cvs commit: apache/src CHANGES http_core.c
dgaudet 97/08/04 23:45:01 Modified:src CHANGES http_core.c Log: When merging the main server's Directory and Location sections into a vhost, put the main server's first and the vhost's second. Otherwise the vhost can't override the main server. Reviewed by: Roy Fielding, Ralf S. Engelschall, Dean Gaudet PR: 717 Revision ChangesPath 1.383 +4 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.382 retrieving revision 1.383 diff -u -r1.382 -r1.383 --- CHANGES 1997/08/05 06:02:39 1.382 +++ CHANGES 1997/08/05 06:44:58 1.383 @@ -1,5 +1,9 @@ Changes with Apache 1.3a2 + *) When merging the main server's Directory and Location sections into + a vhost, put the main server's first and the vhost's second. Otherwise + the vhost can't override the main server. [Dean Gaudet] PR#717 + *) ip-based vhosts are stored and queried using a hashing function, which has been shown to improve performance on servers with many ip-vhosts. Some other changes had to be made to accomodate this: 1.107 +2 -2 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.106 retrieving revision 1.107 diff -u -r1.106 -r1.107 --- http_core.c 1997/08/04 02:36:03 1.106 +++ http_core.c 1997/08/05 06:44:59 1.107 @@ -200,8 +200,8 @@ *conf = *virt; if (!conf-access_name) conf-access_name = base-access_name; if (!conf-document_root) conf-document_root = base-document_root; -conf-sec = append_arrays (p, virt-sec, base-sec); -conf-sec_url = append_arrays (p, virt-sec_url, base-sec_url); +conf-sec = append_arrays (p, base-sec, virt-sec); +conf-sec_url = append_arrays (p, base-sec, virt-sec_url); return conf; }
cvs commit: apache/src CHANGES http_core.c
rse 97/08/04 09:05:04 Modified:src Tag: APACHE_1_2_X CHANGES http_core.c Log: Fixed improper vhost merging of Location and Directory. Submitted by: Dean Gaudet Reviewed by: Roy Fielding, Ralf S. Engelschall, Dean Gaudet Revision ChangesPath No revision No revision 1.286.2.40 +5 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.286.2.39 retrieving revision 1.286.2.40 diff -u -r1.286.2.39 -r1.286.2.40 --- CHANGES 1997/08/02 15:52:11 1.286.2.39 +++ CHANGES 1997/08/04 16:04:59 1.286.2.40 @@ -1,5 +1,10 @@ Changes with Apache 1.2.2 + *) Fixed improper vhost merging of Location and Directory: changed the + ordering of the arguments to append_arrays for the main server's before + the vhost's. + [Dean Gaudet] + *) Bugfix for case where multiple Directorys match and all are applied. [Dean Gaudet] 1.81.2.7 +2 -2 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.81.2.6 retrieving revision 1.81.2.7 diff -u -r1.81.2.6 -r1.81.2.7 --- http_core.c 1997/07/20 18:26:16 1.81.2.6 +++ http_core.c 1997/08/04 16:05:00 1.81.2.7 @@ -200,8 +200,8 @@ *conf = *virt; if (!conf-access_name) conf-access_name = base-access_name; if (!conf-document_root) conf-document_root = base-document_root; -conf-sec = append_arrays (p, virt-sec, base-sec); -conf-sec_url = append_arrays (p, virt-sec_url, base-sec_url); +conf-sec = append_arrays (p, base-sec, virt-sec); +conf-sec_url = append_arrays (p, base-sec, virt-sec_url); return conf; }
cvs commit: apache/src CHANGES http_core.c http_protocol.c http_protocol.h http_request.c
fielding97/07/19 13:17:45 Modified:src Tag: APACHE_1_2_X CHANGES http_core.c http_protocol.c http_protocol.h http_request.c Log: In HTTP/1.1, whether or not a request message contains a body is independent of the request method and based solely on the presence of a Content-Length or Transfer-Encoding. Therefore, our default handlers need to be prepared to read a body even if they don't know what to do with it; otherwise, the body would be mistaken for the next request on a persistent connection. discard_request_body() has been added to take care of that. PR: 378 Reviewed by: Dean Gaudet Revision ChangesPath No revision No revision 1.286.2.28 +8 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.286.2.27 retrieving revision 1.286.2.28 diff -C3 -r1.286.2.27 -r1.286.2.28 *** CHANGES 1997/07/19 19:13:56 1.286.2.27 --- CHANGES 1997/07/19 20:17:38 1.286.2.28 *** *** 1,5 --- 1,13 Changes with Apache 1.2.2 + *) API: In HTTP/1.1, whether or not a request message contains a body + is independent of the request method and based solely on the presence + of a Content-Length or Transfer-Encoding. Therefore, our default + handlers need to be prepared to read a body even if they don't