AcceptPathInfo configured, finding out the real URL that is used

[Christoph Gröver <gr...@sitepark.com>]

Hello list,

I am developing a module which should be able to allow or deny access to URLs
based on a database.

I have now found out that with 'AcceptPathInfo on' there are URLs that the
user can access by simply adding a trailing '/' or a trailing '/whatever'.
So the user specifies he wants '/index.php/whatever' and this is not
diallowed in the database, but then he will get /index.php with '/whatever'
added to the PHP script as a path-info field.
This bypasses the security of course.

Is there a way of knowing whether this is in affect or (preferred) is there a
way to find out the real URL that the PHP interpreter will be using at last.

My module runs in the auth_checker phase and in the fixup phase.
I have not found a way yet to determine the really delivered URL instead of
the user given one.


Thank you for your time,

Greetings

-- 
Christoph Gröver, grover@sitepark.com

Re: AcceptPathInfo configured, finding out the real URL that is used

[Christoph Gröver <gr...@sitepark.com>]

Hallo list,

Answering my own request ..

> I have not found a way yet to determine the really delivered URL
> instead of the user given one.

I found out that the filename field in the request_rec contains the
actually used PHP script. So with the use of the document root of the
request I will be able construct a virtual URL as if the user directly
requested the real file.

Probably this is the only way to find out what PHP will be doing later
with the request.

Greetings

-- 
Christoph Gröver