httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: cvs commit: apache-1.3/src/modules/standard mod_speling.c
Date Wed, 23 Sep 1998 23:42:12 GMT
Marc Slemko wrote:
> 
> I'm a bit confused; why should modules have to do anything special to keep
> some obscene thing from taking over their output?  Just because something
> logs something to the error log and uses one of Apache's output forms
> doesn't mean what they log should be sent to the client!
> 
> I also didn't notice that this sort of thing is now sent to the client by
> default.  Is there even a way to disable it?  That is a bad thing to
> just start doing all the time from a security viewpoint.

mod_negotiation and mod_speling use a back door to let
ap_send_error_response() know about a variant list.
The back door involves putting constructed HTML into the
r->notes("variant-list") cell.  If ap_send_error_response()
determines that it's processing a 300 error, AND there's
a value in that cell, it will construct the error message's
content-body from the value.

On the other hand, when ap_send_error_response() starts
processing
an error, it checks for something in r->notes("error-notes").
If it finds something, it uses it in the construction of the
content-body of the error page.  This short-circuits the
special variant processing code.

So it's not the module's output, directly; it's a hint given
to the error handler for that specific error.  As it happens,
the general case was dominating the specific.  Manoj's patch
just restores things, although mod_negotiation may need a
similar patch if it calls ap_log_rerror().  (Haven't checked.)
The two simplest possibilities were this route, or to remove
the call to ap_log_rerror() in mod_speling altogether.  This
seemed the better.

#ken    P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Group member         <http://www.apache.org/>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>

Mime
View raw message