know + what to do with it; otherwise, the body would be mistaken for the + next request on a persistent connection. discard_request_body() + has been added to take care of that. [Roy Fielding] PR#378 + *) API: Symbol APACHE_RELEASE provides a numeric form of the Apache release version number, such that it always increases along the same lines as our source code branching. [Roy Fielding] 1.81.2.5 +7 -2 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.81.2.4 retrieving revision 1.81.2.5 diff -C3 -r1.81.2.4 -r1.81.2.5 *** http_core.c 1997/07/05 17:56:49 1.81.2.4 --- http_core.c 1997/07/19 20:17:39 1.81.2.5 *** *** 1324,1332 (core_dir_config *)get_module_config(r-per_dir_config, core_module); int rangestatus, errstatus; FILE *f; ! r-allowed |= (1 M_GET); - r-allowed |= (1 M_TRACE); r-allowed |= (1 M_OPTIONS); if (r-method_number == M_INVALID) { --- 1324,1337 (core_dir_config *)get_module_config(r-per_dir_config, core_module); int rangestatus, errstatus; FILE *f; ! ! /* This handler has no use for a request body (yet), but we still ! * need to read and discard it if the client sent one. ! */ ! if ((errstatus = discard_request_body(r)) != OK) ! return errstatus; ! r-allowed |= (1 M_GET); r-allowed |= (1 M_OPTIONS); if (r-method_number == M_INVALID) { 1.126.2.3 +53 -19apache/src/http_protocol.c Index: http_protocol.c === RCS file: /export/home/cvs/apache/src/http_protocol.c,v retrieving revision 1.126.2.2 retrieving revision 1.126.2.3 diff -C3 -r1.126.2.2 -r1.126.2.3 *** http_protocol.c 1997/07/01 06:50:29 1.126.2.2 --- http_protocol.c 1997/07/19 20:17:40 1.126.2.3 *** *** 1087,1120 bputs(\015\012, client);/* Send the terminating empty line */ } static char *make_allow(request_rec *r) { ! int allowed = r-allowed; ! ! if( allowed == 0 ) { ! /* RFC2068 #14.7, Allow must contain at least one method. So rather ! * than deal with the possibility of trying not to emit an Allow: ! * header, i.e. #10.4.6 says 405 Method Not Allowed MUST include ! * an Allow header, we'll just say TRACE is valid. ! */ ! return( TRACE ); ! } ! ! return 2 + pstrcat(r-pool, (allowed (1 M_GET)) ? , GET, HEAD : , !(allowed (1 M_POST)) ? , POST : , !(allowed (1 M_PUT)) ? , PUT : , !(allowed (1 M_DELETE)) ? , DELETE : , !(allowed (1 M_OPTIONS)) ? , OPTIONS : , !(allowed (1 M_TRACE)) ? , TRACE : , !NULL); ! } int send_http_trace (request_rec *r) { /* Get the original request */ while (r-prev) r = r-prev; hard_timeout(send TRACE, r); r-content_type = message/http; --- 1087,1117 bputs(\015\012, client);/* Send the terminating empty line */ }
cvs commit: apache/src CHANGES http_core.c mod_alias.c
akosut 97/07/07 21:45:31 Modified:htdocs/manual new_features_1_3.html htdocs/manual/mod core.html directives.html mod_alias.html src CHANGES http_core.c mod_alias.c Log: Enable regex support in mod_alias with AliasMatch, ScriptAliasMatch and RedirectMatch directives. New syntax for regex support in http_core: DirectoryMatch, FilesMatch, LocationMatch sections. Revision ChangesPath 1.6 +16 -0 apache/htdocs/manual/new_features_1_3.html Index: new_features_1_3.html === RCS file: /export/home/cvs/apache/htdocs/manual/new_features_1_3.html,v retrieving revision 1.5 retrieving revision 1.6 diff -c -C3 -r1.5 -r1.6 *** new_features_1_3.html 1997/07/08 02:04:36 1.5 --- new_features_1_3.html 1997/07/08 04:45:22 1.6 *** *** 40,45 --- 40,61 Windows gives Apache the ability to run on a large number of web servers it was not previously able to. /P + + liba href=mod/mod_alias.htmlRegular Expression support for Alias + and Redirect/a/b + p + New codea href=mod/mod_alias.html#aliasmatchAliasMatch/a/code, + codea + href=mod/mod_alias.html#scriptaliasmatchScriptAliasMatch/a/code, and + codea + href=mod/mod_alias.html#redirectmatchRedirectMatch/a/code + directives allow for the use of regular expression matching. + pAdditionally, new + codea href=mod_core.html#directorymatchlt;DirectoryMatchgt;/a/code, + codea href=mod_core.html#locationmatchlt;LocationMatchgt;/a/code, + and codea href=mod_core.html#filesmatchlt;FilesMatchgt;/a/code + sections provide a new syntax for regular expression sectioning./p + /LI LISTRONGSupport for Directory Icon Sizing/STRONG P 1.64 +74 -3 apache/htdocs/manual/mod/core.html Index: core.html === RCS file: /export/home/cvs/apache/htdocs/manual/mod/core.html,v retrieving revision 1.63 retrieving revision 1.64 diff -c -C3 -r1.63 -r1.64 *** core.html 1997/07/08 02:04:38 1.63 --- core.html 1997/07/08 04:45:23 1.64 *** *** 31,40 --- 31,42 liA HREF=#clearmodulelistClearModuleList/A liA HREF=#defaulttypeDefaultType/A liA HREF=#directorylt;Directorygt;/A + liA HREF=#directorymatchlt;DirectoryMatchgt;/A liA HREF=#documentrootDocumentRoot/A liA HREF=#errordocumentErrorDocument/A liA HREF=#errorlogErrorLog/A liA HREF=#fileslt;Filesgt;/A + liA HREF=#filesmatchlt;FilesMatchgt;/A liA HREF=#groupGroup/A liA HREF=#hostnamelookupsHostNameLookups/A liA HREF=#identitycheckIdentityCheck/A *** *** 45,50 --- 47,53 liA HREF=#listenListen/A liA HREF=#listenbacklogListenBacklog/A liA HREF=#locationlt;Locationgt;/A + liA HREF=#locationmatchlt;LocationMatchgt;/A liA HREF=#lockfileLockFile/A liA HREF=#maxclientsMaxClients/A liA HREF=#maxkeepaliverequestsMaxKeepAliveRequests/a *** *** 305,311 lt;Directory ~ quot;^/www/.*/[0-9]{3}quot;gt; /pre ! would match directories in /www/ that consisted of three numbers.p pIf multiple directory sections match the directory (or its parents) containing a document, then the directives are applied in the order of shortest match --- 308,316 lt;Directory ~ quot;^/www/.*/[0-9]{3}quot;gt; /pre ! would match directories in /www/ that consisted of three numbers. In ! Apache 1.3 and later, it is reccomended to use ! a href=#directorymatchlt;DirectoryMatchgt;/a instead.p pIf multiple directory sections match the directory (or its parents) containing a document, then the directives are applied in the order of shortest match *** *** 357,362 --- 362,387 nest, and cannot appear in a A HREF=#limitlt;Limitgt;/A section. phr + h2A name=directorymatchlt;DirectoryMatchgt;/A/h2 + strongSyntax:/strong lt;DirectoryMatch emregex/emgt; ... lt;/DirectoryMatchgt; br + strongContext:/strong server config, virtual hostbr + strongStatus:/strong Core.br + strongCompatibility:/strong Available in Apache 1.3 and later + + plt;DirectoryMatchgt; and lt;/DirectoryMatchgt; are used to enclose a group of + directives which will apply only to the named directory and sub-directories + of that directory, the same as a + href=#directorylt;Directorygt;/a. However, it takes as an + argument a regular expression. For example:/p + + pre +lt;DirectoryMatch quot;^/www/.*/[0-9]{3}quot;gt; + /pre + + pwould match directories in /www/ that consisted of three numbers./p + + hr + h2A NAME=documentrootDocumentRoot directive/A/h2 !--%plaintext lt;?INDEX {\tt DocumentRoot} directivegt; -- strongSyntax:/strong DocumentRoot
cvs commit: apache/src CHANGES http_core.c http_request.c httpd.h mod_negotiation.c util.c
dgaudet 97/06/30 15:50:45 Modified:src CHANGES http_core.c http_request.c httpd.h mod_negotiation.c util.c Log: directory_walk() is an expensive function, keep a little more state to avoid needless string counting. Add two new functions make_dirstr_parent and make_dirstr_prefix which replace all existing uses of make_dirstr. The new functions are a little less general than make_dirstr, but work more efficiently (less memory, less string counting). Revision ChangesPath 1.316 +7 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.315 retrieving revision 1.316 diff -C3 -r1.315 -r1.316 *** CHANGES 1997/06/30 21:42:29 1.315 --- CHANGES 1997/06/30 22:50:38 1.316 *** *** 1,4 --- 1,11 Changes with Apache 1.3 + + *) directory_walk() is an expensive function, keep a little more state to + avoid needless string counting. Add two new functions make_dirstr_parent + and make_dirstr_prefix which replace all existing uses of make_dirstr. + The new functions are a little less general than make_dirstr, but + work more efficiently (less memory, less string counting). + [Dean Gaudet] *) EXTRA_LFLAGS was changed to EXTRA_LDFLAGS (and LFLAGS was changed to LDFLAGS) to avoid complications with lex rules in make files. 