File apache2-CVE-2024-38476-5.patch of Package apache2.35278

--- a/modules/mappers/mod_actions.c	2024/06/24 17:52:31	1918559
+++ b/modules/mappers/mod_actions.c	2024/06/24 17:54:34	1918560
@@ -182,8 +182,10 @@
         return DECLINED;
 
     /* Second, check for actions (which override the method scripts) */
-    action = r->handler ? r->handler :
-        ap_field_noparam(r->pool, r->content_type);
+    action = r->handler;
+    if (!action && AP_REQUEST_IS_TRUSTED_CT(r)) {
+        action = ap_field_noparam(r->pool, r->content_type);
+    }
 
     if (action && (t = apr_table_get(conf->action_types, action))) {
         int virtual = (*t++ == '0' ? 0 : 1);
openSUSE Build Service is sponsored by