*) mod_rewrite: Add support for starting External Rewriting Programs as non-root user on UNIX systems by specifying username and group name as third argument of RewriteMap directive.

mod_rewrite: Improve 'bad flag delimeters' startup error by showing how the input was tokenized. PR 56528. Submitted By: Edward Lu <Chaosed0 gmail.com> Committed By: covener

Remove some instances where a RewriteBase must be specified Previously, any time you used a relative substitution in per-directory/htaccess context, you needed to specify a RewriteBase. But in case where the context document root and context prefix are known via e.g. mod_userdir or mod_alias, and the substitution is under the context document root, we can determine the replacement automatically. This makes htaccess files or config snippets a bit more portable.

the fixup hook should log (what is expected to be) local path just like the translate name hook, for a small hint when debugging 400 errors set just below

strncmp(r->filename, "proxy:", 6) is faster than a note. Plus, allows for checking even if not due to rewrite.

add BNP flag to give control to the user on whether a space ' ' in an escaped backrefernece is decoded to a + (default) or %20. Useful if your backreference isn't going into the query string.

allow users to workaround the over-agressive backreference escaping by selecting the characters to escape.

normalize an ugly construct which somehow manages to return the correct value

*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore, and IgnoreInherit to allow RewriteRules to be pushed from parent scopes to child scopes without explicitly configuring each child scope. PR56153. Submitted By: Edward Lu Committed By: covener

Add %{CONN_REMOTE_ADDR} to mod_rewrite. PR56094 Submitted By: Edward Lu <Chaosed0 gmail com> Committed By: covener

make mod_rewrite and mod_proxy UDS work together...

no make depend in sandbox, fix bld break from r1559394

don't search for directory indexes/directoryslashes if a URL is in the middle of being rewritten [in per-dir context]. PR53929

avoid a tight busy loop with memory allocations when the [N] flag isn't making progress. If backported, probably increase the hard-coded limit to 32k from 10k.

*) mod_rewrite: Make rewrite websocket aware to allow proxying. PR 55598. [Chris Harris <chris.harris kitware com>]

include util_charset.h in ebcdic builds

Remove useless tests. Turn if (*x && apr_isspace(*x)) into if (apr_isspace(*x))

Unbreak default case of RewriteBase not being set after r1410681 Contributed By: Evgeny Barsukov Reviewed By: covener

PR53963: don't merge the rewritebase down w/o an opt-in

remove now unecessary assignment

Use apr_pcalloc for rewritemap_entry struct, to avoid uninitialized entries. PR: 53663 Submitted by: Mikhail T. <mi apache aldan algebra com>

style fix

add a pointer to 'rewriteoptions', without giving away the option name, if someone happens to have rewrite trace on when mod_rewrite declines a non URL-path.

* modules/mappers/mod_rewrite.c (cmd_rewriteoptions, hook_uri2file): Add "AllowAnyURI" flag which disables the strict URL-path input string check introduced to fix CVE-2011-3368/CVE-2011-4317. * docs/manual: Update docs. Inspired by: covener

Replace use of apr_file_write() with apr_file_write_full() to prevent incomplete writes. Add comments in some places where error handling/logging is missing. PR: 53131. Submitted by: Nicolas Viennot <apache viennot biz>, Stefan Fritsch

mod_rewrite: Fix RewriteCond integer checks to be parsed correctly. PR: 53023 Submitted by: Axel Reinhold <apache freakout.de> Reviewed/Updated by: nd

static scope for rewritemap_mutex_type.

revert "overloaded" recent additions to mod_rewrite

add an internal sleep map function that expands to an empty string.

treat a rewriterule substitution that expands to "-" as if the rule had a literal "-".

https also needs QS

Adjust CVE-2011-3368/CVE-2011-4317 fixes to rely solely on core's translate-name to fail unsupported URIs. Rewrite and proxy now decline what they don't support rather than fail the request. Suggested by: trawick Implemented by: jorton Tweaked by: wrowe

Further clarify the naming of the entity that originates the request by calling that entity a useragent instead of a client.

Add lots of unique tags to error log messages

Fix for additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. (CVE-2011-4317) Thanks to Prutha Parikh from Qualys for reporting this issue. * modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*" request-URI. Fail for cases where r->uri does not begin with a "/". * modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.

mod_rewrite: Add the AllowNoSlash RewriteOption, which makes it possible for RewriteRules to be placed in .htaccess files that match the directory with no trailing slash. PR 48304.

Introduce a per connection "peer_ip" and a per request "client_ip" to distinguish between the raw IP address of the connection and the effective IP address of the request.

Introduce a per request version of the remote IP address, which can be optionally modified by a module when the effective IP of the client is not the same as the real IP of the client (such as a load balancer).

No longer do double duty...

