From 05e6c5086d6792b9105f88e1664b2614087f79d5 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Sun, 26 Apr 2026 16:00:28 +0000 Subject: [PATCH] Merge r1933349 from trunk: use AP_EXPR_FLAG_RESTRICTED in htaccess git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1933350 13f79535-47bb-0310-9956-ffa450edef68 --- modules/mappers/mod_rewrite.c | 7 ++++++- modules/metadata/mod_setenvif.c | 8 +++++++- modules/proxy/mod_proxy_fcgi.c | 11 +++++++++-- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index ae0ceda0508..9b1c5b4b6ad 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -3679,12 +3679,17 @@ static const char *cmd_rewritecond(cmd_parms *cmd, void *in_dconf, newcond->regexp = regexp; } else if (newcond->ptype == CONDPAT_AP_EXPR) { + int in_htaccess = cmd->pool == cmd->temp_pool; unsigned int flags = newcond->flags & CONDFLAG_NOVARY ? AP_EXPR_FLAG_DONT_VARY : 0; + /* Use restricted ap_expr() parser in htaccess context. */ + if (in_htaccess) flags |= AP_EXPR_FLAG_RESTRICTED; newcond->expr = ap_expr_parse_cmd(cmd, a2, flags, &err, NULL); if (err) return apr_psprintf(cmd->pool, "RewriteCond: cannot compile " - "expression \"%s\": %s", a2, err); + "expression%s \"%s\" %s", + in_htaccess ? " in htaccess context" : "", + a2, err); } return NULL; diff --git a/modules/metadata/mod_setenvif.c b/modules/metadata/mod_setenvif.c index 23d60cdba5a..b74c9c07dd9 100644 --- a/modules/metadata/mod_setenvif.c +++ b/modules/metadata/mod_setenvif.c @@ -422,6 +422,12 @@ static const char *add_setenvifexpr(cmd_parms *cmd, void *mconfig, sei_cfg_rec *sconf; sei_entry *new; const char *err; + unsigned int flags = 0; + + /* Use restricted ap_expr() parser in htaccess context. */ + if (cmd->pool == cmd->temp_pool) { + flags |= AP_EXPR_FLAG_RESTRICTED; + } /* * Determine from our context into which record to put the entry. @@ -445,7 +451,7 @@ static const char *add_setenvifexpr(cmd_parms *cmd, void *mconfig, new->regex = NULL; new->pattern = NULL; new->preg = NULL; - new->expr = ap_expr_parse_cmd(cmd, expr, 0, &err, NULL); + new->expr = ap_expr_parse_cmd(cmd, expr, flags, &err, NULL); if (err) return apr_psprintf(cmd->pool, "Could not parse expression \"%s\": %s", expr, err); diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c index 128cf1eac6f..ef090ddc771 100644 --- a/modules/proxy/mod_proxy_fcgi.c +++ b/modules/proxy/mod_proxy_fcgi.c @@ -1338,9 +1338,15 @@ static const char *cmd_setenv(cmd_parms *cmd, void *in_dconf, const char *err; sei_entry *new; const char *envvar = arg2; + unsigned int flags = 0; + + /* Use restricted ap_expr() parser in htaccess context. */ + if (cmd->pool == cmd->temp_pool) { + flags |= AP_EXPR_FLAG_RESTRICTED; + } new = apr_array_push(dconf->env_fixups); - new->cond = ap_expr_parse_cmd(cmd, arg1, 0, &err, NULL); + new->cond = ap_expr_parse_cmd(cmd, arg1, flags, &err, NULL); if (err) { return apr_psprintf(cmd->pool, "Could not parse expression \"%s\": %s", arg1, err); @@ -1367,7 +1373,8 @@ static const char *cmd_setenv(cmd_parms *cmd, void *in_dconf, arg3 = ""; } - new->subst = ap_expr_parse_cmd(cmd, arg3, AP_EXPR_FLAG_STRING_RESULT, &err, NULL); + flags |= AP_EXPR_FLAG_STRING_RESULT; + new->subst = ap_expr_parse_cmd(cmd, arg3, flags, &err, NULL); if (err) { return apr_psprintf(cmd->pool, "Could not parse expression \"%s\": %s", arg3, err);