From 11a4d5522fe29c97e5a4bda99ea6695402e8e597 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 1 Jun 2026 17:41:30 +0000
Subject: [PATCH] expr parse fail should hide conditional content

these are neither true or false, the enclosing content should not
be printed

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1934852 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit 52e6887eced229f562e7cc6599184dcc6fced321)
---
 changes-entries/includes-error.txt |  2 ++
 modules/filters/mod_include.c      | 22 ++++++++++++++++++++++
 modules/filters/mod_include.h      |  1 +
 3 files changed, 25 insertions(+)
 create mode 100644 changes-entries/includes-error.txt

diff --git a/changes-entries/includes-error.txt b/changes-entries/includes-error.txt
new file mode 100644
index 00000000000..07ed59f92fb
--- /dev/null
+++ b/changes-entries/includes-error.txt
@@ -0,0 +1,2 @@
+  *) mod_include: Don't print any of if/elsif/else content when
+     a conditional evaluation returns an error. [Eric Covener]
diff --git a/modules/filters/mod_include.c b/modules/filters/mod_include.c
index 2c0cc67545c..0333d5c882b 100644
--- a/modules/filters/mod_include.c
+++ b/modules/filters/mod_include.c
@@ -2329,6 +2329,8 @@ static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
 
     if (ctx->argc != 1) {
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2338,6 +2340,8 @@ static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01354) "unknown parameter \"%s\" "
                       "to tag if in %s", tag, r->filename);
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2345,6 +2349,8 @@ static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01355) "missing expr value for if "
                       "element in %s", r->filename);
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2356,6 +2362,8 @@ static apr_status_t handle_if(include_ctx_t *ctx, ap_filter_t *f,
         expr_ret = parse_ap_expr(ctx, expr, &was_error);
 
     if (was_error) {
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
         return APR_SUCCESS;
     }
@@ -2401,6 +2409,8 @@ static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
 
     if (ctx->argc != 1) {
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2410,6 +2420,8 @@ static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01358) "unknown parameter \"%s\" "
                       "to tag if in %s", tag, r->filename);
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2417,6 +2429,8 @@ static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01359) "missing expr in elif "
                       "statement: %s", r->filename);
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         return APR_SUCCESS;
     }
 
@@ -2434,6 +2448,8 @@ static apr_status_t handle_elif(include_ctx_t *ctx, ap_filter_t *f,
         expr_ret = parse_ap_expr(ctx, expr, &was_error);
 
     if (was_error) {
+        ctx->flags &= SSI_FLAG_CLEAR_PRINT_COND;
+        ctx->flags |= SSI_FLAG_COND_ERROR;
         SSI_CREATE_ERROR_BUCKET(ctx, f, bb);
         return APR_SUCCESS;
     }
@@ -2480,6 +2496,11 @@ static apr_status_t handle_else(include_ctx_t *ctx, ap_filter_t *f,
 
     DEBUG_DUMP_COND(ctx, " else");
 
+    /* Don't toggle printing if there was an expression evaluation error */
+    if (ctx->flags & SSI_FLAG_COND_ERROR) {
+        return APR_SUCCESS;
+    }
+
     if (ctx->flags & SSI_FLAG_COND_TRUE) {
         ctx->flags &= SSI_FLAG_CLEAR_PRINTING;
     }
@@ -2519,6 +2540,7 @@ static apr_status_t handle_endif(include_ctx_t *ctx, ap_filter_t *f,
     DEBUG_DUMP_COND(ctx, "endif");
 
     ctx->flags |= (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE);
+    ctx->flags &= ~SSI_FLAG_COND_ERROR;
 
     return APR_SUCCESS;
 }
diff --git a/modules/filters/mod_include.h b/modules/filters/mod_include.h
index 73714a298bc..cf969e941d3 100644
--- a/modules/filters/mod_include.h
+++ b/modules/filters/mod_include.h
@@ -57,6 +57,7 @@
 #define SSI_FLAG_COND_TRUE        (1<<1)  /* Conditional eval'd to true. */
 #define SSI_FLAG_SIZE_IN_BYTES    (1<<2)  /* Sizes displayed in bytes.   */
 #define SSI_FLAG_NO_EXEC          (1<<3)  /* No Exec in current context. */
+#define SSI_FLAG_COND_ERROR       (1<<4)  /* Conditional evaluation was in error */
 
 #define SSI_FLAG_SIZE_ABBREV      (~(SSI_FLAG_SIZE_IN_BYTES))
 #define SSI_FLAG_CLEAR_PRINT_COND (~((SSI_FLAG_PRINTING) | \