Re: svn commit: r1740928 - in /httpd/httpd/trunk: ./ include/ modules/http2/ modules/proxy/ modules/ssl/ server/

[Yann Ylavic]

On Wed, Oct 11, 2017 at 10:49 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
> On Wed, Oct 11, 2017 at 10:38 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
>>
>> Thus, how about if there, for 2.4.x only (i.e. backport patch), we'd
>> instead check for:
>>> +        || (((forbidden & NOT_IN_PROXY)
>>> +             || (forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE
>>> +             || (forbidden & GLOBAL_ONLY) == GLOBAL_ONLY)
>>> +            && ((found = ...)
>>> +                || ...)))
>> ?
>
> Looks like there are other usages of NOT_IN_DIR_LOC_FILE we should
> hack in ap_check_cmd_context() too, but you probably see the idea...

Actually, I think the correct fix, even for 2.5/trunk, is something
for the attached patch.
WDYT?

Index: include/http_config.h
===================================================================
--- include/http_config.h	(revision 1811703)
+++ include/http_config.h	(working copy)
@@ -950,10 +950,12 @@ AP_DECLARE(const char *) ap_check_cmd_context(cmd_
 #define  NOT_IN_FILES           0x10 /**< Forbidden in &lt;Files&gt; or &lt;If&gt;*/
 #define  NOT_IN_HTACCESS        0x20 /**< Forbidden in .htaccess files */
 #define  NOT_IN_PROXY           0x40 /**< Forbidden in &lt;Proxy&gt; */
+/** Forbidden in &lt;Directory&gt;/&lt;Location&gt;/&lt;Files&gt;&lt;If&gt;*/
+#define  NOT_IN_DIR_LOC_FILE    (NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES)
 /** Forbidden in &lt;Directory&gt;/&lt;Location&gt;/&lt;Files&gt;&lt;If&gt;&lt;Proxy&gt;*/
-#define  NOT_IN_DIR_LOC_FILE    (NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES|NOT_IN_PROXY)
+#define  NOT_IN_DIR_LOC_FILE_PROXY (NOT_IN_DIR_LOC_FILE|NOT_IN_PROXY)
 /** Forbidden in &lt;VirtualHost&gt;/&lt;Limit&gt;/&lt;Directory&gt;/&lt;Location&gt;/&lt;Files&gt;/&lt;If&gt;&lt;Proxy&gt;*/
-#define  GLOBAL_ONLY            (NOT_IN_VIRTUALHOST|NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE)
+#define  GLOBAL_ONLY            (NOT_IN_VIRTUALHOST|NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE_PROXY)
 
 /** @} */
 
Index: server/core.c
===================================================================
--- server/core.c	(revision 1811703)
+++ server/core.c	(working copy)
@@ -1323,7 +1323,9 @@ AP_DECLARE(const char *) ap_check_cmd_context(cmd_
                 || (found = find_parent(cmd->directive, "<If"))
                 || (found = find_parent(cmd->directive, "<ElseIf"))
                 || (found = find_parent(cmd->directive, "<Else"))))
-        || ((forbidden & NOT_IN_PROXY)
+        || (((forbidden & NOT_IN_PROXY)
+             || (forbidden & GLOBAL_ONLY) == GLOBAL_ONLY
+             || (forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE)
             && ((found = find_parent(cmd->directive, "<Proxy"))
                 || (found = find_parent(cmd->directive, "<ProxyMatch"))))) {
         return apr_pstrcat(cmd->pool, cmd->cmd->name, gt,