tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bojan Smojver <bo...@rexursive.com>
Subject Re: cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache2 mod_jk2.c
Date Sun, 21 Jul 2002 06:06:17 GMT
On Sun, 2002-07-21 at 12:40, Bill Barker wrote:
 
> I tested mod_jk 1.2 with only setting r->finfo.filetype in storage map, and
> that seemed to be enough (at least for 2.0.39).

I tried doing that too, but the problem is when you have more then one
file extension to serve. I that case setting r->finfo.filetype to 1
might create a problem if the first matching extension doesn't actually
have a file present.

For instance, I have both index.jsp (legacy) and index.vm (Velocity)
listed as index files in DirectoryIndex. If I set r->finfo.filetype to 1
for index.jsp, without checking for the file, mod_dir becomes happy and
wants to serve it. And if then in that directory the actual file is
index.vm, nothing gets served and Apache returns no permission error.

> However, Bojan's fix is likely to be more robust for future Apache versions.

At one stage I played with the idea of reverting r->filename what was in
the original mod_jk, which is:

r->filename = (char *)apr_filename_of_pathname(r->uri);

In that scenario everything still worked. I'm not sure if that somehow
minimises the security implications...

Bojan


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message