod/core.xml > httpd/httpd/trunk/server/core.c > > Modified: httpd/httpd/trunk/CHANGES > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1053375&r1=1053374&r2=1053375&view=diff > ============================================================================== > --- httpd/httpd/trunk/CHANGES [utf-8] (original) > +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 28 15:56:46 2010 > @@ -2,6 +2,9 @@ > > Changes with Apache 2.3.11 > > + *) core: Disallow the mixing of relative and absolute Options PR 33708. > + [Sönke Tesch <st kino-fahrplan.de>] > + > *) core: When exporting request headers to HTTP_* environment variables, > drop variables whose names contain invalid characters. Describe in the > docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>] > > Modified: httpd/httpd/trunk/docs/manual/mod/core.xml > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1053375&r1=1053374&r2=1053375&view=diff > ============================================================================== > --- httpd/httpd/trunk/docs/manual/mod/core.xml (original) > +++ httpd/httpd/trunk/docs/manual/mod/core.xml Tue Dec 28 15:56:46 2010 > @@ -3016,10 +3016,10 @@ directory</description> > <code>-</code> are removed from the options currently in > force. </p> > > - <note type="warning"><title>Warning</title> > + <note><title>Note</title> > <p>Mixing <directive>Options</directive> with a <code>+</code> or > - <code>-</code> with those without is not valid syntax, and is likely > - to cause unexpected results.</p> > + <code>-</code> with those without is not valid syntax, and will be > + rejected during server startup by the syntax check with an abort.</p> > </note> > > <p>For example, without any <code>+</code> and <code>-</code> symbols:</p> > > Modified: httpd/httpd/trunk/server/core.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1053375&r1=1053374&r2=1053375&view=diff > ============================================================================== > --- httpd/httpd/trunk/server/core.c (original) > +++ httpd/httpd/trunk/server/core.c Tue Dec 28 15:56:46 2010 > @@ -1409,6 +1409,8 @@ static const char *set_options(cmd_parms > core_dir_config *d = d_; > allow_options_t opt; > int first = 1; > + int merge = 0; > + int all_none = 0; > char action; > > while (l[0]) { > @@ -1417,10 +1419,16 @@ static const char *set_options(cmd_parms > > if (*w == '+' || *w == '-') { > action = *(w++); > + if (!merge && !first && !all_none) { > + return "Either all Options must start with + or -, or no > Option may."; > + } > + merge = 1; > } > else if (first) { > d->opts = OPT_NONE; > - first = 0; > + } > + else if (merge) { > + return "Either all Options must start with + or -, or no Option > may."; > } > > if (!strcasecmp(w, "Indexes")) { > @@ -1448,10 +1456,24 @@ static const char *set_options(cmd_parms > opt = OPT_MULTI|OPT_EXECCGI; > } > else if (!strcasecmp(w, "None")) { > + if (!first) { > + return "'Options None' must be the first Option given."; > + } > + else if (merge) { /* Only works since None may not follow any > other option. */ > + return "You may not use 'Options +None' or 'Options -None'."; > + } > opt = OPT_NONE; > + all_none = 1; > } > else if (!strcasecmp(w, "All")) { > + if (!first) { > + return "'Options All' must be the first option given."; > + } > + else if (merge) { /* Only works since All may not follow any > other option. */ > + return "You may not use 'Options +All' or 'Options -All'."; > + } > opt = OPT_ALL; > + all_none = 1; > } > else { > return apr_pstrcat(cmd->pool, "Illegal option ", w, NULL); > @@ -1474,6 +1496,8 @@ static const char *set_options(cmd_parms > else { > d->opts |= opt; > } > + > + first = 0; > } > > return NULL; > > > -- Eric Covener [email protected]
