httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: POST
Date Mon, 30 Sep 2002 22:48:29 GMT
On Mon, Sep 30, 2002 at 09:36:50AM -0400, rbb@apache.org wrote:
> On Sun, 29 Sep 2002, Justin Erenkrantz wrote:
> 
> > On Mon, Sep 30, 2002 at 01:17:55AM -0400, Ryan Bloom wrote:
> > > Because 2.0.42 always displays script source for CGI scripts that use
> > > POST, I believe that we should put that notice on our main site, and stop
> > > suggesting 2.0.42 for production use.
> > 
> > I could not reproduce your problem in my tests.  Do you have a clear
> > reproduction case?  (POSTing to a DAV resource for me yields a 404.)
> > 
> > Is it somehow related to mounting a DAV repository at / and the
> > server getting confused about the /cgi-bin/ dir?  -- justin
> 
> Nope, any script that is under DAV control will post the source to the
> user.

Hunh?

The POST code in mod_dav checks for DAV locks on the resource (per RFC
2518). If there is a lock, then it returns an appropriate error. Otherwise,
it just returns DECLINED and lets (presumably) the default handler deal with
the POST request.

The bug is located in server/core.c::default_handler(). It serves up the
content of a file that you POST to. That isn't right.

Of course, we also have the problem that we can't have more than one
handler. We could restore the RFC 2518 POST check by putting that into a
different processing phase. Not sure which, tho... (it needs to be after the
authentication, at least)

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Mime
View raw message