You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modules-dev@httpd.apache.org by Christopher Vitale <cv...@us.ibm.com> on 2007/08/23 22:46:49 UTC
flagging content input errors
Hello,
I'm working on a linux Apache 2.0.59 input content filter that occasionally
finds something it doesn't like. When this happens I usually return
APR_EGENERAL and for normal html files life is good. Apache will return a
400 error.
When my handler is php, this doesn't seem to be enough. It looks like the
php 5.2.3 sapi module disregards my APR_EGENERAL when it calls
ap_get_brigade() and continues processing the request. I've also set
r->status to 403 on these requests. This returns a page with a 403 status
code and the normal php output body content. Nice.
Is there anything else I can do to communicate that my module has given
this request a big thumbs down?
Thanks,
vitale
Re: flagging content input errors
Posted by Arturo 'Buanzo' Busleiman <bu...@buanzo.com.ar>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Christopher Vitale wrote:
> I know this isn't a php list, but if you're interested in the Apache
> module aspect of the bug you can see it at:
I'll add myself to the bug-item. Might become interested in it when I implement HTTP request
encryption using OpenPGP later on (mod_auth_openpgp).
- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGzgCRAlpOsGhXcE0RCqJ3AJ9YZ1RGrPotN0Rb9GkEMCsIJgwqogCbBXCp
hHMvhO1CiSmj2OaSncQqmHo=
=TnZj
-----END PGP SIGNATURE-----
Re: flagging content input errors
Posted by Christopher Vitale <cv...@us.ibm.com>.
Hello Arturo,
I tried your suggestion but it didn't change anything. I believe that php
is dropping all error code return values; I just wondered if there was a
way around it for the time.
I know this isn't a php list, but if you're interested in the Apache module
aspect of the bug you can see it at:
php-5.2.3/sapi/apache2handler/sapi_apache2.c:php_apache_sapi_read_post. The
function assumes that ap_get_brigade won't return an error that must be
handled. I'm returning an error later down the chain. I'm adding this to
bugs.php.net right now.
vitale
IBM Internet Security Systems - Ahead of the Threat
"Arturo 'Buanzo'
Busleiman"
<buanzo@buanzo.co To
m.ar> modules-dev@httpd.apache.org
cc
08/23/2007 05:12
PM Subject
Re: flagging content input errors
Please respond to
modules-dev@httpd
.apache.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Christopher Vitale wrote:
> Is there anything else I can do to communicate that my module has given
> this request a big thumbs down?
What about return HTTP_INTERNAL_SERVER_ERROR? APR_* seems like less
important to me, being "Apache
runtime" related.
- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad
Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGzfhYAlpOsGhXcE0RCpckAJsERfGv35NIz/SlSaCZGLJOyKJGhACeLphD
FGT/8Xk1GC9XZljC5vkEiiY=
=ZS+E
-----END PGP SIGNATURE-----
Re: flagging content input errors
Posted by Arturo 'Buanzo' Busleiman <bu...@buanzo.com.ar>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Christopher Vitale wrote:
> Is there anything else I can do to communicate that my module has given
> this request a big thumbs down?
What about return HTTP_INTERNAL_SERVER_ERROR? APR_* seems like less important to me, being "Apache
runtime" related.
- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGzfhYAlpOsGhXcE0RCpckAJsERfGv35NIz/SlSaCZGLJOyKJGhACeLphD
FGT/8Xk1GC9XZljC5vkEiiY=
=ZS+E
-----END PGP SIGNATURE-----