httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: Bug ? Returning some file instead of failing
Date Tue, 19 Sep 1995 15:17:34 GMT
> 
> In apache 0.8.13 :
> 
> If I have a file /home/guillaum/somefile.html
> and I request    /home/guillaum/somefile.html/dummy/path
> then somefile.html is returned.
> This can be worse in MultiViews, because somefile.html is also
> returned if I request /home/guillaum/somefile/dummy/path
> 
> I *think* this bug could be cured by testing r->path_info in the
> default_handler and refusing to proceed if it is not NULL or "".

I've been looking into this one but the problem is that it isn't clear
to me what the roles of filename and path_info are supposed to be. It seems
that filename is the name of the first file that can be stat'ed, working from
the right, and path_info is what is left over. This looks like it is supposed
to make it possible to hide CGI stuff (and possibly other things) as if it
were a directory, i.e. /cgi/somescript/x/y/z would run somescript, with
something (what?) telling it that there was /x/y/z on the end. Quite neat.
Is it documented anywhere, or am I wrong?

> 
> But I don't know enough of the interactions with cgi and includes to
> know if this will work in all circumstances.

Nor do I, but you could try this patch (it works for simple cases):

*** ../../apache_0.8.13/src/http_core.c Wed Aug 23 02:16:07 1995
--- http_core.c Tue Sep 19 16:10:43 1995
***************
*** 661,668 ****
      FILE *f;

      if (r->method_number != M_GET) return DECLINED;
!     if (r->finfo.st_mode == 0) {
!       log_reason("File does not exist", r->filename, r);
        return NOT_FOUND;
      }

--- 661,668 ----
      FILE *f;

      if (r->method_number != M_GET) return DECLINED;
!     if (r->finfo.st_mode == 0 || (r->path_info && *r->path_info)) {
!       log_reason("File does not exist", pstrcat(r->pool,r->filename,r->path_in
fo,NULL), r);
        return NOT_FOUND;
      }

Note that even if this isn't right, something needs to be done about the
log_reason().

> 
> -- Florent

Cheers,

Ben.

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email: ben@algroup.co.uk (preferred)
A.L. Digital Ltd,                  benl@fear.demon.co.uk (backup)
London, England.

[Note for the paranoid: "fear" as in "Fear and Loathing
in Las Vegas", "demon" as in Demon Internet Services, a
commercial Internet access provider.]

Mime
View raw message