Coverage Report

Created: 2025-07-11 06:40

/src/httpd/modules/http/http_request.c
Line
Count
Source (jump to first uncovered line)
1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
 * contributor license agreements.  See the NOTICE file distributed with
3
 * this work for additional information regarding copyright ownership.
4
 * The ASF licenses this file to You under the Apache License, Version 2.0
5
 * (the "License"); you may not use this file except in compliance with
6
 * the License.  You may obtain a copy of the License at
7
 *
8
 *     http://www.apache.org/licenses/LICENSE-2.0
9
 *
10
 * Unless required by applicable law or agreed to in writing, software
11
 * distributed under the License is distributed on an "AS IS" BASIS,
12
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
 * See the License for the specific language governing permissions and
14
 * limitations under the License.
15
 */
16
17
/*
18
 * http_request.c: functions to get and process requests
19
 *
20
 * Rob McCool 3/21/93
21
 *
22
 * Thoroughly revamped by rst for Apache.  NB this file reads
23
 * best from the bottom up.
24
 *
25
 */
26
27
#include "apr_strings.h"
28
#include "apr_file_io.h"
29
#include "apr_fnmatch.h"
30
31
#define APR_WANT_STRFUNC
32
#include "apr_want.h"
33
34
#include "ap_config.h"
35
#include "httpd.h"
36
#include "http_config.h"
37
#include "http_request.h"
38
#include "http_core.h"
39
#include "http_protocol.h"
40
#include "http_log.h"
41
#include "http_main.h"
42
#include "mpm_common.h"
43
#include "util_filter.h"
44
#include "util_charset.h"
45
#include "scoreboard.h"
46
47
#include "mod_core.h"
48
49
#if APR_HAVE_STDARG_H
50
#include <stdarg.h>
51
#endif
52
53
APLOG_USE_MODULE(http);
54
55
/*****************************************************************
56
 *
57
 * Mainline request processing...
58
 */
59
60
/* XXX A cleaner and faster way to do this might be to pass the request_rec
61
 * down the filter chain as a parameter.  It would need to change for
62
 * subrequest vs. main request filters; perhaps the subrequest filter could
63
 * make the switch.
64
 */
65
static void update_r_in_filters(ap_filter_t *f,
66
                                request_rec *from,
67
                                request_rec *to)
68
0
{
69
0
    while (f) {
70
0
        if (f->r == from) {
71
0
            f->r = to;
72
0
        }
73
0
        f = f->next;
74
0
    }
75
0
}
76
77
static void ap_die_r(int type, request_rec *r, int recursive_error)
78
0
{
79
0
    char *custom_response;
80
0
    request_rec *r_1st_err = r;
81
82
0
    if (type == OK || type == DONE) {
83
0
        ap_finalize_request_protocol(r);
84
0
        return;
85
0
    }
86
87
    /*
88
     * if we have already passed the final response down the
89
     * output filter chain, we cannot generate a second final
90
     * response here.
91
     */
92
0
    if (r->final_resp_passed) {
93
0
        return;
94
0
    }
95
96
0
    if (!ap_is_HTTP_VALID_RESPONSE(type)) {
97
0
        if (type != AP_FILTER_ERROR) {
98
0
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01579)
99
0
                          "Invalid response status %i", type);
100
0
        }
101
0
        else {
102
0
            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02831)
103
0
                          "Response from AP_FILTER_ERROR");
104
0
        }
105
0
        type = HTTP_INTERNAL_SERVER_ERROR;
106
0
    }
107
108
    /*
109
     * The following takes care of Apache redirects to custom response URLs
110
     * Note that if we are already dealing with the response to some other
111
     * error condition, we just report on the original error, and give up on
112
     * any attempt to handle the other thing "intelligently"...
113
     */
114
0
    if (recursive_error != HTTP_OK) {
115
0
        while (r_1st_err->prev && (r_1st_err->prev->status != HTTP_OK))
116
0
            r_1st_err = r_1st_err->prev;  /* Get back to original error */
117
118
0
        if (r_1st_err != r) {
119
            /* The recursive error was caused by an ErrorDocument specifying
120
             * an internal redirect to a bad URI.  ap_internal_redirect has
121
             * changed the filter chains to point to the ErrorDocument's
122
             * request_rec.  Back out those changes so we can safely use the
123
             * original failing request_rec to send the canned error message.
124
             *
125
             * ap_send_error_response gets rid of existing resource filters
126
             * on the output side, so we can skip those.