More cleanup: Expand tabs and some more indentation fixes No functional change

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

replace non-threadsafe use of srand() and rand() with ap_random_pick()

Prevent a crash if a non-existent internal RewriteMap is specified in a server context with RewiteEngine off, then later referenced. Submitted By: Ben Noordhuis Reviewed By: covener

Make the SERVER_NAME variable include [ ] for literal IPv6 addresses, as mandated by RFC 3875 PR: 26005

Fix regexp RewriteCond with NoCase, reported by Steffen <info apachelounge com>

Add string valued expressions to ap_expr, do some API cleanup - add possibility to have expressions that evaluate to a string and not to a boolean value - modify ap_expr_parse_cmd() interface to support this and make it more convenient to use in general - rename AP_EXPR_FLAGS_* to AP_EXPR_FLAG_* for consistency

Various code cleanup PR: 51398 Submitted by: Christophe Jaillet <christophe jaillet wanadoo fr>

We already have ap_str_tolower(), so also add ap_str_toupper() function and use it where possible.

revert this... sorry

Revert "fix unexpected enum operation" This reverts commit d407a566ab24e576a3f143f5c27b2ccf90f5d8da.

fix unexpected enum operation

Avoid some memory allocations by using apr_table_setn where the string arguments are allocated from the request pool and not modified later on. Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr> PR: 51358

- Introduce concept of context prefix (which is an URL prefix) and context document root (which is the file system directory that this URL prefix is mapped to). This generalization of the document root makes it easier for scripts to create self-referential URLs and to find their files. - Expose CONTEXT_DOCUMENT_ROOT and CONTEXT_PREFIX as envvars, in mod_rewrite, and in ap_expr. - Make mod_alias and mod_userdir set the context information. - Allow to override the document root on a per-request basis. This allows mass vhosting modules to set DOCUMENT_ROOT correctly. - Make mod_vhost_alias set the per-request document root PR: 26052, 46198, 49705 Remaining tasks: - Use the context document root & prefix in mod_rewrite to make RewriteBase unneccessary in many cases. Do this without breaking compatibility. - Write docs.

Improvements found by cppcheck: remove some unused variables and dead assignments, reduce the scope of some variables, add some parens to improve readability

fix some dead assignments found by the clang analyzer

Report filename and line number in config warning

change signed single-bit fields to unsigned some of these were exposed to mods so the mmn is bumped, without regard to whether any compiler will have to generate different code

Or, perhaps that's even clearer, without getting too verbose.

Attemps to clarify a rather cryptic error message.

mod_rewrite: Decline immediately if the rewrite engine is disabled, instead of making various comparatively expensive proxy checks first.

Use ap_state_query() to fix many modules that were not correctly initializing if they were not active during server startup but got enabled later during a graceful restart (in which case they need to do all work during a single config run).

Make the REQUEST_SCHEME variable available to scripts and mod_rewrite

* Silence compiler warning about possibly uninitialized use

Allow to use arbitrary boolean expressions (ap_expr) in RewriteCond.

in struct backrefinfo: remove nsub member which is never read, make source member const

Allow to unset environment variables using E=!VAR. PR: 49512 Submitted by: Mark Drayton <mark markdrayton info>, Stefan Fritsch

PR 50447: mod_rewrite escapes the original [escaped] query string even when you haven't modified it.

PR 39313: allow the user to configure which rules come first when RewriteRules are merged with RewriteOptions Inherit. Submitted By: Jérôme Grandjanny <jerome.grandjanny cea.fr> Reviewed By: covener

mod_rewrite: Fix the RewriteEngine directive to work within a location. Previously, once RewriteEngine was switched on globally, it was impossible to switch off.

Add an END flag to RewriteRule that acts like L=LAST but also prevents further rounds of rewrite processing due to per-directory substitutions.

return early if we are not logging anyway

save some memory by using cmd->temp_pool instead of cmd->pool in some places

Introduce integer comparison support in RewriteCond The operators -gt, -ge, -eq, -le, -lt and -ne follow the bash test' semantics for comparing the integer values of the lhs and rhs expressions, as opposed to the string evaluations performed by > >= = <= and <. Note that -lt and -le overlap the existing -l test, and could be confused in expresions such as -ltestfile - to avoid this conflict use -L or -h in place of the legacy -l file symlink test operator.

Reduce complexity and fix a regex.t based on observation by rpluem; - follow the same logic of '=' for >[=] and <[=], skipping p->type chars for the resulting p->pattern - introduce pskip logic to greatly simplify logging, track negation '!', '=', and new comparators ">/<[=]", backspacing only for the purpose of logging. It's trivial to expand this to the -X operators in the future.

*) Accept modern bash test conventions of -h or -L for testing symlinks (for another patch against -l yet-to-come) *) Introduce >= and <= syntax for greater-or-equal, or less-or-equal string comparisons *) Respect [NC] conventions for >[=]/<[=] string comparison, which is horribly sensitive to the current charset.

set default pattern type using the enum value instead of integer literal (Intel C compiler groans about this)

mod_rewrite: Log errors if rewrite map files cannot be opened PR: 49639

Remove obsolete "see error log" log messages. mod_rewrite now uses the error log.

remove some useless use of strlen()

Code cleanup: replace strncpy by apr_cpystrn or apr_pstrmemdup Submitted by: Takashi Sato <takashi lans tv com> PR: 43432

Remove superfluous EOL from mod_rewrite logging. It's no longer needed, since mod_rewrite now uses our usual error log. The superfluous EOL was logged as '\n'.

