Author: minfrin
Date: Wed Jul 8 11:39:12 2020
New Revision: 1879641
URL: http://svn.apache.org/viewvc?rev=1879641&view=rev
Log:
*) core: Drop an invalid Last-Modified header value coming
from a (F)CGI script instead of replacing it with Unix epoch.
Warn the users about Last-Modified header value replacements
and violations of the RFC.
trunk patch: http://svn.apache.org/r1748379
http://svn.apache.org/r1750747
http://svn.apache.org/r1750749
http://svn.apache.org/r1750953
http://svn.apache.org/r1751138
http://svn.apache.org/r1751139
http://svn.apache.org/r1751147
http://svn.apache.org/r1757818
http://svn.apache.org/r1879253
http://svn.apache.org/r1879348
2.4.x: trunk patches work, final view:
http://home.apache.org/~elukey/httpd-2.4.x-core-last_modified_tz_logging.patch
svn merge -c
1748379,1750747,1750749,1750953,1751138,1751139,1751139,1757818,1879253,r1879348
^/httpd/httpd/trunk .
The code has been tested with a simple PHP script returning different
Last-Modified
headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday, PST
now).
+1: elukey, jorton, jim
jorton: +1 though I'd say log at WARN or INFO for the APR_BAD_DATE case
rather than "silently" (at normal log-level) dropping the parsed
header?
[also nit: wrapping a lone ap_log_rerror(,APLOG_X) call in
if (APLOGrX(..) is unnecessary/redundant]
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/server/util_script.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1748379
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1879641&r1=1879640&r2=1879641&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Jul 8 11:39:12 2020
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.44
+ *) core: Drop an invalid Last-Modified header value coming
+ from a FCGI/CGI script instead of replacing it with Unix epoch.
+ [Luca Toscano]
+
*) Add support for strict content-length parsing through addition of
ap_parse_strict_length() [Yann Ylavic]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1879641&r1=1879640&r2=1879641&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Wed Jul 8 11:39:12 2020
@@ -135,31 +135,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) core: Drop an invalid Last-Modified header value coming
- from a (F)CGI script instead of replacing it with Unix epoch.
- Warn the users about Last-Modified header value replacements
- and violations of the RFC.
- trunk patch: http://svn.apache.org/r1748379
- http://svn.apache.org/r1750747
- http://svn.apache.org/r1750749
- http://svn.apache.org/r1750953
- http://svn.apache.org/r1751138
- http://svn.apache.org/r1751139
- http://svn.apache.org/r1751147
- http://svn.apache.org/r1757818
- http://svn.apache.org/r1879253
- http://svn.apache.org/r1879348
- 2.4.x: trunk patches work, final view:
-
http://home.apache.org/~elukey/httpd-2.4.x-core-last_modified_tz_logging.patch
- svn merge -c
1748379,1750747,1750749,1750953,1751138,1751139,1751139,1757818,1879253,r1879348
^/httpd/httpd/trunk .
- The code has been tested with a simple PHP script returning different
Last-Modified
- headers (GMT now, GMT now Europe/Paris, GMT tomorrow, GMT yesterday, PST
now).
- +1: elukey, jorton, jim
- jorton: +1 though I'd say log at WARN or INFO for the APR_BAD_DATE case
- rather than "silently" (at normal log-level) dropping the parsed
header?
- [also nit: wrapping a lone ap_log_rerror(,APLOG_X) call in
- if (APLOGrX(..) is unnecessary/redundant]
-
*) mod_http2: connection terminology renamed to master/secondary.
trunk patch: http://svn.apache.org/r1878926
http://svn.apache.org/r1879156
Modified: httpd/httpd/branches/2.4.x/server/util_script.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/util_script.c?rev=1879641&r1=1879640&r2=1879641&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/util_script.c (original)
+++ httpd/httpd/branches/2.4.x/server/util_script.c Wed Jul 8 11:39:12 2020
@@ -669,11 +669,19 @@ AP_DECLARE(int) ap_scan_script_header_er
}
/*
* If the script gave us a Last-Modified header, we can't just
- * pass it on blindly because of restrictions on future values.
+ * pass it on blindly because of restrictions on future or invalid
values.
*/
else if (!strcasecmp(w, "Last-Modified")) {
- ap_update_mtime(r, apr_date_parse_http(l));
- ap_set_last_modified(r);
+ apr_time_t last_modified_date = apr_date_parse_http(l);
+ if (last_modified_date != APR_DATE_BAD) {
+ ap_update_mtime(r, last_modified_date);
+ ap_set_last_modified(r);
+ }
+ else {
+ if (APLOGrtrace1(r))
+ ap_log_rerror(SCRIPT_LOG_MARK, APLOG_TRACE1, 0, r,
+ "Ignored invalid header value: Last-Modified:
'%s'", l);
+ }
}
else if (!strcasecmp(w, "Set-Cookie")) {
apr_table_add(cookie_table, w, l);
