[prev in list] [next in list] [prev in thread] [next in thread]
List: lon-capa-cvs
Subject: [LON-CAPA-cvs] cvs: doc /loncapafiles webserver.piml rat lonwrapper.pm
From: raeburn <raeburn () source ! lon-capa ! org>
Date: 2020-02-16 21:57:59
Message-ID: cvsraeburn1581890279 () cvsserver
[Download RAW message or body]
raeburn Sun Feb 16 21:57:59 2020 EDT
Modified files:
/rat lonwrapper.pm
/doc/loncapafiles webserver.piml
Log:
- Accommodate Apache 2.4 updated to address CVE-2019-0220, in which
multiple consecutive slashes are collapsed into a single slash.
Index: rat/lonwrapper.pm
diff -u rat/lonwrapper.pm:1.71 rat/lonwrapper.pm:1.72
--- rat/lonwrapper.pm:1.71 Tue Jan 14 16:48:06 2020
+++ rat/lonwrapper.pm Sun Feb 16 21:57:49 2020
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Wrapper for external and binary files as standalone resources
#
-# $Id: lonwrapper.pm,v 1.71 2020/01/14 16:48:06 raeburn Exp $
+# $Id: lonwrapper.pm,v 1.72 2020/02/16 21:57:49 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -293,7 +293,7 @@
for ($url){
s|^/adm/wrapper||;
$is_ext = $_ =~ s|^/ext/|http://|;
- s|http://https://|https://|;
+ s|http://https://?|https://| if ($is_ext);
s|:|:|g;
}
Index: doc/loncapafiles/webserver.piml
diff -u doc/loncapafiles/webserver.piml:1.50 doc/loncapafiles/webserver.piml:1.51
--- doc/loncapafiles/webserver.piml:1.50 Mon Jan 6 15:47:10 2020
+++ doc/loncapafiles/webserver.piml Sun Feb 16 21:57:59 2020
@@ -2,7 +2,7 @@
"http://lpml.sourceforge.net/DTD/piml.dtd">
<!-- webserver.piml -->
-<!-- $Id: webserver.piml,v 1.50 2020/01/06 15:47:10 raeburn Exp $ -->
+<!-- $Id: webserver.piml,v 1.51 2020/02/16 21:57:59 raeburn Exp $ -->
<!--
@@ -227,7 +227,7 @@
}
my $hostname = Sys::Hostname::FQDN::fqdn();
my $hostip = Socket::inet_ntoa(scalar(gethostbyname($hostname)) || \
'localhost');
- my @expected = ('RewriteCond %{REQUEST_URI} \
^/adm/wrapper/ext/(?!https:\/\/)', + my @expected = ('RewriteCond \
%{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)',
'RewriteCond %{QUERY_STRING} \
(^|&(|amp;))usehttp=1($|&)',
'RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) \
http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]', 'RewriteCond %{REMOTE_ADDR} 127.0.0.1',
_______________________________________________
LON-CAPA-cvs mailing list
LON-CAPA-cvs@mail.lon-capa.org
http://mail.lon-capa.org/mailman/listinfo/lon-capa-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic