You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2001/12/13 18:24:27 UTC
cvs commit: httpd-2.0/modules/metadata mod_cern_meta.c
wrowe 01/12/13 09:24:27
Modified: modules/metadata mod_cern_meta.c
Log:
Not really an XXX here
Revision Changes Path
1.35 +7 -1 httpd-2.0/modules/metadata/mod_cern_meta.c
Index: mod_cern_meta.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/metadata/mod_cern_meta.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- mod_cern_meta.c 2001/05/07 14:03:59 1.34
+++ mod_cern_meta.c 2001/12/13 17:24:27 1.35
@@ -361,10 +361,16 @@
dconf->metasuffix ? dconf->metasuffix : DEFAULT_METASUFFIX,
NULL);
- /* XXX: it sucks to require this subrequest to complete, because this
+ /* It sucks to require this subrequest to complete, because this
* means people must leave their meta files accessible to the world.
* A better solution might be a "safe open" feature of pfopen to avoid
* pipes, symlinks, and crap like that.
+ *
+ * In fact, this doesn't suck. Because <Location > blocks are never run
+ * against sub_req_lookup_file, the meta can be somewhat protected by
+ * either masking it with a <Location > directive or alias, or stowing
+ * the file outside of the web document tree, while providing the
+ * appropriate directory blocks to allow access to it as a file.
*/
rr = ap_sub_req_lookup_file(metafilename, r, NULL);
if (rr->status != HTTP_OK) {