You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by pq...@apache.org on 2005/10/13 19:42:39 UTC

svn commit: r320823 - in /httpd/mod_mbox/trunk/module-2.0: mod_mbox_index.c mod_mbox_search.c

Author: pquerna
Date: Thu Oct 13 10:42:36 2005
New Revision: 320823

URL: http://svn.apache.org/viewcvs?rev=320823&view=rev
Log:
For all handlers, Deny all non-GET requests.

Modified:
    httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c
    httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c

Modified: httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c
URL: http://svn.apache.org/viewcvs/httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c?rev=320823&r1=320822&r2=320823&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c Thu Oct 13 10:42:36 2005
@@ -97,6 +97,12 @@
     char *etag;
     apr_time_exp_t extime;
     
+    /* Only allow GETs */
+    r->allowed |= (AP_METHOD_BIT << M_GET);
+    if (r->method_number != M_GET) {
+        return HTTP_METHOD_NOT_ALLOWED;
+    }
+
     ap_set_content_type(r, "application/xml; charset=utf-8");
 
     /* Try to make the index page more cache friendly */

Modified: httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c
URL: http://svn.apache.org/viewcvs/httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c?rev=320823&r1=320822&r2=320823&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c Thu Oct 13 10:42:36 2005
@@ -67,6 +67,12 @@
         return DECLINED;
     }
 
+    /* Only allow GETs */
+    r->allowed |= (AP_METHOD_BIT << M_GET);
+    if (r->method_number != M_GET) {
+        return HTTP_METHOD_NOT_ALLOWED;
+    } 
+
     conf = ap_get_module_config(r->per_dir_config, &mbox_module);
 
     if (conf->search_path == NULL) {

Re: svn commit: r320823 - in /httpd/mod_mbox/trunk/module-2.0: mod_mbox_index.c mod_mbox_search.c

Posted by André Malo <nd...@perlig.de>.

* pquerna@apache.org wrote:

> Author: pquerna
> Date: Thu Oct 13 10:42:36 2005
> New Revision: 320823
>
> URL: http://svn.apache.org/viewcvs?rev=320823&view=rev
> Log:
> For all handlers, Deny all non-GET requests.

Whoo! I've just investigated a bit about r->allowed and found, that 
r->allowed is never evaluated later in 2.x.x! Seems, at one point this was 
changed to the r->allowed_methods interface, but even the standard modules 
weren't updated. That's bad, bad, bad.

If nobody tells me that I'm missing something, I'm gonna create a patch 
right now.

nd
-- 
"Das Verhalten von Gates hatte mir bewiesen, dass ich auf ihn und seine
beiden Gefährten nicht zu zählen brauchte" -- Karl May, "Winnetou III"

Im Westen was neues: <http://pub.perlig.de/books.html#apache2>