excluded from this cleanup as they must be signature identical to the
clib functions, and although the definition of size_t has been flakey,
the definition of those functions appears to be generally clean since
ANSI C.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1228323 13f79535-47bb-0310-9956-ffa450edef68
optionally modified by a module when the effective IP of the client
is not the same as the real IP of the client (such as a load balancer).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1204968 13f79535-47bb-0310-9956-ffa450edef68
everywhere.
We know that the core module has module_index 0. Therefore we can save
some pointer operations in ap_get_module_config(cv, &core_module) and
ap_set_module_config(cv, &core_module, val). As these are called rather often,
this may actually have some (small) measurable effect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1132781 13f79535-47bb-0310-9956-ffa450edef68
in request URL path info but not decode them. Change behavior of option
"On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256,
PR 46830.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1082196 13f79535-47bb-0310-9956-ffa450edef68
This makes <If> apply to all requests, not only to file base requests and
it allows to use <If> inside <Directory>, <Location>, and <Files> sections.
The merging of <If> sections always happens after the merging of <Location>
sections, even if the <If> section is embedded inside a <Directory> or
<Files> section.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1059867 13f79535-47bb-0310-9956-ffa450edef68
ap_get_request_note() cannot fail unless there is a bug somewhere and if
prep_walk_cache() returned NULL, we would just segfault later on.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1057920 13f79535-47bb-0310-9956-ffa450edef68
- implement regex backreferences and make them available for setting
envvars in SetEnvIfExpr
- implement nested function calls in %-syntax: %{func1:%{func2:arg}}
- actually implement evaluation of concatenation operator (oops...)
- Fix <If ... > treating an internal error as success
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1037504 13f79535-47bb-0310-9956-ffa450edef68
the new parser. Rework ap_expr's public interface and provide hooks for modules
to add variables and functions.
The Netware and Windows build files still need to be adjusted
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1032073 13f79535-47bb-0310-9956-ffa450edef68
stop applying to subdirectories (that don't also match the regex) implicitly.
The manual already uses DirectoryMatch syntax that assumes this in other places!
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@990091 13f79535-47bb-0310-9956-ffa450edef68
enumeration apr_finfo_t.filetype, which is done when forgetting
the previously-derived file type
use the appropriate enum value APR_NOFILE instead
Also change comparisons of the field with 0 to use APR_NOFILE instead,
as is the practice of some existing code.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@983065 13f79535-47bb-0310-9956-ffa450edef68
etc. causes problems because the authentication module calls
note_*_auth_failure if authentication fails. This is inappropriate if access is
later allowed because of the IP.
So, instead of calling the auth_checker hook even if authentication failed, we
introduce a new access_checker_ex hook that runs between the access_checker and
the check_user_id hooks. If an access_checker_ex functions returns OK, the
request will be allowed without authentication.
To make use of this, change mod_authz_core to walk the require blocks in the
access_checker_ex phase and deny/allow the request if the authz result does not
depend on an authenticated user. To distinguish a real AUTHZ_DENIED from an
authz provider from an authz provider needing an authenticated user, the latter
must return the new AUTHZ_DENIED_NO_USER code.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@964156 13f79535-47bb-0310-9956-ffa450edef68
which allows optional functions that just wrapped ap_list_provider_names()
to be removed from authn/z modules.
This change requires modules/aaa/mod_auth.h to be included into
server/request.c, which necessitates a minor change to configure.in for
Unix platforms.
I'm unable to tell whether a similar change is necessary for Windows and
NetWare builds or not. Could developers with access to those platforms
please test and make any needed configuration or build alterations? Thanks!
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@659160 13f79535-47bb-0310-9956-ffa450edef68
hook instead of during fixups. Add a safety check to ensure the
filters cannot be inserted more than once. [Graham Leggett,
Ruediger Pluem]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@654952 13f79535-47bb-0310-9956-ffa450edef68
ap_parse_request_body function out of the http module and into a
new module called mod_request, reducing the size of the core.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@647263 13f79535-47bb-0310-9956-ffa450edef68
configurations which match those of the initial request. Revert to
the original behaviour (call access control hooks for internal requests
with URIs different from the initial request) if any access control hooks
or providers are not registered as permitting this optimization.
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data.
The configuration walk optimizations were originally proposed a while
ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2);
they have been used since then in production systems and appear to be
stable and effective. They permit certain combinations of modules
and clients to function efficiently, especially when a deeply recursive
series of internal requests, such as those generated by certain WebDAV
requests, are all subject to the identical authentication and authorization
directives.
The major change from the original proposal is a cleaner mechanism for
detecting modules which may expect the old behaviour. This has been
tested successfully with Subversion's mod_authz_svn, which specifically
requires the old behaviour when performing path-based authorization based
against its own private access control configuration files.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644525 13f79535-47bb-0310-9956-ffa450edef68
(1) Fix Origin checking (PR 36783 - Robert L Mathews)
(2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632947 13f79535-47bb-0310-9956-ffa450edef68
size that would otherwise be discarded, to be consumed by filters
such as mod_include. When enabled for a directory, POST requests
to shtml files can be passed through to embedded scripts as POST
requests, rather being downgraded to GET requests.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@592951 13f79535-47bb-0310-9956-ffa450edef68
PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
The patches are all his, and are sufficiently trivial to review
at a glance.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@557837 13f79535-47bb-0310-9956-ffa450edef68