127
             */
128
0
            update_r_in_filters(r_1st_err->proto_output_filters, r, r_1st_err);
129
0
            update_r_in_filters(r_1st_err->input_filters, r, r_1st_err);
130
0
            recursive_error = type;
131
0
        }
132
133
0
        custom_response = NULL; /* Do NOT retry the custom thing! */
134
0
    }
135
0
    else {
136
0
        int error_index = ap_index_of_response(type);
137
0
        custom_response = ap_response_code_string(r, error_index);
138
0
        recursive_error = 0;
139
0
    }
140
141
0
    r->status = type;
142
143
    /*
144
     * This test is done here so that none of the auth modules needs to know
145
     * about proxy authentication.  They treat it like normal auth, and then
146
     * we tweak the status.
147
     */
148
0
    if (HTTP_UNAUTHORIZED == r->status && PROXYREQ_PROXY == r->proxyreq) {
149
0
        r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
150
0
    }
151
152
    /* If we don't want to keep the connection, make sure we mark that the
153
     * connection is not eligible for keepalive.  If we want to keep the
154
     * connection, be sure that the request body (if any) has been read.
155
     */
156
0
    if (ap_status_drops_connection(r->status)) {
157
0
        r->connection->keepalive = AP_CONN_CLOSE;
158
0
    }
159
160
    /*
161
     * Two types of custom redirects --- plain text, and URLs. Plain text has
162
     * a leading '"', so the URL code, here, is triggered on its absence
163
     */
164
165
0
    if (custom_response && custom_response[0] != '"') {
166
167
0
        if (ap_is_url(custom_response)) {
168
            /*
169
             * The URL isn't local, so lets drop through the rest of this
170
             * apache code, and continue with the usual REDIRECT handler.
171
             * But note that the client will ultimately see the wrong
172
             * status...
173
             */
174
0
            r->status = HTTP_MOVED_TEMPORARILY;
175
0
            apr_table_setn(r->headers_out, "Location", custom_response);
176
0
        }
177
0
        else if (custom_response[0] == '/') {
178
0
            const char *error_notes, *original_method;
179
0
            int original_method_number;
180
0
            r->no_local_copy = 1;       /* Do NOT send HTTP_NOT_MODIFIED for
181
                                         * error documents! */
182
            /*
183
             * This redirect needs to be a GET no matter what the original
184
             * method was.
185
             */
186
0
            apr_table_setn(r->subprocess_env, "REQUEST_METHOD", r->method);
187
188
            /*
189
             * Provide a special method for modules to communicate
190
             * more informative (than the plain canned) messages to us.
191
             * Propagate them to ErrorDocuments via the ERROR_NOTES variable:
192
             */
193
0
            if ((error_notes = apr_table_get(r->notes,
194
0
                                             "error-notes")) != NULL) {
195
0
                apr_table_setn(r->subprocess_env, "ERROR_NOTES", error_notes);
196
0
            }
197
0
            original_method = r->method;
198
0
            original_method_number = r->method_number;
199
0
            r->method = "GET";
200
0
            r->method_number = M_GET;
201
0
            ap_internal_redirect(custom_response, r);
202
            /* preserve ability to see %<m in the access log */
203
0
            r->method = original_method;
204
0
            r->method_number = original_method_number;
205
0
            return;
206
0
        }
207
0
        else {
208
            /*
209
             * Dumb user has given us a bad url to redirect to --- fake up
210
             * dying with a recursive server error...
