perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <>
Subject Re: not processing POST within AuthenHandler
Date Fri, 13 Jun 2003 07:05:20 GMT
[moving this discussion to the dev list. it's very important]

Joe Schaefer wrote:
> Stas Bekman <> writes:
>>Joe Schaefer wrote:
>>>>Apache/2.0.44 (Gentoo/Linux) mod_perl/1.99_09 Perl/v5.8.0
>>>Attempting to read POST data before the content-handler is called
>>>is unsafe with httpd-2.  You'll probably have to wait for
>>>Apache::Request to be ported over in order to do something like that.
>>Why do you say that it's unsafe?
> I haven't looked at how implements this, but IIRC the problem
> with reading POST data from an auth handler is that ap_run_insert_filter
> doesn't get called until the content handler is invoked.  If there
> are any request filters that are supposed to be active for the 
> request, they'll be missed by 's parse.  

Good point. We need to document this and make sure that does the right 
thing. Either it needs to check some flag that is available only inside the 
response handler or use the API that checks which phase we are in, which I 
haven't committed yet.

However what should do those who want to devise their own custom auth 
handlers, not based on mechanisms provided by Apache, but using HTML forms? 
Perhaps we need a technique to call ap_run_insert_filter(r) early if there is 
a need for that? Of course developers will have to be aware of the risks. I 
guess if and Apache::Request do the right thing, then they shouldn't 
worry about it.

> mod_apreq.c still doesn't handle this situation quite right, but
> I have a good idea about how it should be fixed.

mod_cache.c runs it manually:
modules/experimental/mod_cache.c:            ap_run_insert_filter(r);
however it has an excuse of being run as quick handler hook

Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker     mod_perl Guide --->

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message