You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Michael Middleton <mi...@rz.uni-regensburg.de> on 1999/12/30 15:21:33 UTC

general/5520: Design Bug in "Options Indexes" not in Apache/1.3.4

>Number:         5520
>Category:       general
>Synopsis:       Design Bug in "Options Indexes" not in Apache/1.3.4
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Dec 30 06:30:01 PST 1999
>Last-Modified:
>Originator:     michael.middleton@rz.uni-regensburg.de
>Organization:
apache
>Release:        Apache/1.3.9 (Unix) PHP/3.0.12
>Environment:
SunOS rrzs8 5.6 Generic_105181-11 sun4m sparc SUNW,SPARCstation-10

Compiler: egcs-1.1.1
>Description:
I have the same problem as Michael Reutter

with 
  Apache/1.3.4 (Unix) PHP/3.0.7
I could let the user control indexing himself. Extract from http.conf:

  DocumentRoot /www/home   
  <Directory "/www/home">
    Options FollowSymLinks IncludesNOEXEC
    AllowOverride AuthConfig FileInfo Indexes Limit
    Order allow,deny
    Allow from all
  </Directory>

.htaccess in "/www/home/images":
  Options +Indexes

That works beautifully. But on Apache/1.3.9 with http.conf:

  UserDir /www-cgi/daten/home/*/public_html
  <Directory /www-cgi/daten/home/*>
    AllowOverride FileInfo AuthConfig Limit Indexes 
    Options MultiViews SymLinksIfOwnerMatch IncludesNoExec
  </Directory>

and the same .htaccess-file, I get an "Internal Server Error" (500)

The only difference I see is that the Directory is in the one case in the 
normal document tree, and in the other it is a user dirctory.

In any case I consider it as a bug.

Yours
Mike

PS I've also noted that "IncludesNOEXEC" is more rigorous in Version 1.3.9 - it
does not let me include PHP3 files any more. In 1.3.4 it did not complain.
That is good, but it would be nice to know what has changed, even if it's an
improvement. Or have I overlooked a change note?
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]