Reverts commit b1cbccdc6b

This belongs to a specific branch as long as it is not stable yet.

apache2/apache2_config.c

@@ -17,7 +17,6 @@
 #include "modsecurity.h"
 #include "msc_logging.h"
 #include "msc_util.h"
-#include "pdf_protect.h"
 #include "http_log.h"
 #include "apr_lib.h"
 #include "acmp.h"
@@ -113,14 +112,6 @@ void *create_directory_config(apr_pool_t *mp, char *path)
     dcfg->stream_inbody_inspection = NOT_SET;
     dcfg->stream_outbody_inspection = NOT_SET;
 
-    /* PDF XSS protection. */
-    dcfg->pdfp_enabled = NOT_SET;
-    dcfg->pdfp_secret = NOT_SET_P;
-    dcfg->pdfp_timeout = NOT_SET;
-    dcfg->pdfp_token_name = NOT_SET_P;
-    dcfg->pdfp_only_get = NOT_SET;
-    dcfg->pdfp_method = NOT_SET;
-
     /* Geo Lookups */
     dcfg->geo = NOT_SET_P;
 
@@ -532,20 +523,6 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
     merged->stream_outbody_inspection = (child->stream_outbody_inspection == NOT_SET
         ? parent->stream_outbody_inspection : child->stream_outbody_inspection);
 
-    /* PDF XSS protection. */
-    merged->pdfp_enabled = (child->pdfp_enabled == NOT_SET
-        ? parent->pdfp_enabled : child->pdfp_enabled);
-    merged->pdfp_secret = (child->pdfp_secret == NOT_SET_P
-        ? parent->pdfp_secret : child->pdfp_secret);
-    merged->pdfp_timeout = (child->pdfp_timeout == NOT_SET
-        ? parent->pdfp_timeout : child->pdfp_timeout);
-    merged->pdfp_token_name = (child->pdfp_token_name == NOT_SET_P
-        ? parent->pdfp_token_name : child->pdfp_token_name);
-    merged->pdfp_only_get = (child->pdfp_only_get == NOT_SET
-        ? parent->pdfp_only_get : child->pdfp_only_get);
-    merged->pdfp_method = (child->pdfp_method == NOT_SET
-        ? parent->pdfp_method : child->pdfp_method);
-
     /* Geo Lookup */
     merged->geo = (child->geo == NOT_SET_P
         ? parent->geo : child->geo);
@@ -701,14 +678,6 @@ void init_directory_config(directory_config *dcfg)
     if (dcfg->stream_inbody_inspection == NOT_SET) dcfg->stream_inbody_inspection = 0;
     if (dcfg->stream_outbody_inspection == NOT_SET) dcfg->stream_outbody_inspection = 0;
 
-    /* PDF XSS protection. */
-    if (dcfg->pdfp_enabled == NOT_SET) dcfg->pdfp_enabled = 0;
-    if (dcfg->pdfp_secret == NOT_SET_P) dcfg->pdfp_secret = NULL;
-    if (dcfg->pdfp_timeout == NOT_SET) dcfg->pdfp_timeout = 10;
-    if (dcfg->pdfp_token_name == NOT_SET_P) dcfg->pdfp_token_name = "PDFPTOKEN";
-    if (dcfg->pdfp_only_get == NOT_SET) dcfg->pdfp_only_get = 1;
-    if (dcfg->pdfp_method == NOT_SET) dcfg->pdfp_method = PDF_PROTECT_METHOD_TOKEN_REDIRECTION;
-
     /* Geo Lookup */
     if (dcfg->geo == NOT_SET_P) dcfg->geo = NULL;
 
@@ -2843,6 +2812,7 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg,
             if (intval < 0) {
                 return apr_psprintf(cmd->pool, "ModSecurity: SecCacheTransformations maxlen must be positive: %s", charval);
             }
+
             /* The NOT_SET indicator is -1, a signed long, and therfore
              * we cannot be >= the unsigned value of NOT_SET.
              */
@@ -2874,26 +2844,6 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg,
 }
 
 
-static const char *cmd_pdf_protect_method(cmd_parms *cmd, void *_dcfg,
-    const char *p1)
-{
-    directory_config *dcfg = (directory_config *)_dcfg;
-    if (dcfg == NULL) return NULL;
-
-    if (strcasecmp(p1, "TokenRedirection") == 0) {
-        dcfg->pdfp_method = PDF_PROTECT_METHOD_TOKEN_REDIRECTION;
-    } else
-    if (strcasecmp(p1, "ForcedDownload") == 0) {
-        dcfg->pdfp_method = PDF_PROTECT_METHOD_FORCED_DOWNLOAD;
-    } else {
-        return (const char *)apr_psprintf(cmd->pool,
-            "ModSecurity: Unrecognised parameter value for SecPdfProtectMethod: %s", p1);
-    }
-    
-    return NULL;
-}
-
-
 /* -- Configuration directives definitions -- */
 
 #define CMD_SCOPE_MAIN  (RSRC_CONF)
@@ -3570,14 +3520,6 @@ const command_rec module_directives[] = {
         "Set Hash key"
     ),
 
-    AP_INIT_TAKE1 (
-        "SecPdfProtectMethod",
-        cmd_pdf_protect_method,
-        NULL,
-        RSRC_CONF,
-        "protection method to use. Can be 'TokenRedirection' (default) or 'ForcedDownload'"
-    ),
-
     AP_INIT_TAKE1 (
         "SecHashParam",
         cmd_hash_param,

apache2/modsecurity.h

@@ -547,14 +547,6 @@ struct directory_config {
     int                 stream_inbody_inspection;
     int                 stream_outbody_inspection;
 
-    /* PDF XSS Protection. */
-    int                  pdfp_enabled;
-    const char          *pdfp_secret;
-    int                  pdfp_timeout;
-    const char          *pdfp_token_name;
-    int                  pdfp_only_get;
-    int                  pdfp_method;
-
     /* Geo Lookup */
     geo_db              *geo;