----- "Eric Covener" <[email protected]> wrote: > Doesn't this preclude useful things like > > "All -Indexes" ?
No, it doesn't. All +/-stuffhere and None +/-stuffhere are permitted. > On Tue, Dec 28, 2010 at 10:56 AM, <[email protected]> wrote: > > Author: igalic > > Date: Tue Dec 28 15:56:46 2010 > > New Revision: 1053375 > > > > URL: http://svn.apache.org/viewvc?rev=1053375&view=rev > > Log: > > Applying patch from PR 33078 (with slight changes to its return > values) > > This patch disallows the mixing of relative (+/-) and absolute > Options where insensible. > > > > Modified: > > httpd/httpd/trunk/CHANGES > > httpd/httpd/trunk/docs/manual/mod/core.xml > > httpd/httpd/trunk/server/core.c > > > > Modified: httpd/httpd/trunk/CHANGES > > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1053375&r1=1053374&r2=1053375&view=diff > > > ============================================================================== > > --- httpd/httpd/trunk/CHANGES [utf-8] (original) > > +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 28 15:56:46 2010 > > @@ -2,6 +2,9 @@ > > > > Changes with Apache 2.3.11 > > > > + *) core: Disallow the mixing of relative and absolute Options PR > 33708. > > + [Sönke Tesch <st kino-fahrplan.de>] > > + > > *) core: When exporting request headers to HTTP_* environment > variables, > > drop variables whose names contain invalid characters. Describe > in the > > docs how to restore the old behaviour. [Malte S. Stretz <mss > apache org>] > > > > Modified: httpd/httpd/trunk/docs/manual/mod/core.xml > > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1053375&r1=1053374&r2=1053375&view=diff > > > ============================================================================== > > --- httpd/httpd/trunk/docs/manual/mod/core.xml (original) > > +++ httpd/httpd/trunk/docs/manual/mod/core.xml Tue Dec 28 15:56:46 > 2010 > > @@ -3016,10 +3016,10 @@ directory</description> > > <code>-</code> are removed from the options currently in > > force. </p> > > > > - <note type="warning"><title>Warning</title> > > + <note><title>Note</title> > > <p>Mixing <directive>Options</directive> with a <code>+</code> > or > > - <code>-</code> with those without is not valid syntax, and is > likely > > - to cause unexpected results.</p> > > + <code>-</code> with those without is not valid syntax, and will > be > > + rejected during server startup by the syntax check with an > abort.</p> > > </note> > > > > <p>For example, without any <code>+</code> and <code>-</code> > symbols:</p> > > > > Modified: httpd/httpd/trunk/server/core.c > > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1053375&r1=1053374&r2=1053375&view=diff > > > ============================================================================== > > --- httpd/httpd/trunk/server/core.c (original) > > +++ httpd/httpd/trunk/server/core.c Tue Dec 28 15:56:46 2010 > > @@ -1409,6 +1409,8 @@ static const char *set_options(cmd_parms > > core_dir_config *d = d_; > > allow_options_t opt; > > int first = 1; > > + int merge = 0; > > + int all_none = 0; > > char action; > > > > while (l[0]) { > > @@ -1417,10 +1419,16 @@ static const char *set_options(cmd_parms > > > > if (*w == '+' || *w == '-') { > > action = *(w++); > > + if (!merge && !first && !all_none) { > > + return "Either all Options must start with + or -, > or no Option may."; > > + } > > + merge = 1; > > } > > else if (first) { > > d->opts = OPT_NONE; > > - first = 0; > > + } > > + else if (merge) { > > + return "Either all Options must start with + or -, or > no Option may."; > > } > > > > if (!strcasecmp(w, "Indexes")) { > > @@ -1448,10 +1456,24 @@ static const char *set_options(cmd_parms > > opt = OPT_MULTI|OPT_EXECCGI; > > } > > else if (!strcasecmp(w, "None")) { > > + if (!first) { > > + return "'Options None' must be the first Option > given."; > > + } > > + else if (merge) { /* Only works since None may not > follow any other option. */ > > + return "You may not use 'Options +None' or 'Options > -None'."; > > + } > > opt = OPT_NONE; > > + all_none = 1; > > } > > else if (!strcasecmp(w, "All")) { > > + if (!first) { > > + return "'Options All' must be the first option > given."; > > + } > > + else if (merge) { /* Only works since All may not > follow any other option. */ > > + return "You may not use 'Options +All' or 'Options > -All'."; > > + } > > opt = OPT_ALL; > > + all_none = 1; > > } > > else { > > return apr_pstrcat(cmd->pool, "Illegal option ", w, > NULL); > > @@ -1474,6 +1496,8 @@ static const char *set_options(cmd_parms > > else { > > d->opts |= opt; > > } > > + > > + first = 0; > > } > > > > return NULL; > > > > > > > > > > -- > Eric Covener > [email protected] -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: [email protected] URL: http://brainsware.org/
