httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: [patch] mod_access/3821
Date Sat, 20 Mar 1999 23:12:05 GMT
Will this still allow somebody to use Limit and LimitExcept to allow an
M_INVALID operation against that directory or its contents? For example,
there are some additional DAV operations that Apache classifies as
M_INVALID, but I still need to interpret. There would be no way to do
that if mod_access unconditionally punted all M_INVALID operations.

thx
-g

Cliff Skolnick wrote:
> 
> Here's a quick patch that will tag all M_INVALID check_dir_access calls
> as FORBIDDEN.
> 
> Cliff
> 
> Index: apache-1.3/src/modules/standard/mod_access.c
> ===================================================================
> RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_access.c,v
> retrieving revision 1.38
> diff -u -r1.38 mod_access.c
> --- mod_access.c        1999/01/01 19:05:06     1.38
> +++ mod_access.c        1999/03/20 22:28:00
> @@ -353,7 +353,10 @@
>      ap_get_module_config(r->per_dir_config, &access_module);
>      int ret = OK;
> 
> -    if (a->order[method] == ALLOW_THEN_DENY) {
> +    if (method >= METHODS) {
> +       ret = FORBIDDEN;
> +    }
> +    else if (a->order[method] == ALLOW_THEN_DENY) {
>         ret = FORBIDDEN;
>         if (find_allowdeny(r, a->allows, method))
>             ret = OK;
> 
> --
> Cliff Skolnick
> Steam Tunnel Operations
> cliff@steam.com
> http://www.steam.com/

--
Greg Stein, http://www.lyra.org/

Mime
View raw message