1.90 +1 -1 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.89 retrieving revision 1.90 diff -C3 -r1.89 -r1.90 *** http_core.c 1997/06/29 17:53:03 1.89 --- http_core.c 1997/06/30 22:50:39 1.90 *** *** 117,123 core_dir_config *base = (core_dir_config *)basev; core_dir_config *new = (core_dir_config *)newv; core_dir_config *conf = ! (core_dir_config *)pcalloc (a, sizeof(core_dir_config)); int i; memcpy ((char *)conf, (const char *)base, sizeof(core_dir_config)); --- 117,123 core_dir_config *base = (core_dir_config *)basev; core_dir_config *new = (core_dir_config *)newv; core_dir_config *conf = ! (core_dir_config *)palloc (a, sizeof(core_dir_config)); int i; memcpy ((char *)conf, (const char *)base, sizeof(core_dir_config)); 1.54 +33 -18apache/src/http_request.c Index: http_request.c === RCS file: /export/home/cvs/apache/src/http_request.c,v retrieving revision 1.53 retrieving revision 1.54 diff -C3 -r1.53 -r1.54 *** http_request.c1997/06/28 21:46:57 1.53 --- http_request.c1997/06/30 22:50:39 1.54 *** *** 251,259 core_dir_config **sec = (core_dir_config **)sec_array-elts; int num_sec = sec_array-nelts; char *test_filename = pstrdup (r-pool, r-filename); int num_dirs, res; ! int i; /* Are we dealing with a file? If not, we can (hopefuly) safely assume * we have a handler that doesn't require one, but for safety's sake, --- 251,260 core_dir_config **sec = (core_dir_config **)sec_array-elts; int num_sec = sec_array-nelts; char *test_filename = pstrdup (r-pool, r-filename); + char *test_dirname, *test_htaccess; int num_dirs, res; ! int i, test_filename_len; /* Are we dealing with a file? If not, we can (hopefuly) safely assume * we have a handler that doesn't require one, but for safety's sake, *** *** 333,360 return res; } ! if (test_filename[strlen(test_filename)-1] == '/') --num_dirs; ! if (S_ISDIR (r-finfo.st_mode)) { ! ++num_dirs; ! } for (i = 1; i = num_dirs; ++i) { core_dir_config *core_dir = (core_dir_config *)get_module_config(per_dir_defaults, core_module); int overrides_here; void *this_conf = NULL, *htaccess_conf = NULL; ! char *this_dir = make_dirstr (r-pool, test_filename, i); int j; ! /* Do symlink checks first, because they are done with the * permissions appropriate to the *parent* directory... */ ! if ((res = check_symlinks (this_dir, core_dir-opts))) { ! log_reason(Symbolic link not allowed, this_dir, r); return res; } --- 334,367 return res; } ! test_filename_len = strlen (test_filename); ! if (test_filename[test_filename_len-1] == '/') --num_dirs; ! if (S_ISDIR
cvs commit: apache/src CHANGES http_core.c
dgaudet 97/06/28 13:10:14 Modified:src CHANGES http_core.c Log: -DBIG_SECURITY_HOLE now required to run apache as root. Revision ChangesPath 1.300 +4 -1 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.299 retrieving revision 1.300 diff -C3 -r1.299 -r1.300 *** CHANGES 1997/06/28 19:55:16 1.299 --- CHANGES 1997/06/28 20:10:11 1.300 *** *** 23,32 (headers, readmes, titles), mod_negotiation (type maps), or mod_cern_meta (meta files). [Dean Gaudet] *) CONFIG: HostnameLookups now defaults to off because it is far better for the net if we require people that actually need this data to enable it. [Linus Torvalds] ! *) mod_include was not properly changing the current directory. [Marc Slemko] PR#742 --- 23,35 (headers, readmes, titles), mod_negotiation (type maps), or mod_cern_meta (meta files). [Dean Gaudet] + *) SECURITY: Apache will refuse to run as User root unless + BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet] + *) CONFIG: HostnameLookups now defaults to off because it is far better for the net if we require people that actually need this data to enable it. [Linus Torvalds] ! *) mod_include was not properly changing the current directory. [Marc Slemko] PR#742 1.85 +15 -1 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.84 retrieving revision 1.85 diff -C3 -r1.84 -r1.85 *** http_core.c 1997/06/17 00:09:13 1.84 --- http_core.c 1997/06/28 20:10:12 1.85 *** *** 889,897 else { cmd-server-server_uid = user_id; fprintf(stderr, ! Warning: User directive in VirtualHost requires SUEXEC wrapper.\n); } } return NULL; } --- 889,911 else { cmd-server-server_uid = user_id; fprintf(stderr, ! Warning: User directive in VirtualHost ! requires SUEXEC wrapper.\n); } } + #if !defined (BIG_SECURITY_HOLE) + if (cmd-server-server_uid == 0) { + fprintf (stderr, + Error:\tApache has not been designed to serve pages while running\n + \tas root. There are known race conditions that will allow any\n + \tlocal user to read any file on the system. Should you still\n + \tdesire to serve pages as root then add -DBIG_SECURITY_HOLE to\n + \tthe EXTRA_CFLAGS line in your src/Configuration file and rebuild\n + \tthe server. It is strongly suggested that you instead modify the\n + \tUser directive in your httpd.conf file to list a non-root user.\n); + exit (1); + } + #endif return NULL; }
cvs commit: apache/src CHANGES http_core.c
