------------------------------------------------------------------------ r1871 | jan | 2007-06-15 16:46:17 +0200 (Fri, 15 Jun 2007) | 2 lines Changed paths: M /branches/lighttpd-1.4.x/src/mod_access.c M /branches/lighttpd-1.4.x/tests/docroot/www/Makefile.am A /branches/lighttpd-1.4.x/tests/docroot/www/index.html~ M /branches/lighttpd-1.4.x/tests/mod-access.t M /branches/lighttpd-1.4.x/tests/prepare.sh check the URL twice, before and after path-info handling. (fixes #1230) ------------------------------------------------------------------------ Index: src/mod_access.c =================================================================== --- src/mod_access.c (revision 1870) +++ src/mod_access.c (revision 1871) @@ -111,6 +111,15 @@ } #undef PATCH +/** + * URI handler + * + * we will get called twice: + * - after the clean up of the URL and + * - after the pathinfo checks are done + * + * this handles the issue of trailing slashes + */ URIHANDLER_FUNC(mod_access_uri_handler) { plugin_data *p = p_d; int s_len; @@ -122,28 +131,41 @@ s_len = con->uri.path->used - 1; + if (con->conf.log_request_handling) { + log_error_write(srv, __FILE__, __LINE__, "s", + "-- mod_access_uri_handler called"); + } + for (k = 0; k < p->conf.access_deny->used; k++) { data_string *ds = (data_string *)p->conf.access_deny->data[k]; int ct_len = ds->value->used - 1; + int denied = 0; + if (ct_len > s_len) continue; - if (ds->value->used == 0) continue; /* if we have a case-insensitive FS we have to lower-case the URI here too */ if (con->conf.force_lowercase_filenames) { if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { - con->http_status = 403; - - return HANDLER_FINISHED; + denied = 1; } } else { if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { - con->http_status = 403; + denied = 1; + } + } - return HANDLER_FINISHED; + if (denied) { + con->http_status = 403; + + if (con->conf.log_request_handling) { + log_error_write(srv, __FILE__, __LINE__, "sb", + "url denied as we match:", ds->value); } + + return HANDLER_FINISHED; } } @@ -158,7 +180,8 @@ p->init = mod_access_init; p->set_defaults = mod_access_set_defaults; - p->handle_uri_clean = mod_access_uri_handler; + p->handle_uri_clean = mod_access_uri_handler; + p->handle_subrequest_start = mod_access_uri_handler; p->cleanup = mod_access_free; p->data = NULL; Index: tests/mod-access.t =================================================================== --- tests/mod-access.t (revision 1870) +++ tests/mod-access.t (revision 1871) @@ -8,7 +8,7 @@ use strict; use IO::Socket; -use Test::More tests => 3; +use Test::More tests => 4; use LightyTest; my $tf = LightyTest->new(); @@ -23,5 +23,12 @@ $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; ok($tf->handle_http($t) == 0, 'forbid access to ...~'); +$t->{REQUEST} = ( <{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; +ok($tf->handle_http($t) == 0, '#1230 - forbid access to ...~ - trailing slash'); + ok($tf->stop_proc == 0, "Stopping lighttpd"); Index: tests/prepare.sh =================================================================== --- tests/prepare.sh (revision 1870) +++ tests/prepare.sh (revision 1871) @@ -25,6 +25,7 @@ # copy everything into the right places cp $srcdir/docroot/www/*.html \ $srcdir/docroot/www/*.php \ + $srcdir/docroot/www/*.html~ \ $srcdir/docroot/www/*.pl \ $srcdir/docroot/www/*.fcgi \ $srcdir/docroot/www/*.shtml \ Index: tests/docroot/www/index.html~ =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ tests/docroot/www/index.html~ 2007-07-24 15:49:01.183641946 +0200 @@ -0,0 +1 @@ + Index: tests/docroot/www/Makefile.am =================================================================== --- tests/docroot/www/Makefile.am (revision 1870) +++ tests/docroot/www/Makefile.am (revision 1871) @@ -1,5 +1,5 @@ EXTRA_DIST=cgi.php cgi.pl dummydir index.html index.txt phpinfo.php \ redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \ nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \ - exec-date.shtml + exec-date.shtml index.html~ SUBDIRS=go indexfile expire