From dd107ea3d822f14f08198135ae2fc5b3b1d454b6 Mon Sep 17 00:00:00 2001
From: root <root@rbsd.ankarstrom.se>
Date: Mon, 26 Apr 2021 19:33:46 +0000
Subject: Fix regex bug, support HTML comments

I added \s* after <body> to match any potential newline (and, for
good measure, whitespace) after <body>.  One would usually rather
have this:

<body>
My header

than this:

<body>My header
---
 README                       | 50 ++++++++++++++++++++++++++++++++++----------
 lib/Apache/Inject.pm         | 18 ++++++++++------
 lib/Apache/Inject/Handler.pm | 11 ++++++++--
 t/basic.t                    | 30 +++++++++++++++++---------
 4 files changed, 80 insertions(+), 29 deletions(-)

diff --git a/README b/README
index f8ab8ce..1f396ca 100644
--- a/README
+++ b/README
@@ -4,11 +4,23 @@ NAME
 SYNOPSIS
       LoadModule perl_module libexec/apache24/mod_perl.so
       PerlLoadModule Apache::Inject
-      DocumentRoot /uar/local/www/apache24/data
+      DocumentRoot /usr/local/www/apache24/data
+
       <Directory /usr/local/www/apache24/data>
+          # Inject both header and footer on all pages on the server
           Inject head.html foot.html
       </Directory>
 
+      <Location /blog>
+          # Inject only header on pages under /blog
+          Inject head.html
+      </Location>
+
+      <Files index.html>
+          # Inject only footer on pages named index.html
+          Inject - foot.html
+      </Files>
+
 DESCRIPTION
     Apache::Inject is a mod_perl module that adds an Apache directive called
     Inject.
@@ -69,6 +81,22 @@ INSTALLATION
     relevant if you install Apache::Inject via App::Cpan, which normally
     runs as root.
 
+SYNTAX
+    The Inject directive takes one or two arguments:
+
+      Inject HEADER_FILE [FOOTER_FILE]
+
+    Each argument can consist of one of two things:
+
+    1. the path to a file relative to the document root, or
+    2. a single hyphen ("-"), signifying the absence of an argument.
+
+    Passing a hyphen as the first argument disables the header, and passing
+    a hyphen as the second argument disables the footer.
+
+    If you leave out the second argument, then it is implicitly equivalent
+    to a hyphen.
+
 OPERATION
     Behind the scenes, the Inject directive works as an alias for
     PerlResponseHandler and PerlSetVar. For example, "Inject head.html
@@ -86,6 +114,16 @@ OPERATION
     well as the contents of the "InjectHeader" and "InjectFooter" files,
     concatenates them intelligently and prints their combined contents.
 
+CAVEATS
+    Apache::Inject::Handler uses regular expressions to determine the proper
+    location of the injected header. It supports all valid HTML. However, it
+    does not take into account that embedded CSS and JavaScript code can
+    contain strings that look like valid opening and closing HTML tags.
+
+    On FreeBSD, you may need to enable the accf_http kernel module in order
+    for the tests to work. Note that Apache::Inject works fine without the
+    module; it is only the tests that require it.
+
 DIAGNOSTICS
     Apache::Inject and Apache::Inject::Handler log all errors and warnings
     to the Apache log file. Below is a list of all issued errors and
@@ -95,11 +133,6 @@ DIAGNOSTICS
     this means that it also declines the request, letting Apache handle it
     as it would if the Inject directive were not used.
 
-    Error: Argument cannot be a single space
-        In the current implementation, the file names given to Inject are
-        not allowed to consist solely of a single space, as this is a
-        special value signifying the absence of an argument.
-
     Error: InjectHead/InjectFoot should not begin with slash, as it is
     already always relative to document root
         The paths given to Inject are always relative to the document root,
@@ -122,11 +155,6 @@ DIAGNOSTICS
         This warning is issued if Apache::Inject::Handler for some reason
         cannot retrieve the current document root from Apache.
 
-CAVEATS
-    On FreeBSD, you may need to enable the accf_http kernel module in order
-    for the tests to work. Note that Apache::Inject works fine without the
-    module; it is only the tests that require it.
-
 AUTHOR
     John Ankarström, <john [at] ankarstrom.se>
 
diff --git a/lib/Apache/Inject.pm b/lib/Apache/Inject.pm
index 09bf18a..89c0db8 100644
--- a/lib/Apache/Inject.pm
+++ b/lib/Apache/Inject.pm
@@ -180,6 +180,18 @@ file, as well as the contents of the C<InjectHeader> and C<InjectFooter>
 files, concatenates them intelligently and prints their combined
 contents.
 
