httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: Earliest Hook to Inspect POST Params
Date Sun, 01 Aug 2004 00:23:26 GMT
Joe Schaefer wrote:
> Stas Bekman <stas@stason.org> writes:
> 
> 
>>Joe Schaefer wrote:
>>
>>>Eli Marmor <marmor@netmask.it> writes:
>>
>>[...]
>>
>>>>I'm not creating any content (so a normal handler is not needed), and
>>>>I'm transparent and not modifying the request/response (so no filter is
>>>>needed), but just logging the information and want to know what is the
>>>>earliest phase that is already safe enough to parse the POST
>>>>parameters.
>>>
>>>Sounds to me like you really want to write a logging handler, which
>>>is sort of the opposite question.
>>>  "What's the latest hook that can be used?"
>>>Any hook that runs before the content handler does should be fine.
>>>If you're writing a log handler, all your pre-content-handler hook needs to
>>>do is call
>>>  req = apreq_request(r, NULL);
>>>This will register mod_apreq's input filter.  By the time your logging
>>>handler runs, the request body will be parsed, so the same call will
>>>provide your log handler with the fully parsed data.
>>
>>That's very risky, unless you have a full control over the modules that you
>>use. Anybody can grab the POST data before the log phase is happening
>>w/o using libapreq2 and you will be left with no POST when the logging
>>phase will come. 
> 
> 
> Could you give a specific example about when you believe this is risky?
> (I've left my full quote intact so you can point out the problem).
> 
> mod_apreq will always see exactly the same POST data that the 
> content-handler sees; and it does not matter what the content 
> handler decides to do with the data.

In which case my comment was incorrect. I thought that it's not enough 
to register a filter, but one needs to invoke libapreq's API to get the 
POST data, and otherwise the filter won't do anything.

Thanks Joe for correcting me. But do you think that this default 
behavior is the optimal one? I'd think that if any consumer has 
requested the POST data bypassing the apreq API (even though apreq's 
filter is installed), apreq should do nothing. Otherwise the data gets 
unnecessary copied. Or am I wrong again?

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Mime
View raw message