File apache2-CVE-2024-38476-5.patch of Package apache2.35278
--- a/modules/mappers/mod_actions.c 2024/06/24 17:52:31 1918559
+++ b/modules/mappers/mod_actions.c 2024/06/24 17:54:34 1918560
@@ -182,8 +182,10 @@
return DECLINED;
/* Second, check for actions (which override the method scripts) */
- action = r->handler ? r->handler :
- ap_field_noparam(r->pool, r->content_type);
+ action = r->handler;
+ if (!action && AP_REQUEST_IS_TRUSTED_CT(r)) {
+ action = ap_field_noparam(r->pool, r->content_type);
+ }
if (action && (t = apr_table_get(conf->action_types, action))) {
int virtual = (*t++ == '0' ? 0 : 1);