Allow to set environment variables using mod_rewrite without explicitely giving a value. Most modules only check presence of a variable, not the value, so it makes sense to make the VAL argument in the mod_rewrite ENV flag optional.

mod_rewrite.c:447: warning: format not a string literal and no format arguments

Replace RewriteLog/RewriteLogLevel with trace log levels

Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take advantage of per-module loglevels

Catch up with ap_[proc|global]_mutex_create api change

Turn static function get_server_name_for_url() into public function ap_get_server_name_for_url() and use it where appropriate. This fixes mod_rewrite generating invalid URLs for redirects to IPv6 literal addresses.

Adds a [QSD] flag to RewriteRule to discard unwanted query strings without the old kludge of sticking a ? on the end of the target URI.

Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex, and WatchdogMutexPath with a single Mutex directive. Add APIs to simplify setup and user customization of APR proc and global mutexes. (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer respected; set DEFAULT_REL_RUNTIMEDIR instead. Some existing modules, such as mod_ldap and mod_auth_digest gain configurability for their mutexes.

mod_rewrite: Make sure that a hostname:port isn't fully qualified if the request is a CONNECT request. Submitted by: Bill Zajac <billz consultla.com>

Bring back OS/2 support. Reverses r758929 with a little bit of conflict resolution.

* Remove locking for writing to the rewritelog. There seems to be no reason why locking is required here. See also: http://marc.info/?l=apache-httpd-dev&m=124282193217344&w=2 PR: 46942 Submitted by: Dan Poirier <poirier pobox.com> Reviewed by: rpluem

Fix the error string returned by RewriteRule. RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd argument of RewriteRule was not started with "[" or not ended with "]". PR: 45082 Submitted by: Vitaly Polonetsky <m_vitaly topixoft.com>

remove OS/2 platform support

* modules/mappers/mod_rewrite.c (apply_rewrite_rule): When evaluating a proxy rule in directory context, do escape the filename by default, since mod_proxy will not escape in that case due to the (deliberate) fixup hook ordering. Thanks to: rpluem PR: 46428

Add IPv6 variable to mod_rewrite. Submitted by: Ryan Phillips <ryan-apache trolocsis.com>

Fix mod_rewrite "B" flag breakage by reverting r589343 PR#45529

add mod_proxy_scgi, as announced a long time ago

axe r->path_info in a more standard way, suggested by Aleksander Budzynowski

*) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome way that per-directory rewrites append the previous notion of PATH_INFO to each substitution before evaluating subsequent rules. PR38642 [Eric Covener]

Import the core parts of the DTrace patch. This is a modified and updated version of what was submited by Theo before: <http://mail-archives.apache.org/mod_mbox/httpd-dev/200805.mbox/%3C6AFBCFE8-4CCA-4A02-8A43-F9170689695D@omniti.com%3E> Note, this does not hook it up into the build system at this time, because the original patch was a little too creative there. Submitted By: Theo Schlossnagle <jesus omniti.com>

API Cleanup in preperation for 2.4.x, make sure all exported functions or variables contain an ap_ prefix.

* modules/mappers/mod_rewrite.c (do_rewritelog): Add prototype with printf attribute flagged so that gcc -Wformat-security will pick up PR 46110-type errors as a warning.

* Supply the per-dir parameter to the rewritelog call where it is needed. PR: 46110

* modules/mappers/mod_rewrite.c (cmd_rewritelock): Add missing sentinel.

picking nits - de-tab

* Fix formating. No functional change.

correct r670061 - preserve query string with [noescape, proxy]

After r649840, mod_proxy_http will no longer append a query string from r->args if "no-canon". Moved the NOESCAPE test down after PATH_INFO, and preserve the query string in r->filename if NOESCAPE (which implies "no-canon") Previously this was only done for CONNECT requests, where (r->uri == r->unparsed_uri) see mod_proxy:proxy_detect

* Offer the possibility to create session cookies in the case a path is given.

* Allow HttpOnly, 1 and true to enable HttpOnly, allow secure, 1 and true to enable secure.

* Make setting of HttpOnly flag more explicit.

