mod_include/1759: POST method not allowed in exec cgi SSI expressions

[Manfred Bathelt <md...@cip.informatik.uni-erlangen.de>]

>Number:         1759
>Category:       mod_include
>Synopsis:       POST method not allowed in exec cgi SSI expressions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Feb  2 09:30:00 PST 1998
>Last-Modified:
>Originator:     mdbathel@cip.informatik.uni-erlangen.de
>Organization:
apache
>Release:        1.2.5
>Environment:
Apache 1.2.5 running on S.U.S.E Linux 2.0.32
>Description:
I tried to process form data with method POST, and used some server parsed
HTML file as ACTION URL within the FORM tag. If the form is submitted, I receive
the error message:

Method Not Allowed

The requested method POST is not allowed for the URL /BGProWeb/BugReports/edit/handle.shtml.

I did not use LIMIT in my access.conf, and anything works fine if I use METHOD GET within
the FORM tag.
Problem: If SSI is used in conjunction with forms and long data (eg Textareas),
POST is required to overcome the 1024 character barrier of method GET.
>How-To-Repeat:
Create some HTML form with METHOD=POST and use some server parsed HTML page
containing exec cgi=xxx.cgi as ACTION URL.
Then submit the form and you will get the error.
>Fix:
Apache should read and store the POST message BODY and replay it to called SSI
programs. Maybe its even possible to store parameters in environment variables
in the same way as for GET on some system
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]