www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zak Ziggy <zak_zi...@hotmail.com>
Subject mod_cgi/7966: The cgi-bin scripts with URL requests path exeeding the ScriptPath error Forbidden.
Date Mon, 02 Jul 2001 02:06:41 GMT

>Number:         7966
>Category:       mod_cgi
>Synopsis:       The cgi-bin scripts with URL requests path exeeding the ScriptPath error
Forbidden.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sun Jul 01 19:10:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     zak_ziggy@hotmail.com
>Release:        1.3.20 was good in 1.3.9
>Organization:
apache
>Environment:
OS X Server / Darwin   G3 (Blue and White box)
With apache 1.3.20  use to work in 1.3.9  change is bad.
>Description:
So now I put apache source for version 1.3.20, on OS X Server.
This compiles okay, and runs. The version I use for 1.2 has been custom modified to include
SSL etc. this one is superior.
My primary problem with it is a path like /cgi-bin/PDO_link/Customer/SessionContainerIDNumber.pageValue/Zone/Action
no longer is considered valid because there is no actual file or path on the system past the
ScriptPath /cgi-bin/PDO_link. (I have years of code build around this and it is not an option
for apache to change it I believe it is an apache bug, they to can not leave well enough alone
and the tech world continues to de-evolve).
Of course this works in 1.3.9 not downloadable not supported, but does compile on OS X, unfortunately
it does not run either.
This use to be accepted because the cgi-bin program is valid. It is important and in the fashion
of Hotmail and countless other session container driven sites (probably including WebObjects)
that it work the way it always use to and should.
I am sure this is a bug in apache source, I have compared the code of 1.3.9 to 1.3.20, and
there is no reason I can find why this occurs but will have to reduce myself to the level
of C to repair it or lose a decade of work.
It is important because the path data helps browsers know that each page is unique via random
session container numbers and page numbers, also it is important that it works this way so
that a browser can cache the page allowing back arrow navigation without requiring reloading
and therefore breaking the link forward. (There are other reasons I will avoid explaining
to you here for now).
Question: Does anybody now of a compiler directive that will allow apache cgi-bin script or
URL requests with extra data in the path to properly be processed without sending Forbidden
errors (or File Not found errors after that one is skipped).
>How-To-Repeat:
Run a script like hotmail that includes session container data and page values, like
/cgi-bin/PDO_link/Customer/SessionContainerIDNumber.pageValue/Zone/Action
Version 1.3.9 worked right an allowed paths beyond the bin script.
I have spent 7 years building code for the original accepted format I would rather fix the
apache source myself, but I am sure this is a bug you would like to now about.
>Fix:
Looking back at 1.3.9 I can find where this change has taken place, but basically in the Directory
and file checks/walks all cgi-bin scripts are valid.
Simple allow the script path to be set and validate the request, even though the path continues
on past the cgi-bin point, or include a compiler directive to allow this, if you feel it is
not a bug.
Thank you for listening to my suggestion/bug report.
My life's work is dependent on it I hope you can tell me what is going to happen, soon. 

P.S. Thank you for putting up with my rating, etc.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message