211
             */
212
0
            recursive_error = HTTP_INTERNAL_SERVER_ERROR;
213
0
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01580)
214
0
                        "Invalid error redirection directive: %s",
215
0
                        custom_response);
216
0
        }
217
0
    }
218
0
    ap_send_error_response(r_1st_err, recursive_error);
219
0
}
220
221
AP_DECLARE(void) ap_die(int type, request_rec *r)
222
0
{
223
0
    ap_die_r(type, r, r->status);
224
0
}
225
226
AP_DECLARE(apr_status_t) ap_check_pipeline(conn_rec *c, apr_bucket_brigade *bb,
227
                                           unsigned int max_blank_lines)
228
0
{
229
0
    apr_status_t rv = APR_EOF;
230
0
    ap_input_mode_t mode = AP_MODE_SPECULATIVE;
231
0
    unsigned int num_blank_lines = 0;
232
0
    apr_size_t cr = 0;
233
0
    char buf[2];
234
235
0
    while (c->keepalive != AP_CONN_CLOSE && !c->aborted) {
236
0
        apr_size_t len = cr + 1;
237
238
0
        apr_brigade_cleanup(bb);
239
0
        rv = ap_get_brigade(c->input_filters, bb, mode,
240
0
                            APR_NONBLOCK_READ, len);
241
0
        if (rv != APR_SUCCESS || APR_BRIGADE_EMPTY(bb)) {
242
0
            if (mode == AP_MODE_READBYTES) {
243
                /* Unexpected error, stop with this connection */
244
0
                ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(02967)
245
0
                              "Can't consume pipelined empty lines");
246
0
                c->keepalive = AP_CONN_CLOSE;
247
0
                rv = APR_EGENERAL;
248
0
            }
249
0
            else if (rv != APR_SUCCESS && !APR_STATUS_IS_EAGAIN(rv)) {
250
                /* Pipe is dead */
251
0
                c->keepalive = AP_CONN_CLOSE;
252
0
            }
253
0
            else {
254
                /* Pipe is up and empty */
255
0
                rv = APR_EAGAIN;
256
0
            }
257
0
            break;
258
0
        }
259
0
        if (!max_blank_lines) {
260
0
            apr_off_t n = 0;
261
            /* Single read asked, (non-meta-)data available? */
262
0
            rv = apr_brigade_length(bb, 0, &n);
263
0
            if (rv == APR_SUCCESS && n <= 0) {
264
0
                rv = APR_EAGAIN;
265
0
            }
266
0
            break;
267
0
        }
268
269
        /* Lookup and consume blank lines */
270
0
        rv = apr_brigade_flatten(bb, buf, &len);
271
0
        if (rv != APR_SUCCESS || len != cr + 1) {
272
0
            int log_level;
273
0
            if (mode == AP_MODE_READBYTES) {
274
                /* Unexpected error, stop with this connection */
275
0
                c->keepalive = AP_CONN_CLOSE;
276
0
                log_level = APLOG_ERR;
277
0
                rv = APR_EGENERAL;
278
0
            }
279
0
            else {
280
                /* Let outside (non-speculative/blocking) read determine
281
                 * where this possible failure comes from (metadata,
282
                 * morphed EOF socket, ...). Debug only here.
283
                 */
284
0
                log_level = APLOG_DEBUG;
285
0
                rv = APR_SUCCESS;
286
0
            }
287
0
            ap_log_cerror(APLOG_MARK, log_level, rv, c, APLOGNO(02968)
288
0
                          "Can't check pipelined data");
289
0
            break;
290
0
        }
291
292
0
        if (mode == AP_MODE_READBYTES) {
293
            /* [CR]LF consumed, try next */
294
0
            mode = AP_MODE_SPECULATIVE;
295
0
            cr = 0;
296
0
        }
297
0
        else if (cr) {
298
0
            AP_DEBUG_ASSERT(len == 2 && buf[0] == APR_ASCII_CR);
299
0
            if (buf[1] == APR_ASCII_LF) {
300
                /* consume this CRLF */
301
0
                mode = AP_MODE_READBYTES;
302
0
                num_blank_lines++;
303
0
            }
304
0
            else {
305
                /* CR(?!LF) is data */
306
0
                break;
307
0
            }
308
0
        }
309
0
        else {
310
0
            if (buf[0] == APR_ASCII_LF) {
311
                /* consume this LF */
312
0
                mode = AP_MODE_READBYTES;
313
0
                num_blank_lines++;
314
0
            }
315
0
            else if (buf[0] == APR_ASCII_CR) {
316
0
                cr = 1;
317
0
            }
318
0
            else {
319
                /* Not [CR]LF, some data */
320
0
                break;
321
0
            }
322
0
        }
323
0
        if (num_blank_lines > max_blank_lines) {
324
            /* Enough blank lines with this connection,
325
             * stop and don't recycle it.
