You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2001/12/28 18:20:41 UTC
cvs commit: httpd-2.0/modules/mappers mod_dir.c
wrowe 01/12/28 09:20:41
Modified: modules/mappers mod_dir.c
Log:
Once again, if mod_dir will perform an internal redirect into a
RESPONSE BODY (as opposed to 'something else' of it's own generation)
it needs to make the caller aware of the results (e.g. an included
subrequest) so the caller can decide if the result is suited (e.g.
including text/html only, but refusing to include other binary results.)
Since we can know everything about the results of the mod_dir processing
by the fixups phase, let it perform all resolutions before the caller
of ap_process_request_internal makes it's decisions.
Revision Changes Path
1.36 +53 -47 httpd-2.0/modules/mappers/mod_dir.c
Index: mod_dir.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_dir.c,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- mod_dir.c 2001/11/13 05:10:24 1.35
+++ mod_dir.c 2001/12/28 17:20:41 1.36
@@ -118,39 +118,53 @@
static int fixup_dir(request_rec *r)
{
- /* only redirect for requests against directories or when we have
- * a note that says that this browser can not handle redirs on
- * non-GET requests (such as Microsoft's WebFolders). */
- if (r->finfo.filetype != APR_DIR || (r->method_number != M_GET &&
- apr_table_get(r->subprocess_env, "redirect-carefully"))) {
+ dir_config_rec *d;
+ char *dummy_ptr[1];
+ char **names_ptr;
+ int num_names;
+ int error_notfound = 0;
+
+ /* only handle requests against directories */
+ if (r->finfo.filetype != APR_DIR) {
return DECLINED;
}
+
+ /* In case mod_mime wasn't present, and no handler was assigned. */
+ if (!r->handler) {
+ r->handler = DIR_MAGIC_TYPE;
+ }
+
+ /* Never tollerate path_info on dir requests */
+ if (r->path_info && *r->path_info) {
+ return DECLINED;
+ }
- if (r->uri[0] == '\0' || r->uri[strlen(r->uri) - 1] != '/') {
+ /* Redirect requests that are not '/' terminated */
+ if (r->uri[0] == '\0' || r->uri[strlen(r->uri) - 1] != '/')
+ {
char *ifile;
+
+ /* Only redirect non-get requests if we have no note to warn
+ * that this browser cannot handle redirs on non-GET requests
+ * (such as Microsoft's WebFolders).
+ */
+ if (r->method_number != M_GET
+ && apr_table_get(r->subprocess_env, "redirect-carefully")) {
+ return DECLINED;
+ }
+
if (r->args != NULL)
ifile = apr_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
- "/", "?", r->args, NULL);
+ "/", "?", r->args, NULL);
else
ifile = apr_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
- "/", NULL);
+ "/", NULL);
apr_table_setn(r->headers_out, "Location",
- ap_construct_url(r->pool, ifile, r));
+ ap_construct_url(r->pool, ifile, r));
return HTTP_MOVED_PERMANENTLY;
}
- return OK;
-}
-
-static int handle_dir(request_rec *r)
-{
- dir_config_rec *d;
- char *dummy_ptr[1];
- char **names_ptr;
- int num_names;
- int error_notfound = 0;
-
if (strcmp(r->handler,DIR_MAGIC_TYPE)) {
return DECLINED;
}
@@ -158,19 +172,6 @@
d = (dir_config_rec *) ap_get_module_config(r->per_dir_config,
&dir_module);
- /* KLUDGE --- make the sub_req lookups happen in the right directory.
- * Fixing this in the sub_req_lookup functions themselves is difficult,
- * and would probably break virtual includes...
- */
-
- if (r->filename[strlen(r->filename) - 1] != '/') {
- if (r->filename != r->canonical_filename)
- r->canonical_filename = NULL;
- r->filename = apr_pstrcat(r->pool, r->filename, "/", NULL);
- if (r->canonical_filename)
- r->canonical_filename = r->filename;
- }
-
if (d->index_names) {
names_ptr = (char **)d->index_names->elts;
num_names = d->index_names->nelts;
@@ -182,22 +183,27 @@
}
for (; num_names; ++names_ptr, --num_names) {
+ /* XXX: Is this name_ptr considered escaped yet, or not??? */
char *name_ptr = *names_ptr;
- request_rec *rr = ap_sub_req_lookup_uri(name_ptr, r, NULL);
+ request_rec *rr;
- if (rr->status == HTTP_OK && rr->finfo.filetype == APR_REG) {
- char *new_uri = ap_escape_uri(r->pool, rr->uri);
+ /* Once upon a time args were handled _after_ the successful redirect.
+ * But that redirect might then _refuse_ the given r->args, creating
+ * a nasty tangle. It seems safer to consider the r->args while we
+ * determine if name_ptr is our viable index, and therefore set them
+ * up correctly on redirect.
+ */
+ if (r->args != NULL)
+ name_ptr = apr_pstrcat(r->pool, name_ptr, "?", r->args, NULL);
- if (rr->args != NULL)
- new_uri = apr_pstrcat(r->pool, new_uri, "?", rr->args, NULL);
- else if (r->args != NULL)
- new_uri = apr_pstrcat(r->pool, new_uri, "?", r->args, NULL);
+ rr = ap_sub_req_lookup_uri(name_ptr, r, NULL);
- ap_destroy_sub_req(rr);
- ap_internal_redirect(new_uri, r);
+ /* XXX: (filetype == APR_REG) - we can't use a non-file index??? */
+ if (rr->status == HTTP_OK && rr->finfo.filetype == APR_REG) {
+ ap_internal_fast_redirect(rr, r);
return OK;
}
-
+
/* If the request returned a redirect, propagate it to the client */
if (ap_is_HTTP_REDIRECT(rr->status) ||
@@ -216,8 +222,8 @@
/* If the request returned something other than 404 (or 200),
* it means the module encountered some sort of problem. To be
- * secure, we should return the error, rather than create
- * along a (possibly unsafe) directory index.
+ * secure, we should return the error, rather than allow autoindex
+ * to create a (possibly unsafe) directory index.
*
* So we store the error, and if none of the listed files
* exist, we return the last error response we got, instead
@@ -229,8 +235,9 @@
ap_destroy_sub_req(rr);
}
- if (error_notfound)
+ if (error_notfound) {
return error_notfound;
+ }
/* nothing for us to do, pass on through */
@@ -242,7 +249,6 @@
static const char * const aszSucc[]={"mod_autoindex.c", NULL};
ap_hook_fixups(fixup_dir,NULL,NULL,APR_HOOK_MIDDLE);
- ap_hook_handler(handle_dir,NULL,aszSucc,APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA dir_module = {