httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50964] Apache HTTPD 2.2 does not parse nested server side includes properly
Date Thu, 24 Mar 2011 00:39:10 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50964

--- Comment #1 from Nick <nllamb@msn.com> 2011-03-23 20:39:08 EDT ---
Edit: IIS 5 through 7 all properly handle nested server-side includes (when
enabled). Just FYI.

(In reply to comment #0)
> When enabling includes within HTTPD, Apache 2.2 only parses first-level
> <!--#include virtual="/some_file.shtml" --> includes.
> Nested includes, while maybe not conventional, should be supported by the
> server.
> Such situations can occur when a header is created by using something like:
> <!--#include virtual="/header.shtml" -->
> and within header.shtml it has additional includes like:
> <!--#include virtual="/banner.shtml" -->
> <!--#include virtual="/contacts.shtml" -->
> etc.
> When loaded by apache, it responds by passing this data as plaintext.
> Recommended solution:
> Enable a directive enabling the operator to specify how deep httpd should parse
> included documents. Set the default to 1, allow overwrite to some reasonable
> max such as 10.
> Doing this would allow people to nest server side includes without the
> potential of DOSing the system via infinite recursion (in the case of a
> self-referencing or otherwise erroneously-coded html doc).

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message