* Handle the case that secure is NULL

* Allow Cookie option to set secure and HttpOnly flags PR: 44799 Submitted by: Christian Wenz <christian wenz.org> Reviewed by: rpluem

* Initialize hash needed by ap_register_rewrite_mapfunc early enough. PR: 44641 Submitted by: Daniel Lescohier <daniel.lescohier cnet.com> Reviewed by: rpluem, niq, wrowe, jim

* Add checkfile2 at the end of the struct and not in the middle of the struct.

mod_rewrite: Check all files used by DBM maps for freshness, mod_rewrite didn't pick up on updated sdbm maps due to this. PR41190 [Niklas Edmundsson] NOTE: Only tested on httpd-2.2.8.

mod_rewrite: Don't canonicalise URLs with [P,NE] PR 43319

Update r573831 to avoid duplicating URL-escaping code. Ref. http://www.mail-archive.com/dev@httpd.apache.org/msg38532.html

don't fall through this case. Just break.

* Add the novary flag to RewriteCond in order to prevent the appending of HTTP headers used in a rewrite condition to the Vary header of the response.

* Also set the Vary header if a rewrite condition is true and uses a HTTP header, but all remaining rewrite conditions are skipped due to the [OR] flag.

Add option to escape backreferences in RewriteRule. PR 34602 and PR 39746 Patch by Guenther Gsenger

Multiple trivial fixes from Christophe JAILLET PR 38699, 39518, 42005, 42006, 42007, 42008, 42009 The patches are all his, and are sufficiently trivial to review at a glance.

Fix rewritemap/dbd bug pointed out by Davi Arnaut, and improve error reporting.

Fix bugs pointed out by rpluem in rewritemap/dbd

Retrieve optional functions in time!

Add SQL Query capability to RewriteMap

Replace ap_get_server_version with ap_get_server_banner() and ap_get_server_description(). High-level summary: The full server version information is now included in the error log at startup as well as server status reports, irrespective of the setting of the ServerTokens directive. Third-party modules must now use ap_get_server_banner() or ap_get_server_description() in place of ap_get_server_version().

SECURITY: CVE-2006-3747 (cve.mitre.org) mod_rewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. Reported by Mark Dowd of McAfee. Ack: trawick, lars, jorton, wrowe, benl

update license header text

Add support for fcgi:// proxies to mod_rewrite. Submitted by: Markus Schiegl <ms schiegl.com> * modules/mappers/mod_rewrite.c (is_absolute_uri): Recognize fcgi:// urls. * CHANGES: Note change.

Update the copyright year in all .c, .h and .xml files

No functional Change: Removing trailing whitespace. This also means that "blank" lines consisting of just spaces or tabs are now really blank lines

lookup_map_txtfile: used buffered i/o rather than reading RewriteMap txt: files one byte at a time. I was horrified to see a dump of a server with hundreds of worker threads in read() syscalls, all trying to read a 149k RewriteMap file simultaneously. each thread finds one key, inserts it into the cache, then the rest of the information is discarded. there are further improvements which could be made but let's try the simplest first.

Move the POSIX reg* implementations into the ap_* namespace; internalise the ap_reg*<->PCRE wrapper: * configure.in: Add srclib/pcre to the include path. * include/ap_regex.h: Renamed from include/pcreposix.h. Prefix all constants with AP_; prefix all functions and types with ap_. Define AP_DECLARE to nothing if necessary. Remove regcomp error codes. * include/httpd.h: Include ap_regex.h not pcreposix.h. (ap_pregcomp, ap_regexec, ap_regfree): s/regex_t/ap_regex_t/. (ap_regexec, ap_regerror): Prototypes moved to ap_regex.h. * server/util.c (regex_cleanup, ap_pregcomp, ap_pregsub, ap_pregfree): Adjust for ap_ prefixed types. (ap_regexec, ap_regerror): Removed. * server/Makefile.in: Build util_pcre.c. * server/util_pcre.c: Copied from srclib/pcre/pcreposix.c; remove use of PCRE-internals to do error mapping; rename types to add AP_/ap_ prefixes as above. Use APR includes. (ap_regerror): Use apr_snprintf. * srclib/pcre/Makefile.in: Don't build pcreposix.c into libpcre.la. * modules/*: Update to use new type and constant names. PR: 27750 (part one) Submitted by: Andres Salomon <dilinger voxel.net>, Joe Orton

Update copyright year to 2005 and standardize on current copyright owner line.

More hardcoded schemes in mod_rewrite... :/ Cooked up in a debugging session with Justin Erenkrantz. * modules/mappers/mod_rewrite.c (splitout_queryargs): Don't mess with the query args when dealing with ajp or balancer. (hook_uri2file): Account for r->filename being NULL.

Make the combination of mod_proxy_ajp and mod_rewrite work correctly. * modules/proxy/proxy_ajp.c (ap_proxy_ajp_request): Update call to ajp_send_header(). * modules/proxy/ajp.h (ajp_send_header): Add a uri parameter. * modules/proxy/ajp_header.c (ajp_marshal_into_msgb): Add a uri parameter and use the passed in uri instead of r->uri. (ajp_send_header): Add a uri parameter. Update call to ajp_marshal_into_msgb(). * modules/mappers/mod_rewrite.c (is_absolute_uri): Add handling of 'ajp' and 'balancer' schemes.

Fix another signedness bug

FINALLY Correct ap_http_method()! It is NOT a method, it's a SCHEME! Bumped mmn, and ap module cookie, for this function rename. It's not a deprecation, as ap_http_method would be a lovely function name sometime in the future: to determine what the function name implies.

* modules/mappers/mod_rewrite.c (hook_uri2file): Revert r1.259 to fix regression in proxy and QUERY_STRING handling (though with proxy issues on HEAD mod_rewrite [P] stuff is still completely broken).

* os/unix/os.h: Define AP_NEED_SET_MUTEX_PERMS. * modules/mappers/mod_rewrite.c, modules/ssl/ssl_engine_mutex.c: Use AP_NEED_SET_MUTEX_PERMS to determine whether unixd_set_*_mutex_perms calls are necessary.

remove the RewriteOption MaxRedirects; LimitInternalRecursion is sufficient for the administrator

mod_rewrite: Handle per-location rules when r->filename is unset. Previously this would segfault or simply not match as expected, depending on the platform.

Fix query string handling for proxied URLs. PR: 14518 Submitted by: michael teitler <michael.teitler cetelem.fr>, Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>

Fix darn typo. Submitted by: Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>

external map responses were cut at 2048 bytes (and possibly got out of sync that way). Now they are unlimited.

fix cache confusion which happens if different virtualhosts define rewritemaps with the same name. This is done using name mangling. For the cache we prefix the map name with the hex value of the current server struct pointer. This way inherited maps still use the same cache. PR: 26462

mod_rewrite no longer turns forward proxy requests into reverse proxy requests. PR: 28125

add support for rewrite rules in proxy containers PR: 27985

Enable mod_rewrite to recognize SSL variables (using ssl_var_lookup) Submitted by: Joe Orton Reviewed by: Madhusudan Mathihalli

fix name of The Apache Software Foundation

fix copyright dates according to the first check in

apply Apache License, Version 2.0

issue a warning if an external rewrite map is used without RewriteLock.

fix error handling during flag parsing

EOLs sent by external rewritemaps are now consumed as whole. That way, on systems with more than one EOL character rewritemap programs no longer need to switch stdout to binary mode. PR: 25635

Introduce the ability to force a content handler via the [handler=...] flag.

Introduce the RewriteCond -x check, which returns true if the pattern is a file with execution permissions.

allow proxying and rules in .htaccess in subrequests PR: 14648, 15114

with the new general status stuff, F and G are just shortcuts -> simplify.

allow setting of any valid HTTP response code via R flag. except for redirects this implies [L] and match-only (no substitution). PR: 25917

no need to copy the string again

weekday and monthnames are locale dependent...

make REMOTE_PORT available PR: 25772

update license to 2004.

style

Fold in the CAN-2003-0542 regex patch.

Match type of both arguments (get rid of compiler warning) in x ? y : z expression

switch to APR 1.0 API (which is still in flux) because of the changes to the argument lists of apr_mmap_dup and apr_socket_create, 2.1-dev won't build with apr and apr-util's 0.9 branch anymore

style

allow [T=...] forced types to get expanded. PR: 14223

cleanup apply_rewrite_rule function. Improve readablity (? ;-) and efficiency.

rename the exp_ctx to rewrite_ctx and widen its scope. That makes a lot of things easier :)

stressing the notes table is not necessary.

Catch an edge case, where strange subsequent RewriteRules could lead to a 400 (Bad Request) response. Example: <Directory /path> RewriteEngine on RewriteBase / RewriteRule foo /bar RewriteRule bar baz </Directory>

Fix LA-U and LA-F lookups in directory context. Previously the current rewrite state was just used as lookup path, which lead to strange and often useless results. Related to PR 8493.

doh. the permission thing is independent from rewrite log

use a context structure to hold expansion information. This makes some things easier (in future commits :-)

remove superfluous (heya Cliff) space from log string.

hook mimetype-forcing into fixup/LAST. This leads to consistent behaviour (server context vs. directory context), overrides all statically configured mime types and doesn't clobber multiviews any longer.

add a comment for future editors no code change.

There are different kinds of people: - the good English speaking people - the bad English speaking people - and the ugly ones, who should not even try to do so I think, I'm one of the latter group. Thanks to Thom May :)

word smithing / grammar Submitted by: Jeff Trawick

make clear, that we *know* the RewriteLog directive, even if we don't support it. Thanks to kess for pointing this out.

introduce REWRITELOG_DISABLED compiler option, which -- if supplied -- strips all logging code from mod_rewrite. This is meant as a performance improvement for production sites, not as a recommended compiler option for public distributions. At least conceptionally this was Reviewed by: Justin Erenkrantz, Mads Toftum, Thom May, David Burry <dburry@tagnet.org>

remove unneccessary assignment

improve expansion performance. If we have only small expansions (like just one variable - often used in map keys or the like), don't stress the pool with allocating memory for the linked result pointer list. This list can be safely stored on the stack.