326
             */
327
0
            c->keepalive = AP_CONN_CLOSE;
328
0
            rv = APR_NOTFOUND;
329
0
            break;
330
0
        }
331
0
    }
332
333
0
    return rv;
334
0
}
335
336
AP_DECLARE(void) ap_process_request_after_handler(request_rec *r)
337
0
{
338
0
    apr_bucket_brigade *bb;
339
0
    apr_bucket *b;
340
0
    conn_rec *c = r->connection;
341
342
0
    bb = ap_acquire_brigade(c);
343
344
    /* Send an EOR bucket through the output filter chain.  When
345
     * this bucket is destroyed, the request will be logged and
346
     * its pool will be freed
347
     */
348
0
    b = ap_bucket_eor_create(c->bucket_alloc, r);
349
0
    APR_BRIGADE_INSERT_HEAD(bb, b);
350
351
    /* Find the last request, taking into account internal
352
     * redirects. We want to send the EOR bucket at the end of
353
     * all the buckets so it does not jump the queue.
354
     */
355
0
    while (r->next) {
356
0
        r = r->next;
357
0
    }
358
359
    /* All the request filters should have bailed out on EOS, and in any
360
     * case they shouldn't have to handle this EOR which will destroy the
361
     * request underneath them. So go straight to the connection filters.
362
     */
363
0
    ap_pass_brigade(c->output_filters, bb);
364
365
    /* The EOR bucket has either been handled by an output filter (eg.
366
     * deleted or moved to a buffered_bb => no more in bb), or an error
367
     * occurred before that (eg. c->aborted => still in bb) and we ought
368
     * to destroy it now. So cleanup any remaining bucket along with
369
     * the orphan request (if any).
370
     */
371
0
    apr_brigade_cleanup(bb);
372
373
    /* From here onward, it is no longer safe to reference r
374
     * or r->pool, because r->pool may have been destroyed
375
     * already by the EOR bucket's cleanup function.
376
     */
377
378
    /* Check pipeline consuming blank lines, they must not be interpreted as
379
     * the next pipelined request, otherwise we would block on the next read
380
     * without flushing data, and hence possibly delay pending response(s)
381
     * until the next/real request comes in or the keepalive timeout expires.
382
     */
383
0
    (void)ap_check_pipeline(c, bb, DEFAULT_LIMIT_BLANK_LINES);
384
385
0
    ap_release_brigade(c, bb);
386
387
0
    if (c->cs) {
388
0
        if (c->aborted) {
389
0
            c->cs->state = CONN_STATE_LINGER;
390
0
        }
391
0
        else {
392
            /* If we have still data in the output filters here it means that
393
             * the last (recent) nonblocking write was EAGAIN, so tell the MPM
394
             * to not try another useless/stressful one but to go straight to
395
             * POLLOUT.
396
            */
397
0
            c->cs->state = CONN_STATE_WRITE_COMPLETION;
398
0
        }
399
0
    }
400
0
    AP_PROCESS_REQUEST_RETURN((uintptr_t)r, r->uri, r->status);
401
0
    if (ap_extended_status) {
402
0
        ap_time_process_request(c->sbh, STOP_PREQUEST);
403
0
    }
404
0
}
405
406
void ap_process_async_request(request_rec *r)
407
0
{
408
0
    conn_rec *c = r->connection;
409
0
    int access_status;
410
411
    /* Give quick handlers a shot at serving the request on the fast
412
     * path, bypassing all of the other Apache hooks.
413
     *
414
     * This hook was added to enable serving files out of a URI keyed
415
     * content cache ( e.g., Mike Abbott's Quick Shortcut Cache,
416
     * described here: http://oss.sgi.com/projects/apache/mod_qsc.html )
417
     *
418
     * It may have other uses as well, such as routing requests directly to
419
     * content handlers that have the ability to grok HTTP and do their
420
     * own access checking, etc (e.g. servlet engines).
421
     *
422
     * Use this hook with extreme care and only if you know what you are
423
     * doing.
424
     */
425
0
    AP_PROCESS_REQUEST_ENTRY((uintptr_t)r, r->uri);
426
0
    if (ap_extended_status) {
427
0
        ap_time_process_request(r->connection->sbh, START_PREQUEST);
428
0
    }
429
430
0
    if (APLOGrtrace4(r)) {
431
0
        int i;
432
0
        const apr_array_header_t *t_h = apr_table_elts(r->headers_in);
433
0
        const apr_table_entry_t *t_elt = (apr_table_entry_t *)t_h->elts;
434
0
        ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r,
435
0
                      "Headers received from client:");
436
0
        for (i = 0; i < t_h->nelts; i++, t_elt++) {
437
0
            ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r, "  %s: %s",
438
0
                          ap_escape_logitem(r->pool, t_elt->key),
439
0
                          ap_escape_logitem(r->pool, t_elt->val));
440
0
        }
441
0
    }
442
443
0
#if APR_HAS_THREADS
444
0
    apr_thread_mutex_create(&r->invoke_mtx, APR_THREAD_MUTEX_DEFAULT, r->pool);
445
0
    apr_thread_mutex_lock(r->invoke_mtx);
446
0
#endif
447
0
    access_status = ap_run_quick_handler(r, 0);  /* Not a look-up request */
448
0
    if (access_status == DECLINED) {
449
0
        access_status = ap_process_request_internal(r);
450
0
        if (access_status == OK) {
451
0
            access_status = ap_invoke_handler(r);
452
0
        }
453
0
    }
454
455
0
    if (access_status == SUSPENDED) {
456
        /* TODO: Should move these steps into a generic function, so modules
457
         * working on a suspended request can also call _ENTRY again.
