Attachment #124943 for bug #185442

Lines 111-116 Link Here

(-)src/mod_access.c (-7 / +30 lines)
111	}	111	}
112	#undef PATCH	112	#undef PATCH
113		113
		114	/**
		115	* URI handler
		116	*
		117	* we will get called twice:
		118	* - after the clean up of the URL and
		119	* - after the pathinfo checks are done
		120	*
		121	* this handles the issue of trailing slashes
		122	*/
114	URIHANDLER_FUNC(mod_access_uri_handler) {	123	URIHANDLER_FUNC(mod_access_uri_handler) {
115	plugin_data *p = p_d;	124	plugin_data *p = p_d;
116	int s_len;	125	int s_len;
Lines 122-149 Link Here
122		131
123	s_len = con->uri.path->used - 1;	132	s_len = con->uri.path->used - 1;
124		133
		134	if (con->conf.log_request_handling) {
		135	log_error_write(srv, __FILE__, __LINE__, "s",
		136	"-- mod_access_uri_handler called");
		137	}
		138
125	for (k = 0; k < p->conf.access_deny->used; k++) {	139	for (k = 0; k < p->conf.access_deny->used; k++) {
126	data_string ds = (data_string )p->conf.access_deny->data[k];	140	data_string ds = (data_string )p->conf.access_deny->data[k];
127	int ct_len = ds->value->used - 1;	141	int ct_len = ds->value->used - 1;
		142	int denied = 0;
128		143
		144
129	if (ct_len > s_len) continue;	145	if (ct_len > s_len) continue;
130
131	if (ds->value->used == 0) continue;	146	if (ds->value->used == 0) continue;
132		147
133	/* if we have a case-insensitive FS we have to lower-case the URI here too */	148	/* if we have a case-insensitive FS we have to lower-case the URI here too */
134		149
135	if (con->conf.force_lowercase_filenames) {	150	if (con->conf.force_lowercase_filenames) {
136	if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {	151	if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
137	con->http_status = 403;	152	denied = 1;
138
139	return HANDLER_FINISHED;
140	}	153	}
141	} else {	154	} else {
142	if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {	155	if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
143	con->http_status = 403;	156	denied = 1;
		157	}
		158	}
144		159
145	return HANDLER_FINISHED;	160	if (denied) {
		161	con->http_status = 403;
		162
		163	if (con->conf.log_request_handling) {
		164	log_error_write(srv, __FILE__, __LINE__, "sb",
		165	"url denied as we match:", ds->value);
146	}	166	}
		167
		168	return HANDLER_FINISHED;
147	}	169	}
148	}	170	}
149		171
Lines 158-164 Link Here
158		180
159	p->init = mod_access_init;	181	p->init = mod_access_init;
160	p->set_defaults = mod_access_set_defaults;	182	p->set_defaults = mod_access_set_defaults;
161	p->handle_uri_clean = mod_access_uri_handler;	183	p->handle_uri_clean = mod_access_uri_handler;
		184	p->handle_subrequest_start = mod_access_uri_handler;
162	p->cleanup = mod_access_free;	185	p->cleanup = mod_access_free;
163		186
164	p->data = NULL;	187	p->data = NULL;

Lines 8-14 Link Here

(-)tests/mod-access.t (-1 / +8 lines)
8		8
9	use strict;	9	use strict;
10	use IO::Socket;	10	use IO::Socket;
11	use Test::More tests => 3;	11	use Test::More tests => 4;
12	use LightyTest;	12	use LightyTest;
13		13
14	my $tf = LightyTest->new();	14	my $tf = LightyTest->new();
Lines 23-27 Link Here
23	$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];	23	$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
24	ok($tf->handle_http($t) == 0, 'forbid access to ...~');	24	ok($tf->handle_http($t) == 0, 'forbid access to ...~');
25		25
		26	$t->{REQUEST} = ( <<EOF
		27	GET /index.html~/ HTTP/1.0
		28	EOF
		29	);
		30	$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
		31	ok($tf->handle_http($t) == 0, '#1230 - forbid access to ...~ - trailing slash');
		32
26	ok($tf->stop_proc == 0, "Stopping lighttpd");	33	ok($tf->stop_proc == 0, "Stopping lighttpd");
27		34

Lines 25-30 Link Here

(-)tests/prepare.sh (+1 lines)
25	# copy everything into the right places	25	# copy everything into the right places
26	cp $srcdir/docroot/www/*.html \	26	cp $srcdir/docroot/www/*.html \
27	$srcdir/docroot/www/*.php \	27	$srcdir/docroot/www/*.php \
		28	$srcdir/docroot/www/*.html~ \
28	$srcdir/docroot/www/*.pl \	29	$srcdir/docroot/www/*.pl \
29	$srcdir/docroot/www/*.fcgi \	30	$srcdir/docroot/www/*.fcgi \
30	$srcdir/docroot/www/*.shtml \	31	$srcdir/docroot/www/*.shtml \

Lines 1-5 Link Here

(-)tests/docroot/www/Makefile.am (-1 / +1 lines)
1	EXTRA_DIST=cgi.php cgi.pl dummydir index.html index.txt phpinfo.php \	1	EXTRA_DIST=cgi.php cgi.pl dummydir index.html index.txt phpinfo.php \
2	redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \	2	redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \
3	nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \	3	nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \
4	exec-date.shtml	4	exec-date.shtml index.html~
5	SUBDIRS=go indexfile expire	5	SUBDIRS=go indexfile expire

Return to bug 185442