]>
Commit | Line | Data |
---|---|---|
0e467b1f AM |
1 | --- httpd-2.0.46/modules/dav/main/mod_dav.c.davbadfrag |
2 | +++ httpd-2.0.46/modules/dav/main/mod_dav.c | |
3 | @@ -4537,6 +4537,16 @@ | |
4 | if (strcmp(r->handler, DAV_HANDLER_NAME) != 0) | |
5 | return DECLINED; | |
6 | ||
7 | + /* Reject requests with an unescaped hash character, as these may | |
8 | + * be more destructive than the user intended. */ | |
9 | + if (r->parsed_uri.fragment != NULL) { | |
10 | + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, | |
11 | + "buggy client used un-escaped hash in Request-URI"); | |
12 | + return dav_error_response(r, HTTP_BAD_REQUEST, | |
13 | + "The request was invalid: the URI included " | |
14 | + "an un-escaped hash character"); | |
15 | + } | |
16 | + | |
17 | /* ### do we need to do anything with r->proxyreq ?? */ | |
18 | ||
19 | /* |