Skip to content
Permalink
Browse files Browse the repository at this point in the history
core: Disallow Methods' registration at run time (.htaccess), they ma…
…y be

used only if registered at init time (httpd.conf).

Calling ap_method_register() in children processes is not the right scope
since it won't be shared for all requests.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807655 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
ylavic committed Sep 7, 2017
1 parent 2483191 commit 4cc2782
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
3 changes: 3 additions & 0 deletions CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0

*) core: Disallow Methods' registration at runtime (.htaccess), they may be
used only if registered at init time (httpd.conf). [Yann Ylavic]

*) mod_md: v0.9.1:
- various fixes in MDRenewWindow handling when specifying percent. Serialization changed. If
someone already used percent configurations, it is advised to change these to a new value,
Expand Down
6 changes: 6 additions & 0 deletions server/core.c
Expand Up @@ -2331,6 +2331,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
/* method has not been registered yet, but resource restriction
* is always checked before method handling, so register it.
*/
if (cmd->pool == cmd->temp_pool) {
/* In .htaccess, we can't globally register new methods. */
return apr_psprintf(cmd->pool, "Could not register method '%s' "
"for %s from .htaccess configuration",
method, cmd->cmd->name);
}
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));
}
Expand Down

0 comments on commit 4cc2782

Please sign in to comment.