Prevent a case of SSI timefmt-smashing with filter chains including

multiple INCLUDES filters:

* modules/filters/mod_include.c (add_include_vars): Drop unused
  timefmt argument.
  (add_include_vars_lazy): Take timefmt argument.
  (get_include_var, handle_printenv): Pass time format from context.

PR: 39369

Backport of r757376 from trunk resp. r773352 from 2.2.x.

Submitted by: jorton
Backported by: rjung
Reviewed by: wrowe, humbedooh


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1469722 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 8 insertions, 17 deletions

diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c
index 38dc3213e8..e3a070c19e 100644
--- a/modules/filters/mod_include.c
+++ b/modules/filters/mod_include.c
@@ -160,7 +160,7 @@ typedef struct {
 static const char lazy_eval_sentinel;
 #define LAZY_VALUE (&lazy_eval_sentinel)
 
-static void add_include_vars(request_rec *r, char *timefmt)
+static void add_include_vars(request_rec *r)
 {
     apr_table_t *e = r->subprocess_env;
     char *t;
@@ -188,26 +188,17 @@ static void add_include_vars(request_rec *r, char *timefmt)
     }
 }
 
-static const char *add_include_vars_lazy(request_rec *r, const char *var)
+static const char *add_include_vars_lazy(request_rec *r, const char *var, const char *timefmt)
 {
     char *val;
     if (!strcasecmp(var, "DATE_LOCAL")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 0);
+        val = ap_ht_time(r->pool, r->request_time, timefmt, 0);
     }
     else if (!strcasecmp(var, "DATE_GMT")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->request_time, conf->default_time_fmt, 1);
+        val = ap_ht_time(r->pool, r->request_time, timefmt, 1);
     }
     else if (!strcasecmp(var, "LAST_MODIFIED")) {
-        include_dir_config *conf =
-            (include_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                       &include_module);
-        val = ap_ht_time(r->pool, r->finfo.mtime, conf->default_time_fmt, 0);
+        val = ap_ht_time(r->pool, r->finfo.mtime, timefmt, 0);
     }
     else if (!strcasecmp(var, "USER_NAME")) {
         if (apr_get_username(&val, r->finfo.user, r->pool) != APR_SUCCESS) {
@@ -252,7 +243,7 @@ static const char *get_include_var(request_rec *r, include_ctx_t *ctx,
         val = apr_table_get(r->subprocess_env, var);
 
         if (val == LAZY_VALUE)
-            val = add_include_vars_lazy(r, var);
+            val = add_include_vars_lazy(r, var, ctx->time_str);
     }
     return val;
 }
@@ -2329,7 +2320,7 @@ static int handle_printenv(include_ctx_t *ctx, apr_bucket_brigade **bb,
                 key_text = ap_escape_html(r->pool, elts[i].key);
                 val_text = elts[i].val;
                 if (val_text == LAZY_VALUE) {
-                    val_text = add_include_vars_lazy(r, elts[i].key);
+                    val_text = add_include_vars_lazy(r, elts[i].key, ctx->time_str);
                 }
                 val_text = ap_escape_html(r->pool, elts[i].val);
                 k_len = strlen(key_text);
@@ -3548,7 +3539,7 @@ static apr_status_t includes_filter(ap_filter_t *f, apr_bucket_brigade *b)
          * environment */
         ap_add_common_vars(r);
         ap_add_cgi_vars(r);
-        add_include_vars(r, conf->default_time_fmt);
+        add_include_vars(r);
     }
     /* Always unset the content-length.  There is no way to know if
      * the content will be modified at some point by send_parsed_content.