Don't decode r->uri when pre_trans returns DONE instead of OK, which allows to
preserve previous behaviour where decoding was avoided for "ProxyRequests on"
or post_read_request RewriteRule [P] only, but not ProxyPass'ed requests.
This also preserves decoded location walk in most/same cases.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879137 13f79535-47bb-0310-9956-ffa450edef68
There are few cases (if any) where multiple slashes have different semantics
than a single one, and it's always been like that for proxy_trans anyway.
This allows for better directory/location/if walk caching and is less confusing
for their users.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879117 13f79535-47bb-0310-9956-ffa450edef68
So that their configurations work in directory context.
This requires potentially a third walk in ap_process_request_internal(),
though in most cases it should use ap_walk_location() cache.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879116 13f79535-47bb-0310-9956-ffa450edef68
Any in-place modification of r->uri of r->filename shouldn't affect the cache.
For instance, ap_process_request_internal() normalizes r->uri in place and yet
calls ap_location_walk() multiple times, which confuses caching.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879114 13f79535-47bb-0310-9956-ffa450edef68
Apply minimal normalization (AP_NORMALIZE_DECODE_UNRESERVED) first in
ap_process_request_internal() before running pre_translate_name hooks,
such that the hooks can work with undecoded r->uri.
Only if no hook takes "ownership" of the URI (returning OK), apply
percent decoding for the rest of request handling. Otherwise r->uri remains
encoded meaning that further location/directory/file/if/.. sections (walks)
should that into account.
Since normalization now happens before decoding, we might have to
re-normalize after decoding if "AllowEncodedSlahes on" transformed any
"%2F" sequence to "/", potentially creating new "/./" or "/../" sequences.
Note that for (lookup) subrequests, the path may be relative so we have
to allow for that.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879079 13f79535-47bb-0310-9956-ffa450edef68
This allows any module to work with un-decoded URI-path (besides
unreserved characters) in r->uri, and eventually to avoid decoding by
returning OK.
The first candidate is mod_proxy (following commit) when
ProxyMappingDecoded is disabled, such that the forwarded URI is
equivalent to the original one.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879076 13f79535-47bb-0310-9956-ffa450edef68
The purpose of ap_request_core_filter() is not clear, it seems to prevent
potential morphing buckets to go through AP_FTYPE_CONNECTION filters which
would fail to set them aside (ENOTIMPL), and read them (unbounded) in memory.
This patch allows ap_filter_setaside_brigade() to set morphing buckets aside
by simply moving them, assuming they have the correct lifetime (either until
some further EOR, or the connection lifetime, or whatever). IOW, the module is
responsible for sending morphing buckets whose lifetime needs not be changed
by the connection filters.
Now since morphing buckets consume no memory until (apr_bucket_)read, like FILE
buckets, we don't account for them in flush_max_threshold either. This changes
ap_filter_reinstate_brigade() to only account for in-memory and EOR buckets to
flush_upto.
Also, since the EOR bucket is sent only to c->output_filters once the request
is processed, when all the filters < AP_FTYPE_CONNECTION have done their job
and stopped retaining data (after the EOS bucket, if ever), we prevent misuse
of ap_filter_{setaside,reinstate}_brigade() outside connection filters by
returning ENOTIMPL. This is not the right API for request filters as of now.
Finally, ap_request_core_filter() and co can be removed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1875947 13f79535-47bb-0310-9956-ffa450edef68
Introduce opaque struct ap_filter_private to move ap_filter_t "pending", "bb"
and "deferred_pool" fields to the "priv" side of things.
This allows to trust values set internally (only!) in util_filter code, and
make useful assertions between the different functions calls, along with the
usual nice extensibility property.
Likewise, the private struct ap_filter_conn_ctx in conn_rec (from r1839997)
allows now to implement the new ap_acquire_brigade() and ap_release_brigade()
functions useful to get a brigade with c->pool's lifetime. They obsolete
ap_reuse_brigade_from_pool() which is replaced where previously used.
Some comments added in ap_request_core_filter() regarding the lifetime of the
data it plays with, up to EOR...
MAJOR bumped (once again).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840149 13f79535-47bb-0310-9956-ffa450edef68
We want not only ap_filter_output_pending() to be able to access each pending
filter's *f after the EOR is destroyed, but also each request filter to do
the same until it returns.
So request filters are now always cleaned up into a dead_filters ring which is
merged into spare_filters only when ap_filter_recycle() is called explicitely,
that is in ap_process_request_after_handler() and ap_filter_output_pending().
The former takes care of recycling at the end of the request, with any MPM,
while the latter keeps recycling during MPM event's write completion.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840002 13f79535-47bb-0310-9956-ffa450edef68
Current RETRIEVE_BRIGADE_FROM_POOL macro from "http_request.c" is turned into
a helper and used in ap_request_core_filter().
We will need it in a subsequent commit in "util_filter.c" too.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836018 13f79535-47bb-0310-9956-ffa450edef68
The filter should pass everything up to and including EOR, then bail out.
For EOR it can't use a brigade created on r->pool, so retain one created
on c->pool in c->notes (this avoids leaking a brigades for each request
on the same connection).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1822596 13f79535-47bb-0310-9956-ffa450edef68
Discussion on-list, but any occurance of a platform-specific behavior in this
code path will alter the behavior of the core code and introduce the very
fingerprintable behavior this patch pretended to obscuficate.
Returning 404 for /CON for example may lead to a module such as mod_speling
revealing the existance of a real file named similar to /.conf, which makes
this an unwise behavior.
Further discussion of returning 404 for all CHR files encountered in the
filepath (not URI path), which currently return 403 on all platforms,
belongs on the dev list.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799965 13f79535-47bb-0310-9956-ffa450edef68
It has been reported multiple times that nested
If/ElseIf/Else sections are not evaluated but
silently ignored.
This patch adds a simple recursion to the ap_if_walk
logic in order to allow arbitrary nested configs.
The overhead seems negligible compared to the actual
version of the ap_if_walk, but more expert feedback
is surely needed since this code gets called for every
HTTP request.
Tests are going to be added to t/apache/if_sections.t
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1792589 13f79535-47bb-0310-9956-ffa450edef68
We don't want to process the subrequest either in ap_sub_req_method_uri()
if the quick-handler returned an error (or any final status).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1708095 13f79535-47bb-0310-9956-ffa450edef68
Multiple copies of the filter were not stripped properly
during ap_fast_internal_redirect() which left the EOS buckets
stripped out of the brigade. This results in the end-chunk never
going out on the wire for a chunked response.
observed with mainreq -> directoryindex -> FallbackResource
PR58292
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1698239 13f79535-47bb-0310-9956-ffa450edef68
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook.
Submitted by: breser
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1684524 13f79535-47bb-0310-9956-ffa450edef68
The code reverted attempted to restrict comparisons of the r->filename
to given DirectoryMatch blocks.
r->filename was already a non-directory entity at this point, because we
have already fallen out of the } while (thisinfo.filetype == APR_DIR);
block above.
The addition of r->d_is_directory was redundant. That is what is always
returned by ap_get_core_module_config(r->per_dir_config).
Note modifying dir_config required an MMN major bump as this commit could
have realigned the offset of refs (had it been added to the end, this
would correspond to an mmn minor bump) and other fields packed into the
same bytes (this is undefined). Bump on revert to prevent unexpected crashes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1653666 13f79535-47bb-0310-9956-ffa450edef68
