Author: jorton
Date: Tue Mar 19 08:35:12 2024
New Revision: 1916412
URL: http://svn.apache.org/viewvc?rev=1916412&view=rev
Log:
Merge r1884505, r1915625 from trunk:
The Microsoft OOXML format uses xml packaged into a zip file, and has
mimetypes like:
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
This mimetypes contains 'xml', but is unfortunately not an xml file.
xml2enc processes these files (in particular, when mod_proxy_html is
used), typically resulting in them being corrupted as it seems to
attempt to perform a ISO-8859-1 to UTF-8 conversion on them.
* modules/filters/mod_xml2enc.c (xml2enc_ffunc): Restrict test for XML
types to matching "+xml".
Submitted by: Joseph Heenan <joseph.heenan fintechlabs.io>, jorton
PR: 64339
Reviewed by: jorton, ylavic, gbechis
Github: closes #410
Added:
httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt (with props)
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1884505,1915625
Added: httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt?rev=1916412&view=auto
==============================================================================
--- httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt (added)
+++ httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt Tue Mar 19 08:35:12 2024
@@ -0,0 +1,4 @@
+ *) mod_xml2enc: Update check to accept any text/ media type
+ or any XML media type per RFC 7303, avoiding
+ corruption of Microsoft OOXML formats. PR 64339.
+ [Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton]
Propchange: httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt
------------------------------------------------------------------------------
svn:eol-style = native
Modified: httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c?rev=1916412&r1=1916411&r2=1916412&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c (original)
+++ httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c Tue Mar 19 08:35:12 2024
@@ -323,7 +323,7 @@ static apr_status_t xml2enc_ffunc(ap_fil
apr_bucket* bstart;
apr_size_t insz = 0;
int pending_meta = 0;
- char *ctype;
+ char *mtype;
char *p;
if (!ctx || !f->r->content_type) {
@@ -332,13 +332,17 @@ static apr_status_t xml2enc_ffunc(ap_fil
return ap_pass_brigade(f->next, bb) ;
}
- ctype = apr_pstrdup(f->r->pool, f->r->content_type);
- for (p = ctype; *p; ++p)
- if (isupper(*p))
- *p = tolower(*p);
+ /* Extract the media type, ignoring parameters in content-type. */
+ mtype = apr_pstrdup(f->r->pool, f->r->content_type);
+ if ((p = ap_strchr(mtype, ';')) != NULL) *p = '\0';
+ ap_str_tolower(mtype);
- /* only act if starts-with "text/" or contains "xml" */
- if (strncmp(ctype, "text/", 5) && !strstr(ctype, "xml")) {
+ /* Accept text/ types, plus any XML media type per RFC 7303. */
+ if (!(strncmp(mtype, "text/", 5) == 0
+ || strcmp(mtype, "application/xml") == 0
+ || (strlen(mtype) > 7 /* minimum 'a/b+xml' length */
+ && (p = strstr(mtype, "+xml")) != NULL
+ && strlen(p) == 4 /* ensures +xml is a suffix */))) {
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb) ;
}
Date: Tue Mar 19 08:35:12 2024
New Revision: 1916412
URL: http://svn.apache.org/viewvc?rev=1916412&view=rev
Log:
Merge r1884505, r1915625 from trunk:
The Microsoft OOXML format uses xml packaged into a zip file, and has
mimetypes like:
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
This mimetypes contains 'xml', but is unfortunately not an xml file.
xml2enc processes these files (in particular, when mod_proxy_html is
used), typically resulting in them being corrupted as it seems to
attempt to perform a ISO-8859-1 to UTF-8 conversion on them.
* modules/filters/mod_xml2enc.c (xml2enc_ffunc): Restrict test for XML
types to matching "+xml".
Submitted by: Joseph Heenan <joseph.heenan fintechlabs.io>, jorton
PR: 64339
Reviewed by: jorton, ylavic, gbechis
Github: closes #410
Added:
httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt (with props)
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1884505,1915625
Added: httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt?rev=1916412&view=auto
==============================================================================
--- httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt (added)
+++ httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt Tue Mar 19 08:35:12 2024
@@ -0,0 +1,4 @@
+ *) mod_xml2enc: Update check to accept any text/ media type
+ or any XML media type per RFC 7303, avoiding
+ corruption of Microsoft OOXML formats. PR 64339.
+ [Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton]
Propchange: httpd/httpd/branches/2.4.x/changes-entries/pr64339.txt
------------------------------------------------------------------------------
svn:eol-style = native
Modified: httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c?rev=1916412&r1=1916411&r2=1916412&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c (original)
+++ httpd/httpd/branches/2.4.x/modules/filters/mod_xml2enc.c Tue Mar 19 08:35:12 2024
@@ -323,7 +323,7 @@ static apr_status_t xml2enc_ffunc(ap_fil
apr_bucket* bstart;
apr_size_t insz = 0;
int pending_meta = 0;
- char *ctype;
+ char *mtype;
char *p;
if (!ctx || !f->r->content_type) {
@@ -332,13 +332,17 @@ static apr_status_t xml2enc_ffunc(ap_fil
return ap_pass_brigade(f->next, bb) ;
}
- ctype = apr_pstrdup(f->r->pool, f->r->content_type);
- for (p = ctype; *p; ++p)
- if (isupper(*p))
- *p = tolower(*p);
+ /* Extract the media type, ignoring parameters in content-type. */
+ mtype = apr_pstrdup(f->r->pool, f->r->content_type);
+ if ((p = ap_strchr(mtype, ';')) != NULL) *p = '\0';
+ ap_str_tolower(mtype);
- /* only act if starts-with "text/" or contains "xml" */
- if (strncmp(ctype, "text/", 5) && !strstr(ctype, "xml")) {
+ /* Accept text/ types, plus any XML media type per RFC 7303. */
+ if (!(strncmp(mtype, "text/", 5) == 0
+ || strcmp(mtype, "application/xml") == 0
+ || (strlen(mtype) > 7 /* minimum 'a/b+xml' length */
+ && (p = strstr(mtype, "+xml")) != NULL
+ && strlen(p) == 4 /* ensures +xml is a suffix */))) {
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb) ;
}