[LON-CAPA-cvs] cvs: doc /loncapafiles webserver.piml rat lonwrapper.pm
raeburn
raeburn at source.lon-capa.org
Sun Feb 16 16:57:59 EST 2020
raeburn Sun Feb 16 21:57:59 2020 EDT
Modified files:
/rat lonwrapper.pm
/doc/loncapafiles webserver.piml
Log:
- Accommodate Apache 2.4 updated to address CVE-2019-0220, in which
multiple consecutive slashes are collapsed into a single slash.
Index: rat/lonwrapper.pm
diff -u rat/lonwrapper.pm:1.71 rat/lonwrapper.pm:1.72
--- rat/lonwrapper.pm:1.71 Tue Jan 14 16:48:06 2020
+++ rat/lonwrapper.pm Sun Feb 16 21:57:49 2020
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Wrapper for external and binary files as standalone resources
#
-# $Id: lonwrapper.pm,v 1.71 2020/01/14 16:48:06 raeburn Exp $
+# $Id: lonwrapper.pm,v 1.72 2020/02/16 21:57:49 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -293,7 +293,7 @@
for ($url){
s|^/adm/wrapper||;
$is_ext = $_ =~ s|^/ext/|http://|;
- s|http://https://|https://|;
+ s|http://https://?|https://| if ($is_ext);
s|:|:|g;
}
Index: doc/loncapafiles/webserver.piml
diff -u doc/loncapafiles/webserver.piml:1.50 doc/loncapafiles/webserver.piml:1.51
--- doc/loncapafiles/webserver.piml:1.50 Mon Jan 6 15:47:10 2020
+++ doc/loncapafiles/webserver.piml Sun Feb 16 21:57:59 2020
@@ -2,7 +2,7 @@
"http://lpml.sourceforge.net/DTD/piml.dtd">
<!-- webserver.piml -->
-<!-- $Id: webserver.piml,v 1.50 2020/01/06 15:47:10 raeburn Exp $ -->
+<!-- $Id: webserver.piml,v 1.51 2020/02/16 21:57:59 raeburn Exp $ -->
<!--
@@ -227,7 +227,7 @@
}
my $hostname = Sys::Hostname::FQDN::fqdn();
my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || 'localhost');
- my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)',
+ my @expected = ('RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)',
'RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)',
'RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]',
'RewriteCond %{REMOTE_ADDR} 127.0.0.1',
More information about the LON-CAPA-cvs
mailing list