You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by fa...@locus.apache.org on 2000/06/15 02:26:23 UTC
cvs commit: apache-1.3/src/modules/standard mod_vhost_alias.c
fanf 00/06/14 17:26:23
Modified: src/modules/standard mod_vhost_alias.c
Log:
If the CGI directory is under the document root and a user makes a
request for something like http://www.example.com//cgi-bin/foo.cgi
then they will get the source code for the CGI rather than its output
without this fix.
Reported by: "Paul Perkins" <pa...@despam.penguinpowered.com>
in comp.infosystems.www.servers.unix
<ne...@ernani.logica.co.uk>
Revision Changes Path
1.6 +7 -9 apache-1.3/src/modules/standard/mod_vhost_alias.c
Index: mod_vhost_alias.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_vhost_alias.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_vhost_alias.c 1999/12/20 18:16:54 1.5
+++ mod_vhost_alias.c 2000/06/15 00:26:22 1.6
@@ -412,25 +412,23 @@
mva_sconf_t *conf;
const char *name, *map, *uri;
mva_mode_e mode;
- int cgi;
+ char *cgi;
conf = (mva_sconf_t *) ap_get_module_config(r->server->module_config,
&vhost_alias_module);
- if (!strncmp(r->uri, "/cgi-bin/", 9)) {
+ cgi = strstr(r->uri, "cgi-bin/");
+ if (cgi && cgi - r->uri != strspn(r->uri, "/")) {
+ cgi = NULL;
+ }
+ if (cgi) {
mode = conf->cgi_root_mode;
map = conf->cgi_root;
- uri = r->uri + 8;
- /*
- * can't force cgi immediately because we might not handle this
- * call if the mode is wrong
- */
- cgi = 1;
+ uri = cgi + strlen("cgi-bin");
}
else if (r->uri[0] == '/') {
mode = conf->doc_root_mode;
map = conf->doc_root;
uri = r->uri;
- cgi = 0;
}
else {
return DECLINED;