dgaudet 97/06/28 15:00:18 Modified:src Tag: APACHE_1_2_X CHANGES http_core.c Log: Whack people upside the head if they try to run apache as root. Revision ChangesPath No revision No revision 1.286.2.15 +4 -1 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.286.2.14 retrieving revision 1.286.2.15 diff -C3 -r1.286.2.14 -r1.286.2.15 *** CHANGES 1997/06/28 19:51:25 1.286.2.14 --- CHANGES 1997/06/28 22:00:15 1.286.2.15 *** *** 13,22 (headers, readmes, titles), mod_negotiation (type maps), or mod_cern_meta (meta files). [Dean Gaudet] *) CONFIG: HostnameLookups now defaults to off because it is far better for the net if we require people that actually need this data to enable it. [Linus Torvalds] ! *) mod_include was not properly changing the current directory. [Marc Slemko] PR#742 --- 13,25 (headers, readmes, titles), mod_negotiation (type maps), or mod_cern_meta (meta files). [Dean Gaudet] + *) SECURITY: Apache will refuse to run as User root unless + BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet] + *) CONFIG: HostnameLookups now defaults to off because it is far better for the net if we require people that actually need this data to enable it. [Linus Torvalds] ! *) mod_include was not properly changing the current directory. [Marc Slemko] PR#742 1.81.2.1 +15 -1 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.81 retrieving revision 1.81.2.1 diff -C3 -r1.81 -r1.81.2.1 *** http_core.c 1997/05/08 13:09:24 1.81 --- http_core.c 1997/06/28 22:00:16 1.81.2.1 *** *** 886,894 else { cmd-server-server_uid = user_id; fprintf(stderr, ! Warning: User directive in VirtualHost requires SUEXEC wrapper.\n); } } return NULL; } --- 886,908 else { cmd-server-server_uid = user_id; fprintf(stderr, ! Warning: User directive in VirtualHost ! requires SUEXEC wrapper.\n); } } + #if !defined (BIG_SECURITY_HOLE) + if (cmd-server-server_uid == 0) { + fprintf (stderr, + Error:\tApache has not been designed to serve pages while running\n + \tas root. There are known race conditions that will allow any\n + \tlocal user to read any file on the system. Should you still\n + \tdesire to serve pages as root then add -DBIG_SECURITY_HOLE to\n + \tthe EXTRA_CFLAGS line in your src/Configuration file and rebuild\n + \tthe server. It is strongly suggested that you instead modify the\n + \tUser directive in your httpd.conf file to list a non-root user.\n); + exit (1); + } + #endif return NULL; }
cvs commit: apache/src CHANGES http_core.c http_request.c mod_include.c
fielding97/05/08 06:09:27 Modified:src CHANGES http_core.c http_request.c mod_include.c Log: Test for error conditions before creating output header fields, since we don't want the error message to include those fields. Likewise, reset the content_language(s) and content_encoding of the response before generating or redirecting to an error message, since the new message will have its own Content-* definitions. This is only a partial solution to the problem of error messages inheriting header fields and request_rec variables from almost-succeeded requests, but this part is needed for the general solution anyway. A fix for the latter will be in a separate patch. Submitted by: Dean Gaudet Reviewed by: Roy Fielding, Ken Coar, Jim Jagielski Revision ChangesPath 1.270 +7 -1 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.269 retrieving revision 1.270 diff -C3 -r1.269 -r1.270 *** CHANGES 1997/05/08 11:27:27 1.269 --- CHANGES 1997/05/08 13:09:23 1.270 *** *** 1,10 Changes with Apache 1.2 *) Fixed a couple places where a check for the default Content-Type was not properly checking both the value configured by the DefaultType directive and the DEFAULT_TYPE symbol in httpd.h. Changed the value of DEFAULT_TYPE to match the documented default (text/plain). ! [Dean Gaudet] *) Escape the HTML-sensitive characters in the Request-URI that is output for each child by mod_status. [Dean Gaudet and Ken Coar] PR#501 --- 1,16 Changes with Apache 1.2 + *) Test for error conditions before creating output header fields, since + we don't want the error message to include those fields. Likewise, + reset the content_language(s) and content_encoding of the response + before generating or redirecting to an error message, since the new + message will have its own Content-* definitions. [Dean Gaudet] + *) Fixed a couple places where a check for the default Content-Type was not properly checking both the value configured