httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: autoindex instead of index.html
Date Wed, 26 Sep 2001 17:25:41 GMT
The actual merge occurs in ap_sub_req_method_uri().  Can you breakpoint and
determine what's passed?  This sounds like a vhost's per-dir-config may not
be initialized.

I also (reviewing that code) didn't like what I saw...

        udir = ap_make_dirstr_parent(rnew->pool, r->uri);
        udir = ap_escape_uri(rnew->pool, udir);    /* re-escape it */
        ap_parse_uri(rnew, ap_make_full_path(rnew->pool, udir, new_file));

This means that the new_file is _never_ escaped!!!

The code below might fit -some- situations better...

        udir = ap_make_dirstr_parent(rnew->pool, r->uri);
        udir = ap_make_full_path(rnew->pool, udir, new_file);
        udir = ap_escape_uri(rnew->pool, udir);    /* re-escape it */
        ap_parse_uri(rnew, udir);

I'd argue that we need -2- different functions, with a _u and _e suffix,
to differentiate if we are making a relative sub_req with an already
escaped or unescaped new_file.

I don't want to break anyone overnight, so I'd suggest we add the _u
function, and rename the _e function next week after everyone has a
chance to pipe in.  I'm afraid that most module authors simply haven't
spent any time considering if their input to sub_req was already escaped,
or not.


----- Original Message ----- 
From: "Greg Ames" <>
To: <>
Sent: Wednesday, September 26, 2001 10:00 AM
Subject: Re: autoindex instead of index.html

> Ryan Bloom wrote:
> > 
> > On Tuesday 25 September 2001 03:32 pm, Greg Ames wrote:
> > 
> > Yeah, that should fail.  Why isn't that an absolute path?
> That's the bug.  We're not mapping the subrequest URI into a path in
> this case.  I don't know where it's supposed to happen any more -
> map_to_storage sounds promising though.  I suppose I can see how it's
> done now when the original URI is for a file, and maybe see how 2.0.25
> does it for a directory containing index.html.
> Greg

View raw message