From 8a2915bcbe1609bf0bf46acd6fa5788a0ab8ad81 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Wed, 18 Oct 2000 20:12:29 +0000 Subject: Version 2 of the mod_rewrite fix from apache, fixes problem with mod_rewrite not working for lookup tables --- usr.sbin/httpd/src/modules/standard/mod_rewrite.c | 52 ++++++++++++++++++++--- usr.sbin/httpd/src/modules/standard/mod_rewrite.h | 17 +++++--- 2 files changed, 58 insertions(+), 11 deletions(-) diff --git a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c b/usr.sbin/httpd/src/modules/standard/mod_rewrite.c index 6e4e6bf78f0..ec5d64ba1aa 100644 --- a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c +++ b/usr.sbin/httpd/src/modules/standard/mod_rewrite.c @@ -2258,30 +2258,50 @@ static void do_expand(request_rec *r, char *input, char *buffer, int nbuf, /* now we have a '$' or a '%' */ if (inp[1] == '{') { char *endp; - endp = strchr(inp, '}'); + endp = find_closing_bracket(inp+2, '{', '}'); if (endp == NULL) { goto skip; } *endp = '\0'; if (inp[0] == '$') { /* ${...} map lookup expansion */ + /* + * To make rewrite maps useful the lookup key and + * default values must be expanded, so we make + * recursive calls to do the work. For security + * reasons we must never expand a string that includes + * verbatim data from the network. The recursion here + * isn't a problem because the result of expansion is + * only passed to lookup_map() so it cannot be + * re-expanded, only re-looked-up. Another way of + * looking at it is that the recursion is entirely + * driven by the syntax of the nested curly brackets. + */ char *key, *dflt, *result; + char xkey[MAX_STRING_LEN]; + char xdflt[MAX_STRING_LEN]; + char *empty = ""; key = strchr(inp, ':'); if (key == NULL) { goto skip; } *key++ = '\0'; dflt = strchr(key, '|'); - if (dflt) { + if (dflt == NULL) { + dflt = empty; + } + else { *dflt++ = '\0'; } - result = lookup_map(r, inp+2, key); + do_expand(r, key, xkey, sizeof(xkey), briRR, briRC); + do_expand(r, dflt, xdflt, sizeof(xdflt), briRR, briRC); + result = lookup_map(r, inp+2, xkey); if (result == NULL) { - result = dflt ? dflt : ""; + result = xdflt; } span = ap_cpystrn(outp, result, space) - outp; key[-1] = ':'; - if (dflt) { + if (dflt != empty) { dflt[-1] = '|'; } } @@ -4152,4 +4172,26 @@ static int compare_lexicography(char *cpNum1, char *cpNum2) return 0; } +/* +** +** Find end of bracketed expression +** s points after the opening bracket +** +*/ + +static char *find_closing_bracket(char *s, int left, int right) +{ + int depth; + + for (depth = 1; *s; ++s) { + if (*s == right && --depth == 0) { + return s; + } + else if (*s == left) { + ++depth; + } + } + return NULL; +} + /*EOF*/ diff --git a/usr.sbin/httpd/src/modules/standard/mod_rewrite.h b/usr.sbin/httpd/src/modules/standard/mod_rewrite.h index 46c255279f8..fbcfe4f7422 100644 --- a/usr.sbin/httpd/src/modules/standard/mod_rewrite.h +++ b/usr.sbin/httpd/src/modules/standard/mod_rewrite.h @@ -168,7 +168,7 @@ #include #endif #endif -#ifdef AIX +#if defined(AIX) || defined(AIXIA64) #undef USE_FLOCK #define USE_FCNTL 1 #include @@ -420,14 +420,17 @@ static int apply_rewrite_cond(request_rec *r, rewritecond_entry *p, char *perdir, backrefinfo *briRR, backrefinfo *briRC); +static void do_expand(request_rec *r, char *input, char *buffer, int nbuf, + backrefinfo *briRR, backrefinfo *briRC); +static void do_expand_env(request_rec *r, char *env[], + backrefinfo *briRR, backrefinfo *briRC); + /* URI transformation function */ static void splitout_queryargs(request_rec *r, int qsappend); static void fully_qualify_uri(request_rec *r); static void reduce_uri(request_rec *r); -static void expand_backref_inbuffer(pool *p, char *buf, int nbuf, - backrefinfo *bri, char c); +static int is_absolute_uri(char *uri); static char *expand_tildepaths(request_rec *r, char *uri); -static void expand_map_lookups(request_rec *r, char *uri, int uri_len); /* rewrite map support functions */ static char *lookup_map(request_rec *r, char *name, char *key); @@ -466,8 +469,6 @@ static void run_rewritemap_programs(server_rec *s, pool *p); static int rewritemap_program_child(void *cmd, child_info *pinfo); /* env variable support */ -static void expand_variables_inbuffer(request_rec *r, char *buf, int buf_len); -static char *expand_variables(request_rec *r, char *str); static char *lookup_variable(request_rec *r, char *var); static char *lookup_header(request_rec *r, const char *name); @@ -486,6 +487,7 @@ static char *subst_prefix_path(request_rec *r, char *input, char *match, static int parseargline(char *str, char **a1, char **a2, char **a3); static int prefix_stat(const char *path, struct stat *sb); static void add_env_variable(request_rec *r, char *s); +static int subreq_ok(request_rec *r); /* File locking */ static void fd_lock(request_rec *r, int fd); @@ -494,6 +496,9 @@ static void fd_unlock(request_rec *r, int fd); /* Lexicographic Comparison */ static int compare_lexicography(char *cpNum1, char *cpNum2); + /* Find end of bracketed expression */ +static char *find_closing_bracket(char *s, int left, int right); + #endif /* _MOD_REWRITE_H */ /*EOF*/ -- cgit v1.2.3