458
         */
459
0
        AP_PROCESS_REQUEST_RETURN((uintptr_t)r, r->uri, access_status);
460
0
        if (ap_extended_status) {
461
0
            ap_time_process_request(c->sbh, STOP_PREQUEST);
462
0
        }
463
0
        if (c->cs)
464
0
            c->cs->state = CONN_STATE_SUSPENDED;
465
0
#if APR_HAS_THREADS
466
0
        apr_thread_mutex_unlock(r->invoke_mtx);
467
0
#endif
468
0
        return;
469
0
    }
470
0
#if APR_HAS_THREADS
471
0
    apr_thread_mutex_unlock(r->invoke_mtx);
472
0
#endif
473
474
0
    ap_die_r(access_status, r, HTTP_OK);
475
476
0
    ap_process_request_after_handler(r);
477
0
}
478
479
AP_DECLARE(void) ap_process_request(request_rec *r)
480
0
{
481
0
    apr_bucket_brigade *bb;
482
0
    apr_bucket *b;
483
0
    conn_rec *c = r->connection;
484
0
    apr_status_t rv;
485
486
0
    ap_process_async_request(r);
487
488
0
    if (ap_run_input_pending(c) != OK) {
489
0
        bb = ap_acquire_brigade(c);
490
0
        b = apr_bucket_flush_create(c->bucket_alloc);
491
0
        APR_BRIGADE_INSERT_HEAD(bb, b);
492
0
        rv = ap_pass_brigade(c->output_filters, bb);
493
0
        if (APR_STATUS_IS_TIMEUP(rv)) {
494
            /*
495
             * Notice a timeout as an error message. This might be
496
             * valuable for detecting clients with broken network
497
             * connections or possible DoS attacks.
498
             */
499
0
            ap_log_cerror(APLOG_MARK, APLOG_INFO, rv, c, APLOGNO(01581)
500
0
                          "flushing data to the client");
501
0
        }
502
0
        ap_release_brigade(c, bb);
503
0
    }
504
0
    if (ap_extended_status) {
505
0
        ap_time_process_request(c->sbh, STOP_PREQUEST);
506
0
    }
507
0
}
508
509
static apr_table_t *rename_original_env(apr_pool_t *p, apr_table_t *t)
510
0
{
511
0
    const apr_array_header_t *env_arr = apr_table_elts(t);
512
0
    const apr_table_entry_t *elts = (const apr_table_entry_t *) env_arr->elts;
513
0
    apr_table_t *new = apr_table_make(p, env_arr->nalloc);
514
0
    int i;
515
516
0
    for (i = 0; i < env_arr->nelts; ++i) {
517
0
        if (!elts[i].key)
518
0
            continue;
519
0
        apr_table_setn(new, apr_pstrcat(p, "REDIRECT_", elts[i].key, NULL),
520
0
                  elts[i].val);
521
0
    }
522
523
0
    return new;
524
0
}
525
526
static request_rec *internal_internal_redirect(const char *new_uri,
527
0
                                               request_rec *r) {
528
0
    int access_status;
529
0
    request_rec *new;
530
0
    const char *vary_header;
531
532
0
    if (ap_is_recursion_limit_exceeded(r)) {
533
0
        ap_die(HTTP_INTERNAL_SERVER_ERROR, r);
534
0
        return NULL;
535
0
    }
536
537
0
    new = (request_rec *) apr_pcalloc(r->pool, sizeof(request_rec));
538
539
0
    new->connection = r->connection;
540
0
    new->server     = r->server;
541
0
    new->pool       = r->pool;
542
543
    /*
544
     * A whole lot of this really ought to be shared with http_protocol.c...
