diff options
| author | Jim Jagielski <jim@apache.org> | 2009-06-01 15:39:33 +0000 |
|---|---|---|
| committer | Jim Jagielski <jim@apache.org> | 2009-06-01 15:39:33 +0000 |
| commit | 7eea3005120dd323f9d54a71a7022672ed84bb65 (patch) | |
| tree | f7a0f330d52a96fb7de11d673452bc0cbac53265 | |
| parent | ff0ce8b2c1a5958c79ccf5047b3595dbcce6a04a (diff) | |
| download | httpd-7eea3005120dd323f9d54a71a7022672ed84bb65.tar.gz | |
More adjustment for Redirect argument checking...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@780692 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | modules/mappers/mod_alias.c | 51 |
1 files changed, 37 insertions, 14 deletions
diff --git a/modules/mappers/mod_alias.c b/modules/mappers/mod_alias.c index 717f229e8a..94dc75b525 100644 --- a/modules/mappers/mod_alias.c +++ b/modules/mappers/mod_alias.c @@ -176,26 +176,49 @@ static const char *add_redirect_internal(cmd_parms *cmd, alias_server_conf *serverconf = ap_get_module_config(s->module_config, &alias_module); int status = (int) (long) cmd->info; - ap_regex_t *r = NULL; + int grokarg1 = 1; += ap_regex_t *r = NULL; const char *f = arg2; const char *url = arg3; - if (!arg3 && !strcasecmp(arg1, "gone")) + /* + * Logic flow: + * Go ahead and try to grok the 1st arg, in case it is a + * Redirect status. Now if we have 3 args, we expect that + * we were able to understand that 1st argument (it's something + * we expected, so if not, then we bail. We also check that we + * don't have a 3rd argument with GONE or with numeric codes + * outside of 300-399; if we do, then that's an error. + */ + if (!strcasecmp(arg1, "permanent")) + status = HTTP_MOVED_PERMANENTLY; + else if (!strcasecmp(arg1, "temp")) + status = HTTP_MOVED_TEMPORARILY; + else if (!strcasecmp(arg1, "seeother")) + status = HTTP_SEE_OTHER; + else if (!strcasecmp(arg1, "gone")) status = HTTP_GONE; else if (apr_isdigit(*arg1)) status = atoi(arg1); - else if (arg3) { - if (!strcasecmp(arg1, "permanent")) - status = HTTP_MOVED_PERMANENTLY; - else if (!strcasecmp(arg1, "temp")) - status = HTTP_MOVED_TEMPORARILY; - else if (!strcasecmp(arg1, "seeother")) - status = HTTP_SEE_OTHER; - else { - return "Redirect: invalid first argument (of three)"; - } - } - else { + else + grokarg1 = 0; + + if (arg3 && !grokarg1) + return "Redirect: invalid first argument (of three)"; + + if (arg3 && status == HTTP_GONE) + return "Redirect: third argument not expected"; + + if (arg3 && (apr_isdigit(*arg1) && (status < 300 || status > 399))) + return "Redirect: third argument not expected"; + + /* + * if we don't have the 3rd arg and we didn't understand the 1st + * one, then assume URL-path URL. This also handles case, eg, GONE + * we even though we don't have a 3rd arg, we did understand the 1st + * one, so we don't want to re-arrange + */ + if (!arg3 && !grokarg1) { f = arg1; url = arg2; } |