diff -ur httpd-2.2.11/include/http_core.h httpd-2.2.11.new/include/http_core.h --- httpd-2.2.11/include/http_core.h 2009-06-23 02:48:47.000000000 +0900 +++ httpd-2.2.11.new/include/http_core.h 2009-06-23 02:47:46.000000000 +0900 @@ -65,7 +65,7 @@ #define OPT_NONE 0 /** Indexes directive */ #define OPT_INDEXES 1 -/** SSI is enabled without exec= permission */ +/** SSI is enabled without exec= permission. IncludeNOEXEC directive */ #define OPT_INCLUDES 2 /** FollowSymLinks directive */ #define OPT_SYM_LINKS 4 @@ -74,13 +74,14 @@ /** directive unset */ #define OPT_UNSET 16 /** IncludesNOEXEC directive */ -#define OPT_INCNOEXEC 32 +#define OPT_INCNOEXEC OPT_INCLUDES +#define OPT_INC_WITH_EXEC 32 /** SymLinksIfOwnerMatch directive */ #define OPT_SYM_OWNER 64 /** MultiViews directive */ #define OPT_MULTI 128 /** All directives */ -#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI) +#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI) /** @} */ #ifdef CORE_PRIVATE @@ -93,7 +94,7 @@ * * The set of options exposed via ap_allow_options() retains the * semantics of OPT_INCNOEXEC by flipping the bit. */ -#define OPT_INC_WITH_EXEC OPT_INCNOEXEC +/*#define OPT_INC_WITH_EXEC OPT_INCNOEXEC*/ #endif /** diff -ur httpd-2.2.11/modules/filters/mod_include.c httpd-2.2.11.new/modules/filters/mod_include.c --- httpd-2.2.11/modules/filters/mod_include.c 2008-03-17 23:32:47.000000000 +0900 +++ httpd-2.2.11.new/modules/filters/mod_include.c 2009-06-23 02:48:11.000000000 +0900 @@ -3573,7 +3573,7 @@ intern->seen_eos = 0; intern->state = PARSE_PRE_HEAD; ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE); - if (ap_allow_options(r) & OPT_INCNOEXEC) { + if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) { ctx->flags |= SSI_FLAG_NO_EXEC; } intern->accessenable = conf->accessenable; diff -ur httpd-2.2.11/server/core.c httpd-2.2.11.new/server/core.c --- httpd-2.2.11/server/core.c 2009-06-23 02:48:47.000000000 +0900 +++ httpd-2.2.11.new/server/core.c 2009-06-23 02:47:46.000000000 +0900 @@ -108,7 +108,7 @@ conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL; conf->opts_add = conf->opts_remove = OPT_NONE; conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL; - conf->override_opts = OPT_UNSET | OPT_ALL | OPT_INCNOEXEC | OPT_SYM_OWNER + conf->override_opts = OPT_UNSET | OPT_ALL | OPT_INC_WITH_EXEC | OPT_SYM_OWNER | OPT_MULTI; conf->content_md5 = 2; @@ -242,8 +242,8 @@ conf->opts_remove = (conf->opts_remove & ~new->opts_add) | new->opts_remove; conf->opts = (conf->opts & ~conf->opts_remove) | conf->opts_add; - if ((base->opts & OPT_INCNOEXEC) && (new->opts & OPT_INCLUDES)) { - conf->opts = (conf->opts & ~OPT_INCNOEXEC) | OPT_INCLUDES; + if ((base->opts & OPT_INC_WITH_EXEC) && (new->opts & OPT_INCLUDES)) { + conf->opts = (conf->opts & ~OPT_INC_WITH_EXEC) | OPT_INCLUDES; } } else { @@ -659,7 +659,7 @@ * inverted, such that the exposed semantics match that of * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not* * permitted. */ - return conf->opts ^ OPT_INC_WITH_EXEC; + return conf->opts; } AP_DECLARE(int) ap_allow_overrides(request_rec *r) @@ -1308,10 +1308,10 @@ opt = OPT_INDEXES; } else if (!strcasecmp(w, "Includes")) { - opt = OPT_INCLUDES; + opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC); } else if (!strcasecmp(w, "IncludesNOEXEC")) { - opt = (OPT_INCLUDES | OPT_INCNOEXEC); + opt = OPT_INCLUDES; } else if (!strcasecmp(w, "FollowSymLinks")) { opt = OPT_SYM_LINKS; @@ -1432,10 +1432,10 @@ opt = OPT_INDEXES; } else if (!strcasecmp(w, "Includes")) { - opt = OPT_INCLUDES; + opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC); } else if (!strcasecmp(w, "IncludesNOEXEC")) { - opt = (OPT_INCLUDES | OPT_INCNOEXEC); + opt = OPT_INCLUDES; } else if (!strcasecmp(w, "FollowSymLinks")) { opt = OPT_SYM_LINKS;