httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21927] New: - internal_internal_redirect() losts mod_action's auth info
Date Mon, 28 Jul 2003 10:19:54 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21927>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21927

internal_internal_redirect() losts mod_action's auth info

           Summary: internal_internal_redirect() losts mod_action's auth
                    info
           Product: Apache httpd-2.0
           Version: 2.0.46
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: mod_actions
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: cougar@random.ee


I have systemwide php binary and use it for php scripts. Also I use suexec to
run each php script in right user permissions. The configuration is following:

ScriptAlias /cgi-sbin/ /www/cgi-sbin/
Action application/x-httpd-php /cgi-sbin/php-4.3.2
AddType application/x-httpd-php .php

I have test.php file in directory /customer. This directory is protected with
user authentications.

Now I access to www.customer.com/test.php and browser asks me username. I enter
it and after that php script will be run. And here is the problem. mod_action
rewrites url and does internal_redirect(). After that server cheks /www/cgi-sbin
directory permissions and because there are no protection, it run php binary.
But, because there was no authentication, php script don't get $REMOTE_USER
variable.

I solved this with following patch:

diff -urd httpd-2.0.46.orig/modules/http/http_request.c
httpd-2.0.46/modules/http/http_request.c
--- httpd-2.0.46.orig/modules/http/http_request.c       2003-05-19
18:24:05.000000000 +0300
+++ httpd-2.0.46/modules/http/http_request.c    2003-07-24 21:47:27.000000000 +0300
@@ -385,6 +385,7 @@
     new->allowed_methods = ap_make_method_list(new->pool, 2);
 
     new->htaccess        = r->htaccess;
+    new->user            = r->user;
     new->no_cache        = r->no_cache;
     new->expecting_100   = r->expecting_100;
     new->no_local_copy   = r->no_local_copy;

---
Cougar

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message