httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject ScriptAlias & indexing (sub_req_lookup_uri bugs)
Date Fri, 25 Aug 1995 15:02:00 GMT
The following patch rewrites sub_req_lookup_uri to fix the following bugs:

* (From a report for NCSA 1.3 in ciwsu)

ScriptAlias /foobar/index.html /usr/local/etc/httpd/cgi-bin/program.cgi

accessig the URL:/foobar/ indexed the directory instead of running
program.cgi

reason: sub_req_lookup_uri assumed that the URI index.html was always
a file in the foorbar directory.

* Some URLs get URL-decoded multiple times.

Fix:
 sub_req_lookup_uri should never call sub_req_lookup_simple.

As I don't think we are currently considering performance enhancements, fixes
to reintroduce the 'simple' optimisation should be left to another day.

 David.

------------ begin file request.patch
*** http_request.c.orig2	Thu Aug 24 17:40:16 1995
--- http_request.c	Fri Aug 25 14:39:12 1995
***************
*** 369,401 ****
      int res;
      char *udir;
      
-     /* Check for a special case... if there are no '/' characters in new_file
-      * at all, then we are looking at a relative lookup in the same directory.
-      * That means we don't have to redo any access checks.
-      */
- 
-     if (strchr (new_file, '/') == NULL) 
-         return sub_req_lookup_simple (new_file, r);
-     
-     /* The nasty general case.  Need to start from nearly scratch. */
- 
      rnew = make_sub_request (r);
-     udir = make_dirstr (rnew->pool, r->uri, count_dirs (r->uri));
- 
      rnew->connection = r->connection; 
      rnew->server = r->server;
      rnew->request_config = create_request_config (rnew->pool);
      set_sub_req_protocol (rnew, r);
  	
!     parse_uri (rnew, ((new_file[0] == '/') ?
! 		      new_file :
! 		      make_full_path (rnew->pool, udir, new_file)));
  	
      unescape_url (rnew->uri);
      getparents (rnew->uri);
  	
!     if ((res = translate_name (rnew))
! 	|| (res = directory_walk (rnew))
  	|| (!auth_type (rnew) ? 0 :
  	     ((res = check_user_id (rnew)) || (res = check_auth (rnew))))
  	|| (res = check_access (rnew))
--- 369,409 ----
      int res;
      char *udir;
      
      rnew = make_sub_request (r);
      rnew->connection = r->connection; 
      rnew->server = r->server;
      rnew->request_config = create_request_config (rnew->pool);
      set_sub_req_protocol (rnew, r);
  	
!     if (new_file[0] == '/')
! 	parse_uri(rnew, new_file);
!     else
!     {
! 	udir = make_dirstr (rnew->pool, r->uri, count_dirs (r->uri));
! 	udir = escape_uri(rnew->pool, udir); /* re-escape it */
! 	parse_uri (rnew, make_full_path (rnew->pool, udir, new_file));
!     }
  	
      unescape_url (rnew->uri);
      getparents (rnew->uri);
  	
!     res = translate_name(rnew);
!     if (res)
!     {
! 	rnew->status = res;
! 	return rnew;
!     }
! 
!     /* We could be clever at this point, and avoid calling directory_walk, etc.
!      * However, we'd need to test that the old and new filenames contain the
!      * same directory components, so it would require duplicating the start
!      * of translate_name.
!      * Maybe it would be easier to implement a cache for directory and
!      * .htaccess stats, or perhaps pass the old request to translate_name()
!      * for it to do the optimisation.
!      */
!     
!     if ((res = directory_walk (rnew))
  	|| (!auth_type (rnew) ? 0 :
  	     ((res = check_user_id (rnew)) || (res = check_auth (rnew))))
  	|| (res = check_access (rnew))
------------ end file request.patch

Mime
View raw message