httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: mod_include and POST (fwd)
Date Sun, 26 Aug 2001 09:35:19 GMT
On Fri, Aug 24, 2001 at 07:45:29PM -0400, Cliff Woolley wrote:
>...
> I've verified this as a security problem in 2.0.  1.3 seems to return a
> 405 Method Not Allowed error when you attempt to POST to a server-parsed
> file, so I've attempted to duplicate that behavior as best I can.  Does
> the following patch look correct?  If so, I'll commit.

The SSI stuff is a handler in 1.3, so it is the proper guy to state what is
handled. And it says "no POST" :-)

As a filter in 2.0, mod_include should just stay out of it.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Mime
View raw message