httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55957] environment lost when processing child directories' .htaccess
Date Mon, 06 Jan 2014 21:33:12 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55957

--- Comment #3 from Dan Jacobson <jidanni@jidanni.org> ---
Thank you. Apparently the only choices are revealing too little, due to
the bug, or using IndexOptions +showforbidden and thus revealing too
much.

Please inform me what else is left that I can test on in 2.2 and 2.4,
now that 'host' has been destroyed.

Anyways, the whole idea of environment, is inheriting, at least in
shells, I recall.

If you arbitrarily wipe it out on one of your internal steps, there is
no way the user can recreate it.

This also raises *ONE BIG SECURITY ISSUE*, say the user was depending on
blocking a certain Mr. Snowden, based on the environment. Well that
works... but not in this special certain case!

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message