[core] add config option to reject pathinfo

global setting; default enabled to preserve existing behavior

If disabled, 404 Not Found is returned if request processing reaches the
step to check filesystem and path, including pathinfo, does not exist.
  server.feature-flags += ("server.http_pathinfo" => "disabled")

Note: this global feature is separate from static-file.disable-pathinfo,
which only affects requests not handled by any other module, and finally
handled by mod_staticfile.

src/configfile.c

@@ -1240,6 +1240,8 @@ static int config_insert(server *srv) {
     p->defaults.http_parseopts |= srv->srvconf.http_url_normalize;
     p->defaults.mimetypes = &srv->srvconf.mimetypes_default;/*must not be NULL*/
     p->defaults.h2proto = srv->srvconf.h2proto;
+    p->defaults.http_pathinfo =
+      config_feature_bool(srv, "server.http_pathinfo", 1);
 
     /* initialize p->defaults from global config context */
     if (p->nconfig > 0 && p->cvlist->v.u2[1]) {

src/request.h

@@ -43,6 +43,8 @@ typedef struct request_config {
     unsigned int error_intercept:1;
 
     unsigned int h2proto:2; /*(global setting copied for convenient access)*/
+    unsigned int http_pathinfo:1;
+    unsigned int http_dummy:2; /*(padding)*/
 
     /* debug */
     unsigned int log_request_handling:1;

src/response.c

@@ -164,8 +164,8 @@ static handler_t http_response_physical_path_check(request_st * const r) {
 
 		/* not found, perhaps PATHINFO */
 
-		sce = http_response_physical_pathinfo(r);
-		if (NULL == sce)
+		if (!r->conf.http_pathinfo
+		    || NULL == (sce = http_response_physical_pathinfo(r)))
 			return http_response_physical_path_error(r, 404, "-- file not found");
 	}