You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Chris Darroch <ch...@pearsoncmg.com> on 2014/01/13 20:55:33 UTC
Re: svn commit: r1557640 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_dir.xml
modules/mappers/mod_dir.c
covener@apache.org wrote:
> restore http://svn.apache.org/viewvc?view=revision&revision=233369
> under a configurable option: don't run mod_dir if r->handler is already set.
> PR53794
I like this, and it's certainly a more configurable solution to
the problem with mod_dav which came up last week:
http://marc.info/?l=apache-httpd-dev&m=138842871710848&w=2
The only problem I see here (without having testing the new changes)
is that I believe the default will be to preserve the prior 2.4.x
behaviour:
> + new->checkhandler = MODDIR_UNSET;
> + if (d->checkhandler == MODDIR_ON && strcmp(r->handler, DIR_MAGIC_TYPE)) {
> + return DECLINED;
> + }
For users of mod_dav, though, this means that a working 2.2.x
configuration will still break after an upgrade to 2.4.8; they'd
need to add in "DirectoryCheckHandler On".
I'd like to my additional line of logic, if you agree:
+ if (r->method_number != M_GET && r->method_number != M_POST) {
+ return DECLINED;
+ }
which would ensure that for mod_dir takes no effect when the method
is neither GET nor POST, which seems reasonable to me (since it has
no real meaning with other methods), and has the effect that 2.2.x DAV
setups will "just work" again with 2.4.x, once the patch is back-ported.
Does that seem acceptable to you? I can just follow CTR, I know, but
I thought I'd ask first since you're clearly looking at similar issues
at the same time.
Chris.
--
GPG Key ID: 088335A9
GPG Key Fingerprint: 86CD 3297 7493 75BC F820 6715 F54F E648 0883 35A9
Re: svn commit: r1557640 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/mod_dir.xml modules/mappers/mod_dir.c
Posted by Eric Covener <co...@gmail.com>.
> For users of mod_dav, though, this means that a working 2.2.x
> configuration will still break after an upgrade to 2.4.8; they'd
> need to add in "DirectoryCheckHandler On".
For the rewrite PR's, which are relatively old, I just wanted to get a
safe non-default change into 2.4.x.
I subsequently [next revision] decided it was safe enough to whitelist
mod_rewrites redirect-handler, and to do it by default. One of the
good reasons for this is that since it's trying to do an internal
redirect, mod_dir will get a second chance at it in the new request.
>
> I'd like to my additional line of logic, if you agree:
>
> + if (r->method_number != M_GET && r->method_number != M_POST) {
> + return DECLINED;
> + }
>
> which would ensure that for mod_dir takes no effect when the method
> is neither GET nor POST, which seems reasonable to me (since it has
> no real meaning with other methods), and has the effect that 2.2.x DAV
> setups will "just work" again with 2.4.x, once the patch is back-ported.
>
> Does that seem acceptable to you? I can just follow CTR, I know, but
> I thought I'd ask first since you're clearly looking at similar issues
> at the same time.
I don't really know enough about the risk on this one.