- We need to fail if we do NOT match.
- ETag comparison only makes sense if we have an ETag
PR: 57358
Submitted by: Kunihiko Sakamoto <ksakamoto google.com>
Reviewed by: rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1646282 13f79535-47bb-0310-9956-ffa450edef68
- to correctly reset bits
- not to modify the 'method_mask' bitfield unnecessarily
Also remove a useless 'register' in the declaration of a variable.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610813 13f79535-47bb-0310-9956-ffa450edef68
with weak validation combined with If-Range and Range headers. Break
out explicit conditional header checks to be useable elsewhere in the
server. Ensure weak validation RFC compliance in the byteranges filter.
Ensure RFC validation compliance when serving cached entities. PR 16142
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1479905 13f79535-47bb-0310-9956-ffa450edef68
everywhere.
We know that the core module has module_index 0. Therefore we can save
some pointer operations in ap_get_module_config(cv, &core_module) and
ap_set_module_config(cv, &core_module, val). As these are called rather often,
this may actually have some (small) measurable effect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1132781 13f79535-47bb-0310-9956-ffa450edef68
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings.
(words from jorton)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@603346 13f79535-47bb-0310-9956-ffa450edef68
Determined to be not generally exploitable, but a flaw in any case.
PR: 44014
Submitted by: Victor Stinner <victor.stinner inl.fr>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@600645 13f79535-47bb-0310-9956-ffa450edef68
that the connection is not persistent if the MPM process handling
the request is already exiting when the response header is built.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@594839 13f79535-47bb-0310-9956-ffa450edef68
cross-site scripting flaw because the Expect header error message isn't
escaped. We couldn't find a way that this could be used by an attacker
however, as they can't influence the Expect header a victim will send to a
target site. Thiago agreed and we're therefore not treating this as a
security flaw, but it is a bug that ought to get fixed. I'll add to
STATUS for 1.3/2.0/2.2 shortly for acks.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@394965 13f79535-47bb-0310-9956-ffa450edef68
It still is not 'correct' until REQUEST_CHUNKED_PASS is reimplemented
and passes some chunk headers, since we aren't echoing the entire
request. But it gets me further on testing 1.3 -> 2.0 -> 2.1 -> 2.0 -> 1.3
proxy behaviors.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@208787 13f79535-47bb-0310-9956-ffa450edef68
With Apache 1.3.x, it is a bit simpler as the request does
not go through ap_make_content_type().
Modules can set custom error responses but not be able to
set the charset, so they have to code the charset in the
html. Thus, it is useful to preserve 1.3.x behavior exactly.
PR: 26467
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@170354 13f79535-47bb-0310-9956-ffa450edef68
* modules/http/http_protocol.c
(ap_meets_conditions): Allow If-None-Modified and If-Modified-Since
to interact as described in RFC2616, sections 14.26 and 13.3.4.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153270 13f79535-47bb-0310-9956-ffa450edef68
* Makefile.in: Change order of dependencies to bring in exports.o first so that
we have every symbol 'used' before the linker starts processing.
* build/rules.mk.in: Add a 'program-install' target which just copies httpd.
* server/Makefile.in, modules/http/config2.m4: Add in new file targets.
* NWGNUmakefile, libhttpd.dsp: Blind updates for Netware and Win32. (I tried.)
* server/core.c: Move core_input_filter, net_time_filter, and core_output_filter and all supporting functions to...
* server/core_filters.c (copied): ...here.
* modules/http/http_protocol.c: Move functions from here to there...namely:
* modules/http/byterange_filter.c (copied): Relocate ap_byterange_filter() and
friends.
* modules/http/chunk_filter.c (copied): Relocate chunk_filter().
* modules/http/http_etag.c (copied): Relocate ap_set_etag and ap_make_etag().
* modules/http/http_filters.c (copied): Relocate ap_http_filter(),
ap_http_header_filter(), ap_discard_request_body(), ap_setup_client_block(),
ap_should_client_block(), and ap_get_client_block().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@106692 13f79535-47bb-0310-9956-ffa450edef68