by the DefaultType directive and the DEFAULT_TYPE symbol in httpd.h. Changed the value of DEFAULT_TYPE to match the documented default (text/plain). ! [Dean Gaudet] PR#506 *) Escape the HTML-sensitive characters in the Request-URI that is output for each child by mod_status. [Dean Gaudet and Ken Coar] PR#501 1.81 +4 -4 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.80 retrieving revision 1.81 diff -C3 -r1.80 -r1.81 *** http_core.c 1997/04/24 10:19:09 1.80 --- http_core.c 1997/05/08 13:09:24 1.81 *** *** 1322,1331 return NOT_FOUND; } if (r-method_number != M_GET) return METHOD_NOT_ALLOWED; - - if ((errstatus = set_last_modified (r, r-finfo.st_mtime)) - || (errstatus = set_content_length (r, r-finfo.st_size))) - return errstatus; #ifdef __EMX__ /* Need binary mode for OS/2 */ --- 1322,1327 *** *** 1338,1343 --- 1334,1343 log_reason(file permissions deny server access, r-filename, r); return FORBIDDEN; } + + if ((errstatus = set_last_modified (r, r-finfo.st_mtime)) + || (errstatus = set_content_length (r, r-finfo.st_size))) + return errstatus; if (d-content_md5 1) { table_set (r-headers_out, Content-MD5, md5digest(r-pool, f)); 1.48 +11 -1 apache/src/http_request.c Index: http_request.c === RCS file: /export/home/cvs/apache/src/http_request.c,v retrieving revision 1.47 retrieving revision 1.48 diff -C3 -r1.47 -r1.48 *** http_request.c1997/04/07 11:47:05 1.47 --- http_request.c1997/05/08 13:09:24 1.48 *** *** 763,769 } r-status = type; ! /* Two types of custom redirects --- plain text, and URLs. * Plain text has a leading '', so the URL code, here, is triggered * on its absence --- 763,779 } r-status = type; ! ! /* XXX: this is an awful thing to have to do here, in fact there are ! * probably other cases that need this attention. Essentially we're ! * about to report an error, and if we don't do an internal_redirect ! * below then we'll report the error with the wrong headers -- we'll ! * use headers belonging to the original request.
cvs commit: apache/src CHANGES http_core.c
dgaudet 97/04/24 03:19:11 Modified:src CHANGES http_core.c Log: Fixes problem with Directory proxy:... Submitted by: Martin Kraemer Reviewed by: Chuck, Dean Revision ChangesPath 1.244 +2 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.243 retrieving revision 1.244 diff -C3 -r1.243 -r1.244 *** CHANGES 1997/04/24 10:16:54 1.243 --- CHANGES 1997/04/24 10:19:09 1.244 *** *** 1,4 --- 1,6 Changes with Apache 1.2 + + *) Fix problem with Directory proxy: [Martin Kraemer] PR#271 *) Corrected spelling of authoritative. AuthDBAuthoratative became AuthDBAuthoritative. [Marc Slemko] PR#420 1.80 +1 -0 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.79 retrieving revision 1.80 diff -C3 -r1.79 -r1.80 *** http_core.c 1997/04/22 02:42:07 1.79 --- http_core.c 1997/04/24 10:19:09 1.80 *** *** 82,87 --- 82,88 (core_dir_config *)pcalloc(a, sizeof(core_dir_config)); if (!dir || dir[strlen(dir) - 1] == '/') conf-d = dir; + else if (strncmp(dir,proxy:,6)==0) conf-d = pstrdup (a, dir); else conf-d = pstrcat (a, dir, /, NULL); conf-d_is_matchexp = conf-d ? is_matchexp( conf-d ) : 0;
cvs commit: apache/src CHANGES http_core.c
fielding97/03/07 08:42:09 Modified:src CHANGES http_core.c Log: Fixed problem with ErrorDocument not working for virtual hosts due to one of the performance changes in 1.2b7. Submitted by: Dean Gaudet Reviewed by: Roy Fielding, Ken Coar Revision ChangesPath 1.190 +3 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.189 retrieving revision 1.190 diff -C3 -r1.189 -r1.190 *** CHANGES 1997/03/07 14:43:52 1.189 --- CHANGES 1997/03/07 16:42:06 1.190 *** *** 1,5 --- 1,8 Changes with Apache 1.2b8 + *) Fixed problem with ErrorDocument not working for virtual hosts + due to one of the performance changes in 1.2b7. [Dean Gaudet] + *) Log an error message if we get a request header that is too long, since it may indicate a buffer overflow attack. [Marc Slemko] 1.73 +6 -0 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.72 retrieving revision 1.73 diff -C3 -r1.72 -r1.73 *** http_core.c 1997/03/07 14:15:36 1.72 --- http_core.c 1997/03/07 16:42:07 1.73 *** *** 120,125 --- 120,131 int i; memcpy ((char *)conf, (const char *)base, sizeof(core_dir_config)); + if( base-response_code_strings ) { + conf-response_code_strings = palloc(a, + sizeof(*conf-response_code_strings) * RESPONSE_CODES ); + memcpy( conf-response_code_strings, base-response_code_strings, + sizeof(*conf-response_code_strings) * RESPONSE_CODES ); + } conf-d = new-d; conf-d_is_matchexp = new-d_is_matchexp;
