You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/07/28 12:19:54 UTC

DO NOT REPLY [Bug 21927] New: - internal_internal_redirect() losts mod_action's auth info

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21927>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21927

internal_internal_redirect() losts mod_action's auth info

           Summary: internal_internal_redirect() losts mod_action's auth
                    info
           Product: Apache httpd-2.0
           Version: 2.0.46
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: mod_actions
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: cougar@random.ee


I have systemwide php binary and use it for php scripts. Also I use suexec to
run each php script in right user permissions. The configuration is following:

ScriptAlias /cgi-sbin/ /www/cgi-sbin/
Action application/x-httpd-php /cgi-sbin/php-4.3.2
AddType application/x-httpd-php .php

I have test.php file in directory /customer. This directory is protected with
user authentications.

Now I access to www.customer.com/test.php and browser asks me username. I enter
it and after that php script will be run. And here is the problem. mod_action
rewrites url and does internal_redirect(). After that server cheks /www/cgi-sbin
directory permissions and because there are no protection, it run php binary.
But, because there was no authentication, php script don't get $REMOTE_USER
variable.

I solved this with following patch:

diff -urd httpd-2.0.46.orig/modules/http/http_request.c
httpd-2.0.46/modules/http/http_request.c
--- httpd-2.0.46.orig/modules/http/http_request.c       2003-05-19
18:24:05.000000000 +0300
+++ httpd-2.0.46/modules/http/http_request.c    2003-07-24 21:47:27.000000000 +0300
@@ -385,6 +385,7 @@
     new->allowed_methods = ap_make_method_list(new->pool, 2);
 
     new->htaccess        = r->htaccess;
+    new->user            = r->user;
     new->no_cache        = r->no_cache;
     new->expecting_100   = r->expecting_100;
     new->no_local_copy   = r->no_local_copy;

---
Cougar

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org