You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2005/10/13 19:42:39 UTC
svn commit: r320823 - in /httpd/mod_mbox/trunk/module-2.0: mod_mbox_index.c
mod_mbox_search.c
Author: pquerna
Date: Thu Oct 13 10:42:36 2005
New Revision: 320823
URL: http://svn.apache.org/viewcvs?rev=320823&view=rev
Log:
For all handlers, Deny all non-GET requests.
Modified:
httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c
httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c
Modified: httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c
URL: http://svn.apache.org/viewcvs/httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c?rev=320823&r1=320822&r2=320823&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mod_mbox_index.c Thu Oct 13 10:42:36 2005
@@ -97,6 +97,12 @@
char *etag;
apr_time_exp_t extime;
+ /* Only allow GETs */
+ r->allowed |= (AP_METHOD_BIT << M_GET);
+ if (r->method_number != M_GET) {
+ return HTTP_METHOD_NOT_ALLOWED;
+ }
+
ap_set_content_type(r, "application/xml; charset=utf-8");
/* Try to make the index page more cache friendly */
Modified: httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c
URL: http://svn.apache.org/viewcvs/httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c?rev=320823&r1=320822&r2=320823&view=diff
==============================================================================
--- httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c (original)
+++ httpd/mod_mbox/trunk/module-2.0/mod_mbox_search.c Thu Oct 13 10:42:36 2005
@@ -67,6 +67,12 @@
return DECLINED;
}
+ /* Only allow GETs */
+ r->allowed |= (AP_METHOD_BIT << M_GET);
+ if (r->method_number != M_GET) {
+ return HTTP_METHOD_NOT_ALLOWED;
+ }
+
conf = ap_get_module_config(r->per_dir_config, &mbox_module);
if (conf->search_path == NULL) {
Re: svn commit: r320823 - in /httpd/mod_mbox/trunk/module-2.0: mod_mbox_index.c mod_mbox_search.c
Posted by André Malo <nd...@perlig.de>.
* pquerna@apache.org wrote:
> Author: pquerna
> Date: Thu Oct 13 10:42:36 2005
> New Revision: 320823
>
> URL: http://svn.apache.org/viewcvs?rev=320823&view=rev
> Log:
> For all handlers, Deny all non-GET requests.
Whoo! I've just investigated a bit about r->allowed and found, that
r->allowed is never evaluated later in 2.x.x! Seems, at one point this was
changed to the r->allowed_methods interface, but even the standard modules
weren't updated. That's bad, bad, bad.
If nobody tells me that I'm missing something, I'm gonna create a patch
right now.
nd
--
"Das Verhalten von Gates hatte mir bewiesen, dass ich auf ihn und seine
beiden Gefährten nicht zu zählen brauchte" -- Karl May, "Winnetou III"
Im Westen was neues: <http://pub.perlig.de/books.html#apache2>