Merge r1427465, r1918823 from trunk:

Remove support for Request-Range header sent by Navigator 2-3 and
MSIE 3


* Follow up to r1918814: Strings are from configuration and thus trusted

Submitted by: sf, rpluem
Reviewed by: rpluem, covener, jorton

Github: closes #475


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1920981 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.63
 
+  *) http: Remove support for Request-Range header sent by Navigator 2-3 and
+     MSIE 3. [Stefan Fritsch]
+
   *) mod_rewrite: Don't require [UNC] flag to preserve a leading //
      added by applying the perdir prefix to the substitution.
      [Ruediger Pluem, Eric Covener]

modules/filters/mod_ext_filter.c

@@ -610,7 +610,7 @@ static apr_status_t init_filter_instance(ap_filter_t *f)
         }
         if (ctx->filter->outtype &&
             ctx->filter->outtype != OUTTYPE_UNCHANGED) {
-            ap_set_content_type(f->r, ctx->filter->outtype);
+            ap_set_content_type_ex(f->r, ctx->filter->outtype, 1);
         }
         if (ctx->filter->preserves_content_length != 1) {
             /* nasty, but needed to avoid confusing the browser

modules/generators/mod_autoindex.c

@@ -2052,11 +2052,11 @@ static int index_directory(request_rec *r,
 #endif
     }
     if (*charset) {
-        ap_set_content_type(r, apr_pstrcat(r->pool, ctype, ";charset=",
-                            charset, NULL));
+        ap_set_content_type_ex(r, apr_pstrcat(r->pool, ctype, ";charset=",
+                            charset, NULL), 1);
     }
     else {
-        ap_set_content_type(r, ctype);
+        ap_set_content_type_ex(r, ctype, 1);
     }
 
     if (autoindex_opts & TRACK_MODIFIED) {

modules/http/byterange_filter.c

@@ -100,21 +100,7 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength,
         return 0;
     }
 
-    /*
-     * Check for Range request-header (HTTP/1.1) or Request-Range for
-     * backwards-compatibility with second-draft Luotonen/Franks
-     * byte-ranges (e.g. Netscape Navigator 2-3).
-     *
-     * We support this form, with Request-Range, and (farther down) we
-     * send multipart/x-byteranges instead of multipart/byteranges for
-     * Request-Range based requests to work around a bug in Netscape
-     * Navigator 2-3 and MSIE 3.
-     */
-
-    if (!(range = apr_table_get(r->headers_in, "Range"))) {
-        range = apr_table_get(r->headers_in, "Request-Range");
-    }
-
+    range = apr_table_get(r->headers_in, "Range");
     if (!range || strncasecmp(range, "bytes=", 6) || r->status != HTTP_OK) {
         return 0;
     }
@@ -126,10 +112,9 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength,
 
     /* is content already a multiple range? */
     if ((ct = apr_table_get(r->headers_out, "Content-Type"))
-        && (!strncasecmp(ct, "multipart/byteranges", 20)
-            || !strncasecmp(ct, "multipart/x-byteranges", 22))) {
+        && strncasecmp(ct, "multipart/byteranges", 20) == 0) {
             return 0;
-        }
+    }
 
     /*
      * Check the If-Range header for Etag or Date.
@@ -298,21 +283,6 @@ static int ap_set_byterange(request_rec *r, apr_off_t clength,
     return num_ranges;
 }
 
-/*
- * Here we try to be compatible with clients that want multipart/x-byteranges
- * instead of multipart/byteranges (also see above), as per HTTP/1.1. We
- * look for the Request-Range header (e.g. Netscape 2 and 3) as an indication
- * that the browser supports an older protocol. We also check User-Agent
- * for Microsoft Internet Explorer 3, which needs this as well.
- */
-static int use_range_x(request_rec *r)
-{
-    const char *ua;
-    return (apr_table_get(r->headers_in, "Request-Range")
-            || ((ua = apr_table_get(r->headers_in, "User-Agent"))
-                && ap_strstr_c(ua, "MSIE 3")));
-}
-
 #define BYTERANGE_FMT "%" APR_OFF_T_FMT "-%" APR_OFF_T_FMT "/%" APR_OFF_T_FMT
 
 static apr_status_t copy_brigade_range(apr_bucket_brigade *bb,
@@ -503,10 +473,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f,
         /* Is ap_make_content_type required here? */
         const char *orig_ct = ap_make_content_type(r, r->content_type);
 
-        ap_set_content_type(r, apr_pstrcat(r->pool, "multipart",
-                                           use_range_x(r) ? "/x-" : "/",
-                                           "byteranges; boundary=",
-                                           ap_multipart_boundary, NULL));
+        ap_set_content_type_ex(r, apr_pstrcat(r->pool,
+                                           "multipart/byteranges; boundary=",
+                                           ap_multipart_boundary, NULL), 1);
 
         if (orig_ct) {
             bound_head = apr_pstrcat(r->pool,

modules/http/http_request.c

@@ -808,7 +808,7 @@ AP_DECLARE(void) ap_internal_redirect_handler(const char *new_uri, request_rec *
     }
 
     if (r->handler)
-        ap_set_content_type(new, r->content_type);
+        ap_set_content_type_ex(new, r->content_type, AP_REQUEST_IS_TRUSTED_CT(r));
     access_status = ap_process_request_internal(new);
     if (access_status == OK) {
         access_status = ap_invoke_handler(new);

modules/proxy/mod_proxy_ftp.c

@@ -1878,10 +1878,10 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker,
 
     /* set content-type */
     if (dirlisting) {
-        ap_set_content_type(r, apr_pstrcat(p, "text/html;charset=",
+        ap_set_content_type_ex(r, apr_pstrcat(p, "text/html;charset=",
                                            fdconf->ftp_directory_charset ?
                                            fdconf->ftp_directory_charset :
-                                           "ISO-8859-1",  NULL));
+                                           "ISO-8859-1",  NULL), 1);
     }
     else {
         if (xfer_type != 'A' && size != NULL) {