cleanup compare_lexicography function. - improve readability - make sure that unsigned chars are compared - use apr_size_t for string lengths

inline some functions for faster processing.

subreq_ok *is* a macro.

cleanup the add_cookie function a bit. - the if(s) check is superfluid. s is guaranteed to be non-NULL (except for out of memory) - strtok as late as possible to save some cycles.

incorporate the add_env_variable function in do_expand_env. I see no real reason to use an extra function call here (other than decreasing performance :)

style

gcc doesn't catch the logic and throws a warning about uninitialized fname. Get a rid of it.

remove some unnecessary memory operations

remove artifical limitation of number of env and cookie flags

cleanup RewriteCond evaluation. - avoid unnecessary memory operations - parse non-regex patterns at configuration time, which - gives the ability to throw a useful warning, where [NC] is not supported - and speeds up processing at runtime - allow [NC] for simple comparison pattern (=) - improve readability

Rewritemap improvement: - map designations are now case insensitive (txt: rNd: PRG: INt:) - maps may be relative to serverroot, which appears to be _very_ helpful

cleanup parseargline function to be more efficient and better readable. It's a quite strange function. I think we can drop it at all. Opinions anywhere?

cleanup expand_tildepath function to use the pool and be more readable.

minor optimization: the bracket search functions just search for curly brackets, so there's no need to supply that every time again.

this was a two-tiered commit for better diffs. Now bust the old function.

speed up variable lookup. It's expected to be faster than a hash (and the previous if-else chain, of course). This also reverts the wrong patch, committed in r1.151

cause a lookup failure in external rewrite maps if the key contains a newline. PR: 14453 Submitted originally by: Cedric Gavage <cedric.gavage@unixtech.be>

minor optimizations in lookup_map_program function. - make it compile time configurable, how long a response from a rewrite map prg may be. - avoid unnecessary memory operations

- style & readability - procattr_cmd_type_set was called twice. shoot one.

integrate the random functions into the select_random_value_part function. This is the only place where they are needed. It is not necessary to add extra cycles for function calls here.

cleanup fully_qualify_uri function

cleanup splitout_queryargs function. - don't compute strlen more than one time - use ap_strchr instead of strchr

cleanup rewritelog function. - shorten the code - improve efficiency and readability - get a rid of fixed buffers - use %pp format string for pointers

allow piped rewrite logs to be relative to serverroot

exit(1) should never occur in any module. Stay away from it.

a long time ago ... REWRITELOCK_MODE wasn't used anymore for ages. In the meantime it defined the mode of the rewritelog (sic!) file. So fix the misnaming and use constants for mode and open flags.

cleanup current_logtime function. use sizeof where sizeof should be used. don't compute strlen again and again (use the supplied value from apr_strftime instead).

add the ability to change the maximum txt:map line length at compile time without patching the code

Get a rid of the oversized cache. The new map-cache consists of a simple two-tiered apr_hash structure. cachep->maps contains entries for each map, which point to a hash with the actual values (map->entries). Each map->entries hash lives in a subpool of cachep->pool. The mtime is stored per map and if the map expires, we just clear map->pool and create a fresh map->entries hash structure. This removes a big chunk of code from mod_rewrite, improves readability and even the memory footprint of the cache.

cleanup the select_random_value_part function. improve efficiency and readabilty.

cleanup lookup_map_dbmfile function. improve efficiency and readablity.

cleanup lookup_map_txtfile function. - improve efficiency - make it better readable

avoid unnecessary memory operations

cleanup lookup_map function. - use switch instead of if-else chain - collapse txt/rnd code, which is essentially the same - make it better readable at all.

rewritemaps are identified by name. Store 'em in a hash rather than an array. This is more naturally, efficient (mostly) and better readable. Leave deep indentations for now (better diff).

re-add missing headers

oof. Strip all non-public stuff from mod_rewrite.h and reorder the code in mod_rewrite.c in order to get a rid of the forward declaration. Cleaned up the comments as well. No real code change, but a quite big diff ...

remove outdated and more confusing than helping comment. no code change.

avoid unnecessary memory operation

remove more unnecessary strlen() operations

remove another fixed buffer from the stack

indentation. no code change

remove useless post increment.

remove more variables from the stack and increase readability.

minor optimization. this avoids a variable on stack and some internal pointer operations.

remove outdated comments about different regex libs

optimization/cleanup. The generic flagparser (read: lexer) for RewriteRules and RewriteConds does the same except for one function call. Collapse these to functions to one and make the result more readable.

don't compute the strlen of dconf->directory three times Submitted by: Justin

when prefixing document root, use the core translator instead of baking our own. The core function is much better maintained and probably more safe. Additionally this removes just another fixed buffer :)

step two: get a rid of the old do_expand function.

optimization; rewrite the do_expand function in order to: + give it a better interface + get a rid of most of the fixed stack buffers and then + no longer limit rewritten uris, expanded variables etc to 2k + make it better readable and understandable at all. This is a two-tiered commit for better diffs.

add some linebreaks and reorder case alphabetically for better readability. No code changes.

optimization: no need to use the pool here. This is obviously a static value.

optimization: - add comment about what subst_prefix_path function does - reduce the use of fixed buffers - get a rid of unnecessary memory operations

optimization: speed up ruleflag parsing.

optimization: no need to search linear for headers. apr_table_get should be more efficient nearly always.

optimization: rewrite reduce_uri function: get a rid of static buffers and unnecessary memory operations

minor optimization. No need to use a function overhead here.

