|Summary:||url with additional filepath generates bad environment variables.|
|Product:||Apache httpd-2||Reporter:||Ben Griffin <ben>|
|Component:||mod_mime||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
Description Ben Griffin 2010-09-01 11:12:40 UTC
Using the following: AddHandler test-file .tst Action test-file /cgi-bin/set.cgi And with set.cgi = #!/bin/bash echo echo echo "$@" set with an existing file "test.tst" and the url: "http://host/test.tst" everything is fine = we see eg PATH_TRANSLATED showing "...test.tst" BUG is exposed with same environment, but the url "http://host/test.tst/ghost.html" The handler sees test.tst and calls set.cgi - however, PATH_TRANSLATED includes /ghost.html as a part of the path, even though clearly the logic is wrong. The url should not trigger the handler - (because the file ..../test.tst/ghost.html does not exist ) but should instead trigger a 404.
Comment 1 Eric Covener 2010-09-01 11:21:07 UTC
The mapping is due to AcceptPathInfo, and CGI says PATH_INFO should be included in PATH_TRANSLATED. Followups on firstname.lastname@example.org unless there's some gross misunderstanding, in which casr provide verbatim, complete config and log entries.
Comment 2 Ben Griffin 2010-09-01 12:03:17 UTC
Eric, thanks. I read up on your comments. I attempted to post a mail as suggested, but was refused. "AcceptPathInfo Off" appears to have no effect when using a suffix handler via AddHandler (the handler in the bug report's case is a bash script calling set) The documentation says: http://httpd.apache.org/docs/2.0/mod/core.html#acceptpathinfo "For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for/test/here.html/more and /test/nothere.html/more both collect /more as PATH_INFO." "Therefore a request with trailing pathname information after the true filename such as /test/here.html/more in the above example will return a 404 NOT FOUND error." However, this is not what I find. Here is the entire apache config file. (note that this is based on a Mac, but the original bug was found on Debian Linux) apache.conf follows (dso.conf is the default set of modules) #================================================ Include /etc/apache2/dso.conf ServerRoot /Library/WebServer Listen 80 User _www Group _www <Directory /Library/WebServer/CGI-Executables/> Options +ExecCGI </Directory> AddHandler cgi-script .cgi AddType application/test .tst ScriptAlias /cgi/ /Library/WebServer/CGI-Executables/ Action application/test /cgi/set.cgi <VirtualHost *:80> AcceptPathInfo Off Options -Indexes +FollowSymLinks DocumentRoot Documents/public </VirtualHost> #================================================ set.cgi follows #================================================ #!/bin/bash echo Status: 200 OK echo Content-Type: text/plain echo set #================================================ Directory /Library/WebServer/Documents/public contains one file, called "here.tst" which is a text file containing the word "test" Results from the above setting. (taken from the environment as listed by set.cgi above) NOTE THAT AcceptPathInfo IS OFF http://127.0.0.1/here.tst/more PATH_INFO=/here.tst/more PATH_TRANSLATED=/Library/WebServer/Documents/public/here.tst/more What I expect is a 404 - after all, AcceptPathInfo is OFF. If this is not a bug, how do I ensure that PATH_TRANSLATED always points to a valid file, especially when using AddHandler