You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@liege.ICS.UCI.EDU> on 1996/10/03 03:19:23 UTC
Re: override mask semantics
>> where parms->override is set according to where the directive occurs:
>>
>> *.conf --> override = (RSRC_CONF|OR_ALL)&~(OR_AUTHCFG|OR_LIMIT);
>>
>> within <Directory> or <Location> --> override = OR_ALL|ACCESS_CONF;
>>
>> .htaccess --> override = core_dir->override; /* AllowOverride, I assume */
>>
>> <Limit> and <Files> do not change the override value, which seems odd.
>
> Not setting <Files> to OR_ALL|ACCESS_CONF is a defenitely a bug, and
> should be fixed. Probably someone (me) just accidentally deleted the
> line.
Hmmm, I don't know. The reason <Directory> and <Location> can set it to
(OR_ALL|ACCESS_CONF) is because they are only allowed in *.conf.
If <Files> is allowed in .htaccess, then the current behavior is
probably correct. Hmmm, I guess that begs the question: is <Files>
allowed in .htaccess?
Right now, we have
{ "<Files", filesection, NULL, OR_ALL, RAW_ARGS, NULL },
in which the OR_ALL seems odd to me (it implies that the directory
must have AllowOverride All in order to set anything via <Files>).
I think it should be either RSRC_CONF (meaning only allowed in *.conf)
or OR_NONE (meaning it should inherit the overrides of the context).
Aaarrgghh, hold on -- I have been assuming that the purpose of the
req_override argument was to indicate the union of overrides that
are necessary. If, instead, it is supposed to indicate the intersection
(as in, this command is allowed if *any* of these overrides are allowed),
then that would explain
if ((parms->override & cmd->req_override) == 0)
return pstrcat (parms->pool, cmd->name, " not allowed here", NULL);
Hey RST, can you confirm one way or the other? That is, does
(OR_AUTHCFG|OR_LIMIT) mean
"anywhere that AuthConfig AND Limit are allowed to be overridden"
or "anywhere that AuthConfig OR Limit is allowed to be overridden"?
The API.html (and what I expected) led me to believe the former, but
the code is currently doing the latter.
.....Roy
Re: override mask semantics
Posted by Alexei Kosut <ak...@nueva.pvt.k12.ca.us>.
On Wed, 2 Oct 1996, Roy T. Fielding wrote:
> Hmmm, I don't know. The reason <Directory> and <Location> can set it to
> (OR_ALL|ACCESS_CONF) is because they are only allowed in *.conf.
> If <Files> is allowed in .htaccess, then the current behavior is
> probably correct. Hmmm, I guess that begs the question: is <Files>
> allowed in .htaccess?
Yes. Of course, you're right. That's why I hadn't set it to that in
the first place. *bonk* Thanks.
> Right now, we have
>
> { "<Files", filesection, NULL, OR_ALL, RAW_ARGS, NULL },
>
> in which the OR_ALL seems odd to me (it implies that the directory
> must have AllowOverride All in order to set anything via <Files>).
> I think it should be either RSRC_CONF (meaning only allowed in *.conf)
> or OR_NONE (meaning it should inherit the overrides of the context).
No. OR_ALL means it will work with any AllowOveridde setting - i.e. it
will apply anywhere. OR_NONE means... uh... it applies nowhere. Don't
quite know why you'd want to use that.
--
________________________________________________________________________
Alexei Kosut <ak...@nueva.pvt.k12.ca.us> The Apache HTTP Server
URL: http://www.nueva.pvt.k12.ca.us/~akosut/ http://www.apache.org/