545
     * another missing cleanup.  It's particularly inappropriate to be
546
     * setting header_only, etc., here.
547
     */
548
549
0
    new->method          = r->method;
550
0
    new->method_number   = r->method_number;
551
0
    new->allowed_methods = ap_make_method_list(new->pool, 2);
552
0
    ap_parse_uri(new, new_uri);
553
0
    new->parsed_uri.port_str = r->parsed_uri.port_str;
554
0
    new->parsed_uri.port = r->parsed_uri.port;
555
556
0
    new->request_config = ap_create_request_config(r->pool);
557
558
0
    new->per_dir_config = r->server->lookup_defaults;
559
560
0
    new->prev = r;
561
0
    r->next   = new;
562
563
0
    new->useragent_addr = r->useragent_addr;
564
0
    new->useragent_ip = r->useragent_ip;
565
566
    /* Must have prev and next pointers set before calling create_request
567
     * hook.
568
     */
569
0
    ap_run_create_request(new);
570
571
    /* Inherit the rest of the protocol info... */
572
573
0
    new->the_request = r->the_request;
574
575
0
    new->allowed         = r->allowed;
576
577
0
    new->status          = r->status;
578
0
    new->assbackwards    = r->assbackwards;
579
0
    new->header_only     = r->header_only;
580
0
    new->protocol        = r->protocol;
581
0
    new->proto_num       = r->proto_num;
582
0
    new->hostname        = r->hostname;
583
0
    new->request_time    = r->request_time;
584
0
    new->main            = r->main;
585
586
0
    new->headers_in      = r->headers_in;
587
0
    new->trailers_in     = r->trailers_in;
588
0
    new->headers_out     = apr_table_make(r->pool, 12);
589
0
    if (ap_is_HTTP_REDIRECT(new->status)) {
590
0
        const char *location = apr_table_get(r->headers_out, "Location");
591
0
        if (location)
592
0
            apr_table_setn(new->headers_out, "Location", location);
593
0
    }
594
595
    /* A module (like mod_rewrite) can force an internal redirect
596
     * to carry over the Vary header (if present).
597
     */
598
0
    if (apr_table_get(r->notes, "redirect-keeps-vary")) {
599
0
        if((vary_header = apr_table_get(r->headers_out, "Vary"))) {
600
0
            apr_table_setn(new->headers_out, "Vary", vary_header);
601
0
        }
602
0
    }
603
604
0
    new->err_headers_out = r->err_headers_out;
605
0
    new->trailers_out    = apr_table_make(r->pool, 5);
606
0
    new->subprocess_env  = rename_original_env(r->pool, r->subprocess_env);
607
0
    new->notes           = apr_table_make(r->pool, 5);
608
609
0
    new->htaccess        = r->htaccess;
610
0
    new->no_cache        = r->no_cache;
611
0
    new->expecting_100   = r->expecting_100;
612
0
    new->no_local_copy   = r->no_local_copy;
613
0
    new->read_length     = r->read_length;     /* We can only read it once */
614
0
    new->vlist_validator = r->vlist_validator;
615
616
0
    new->proto_output_filters  = r->proto_output_filters;
617
0
    new->proto_input_filters   = r->proto_input_filters;
618
619
0
    new->input_filters   = new->proto_input_filters;
620
621
0
    if (new->main) {
622
0
        ap_filter_t *f, *nextf;
623
624
        /* If this is a subrequest, the filter chain may contain a
625
         * mixture of filters specific to the old request (r), and
626
         * some inherited from r->main.  Here, inherit that filter
627
         * chain, and remove all those which are specific to the old
628
         * request; ensuring the subreq filter is left in place. */
629
0
        new->output_filters = r->output_filters;
630
631
0
        f = new->output_filters;
632
0
        do {
633
0
            nextf = f->next;
634
635
0
            if (f->r == r && f->frec != ap_subreq_core_filter_handle) {
636
0
                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01582)
637
0
                              "dropping filter '%s' in internal redirect from %s to %s",
638
0
                              f->frec->name, r->unparsed_uri, new_uri);
639
640
                /* To remove the filter, first set f->r to the *new*
641
                 * request_rec, so that ->output_filters on 'new' is
642
                 * changed (if necessary) when removing the filter. */
643
0
                f->r = new;
644
0
                ap_remove_output_filter(f);
645
0
            }
646
647
0
            f = nextf;
648
649
            /* Stop at the protocol filters.  If a protocol filter has
650
             * been newly installed for this resource, better leave it
651
             * in place, though it's probably a misconfiguration or
652
             * filter bug to get into this state. */
653
0
        } while (f && f != new->proto_output_filters);
654
0
    }
655
0
    else {
656
        /* If this is not a subrequest, clear out all
657
         * resource-specific filters. */
658
0
        new->output_filters  = new->proto_output_filters;
659
0
    }
660
661
0
    update_r_in_filters(new->input_filters, r, new);
662
0
    update_r_in_filters(new->output_filters, r, new);
663
664
0
    apr_table_setn(new->subprocess_env, "REDIRECT_STATUS",
665
0
                   apr_itoa(r->pool, r->status));
666
667
    /* Begin by presuming any module can make its own path_info assumptions,
668
     * until some module interjects and changes the value.
