httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 35194] New: - LimitRequestBody is not considered, if a Action Handler is called
Date Thu, 02 Jun 2005 21:00:28 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35194>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35194

           Summary: LimitRequestBody is not considered, if a Action Handler
                    is called
           Product: Apache httpd-1.3
           Version: HEAD
          Platform: Other
        OS/Version: Windows 98
            Status: NEW
          Severity: normal
          Priority: P2
         Component: core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: rkhb@gmx.net


Tested with:
OS: Win98SE, Win2k
HTTPD: Apache 1.3.26, 1.3.27, 1.3.33, 2.0.53, 2.0.54
Module: mod_actions
PHP: 4.3.9, 4.3.10, 5.0.2

If PHP is merged as a CGI binary by an Action-directive in httpd.conf,
LimitRequestBody, which is set in a .htaccess-file or a
<Directory>/<Location>-Block is ignored for a POST-Request that matches the
Action-Directive. PHP will be executed as if LimitRequestBody does not exist.

Example:

Configuration httpd.conf as described in the manual:
AddType application/x-httpd-php .php
Action application/x-httpd-php "/php/php.exe" ("/php/php-cgi.exe" )

Create anywhere a .htaccess:
LimitRequestBody 1000

Put a "proto1.php" in the same directory:

<html>
<?php
echo '<pre>',
	'safe_mode=',ini_get('safe_mode'),"\n",
	'max_execution_time=',ini_get('max_execution_time'),"\n",
	'file_uploads=',ini_get('file_uploads'),"\n",
	'upload_tmp_dir=',ini_get('upload_tmp_dir'),"\n",
	'upload_max_filesize=',ini_get('upload_max_filesize'),"\n",
	'post_max_size=',ini_get('post_max_size'),"\n",
	'$_FILES ',print_r($_FILES),"\n",
	'</pre>';
?>
<form enctype="multipart/form-data" action="proto1.php" method=post>
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</html>

There is no way to get an error 413!

For my purposes (local development) I put following block into mod_actions just
before the ap_internal_redirect_handler(...)-call:

Apache 1.3.33:

if ( ap_table_get(r->headers_in, "Content-Length") &&
     atoi(ap_table_get(r->headers_in, "Content-Length")) >
(int)ap_get_limit_req_body(r)
   ) return DECLINED;

Apache 2.0.54:

if ( apr_table_get(r->headers_in, "Content-Length") &&
     atoi(ap_table_get(r->headers_in, "Content-Length")) >
(int)apr_get_limit_req_body(r)
   ) return DECLINED;

I don't believe that this is the correct way to handle the problem in a
production server, but I didn't find a better place yet.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message