tcl-websh-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dav...@dedasys.com (David N. Welton)
Subject Re: fixme's
Date Tue, 19 Feb 2002 19:05:49 GMT
davidw@dedasys.com (David N. Welton) writes:

> mod_websh.c:363:    /* fixme: proper checking of file or link in test above */


#ifndef APACHE2
    if (S_ISDIR(r->finfo.st_mode)) {
	ap_log_printf(r->server, "attempt to invoke directory as script");
	return FORBIDDEN;
    }
#else /* APACHE2 */
    /* fixme: proper checking of file or link in test above */
    /*    if (S_ISDIR(r->finfo.st_mode)) {
       ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "attempt to invoke directory
as script");
       return HTTP_FORBIDDEN;
       } */
#endif /* APACHE2 */

The two tests 'above' are the standard ones I've seen in most Apache
modules.

I suspect, however, that maybe the comment is in reference to the code
below it, which is commented out.

    if (r->finfo.filetype == 0)
	return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
			       "script not found or unable to stat");
    if (r->finfo.filetype == APR_DIR)
	return log_scripterror(r, conf, HTTP_FORBIDDEN, 0,
			       "attempt to invoke directory as script");

    if (r->path_info && *r->path_info && !r->used_path_info) {
        return log_scripterror(r, conf, HTTP_NOT_FOUND, 0,
                               "AcceptPathInfo off disallows user's path");

Is what I found in mod_cgi.c for Apache 2.  Looks good to me.

-- 
David N. Welton
   Consulting: http://www.dedasys.com/
     Personal: http://www.dedasys.com/davidw/
Free Software: http://www.dedasys.com/freesoftware/
   Apache Tcl: http://tcl.apache.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: websh-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: websh-dev-help@tcl.apache.org


Mime
View raw message