tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache2mod_jk2.c
Date Sun, 21 Jul 2002 06:30:03 GMT

----- Original Message -----
From: "Bojan Smojver" <bojan@rexursive.com>
To: "Tomcat Dev List" <tomcat-dev@jakarta.apache.org>
Sent: Saturday, July 20, 2002 11:06 PM
Subject: Re: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/apache2mod_jk2.c


> On Sun, 2002-07-21 at 12:40, Bill Barker wrote:
>
> > I tested mod_jk 1.2 with only setting r->finfo.filetype in storage map,
and
> > that seemed to be enough (at least for 2.0.39).
>
> I tried doing that too, but the problem is when you have more then one
> file extension to serve. I that case setting r->finfo.filetype to 1
> might create a problem if the first matching extension doesn't actually
> have a file present.
>
> For instance, I have both index.jsp (legacy) and index.vm (Velocity)
> listed as index files in DirectoryIndex. If I set r->finfo.filetype to 1
> for index.jsp, without checking for the file, mod_dir becomes happy and
> wants to serve it. And if then in that directory the actual file is
> index.vm, nothing gets served and Apache returns no permission error.
>

That pretty much gives my +1 to the current fix.  Of course, I'd give an
even bigger +1 to dumping the storage map hook altogether. :)

> > However, Bojan's fix is likely to be more robust for future Apache
versions.
>
> At one stage I played with the idea of reverting r->filename what was in
> the original mod_jk, which is:
>
> r->filename = (char *)apr_filename_of_pathname(r->uri);
>
> In that scenario everything still worked. I'm not sure if that somehow
> minimises the security implications...

Don't see that it makes a difference one way or another.  The real problem
is the storage map hook that doesn't play well with others.

>
> Bojan
>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-dev-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message