Namespace protected the table label.

Ignore RewriteRules in .htaccess files if the directory containing the .htaccess file is requested without a trailing slash. PR: 20195

Remove some extraneous code committed as part of the fix for 13946 pointed out by Andre Malo. [Paul J. Reder]

mod_rewrite: fix a problem in the proxy support of mod_rewrite. The broken code was inserting multiple "proxy:" fields in the rewritten URIs. [Submitted by: Eider Oliveira <eider@bol.com.br>] [Updated and reviewed by: Paul J. Reder]

Unix: Handle permissions settings for flock-based mutexes in unixd_set_global|proc_mutex_perms(). Allow the functions to be called for any type of mutex. This resolves a fatal problem with mod_rewrite on systems where APR uses flock-based mutex. It simplifies mod_ssl as well, which had special logic to perform the chown(). It fixed an init error with mod_ssl on systems where flock is used when the user had no SSLMutex directive. The Unix MPMs continue to call unixd_set_global|proc_mutex_perms() only for SysV sems. There is no permission problem with flock-based accept mutexes since the child init logic for the MPMs is done prior to switching identity. PR: 20312

mod_rewrite: Perform child initialization on the rewrite log lock. This fixes a log corruption issue when flock-based serialization is used (e.g., FreeBSD).

fix LA-U lookaheads in directory context. I'm wondering if this ever worked ... PR: 8493 (related to)

Make sure that mod_rewrite's type checker is evaluated before mod_mime. PR: 19626

SECURITY: Eliminated leaks of several file descriptors to child processes, such as CGI scripts. PR: 17206 Submitted by: Christian Kratzer <ck@cksoft.de>, Bjoern A. Zeeb <bz@zabbadoz.net> Reviewed by: Joe Orton, Will Rowe

Prevent endless loops of internal redirects in mod_rewrite by aborting after exceeding a limit of internal redirects. The limit defaults to 10 and can be changed using the RewriteOptions directive with the new MaxRedirects=n argument. (The latter required some restructuring of the RewriteOptions evaluation code). (Documentation patch follows asap) PR: 17462

mod_rewrite: Fix some problems reporting errors with mapping programs (RewriteMap prg:/something). the wrong field was specified when trying to log the name of the program that couldn't be started recent APR features used to provide better error reporting on systems where apr_proc_create() uses fork()

Fix mod_rewrite's abs_URI handling. - uris were partially not correctly escaped (in particular: ldap, news, mailto) - not all uri schemes contain an authority component (//) - add nntp:// scheme - don't add a query string (and drop r->args) if it's not http or mailto scheme - be more efficient (think so)

fix some const-ness problems which break the compile with the native compiler for AIX (and probably HP-UX and Tru64 as well, since they tend to be picky too)

This is part three. It fixes the misunderstandings between local URL paths and local system paths. Note that mod_rewrite handles _both_. Fixed also some comments to make the explanations more clear.

This is part two. It fixes the prefix_stat function. (which does a stat call on the first path segment). This function was still tailored for unix systems only. It should work on other systems as well now.

Well, here comes a major fix. I've splitted the patch into 3 parts for better understanding, what I'm doing there. This is part one. mod_rewrite appears to be very broken in several cases, especially on non-unix systems. However, let's start with fixing the path handling, since it's _the_ major PITA, e.g. on win32. This part removes _unused_ code. The condition is never true, because "A local rewrite in per-directory context" was caught much earlier. I'd guess this piece of code was c&p accidentally...

guess, what happens, when l == 0 theoretical case, maybe ...

uh, oh. Fix possible 1-byte buffer overflow.

Hook mod_proxy's fixup before mod_rewrite's fixup, so that by mod_rewrite proxied URLs will not be escaped accidentally by mod_proxy's fixup. PR: 16368

catch some style issues. No code changes.

finished that boring job: update license to 2003. Happy New Year! ;-))

allow RewriteEngine Off even if Options -FollowSymlinks is set. PR: 12395 Reviewed by: Justin Erenkrantz

Fix a bug with dbm rewrite maps which caused the wrong value to be used when the key was not found in the dbm. apr_dbm_fetch() returns APR_SUCCESS as long as there was no I/O error. mod_rewrite needed to look further to see if the key was actually found. PR 13204

