general/2222: The SSI handler is processing invalid URLs

[Andy Bass <wa...@vuse.vanderbilt.edu>]

>Number:         2222
>Category:       general
>Synopsis:       The SSI handler is processing invalid URLs
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue May 12 15:50:01 PDT 1998
>Last-Modified:
>Originator:     wab@vuse.vanderbilt.edu
>Organization:
apache
>Release:        1.2.6, 1.3b6
>Environment:
% uname -a
SunOS basswa 5.6 Generic sun4c sparc SUNW,Sun_4_50

GNU gcc 2.7.2.3 SPARC Solaris 2.6
>Description:
Invalid requests for a SSI enabled document are succeeding.

e.g.  requests for the document "http://your.domain.com/test.shtml" are 
successful, but requests for http://your.domain.com/test.shtml/test.shtml  
will also succeed (the server returns the document, but relative links to 
graphics are broken).  Since the file /test.shtml/test.shtml does not 
exist the server should return a 404 error.  I have also tried to request
/test.shtml/another_file.html and the server returns the same results as 
/test.shtml/test.shtml.

I have seen this problem with both the .shtml handler and the XBitHack 
method of enabling SSIs.
>How-To-Repeat:
http://continuum.real-time.com/index.text.shtml
http://continuum.real-time.com/index.text.shtml/index.text.shtml
http://www.cs.umbc.edu/agents/agentnews/index.shtml
http://www.cs.umbc.edu/agents/agentnews/index.shtml/index.shtml
http://www.ellsworth.af.mil/index.shtml
http://www.ellsworth.af.mil/index.shtml/index.shtml
http://www.whdh.com/index.shtml
http://www.whdh.com/index.shtml/index.shtml
>Fix:
Sorry.  I don't know.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]