+=head1 CAVEATS
+
+Apache::Inject::Handler uses regular expressions to determine the
+proper location of the injected header.  It supports all valid HTML.
+However, it does not take into account that embedded CSS and
+JavaScript code can contain strings that look like valid opening
+and closing HTML tags.
+
+On FreeBSD, you may need to enable the accf_http kernel module in
+order for the tests to work.  Note that Apache::Inject works fine
+without the module; it is only the tests that require it.
+
 =head1 DIAGNOSTICS
 
 Apache::Inject and Apache::Inject::Handler log all errors and
@@ -220,12 +232,6 @@ cannot retrieve the current document root from Apache.
 
 =back
 
-=head1 CAVEATS
-
-On FreeBSD, you may need to enable the accf_http kernel module in
-order for the tests to work.  Note that Apache::Inject works fine
-without the module; it is only the tests that require it.
-
 =head1 AUTHOR
 
 John Ankarström, E<lt>john [at] ankarstrom.seE<gt>
diff --git a/lib/Apache/Inject/Handler.pm b/lib/Apache/Inject/Handler.pm
index 0e054e7..ae81fbb 100644
--- a/lib/Apache/Inject/Handler.pm
+++ b/lib/Apache/Inject/Handler.pm
@@ -12,8 +12,11 @@ use Apache2::RequestUtil ();
 my $doc = qr{
 	\A
 	(?<head> \s*
+		 ( <!-- .*? --> )? \s*
 	         ( <!doctype[^>]*> )? \s*
+		 ( <!-- .*? --> )? \s*
 	         ( <html[^>]*> )? \s*
+		 ( <!-- .*? --> )? \s*
 	         ( <head[^>]*> .*? </head> \s*
 	         | ( <meta[^>]*> \s*
 	           | <link[^>]*> \s*
@@ -21,12 +24,16 @@ my $doc = qr{
 	           | <style[^>]*> .*? </style> \s*
 	           | <script[^>]*> .*? </script> \s*
 	           | <base[^>]*> \s*
+		   | <!-- .*? --> \s*
 	           )+
 	         )?
-	         (<body[^>]*>)?
+		 ( <!-- .*? --> )? \s*
+	         ( <body[^>]*> )? \s*
 	)?
 	(?<body> .*? )
-	(?<rest> </html> \s* )?
+	(?<rest> </html> \s*
+		 ( <!-- .*? --> )? \s*
+	)?
 	\z
 }xmsi;
 
diff --git a/t/basic.t b/t/basic.t
index f81c661..231c491 100644
--- a/t/basic.t
+++ b/t/basic.t
@@ -5,7 +5,7 @@ use Apache::Test;
 use Apache::TestUtil;
 use Apache::TestRequest qw/GET_BODY/;
 
-BEGIN { plan tests => 7; }
+BEGIN { plan tests => 9; }
 
 # Prepare environment
 
@@ -50,15 +50,6 @@ overwrite 't/htdocs/test.html', @body;
 ok GET_BODY('/test.html'), "${body[0]}$head${body[1]}$foot",
    '<head>-ful head';
 
-overwrite 't/htdocs/subdir/.htaccess', <<CONF;
-Inject head.html
-CONF
-
-@body = ("This is a test page.\n");
-overwrite 't/htdocs/subdir/test.html', @body;
-ok GET_BODY('/subdir/test.html'), "$head${body[0]}",
-   'different injection in subdirectory';
-
 @body = ("<html>\n", "This is a test page.\n", "</html>\n");
 overwrite 't/htdocs/test.html', @body;
 ok GET_BODY('/test.html'), "${body[0]}$head${body[1]}$foot${body[2]}",
@@ -74,6 +65,25 @@ overwrite 't/htdocs/test.html', @body;
 ok GET_BODY('/test.html'), "${body[0]}$head${body[1]}$foot",
    '<!doctype> with leading newline';
 
+@body = ("<!-- quirks mode -->\n<!doctype html><!-- test -->\n", "This is a test page.\n");
+overwrite 't/htdocs/test.html', @body;
+ok GET_BODY('/test.html'), "${body[0]}$head${body[1]}$foot",
+   'comments in <head>';
+
+@body = ("<body>\n", "This is a test page.\n");
+overwrite 't/htdocs/test.html', @body;
+ok GET_BODY('/test.html'), "${body[0]}$head${body[1]}$foot",
+   'document with <body>';
+
+overwrite 't/htdocs/subdir/.htaccess', <<CONF;
+Inject head.html
+CONF
+
+@body = ("This is a test page.\n");
+overwrite 't/htdocs/subdir/test.html', @body;
+ok GET_BODY('/subdir/test.html'), "$head${body[0]}",
+   'different injection in subdirectory';
+
 overwrite 't/htdocs/.htaccess', <<CONF;
 Inject - head.html
 CONF
-- 
cgit v1.2.3