32 lines
1.7 KiB
Diff
32 lines
1.7 KiB
Diff
Index: httpd-2.4.58/docs/manual/rewrite/flags.html.en
|
|
===================================================================
|
|
--- httpd-2.4.58.orig/docs/manual/rewrite/flags.html.en
|
|
+++ httpd-2.4.58/docs/manual/rewrite/flags.html.en
|
|
@@ -820,8 +820,25 @@ otherwise the MIME-type set with this fl
|
|
re-processing (including subsequent rounds of mod_rewrite processing).
|
|
The <code>L</code> flag can be useful in this context to end the
|
|
<em>current</em> round of mod_rewrite processing.</p>
|
|
+</div>
|
|
|
|
-</div></div>
|
|
+<div class="section">
|
|
+ <h2><a name="flag_unsafe_allow_3f" id="flag_unsafe_allow_3f">UnsafeAllow3F</a></h2>
|
|
+ <p> Setting this flag is required to allow a rewrite to continue If the
|
|
+ HTTP request being written has an encoded question mark, '%3f', and the
|
|
+ rewritten result has a '?' in the substiution. This protects from a malicious
|
|
+ URL taking advantage of a capture and re-substitution of the encoded
|
|
+ question mark.</p>
|
|
+</div>
|
|
+<div class="section" id="flag_unsafe_prefix_status">
|
|
+ <h2><a name="flag_unsafe_prefix_status" id="flag_unsafe_prefix_status">UnsafePrefixStat</a></h2>
|
|
+ <p> Setting this flag is required in server-scoped substitutions
|
|
+ start with a variable or backreference and resolve to a filesystem path.
|
|
+ These substitutions are not prefixed with the document root.
|
|
+ This protects from a malicious URL causing the expanded substitution to
|
|
+ map to an unexpected filesystem location.</p>
|
|
+ </div>
|
|
+</div>
|
|
<div class="bottomlang">
|
|
<p><span>Available Languages: </span><a href="../en/rewrite/flags.html" title="English"> en </a> |
|
|
<a href="../fr/rewrite/flags.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p>
|