cvs commit: apache/src CHANGES http_core.c http_request.c
fielding97/02/10 02:24:50 Modified:src CHANGES http_core.c http_request.c Log: Fix condition where, if a bad directive occurs in .htaccess, and sub_request() goes first to this directory, then log_reason() will SIGSEGV because it doesn't have initialized r-per_dir_config. [reported in PR#162 by Petr Lampa] Submitted by: Marc Slemko and Dean Gaudet Reviewed by: Roy Fielding Revision ChangesPath 1.150 +6 -1 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.149 retrieving revision 1.150 diff -C3 -r1.149 -r1.150 *** CHANGES 1997/02/08 01:33:56 1.149 --- CHANGES 1997/02/10 10:24:48 1.150 *** *** 2,12 *) Fix handling of unsigned ints in ap_snprintf() on some chips such as the DEC Alpha which is 64-bit but uses 32-bit ints. ! [Dean Gaudet, Ken the Rodent] *) Return a 302 response code to the client when sending a redirect due to a missing trailing '/' on a directory instead of a 301; now it is cacheable. [Markus Gyger] *) Fix handling of lang_index in is_variant_better(). This was causing problems which resulted in the server sending the --- 2,17 *) Fix handling of unsigned ints in ap_snprintf() on some chips such as the DEC Alpha which is 64-bit but uses 32-bit ints. ! [Dean Gaudet, Ken Coar] *) Return a 302 response code to the client when sending a redirect due to a missing trailing '/' on a directory instead of a 301; now it is cacheable. [Markus Gyger] + + *) Fix condition where, if a bad directive occurs in .htaccess, and + sub_request() goes first to this directory, then log_reason() will + SIGSEGV because it doesn't have initialized r-per_dir_config. + [PR#162 from Petr Lampa, fix by Marc Slemko and Dean Gaudet] *) Fix handling of lang_index in is_variant_better(). This was causing problems which resulted in the server sending the 1.66 +3 -2 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.65 retrieving revision 1.66 diff -C3 -r1.65 -r1.66 *** http_core.c 1997/02/10 09:40:33 1.65 --- http_core.c 1997/02/10 10:24:48 1.66 *** *** 313,321 core_dir_config *dir_conf; /* If we haven't checked the host name, and we want to */ ! dir_conf = (core_dir_config *)get_module_config(dir_config, core_module); !if (type != REMOTE_NOLOOKUP conn-remote_host == NULL dir_conf-hostname_lookups) { #ifdef STATUS int old_stat = update_child_status(conn-child_num, --- 313,322 core_dir_config *dir_conf; /* If we haven't checked the host name, and we want to */ ! if (dir_config) ! dir_conf = (core_dir_config *)get_module_config(dir_config, core_module); !if ((!dir_conf) || (type != REMOTE_NOLOOKUP conn-remote_host == NULL dir_conf-hostname_lookups)) { #ifdef STATUS int old_stat = update_child_status(conn-child_num, 1.41 +1 -0 apache/src/http_request.c Index: http_request.c === RCS file: /export/home/cvs/apache/src/http_request.c,v retrieving revision 1.40 retrieving revision 1.41 diff -C3 -r1.40 -r1.41 *** http_request.c1997/01/25 15:44:39 1.40 --- http_request.c1997/02/10 10:24:49 1.41 *** *** 697,702 --- 697,703 rnew-server = r-server; rnew-request_config = create_request_config (rnew-pool); rnew-htaccess = r-htaccess; /* copy htaccess cache */ + rnew-per_dir_config = r-server-lookup_defaults; set_sub_req_protocol (rnew, r); rnew-uri = INTERNALLY GENERATED file-relative req;
cvs commit: apache/src CHANGES http_core.c http_protocol.c
akosut 96/12/30 21:38:51 Modified:src CHANGES http_core.c http_protocol.c Log: Make ServerPath properly recognize path segments. Reviewed by: Randy Terbush, Chuck Murcko Revision ChangesPath 1.109 +5 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.108 retrieving revision 1.109 diff -C3 -r1.108 -r1.109 *** CHANGES 1996/12/31 02:28:59 1.108 --- CHANGES 1996/12/31 05:38:47 1.109 *** *** 1,3 --- 1,8 + Changes with Apache 1.2b5 + + *) Fix bug with ServerPath that could cause certaub files to be not + found by the server. [Alexei Kosut] + Changes with Apache 1.2b4: *) Fix possible race condition in accept_mutex_init() that 1.55 +4 -1 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.54 retrieving revision 1.55 diff -C3 -r1.54 -r1.55 *** http_core.c 1996/12/28 00:04:49 1.54 --- http_core.c 1996/12/31 05:38:48 1.55 *** *** 1223,1229 if ((r-uri[0] != '/') strcmp(r-uri, *)) return