You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rivet-dev@tcl.apache.org by Massimo Manghi <mx...@apache.org> on 2013/02/09 00:59:37 UTC
restrictive Content-Type for POST
in bug #53661 Jeff Lawson proposed to eliminate any restriction on the
Content-Type and process any request
The code concerned (from src/apache-2/apache_request)
if (r->method_number == M_POST ||
r->method_number == M_PUT ||
r->method_number == M_DELETE) {
const char *ct = apr_table_get(r->headers_in, "Content-type");
if (ct) ap_log_rerror(REQ_INFO, "content-type: `%s'", ct);
if (ct && strncaseEQ(ct, DEFAULT_ENCTYPE,
DEFAULT_ENCTYPE_LENGTH)) {
result = ApacheRequest_parse_urlencoded(req);
} else if (ct && strncaseEQ(ct, TEXT_XML_ENCTYPE,
TEXT_XML_ENCTYPE_LENGTH)) {
result = ApacheRequest_parse_urlencoded(req);
} else if (ct && strncaseEQ(ct, MULTIPART_ENCTYPE,
MULTIPART_ENCTYPE_LENGTH)) {
result = ApacheRequest_parse_multipart(req,ct);
} else {
ap_log_rerror(REQ_ERROR, "unknown content-type: `%s'", ct);
result = HTTP_INTERNAL_SERVER_ERROR;
}
}
else {
result = ApacheRequest_parse_urlencoded(req);
}
to my understanding Jeff's idea is that ApacheRequest_parse_urlencoded
should be called in any case, excluding the multipart message case. The
programmer should be able to understand the content-type field value
from the array storing the header lines. Thoughts?
-- Massimo
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org
Re: restrictive Content-Type for POST
Posted by Massimo Manghi <mx...@apache.org>.
here is my patch for ApacheRequest___parse(ApacheRequest *req)
the only case where the internal error is returned is when no
content-type field is defined.
-- Massimo
Index: src/apache-2/apache_request.c
===================================================================
--- src/apache-2/apache_request.c (revision 1441980)
+++ src/apache-2/apache_request.c (working copy)
@@ -380,19 +380,26 @@
if (r->method_number == M_POST || r->method_number == M_PUT ||
r->method_number == M_DELETE) {
const char *ct = apr_table_get(r->headers_in, "Content-type");
- if (ct) ap_log_rerror(REQ_INFO, "content-type: `%s'", ct);
- if (ct && strncaseEQ(ct, DEFAULT_ENCTYPE,
DEFAULT_ENCTYPE_LENGTH)) {
- result = ApacheRequest_parse_urlencoded(req);
- } else if (ct && strncaseEQ(ct, TEXT_XML_ENCTYPE,
TEXT_XML_ENCTYPE_LENGTH)) {
- result = ApacheRequest_parse_urlencoded(req);
- } else if (ct && strncaseEQ(ct, MULTIPART_ENCTYPE,
MULTIPART_ENCTYPE_LENGTH)) {
- result = ApacheRequest_parse_multipart(req,ct);
+ if (ct)
+ {
+ ap_log_rerror(REQ_INFO, "content-type: `%s'", ct);
+ if (strncaseEQ(ct, MULTIPART_ENCTYPE,
MULTIPART_ENCTYPE_LENGTH))
+ {
+ result = ApacheRequest_parse_multipart(req,ct);
+ }
+ else
+ {
+ result = ApacheRequest_parse_urlencoded(req);
+ }
+
} else {
- ap_log_rerror(REQ_ERROR, "unknown content-type: `%s'", ct);
+ ap_log_rerror(REQ_ERROR, "unknown content-type");
result = HTTP_INTERNAL_SERVER_ERROR;
}
+
}
- else {
+ else
+ {
result = ApacheRequest_parse_urlencoded(req);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org