669
     */
670
0
    new->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
671
672
0
#if APR_HAS_THREADS
673
0
    new->invoke_mtx = r->invoke_mtx;
674
0
#endif
675
676
    /*
677
     * XXX: hmm.  This is because mod_setenvif and mod_unique_id really need
678
     * to do their thing on internal redirects as well.  Perhaps this is a
679
     * misnamed function.
680
     */
681
0
    if ((access_status = ap_post_read_request(new))) {
682
0
        ap_die(access_status, new);
683
0
        return NULL;
684
0
    }
685
686
0
    return new;
687
0
}
688
689
/* XXX: Is this function is so bogus and fragile that we deep-6 it? */
690
AP_DECLARE(void) ap_internal_fast_redirect(request_rec *rr, request_rec *r)
691
0
{
692
    /* We need to tell POOL_DEBUG that we're guaranteeing that rr->pool
693
     * will exist as long as r->pool.  Otherwise we run into troubles because
694
     * some values in this request will be allocated in r->pool, and others in
695
     * rr->pool.
696
     */
697
0
    apr_pool_join(r->pool, rr->pool);
698
0
    r->proxyreq = rr->proxyreq;
699
0
    r->no_cache = (r->no_cache && rr->no_cache);
700
0
    r->no_local_copy = (r->no_local_copy && rr->no_local_copy);
701
0
    r->mtime = rr->mtime;
702
0
    r->uri = rr->uri;
703
0
    r->filename = rr->filename;
704
0
    r->canonical_filename = rr->canonical_filename;
705
0
    r->path_info = rr->path_info;
706
0
    r->args = rr->args;
707
0
    r->finfo = rr->finfo;
708
0
    r->handler = rr->handler;
709
0
    ap_set_content_type_ex(r, rr->content_type, AP_REQUEST_IS_TRUSTED_CT(rr));
710
0
    r->content_encoding = rr->content_encoding;
711
0
    r->content_languages = rr->content_languages;
712
0
    r->per_dir_config = rr->per_dir_config;
713
    /* copy output headers from subrequest, but leave negotiation headers */
714
0
    r->notes = apr_table_overlay(r->pool, rr->notes, r->notes);
715
0
    r->headers_out = apr_table_overlay(r->pool, rr->headers_out,
716
0
                                       r->headers_out);
717
0
    r->err_headers_out = apr_table_overlay(r->pool, rr->err_headers_out,
718
0
                                           r->err_headers_out);
719
0
    r->trailers_out = apr_table_overlay(r->pool, rr->trailers_out,
720
0
                                           r->trailers_out);
721
0
    r->subprocess_env = apr_table_overlay(r->pool, rr->subprocess_env,
722
0
                                          r->subprocess_env);
723
724
0
    r->output_filters = rr->output_filters;
725
0
    r->input_filters = rr->input_filters;
726
727
    /* If any filters pointed at the now-defunct rr, we must point them
728
     * at our "new" instance of r.  In particular, some of rr's structures
729
     * will now be bogus (say rr->headers_out).  If a filter tried to modify
730
     * their f->r structure when it is pointing to rr, the real request_rec
731
     * will not get updated.  Fix that here.
