You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/07/28 12:19:54 UTC
DO NOT REPLY [Bug 21927] New: -
internal_internal_redirect() losts mod_action's auth info
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21927>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21927
internal_internal_redirect() losts mod_action's auth info
Summary: internal_internal_redirect() losts mod_action's auth
info
Product: Apache httpd-2.0
Version: 2.0.46
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: Other
Component: mod_actions
AssignedTo: bugs@httpd.apache.org
ReportedBy: cougar@random.ee
I have systemwide php binary and use it for php scripts. Also I use suexec to
run each php script in right user permissions. The configuration is following:
ScriptAlias /cgi-sbin/ /www/cgi-sbin/
Action application/x-httpd-php /cgi-sbin/php-4.3.2
AddType application/x-httpd-php .php
I have test.php file in directory /customer. This directory is protected with
user authentications.
Now I access to www.customer.com/test.php and browser asks me username. I enter
it and after that php script will be run. And here is the problem. mod_action
rewrites url and does internal_redirect(). After that server cheks /www/cgi-sbin
directory permissions and because there are no protection, it run php binary.
But, because there was no authentication, php script don't get $REMOTE_USER
variable.
I solved this with following patch:
diff -urd httpd-2.0.46.orig/modules/http/http_request.c
httpd-2.0.46/modules/http/http_request.c
--- httpd-2.0.46.orig/modules/http/http_request.c 2003-05-19
18:24:05.000000000 +0300
+++ httpd-2.0.46/modules/http/http_request.c 2003-07-24 21:47:27.000000000 +0300
@@ -385,6 +385,7 @@
new->allowed_methods = ap_make_method_list(new->pool, 2);
new->htaccess = r->htaccess;
+ new->user = r->user;
new->no_cache = r->no_cache;
new->expecting_100 = r->expecting_100;
new->no_local_copy = r->no_local_copy;
---
Cougar
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org