BAD_REQUEST; if (r-server-path ! !strncmp(r-uri, r-server-path, r-server-pathlen)) r-filename = pstrcat (r-pool, conf-document_root, (r-uri + r-server-pathlen), NULL); else --- 1223,1232 if ((r-uri[0] != '/') strcmp(r-uri, *)) return BAD_REQUEST; if (r-server-path ! !strncmp(r-uri, r-server-path, r-server-pathlen) ! (r-server-path[r-server-pathlen - 1] == '/' || ! r-uri[r-server-pathlen] == '/' || ! r-uri[r-server-pathlen] == '\0')) r-filename = pstrcat (r-pool, conf-document_root, (r-uri + r-server-pathlen), NULL); else 1.86 +4 -1 apache/src/http_protocol.c Index: http_protocol.c === RCS file: /export/home/cvs/apache/src/http_protocol.c,v retrieving revision 1.85 retrieving revision 1.86 diff -C3 -r1.85 -r1.86 *** http_protocol.c 1996/12/28 00:04:51 1.85 --- http_protocol.c 1996/12/31 05:38:49 1.86 *** *** 614,620 */ for (s = r-server-next; s; s = s-next) { ! if (s-path !strncmp(r-uri, s-path, s-pathlen)) r-server = r-connection-server = s; } } --- 614,623 */ for (s = r-server-next; s; s = s-next) { ! if (s-path !strncmp(r-uri, s-path, s-pathlen) ! (s-path[s-pathlen - 1] == '/' || ! r-uri[s-pathlen] == '/' || ! r-uri[s-pathlen] == '\0')) r-server = r-connection-server = s; } }
cvs commit: apache/src CHANGES http_core.c
akosut 96/12/30 21:48:02 Modified:src CHANGES http_core.c Log: Correctly set overrides for Files sections. Reviewed by: Randy Terbush, Chuck Murcko Revision ChangesPath 1.110 +3 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.109 retrieving revision 1.110 diff -C3 -r1.109 -r1.110 *** CHANGES 1996/12/31 05:38:47 1.109 --- CHANGES 1996/12/31 05:48:00 1.110 *** *** 1,5 --- 1,8 Changes with Apache 1.2b5 + *) Correctly allow access and auth directives in Files sections in + server config files. [Alexei Kosut] + *) Fix bug with ServerPath that could cause certaub files to be not found by the server. [Alexei Kosut] 1.56 +5 -0 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.55 retrieving revision 1.56 diff -C3 -r1.55 -r1.56 *** http_core.c 1996/12/31 05:38:48 1.55 --- http_core.c 1996/12/31 05:48:01 1.56 *** *** 685,690 --- 685,691 { const char *errmsg; char *endp = strrchr (arg, ''); + int old_overrides = cmd-override; char *old_path = cmd-path; core_dir_config *conf; regex_t *r = NULL; *** *** 696,701 --- 697,705 if (cmd-limited != -1) return Can't have Files within Limit; cmd-path = getword_conf (cmd-pool, arg); + /* Only if not an .htaccess file */ + if (cmd-path) + cmd-override = OR_ALL|ACCESS_CONF; if (!strcmp(cmd-path, ~)) { cmd-path = getword_conf (cmd-pool, arg); *** *** 716,721 --- 720,726 add_file_conf (c, new_file_conf); cmd-path = old_path; + cmd-override = old_overrides; return NULL; }
Re: cvs commit: apache/src CHANGES http_core.c
I actually don't recall reporting to the list that I did test it. It *does* work, I tested it late last night. Just a minor nit because I hadn't actually +1'd it until just now. randy 96/12/17 12:30:49 Modified:src CHANGES http_core.c Log: Initialize listen_rec-used in set_listener() to fix a dereference problem when restarting the server. Reviewed by: Sameer Parekh, Randy Terbush Submitted by: Ben Laurie Revision ChangesPath 1.88 +6 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.87 retrieving revision 1.88 diff -C3 -r1.87 -r1.88 *** CHANGES 1996/12/15 22:06:53 1.87 --- CHANGES 1996/12/17 20:30:46 1.88 *** *** 1,5 --- 1,11 Changes with Apache 1.2b3: + *) Add the ability to pass different Makefile.tmpl files to Configure + using the -make flag. + + *) Fix coredump triggered when sending a SIGHUP to the server caused + by a dereference of an unitialized pointer in the listen_rec. + *) Add FILEPATH_INFO variable to CGI environment, which is equal to PATH_INFO from previous versions of Apache (in certain situations, Apache 1.2's PATH_INFO will be different than 1.1's). [Alexei Kosut] 1.53 +1 -0 apache/src/http_core.c Index: http_core.c === RCS file: /export/home/cvs/apache/src/http_core.c,v retrieving revision 1.52 retrieving revision 1.53 diff -C3 -r1.52 -r1.53 *** http_core.c 1996/12/06 21:51:32 1.52 --- http_core.c 1996/12/17 20:30:46 1.53 *** *** 1084,1089 --- 1084,1090 return Port must be numeric; new-local_addr.sin_port = htons(port); new-fd = -1; + new-used = 0; new-next = listeners; listeners = new; return NULL; -- Sameer Parekh Voice: 510-986-8770 President FAX: 510-986-8777 C2Net http://www.c2.net/ [EMAIL PROTECTED]