732
     */
733
0
    update_r_in_filters(r->input_filters, rr, r);
734
0
    update_r_in_filters(r->output_filters, rr, r);
735
736
0
    if (r->main) {
737
0
        ap_filter_t *next = r->output_filters;
738
0
        while (next && (next != r->proto_output_filters)) {
739
0
            if (next->frec == ap_subreq_core_filter_handle) {
740
0
                break;
741
0
            }
742
0
            next = next->next;
743
0
        }
744
0
        if (!next || next == r->proto_output_filters) {
745
0
            ap_add_output_filter_handle(ap_subreq_core_filter_handle,
746
0
                                        NULL, r, r->connection);
747
0
        }
748
0
    }
749
0
    else {
750
        /*
751
         * We need to check if we now have the SUBREQ_CORE filter in our filter
752
         * chain. If this is the case we need to remove it since we are NO
753
         * subrequest. But we need to keep in mind that the SUBREQ_CORE filter
754
         * does not necessarily need to be the first filter in our chain. So we
755
         * need to go through the chain. But we only need to walk up the chain
756
         * until the proto_output_filters as the SUBREQ_CORE filter is below the
757
         * protocol filters.
758
         */
759
0
        ap_filter_t *next;
760
761
0
        next = r->output_filters;
762
0
        while (next && (next->frec != ap_subreq_core_filter_handle)
763
0
               && (next != r->proto_output_filters)) {
764
0
                next = next->next;
765
0
        }
766
0
        if (next && (next->frec == ap_subreq_core_filter_handle)) {
767
0
            ap_remove_output_filter(next);
768
0
        }
769
0
    }
770
0
}
771
772
AP_DECLARE(void) ap_internal_redirect(const char *new_uri, request_rec *r)
773
0
{
774
0
    int access_status;
775
0
    request_rec *new = internal_internal_redirect(new_uri, r);
776
777
0
    AP_INTERNAL_REDIRECT(r->uri, new_uri);
778
779
    /* ap_die was already called, if an error occurred */
780
0
    if (!new) {
781
0
        return;
782
0
    }
783
784
0
    access_status = ap_run_quick_handler(new, 0);  /* Not a look-up request */
785
0
    if (access_status == DECLINED) {
786
0
        access_status = ap_process_request_internal(new);
787
0
        if (access_status == OK) {
788
0
            access_status = ap_invoke_handler(new);
789
0
        }
790
0
    }
791
0
    ap_die(access_status, new);
792
0
}
793
794
/* This function is designed for things like actions or CGI scripts, when
795
 * using AddHandler, and you want to preserve the content type across
796
 * an internal redirect.
797
 */
798
AP_DECLARE(void) ap_internal_redirect_handler(const char *new_uri, request_rec *r)
799
0
{
800
0
    int access_status;
801
0
    request_rec *new = internal_internal_redirect(new_uri, r);
802
803
    /* ap_die was already called, if an error occurred */
804
0
    if (!new) {
805
0
        return;
806
0
    }
807
808
0
    if (r->handler)
809
0
        ap_set_content_type_ex(new, r->content_type, AP_REQUEST_IS_TRUSTED_CT(r));
810
0
    access_status = ap_process_request_internal(new);
811
0
    if (access_status == OK) {
812
0
        access_status = ap_invoke_handler(new);
813
0
    }
814
0
    ap_die(access_status, new);
815
0
}
816
817
AP_DECLARE(void) ap_allow_methods(request_rec *r, int reset, ...)
818
0
{
819
0
    const char *method;
820
0
    va_list methods;
821
822
    /*
823
     * Get rid of any current settings if requested; not just the
824
     * well-known methods but any extensions as well.
825
     */
826
0
    if (reset) {
827
0
        ap_clear_method_list(r->allowed_methods);
828
0
    }
829
830
0
    va_start(methods, reset);
831
0
    while ((method = va_arg(methods, const char *)) != NULL) {
832
0
        ap_method_list_add(r->allowed_methods, method);
833
0
    }
834
0
    va_end(methods);
835
0
}
836
837
AP_DECLARE(void) ap_allow_standard_methods(request_rec *r, int reset, ...)
838
0
{
839
0
    int method;
840
0
    va_list methods;
841
0
    ap_method_mask_t mask;
842
843
    /*
844
     * Get rid of any current settings if requested; not just the
845
     * well-known methods but any extensions as well.
846
     */
847
0
    if (reset) {
848
0
        ap_clear_method_list(r->allowed_methods);
849
0
    }
850
851
0
    mask = 0;
852
0
    va_start(methods, reset);
853
0
    while ((method = va_arg(methods, int)) != -1) {
854
0
        mask |= (AP_METHOD_BIT << method);
855
0
    }
856
0
    va_end(methods);
857
858
0
    r->allowed_methods->method_mask |= mask;
859
0
}