The style police just get really annoyed with this file in general. (No code changes)

fix a type mismatch

new option 'path' to the cookie PR: 12172 Submitted by: apachecvslog@robcromwell.com (Rob Cromwell)

just saw this bug PR: 12181

shot in the arm by the style police while trying to escape

set expiry time correctly. set Cookie on err_headers_out, and ensure it is only set once. PR: 12132 Submitted by: apachecvslog@robcromwell.com (Rob Cromwell)

fix breakage of dbm maps which was introduced in the previous commit

add the ability to specify the dbm type (e.g., gdbm, ndbm) for dbm rewrite maps use dbm:filename for the default type use dbm=TYPE:filename for a non-default type

Change mod_rewrite to use apr-util's dbm support for dbm rewrite maps. For now, the SDBM dbm flavor is always used. It won't be compatible with dbm rewrite maps built for Apache 1.3 until apr-util supports ndbm and mod_rewrite is changed to prefer ndbm over the built-in sdbm. PR: 10644

Fix a problem whereby RewriteMap prg:'s would get out of sync due to the inappropriate use of nonblocking reads. Also get rid of the stderr altogether since mod_rewrite never uses it. PR: 9534

Continue the Bill Rowe apr_size_t crusade.

new configuration option for mod_rewrite to set cookies. configuration is like the following RewriteRule (.*) - [CO=<cookiename>:$1:<domain>:<expiry in minutes>] Submitted by: Brian Degenhardt <bmd@mp3.com> Reviewed by: Ian Holsman

Fix some casting in mod_rewrite which broke random maps. PR: 9770 Submitted by: Allan Edwards, Greg Ames, Jeff Trawick

Well the wrappers work out well... nice to be able to put off committing these API changes until the evening ;)

Thanks Ryan for cleaning up after my laziness. :) Here are just a few last little changes. ->datafile should be initialized... but doing so brings up the fact that the check in run_rewritemap_programs() was expecting ->datafile to have a string attached to it. For clarity, let's just use argv[0] there. And since we've reinstated the use of ->checkfile, we no longer need that extra apr_stat() I hacked in, so let's get rid of it.

Tokenize the arguments for rewrite programs during config parsing, and just use that information later. I was having a problem with prg directives with arguments failing the configuration. The problem was a call to stat, which was being passed the program name and the arguments. Obviously, the arguments were messing up the call to stat. This gets the test suite working for me again.

Error out a bit more nicely if the RewriteMap prg: is not found. We can't just apr_stat in the first init round because we haven't run apr_tokenize_to_argv() yet, and it would be a relatively ugly hack to run it twice just for that. Well, I suppose we could store the argv in the rewritemap structure, but ... nah. With this, we shutdown (cleanly, as opposed to the old exit(1) method) if we go to execute a rewritemap and discover it doesn't exist, and log a nice descriptive message at the end of the error_log.

Fix RewriteMap prg:'s that have command-line args. PR: 8464 Submitted by: James Tait <JTait@wyrddreams.demon.co.uk>

propagate gregames' change to the other callers of that function

don't try to set permissions on the rewrite_log_lock unless it is a SysV sem

stop using APLOG_NOERRNO in calls to ap_log_[pr]error()

It isn't a fatal condition if there is no lockfile name, so switch from APR_EINVAL to APR_SUCCESS. (rewritelock_remove already returns SUCCESS in this case.)

Protect us from this dirty hack that gets SysV Sem working again on mod_rewrite. This, along with the original usage of a unix-only function in mod_rewrite, is a temporary stopgap measure designed only to workaround limitations in APR's handling of permission attributes. It shall be removed as soon as that interface is improved.

Fix mod_rewrite hang when APR uses SysV Semaphores. Before we were silently failing when locking/unlocking the mutex, since httpd child processes didn't have permissions to access the root-created semaphore. PR: 8143

Add some error checking in mod_rewrite for the mutex lock/unlock calls.

fix the type of the pointer returned by the hash lookup

Added an optional function (ap_register_rewrite_mapfunc) which allows third-party modules to extend mod_rewrite's "int:" internal RewriteMap functionality. Concept by: Tahiry Ramanamampanoharana <nomentsoa@hotmail.com>

Update for APR rename of apr_get_groupname to apr_group_name_get. Submitted by: Thom May <thom@planetarytramp.net>

Adapt to the rename of apr_explode_localtime to apr_time_exp_lt in APR. Submitted by: Thom May <thom@planetarytramp.net>

Update mod_rewrite to use the new APR global mutex type.

Commit 1 of 2 to: 1. rename ap_rset_content_type to ap_set_content_type 2. reverse the arguments on the call to aligh with ap_set_content_length

First commit to introduce accessor function to set r->content_type..

Eliminate potential ap_server_root_relative segfaults, with the input of Jeff Trawick's style changes to the first patches. Doesn't include the fixes to ssl [more complex], and we won't trap errors that involve ap_serverroot, since we presume that was normalized on the way in. Therefore, testing ap_server_root_relative(DEFAULT_FOO) cases should never become necessary.

deal with the rename of kill_after_timeout to APR_KILL_AFTER_TIMEOUT

Update our copyright for this year.