Mailing List Archive: ModPerl: ModPerl

Still bugs in Apache::Dispatch with .htaccess

Index | Next | Previous | View Threaded

matt at sergeant

Dec 11, 2000, 6:26 AM

Post #1 of 5 (612 views)
Permalink

Still bugs in Apache::Dispatch with .htaccess

Sorry Geoff,

OK, the bug now is that the _translate_uri sub expects you to be working
with <Location> rather than .htaccess. It does this to do
s/location/prefix/, which is why it doesn't work with .htaccess.

Now first of all, there's a bit of a security risk in there - you're doing
s/$location/$prefix/. Always *always* use \Q\E around those if you don't
want someone to be malicous.

Second, we want to get this working inside of .htaccess. My thought as to
how to do this is to set something defining where the directive is set
when your config methods are called. So I'm assuming you can get this from
$parms->path(). Store this in the $cfg hash, and then in _translate_uri
do:

my $location = $r->location || $cfg->{'Path'};

Or something like that.

Anyway, for now, back to normal handlers... :-)

--
<Matt/>

/|| ** Director and CTO **
//|| ** AxKit.com Ltd ** ** XML Application Serving **
// || ** http://axkit.org ** ** XSLT, XPathScript, XSP **
// \\| // ** Personal Web Site: http://sergeant.org/ **
\\//
//\\
// \\

gyoung at laserlink

Dec 11, 2000, 6:49 AM

Post #2 of 5 (551 views)
Permalink

RE: Still bugs in Apache::Dispatch with .htaccess [In reply to]

> -----Original Message-----
> From: Matt Sergeant [mailto:matt [at] sergeant]
> Sent: Monday, December 11, 2000 8:27 AM
> To: modperl [at] apache
> Subject: Still bugs in Apache::Dispatch with .htaccess
>
>
> Sorry Geoff,
>
> OK, the bug now is that the _translate_uri sub expects you to
> be working
> with <Location> rather than .htaccess.

argh - I knew there was a reason I enforced DispatchPrefix from within a
<Location> tag - I have all the memory of a bowling ball...

> It does this to do
> s/location/prefix/, which is why it doesn't work with .htaccess.
>
> Now first of all, there's a bit of a security risk in there -
> you're doing
> s/$location/$prefix/. Always *always* use \Q\E around those
> if you don't
> want someone to be malicous.

right - I suppose I should be using \Q - I do, however, check for
metacharacters in the url as the (nearly) very first step:
# if the uri contains any characters we don't like, bounce...
# is this necessary?
if ($uri =~ m![^\w/-]!) {
$log->info("\t$uri has bogus characters...")
if $Apache::Dispatch::DEBUG;
$log->info("Exiting Apache::Dispatch");
return DECLINED;
}

sufficient?

BTW, I return DECLINED often for scenarios like this within Dispatch, but
have contemplated recently returning NOT_FOUND... opinions? I don't want
to break existing behaviors for people...

>
> Second, we want to get this working inside of .htaccess. My
> thought as to
> how to do this is to set something defining where the directive is set
> when your config methods are called. So I'm assuming you can
> get this from
> $parms->path(). Store this in the $cfg hash, and then in
> _translate_uri
> do:
>
> my $location = $r->location || $cfg->{'Path'};
>
> Or something like that.

yeah, something like that might be the only alternative... I'll have to
play with it...

can you send me your .htaccess file - I may actually have some time in the
next day or so to try and figure this out...

>
> Anyway, for now, back to normal handlers... :-)

bah :)

--Geoff
>
> --
> <Matt/>
>
> /|| ** Director and CTO **
> //|| ** AxKit.com Ltd ** ** XML Application Serving **
> // || ** http://axkit.org ** ** XSLT, XPathScript, XSP **
> // \\| // ** Personal Web Site: http://sergeant.org/ **
> \\//
> //\\
> // \\
>

gyoung at laserlink

Dec 11, 2000, 11:16 AM

Post #3 of 5 (540 views)
Permalink

RE: Still bugs in Apache::Dispatch with .htaccess [In reply to]

> -----Original Message-----
> From: Matt Sergeant [mailto:matt [at] sergeant]
> Sent: Monday, December 11, 2000 11:57 AM
> To: Geoffrey Young
> Subject: RE: Still bugs in Apache::Dispatch with .htaccess
>
>
> On Mon, 11 Dec 2000, Geoffrey Young wrote:
>
> >
> >
> > I've started poking around...
> >
> > in order to allow .htaccess configurations we have to be
> able to accomodate:
> > /Foo/Bar/Baz/foo where .htaccess lives in Foo: Prefix +
> > Bar::Baz->foo()
> > /Foo/Bar/Baz/foo where .htaccess lives in Bar: Prefix
> + Baz->foo()
> >
> > yuk. with <Location> you don't have to worry about the
> left hand side...
>
> OK, so how about a new directive: DispatchBase. If that is set, remove
> that from $r->filename, and use that as the base path.
> Otherwise use the
> $r->location method.

yeah, I thought about that too - it would involve less overhead than
scanning for the location of the .htaccess file, but wouldn't be as friendly
as DispatchAccess On.

I also don't want to confuse people, though. The issue here is <Directory>
v. <Location> and not specifically .htaccess files (any more, at least :) -
applying this to a <Location> could start to get obscure (as if it isn't
already :)

DispatchTrim "/usr/local/apache/htdocs/" ?
DispatchBase (which is probably what I should have called DispatchISA) ?
DispatchDirectory ?

or do both that and have a .htaccess scan as well?

--Geoff

>
> --
> <Matt/>
>
> /|| ** Director and CTO **
> //|| ** AxKit.com Ltd ** ** XML Application Serving **
> // || ** http://axkit.org ** ** XSLT, XPathScript, XSP **
> // \\| // ** Personal Web Site: http://sergeant.org/ **
> \\//
> //\\
> // \\
>

matt at sergeant

Dec 11, 2000, 11:26 AM

Post #4 of 5 (564 views)
Permalink

RE: Still bugs in Apache::Dispatch with .htaccess [In reply to]

On Mon, 11 Dec 2000, Geoffrey Young wrote:

> >
> > OK, so how about a new directive: DispatchBase. If that is set, remove
> > that from $r->filename, and use that as the base path.
> > Otherwise use the
> > $r->location method.
>
> yeah, I thought about that too - it would involve less overhead than
> scanning for the location of the .htaccess file, but wouldn't be as friendly
> as DispatchAccess On.
>
> I also don't want to confuse people, though. The issue here is <Directory>
> v. <Location> and not specifically .htaccess files (any more, at least :) -
> applying this to a <Location> could start to get obscure (as if it isn't
> already :)
>
> DispatchTrim "/usr/local/apache/htdocs/" ?
> DispatchBase (which is probably what I should have called DispatchISA) ?
> DispatchDirectory ?
>
> or do both that and have a .htaccess scan as well?

I'd make it as simple as possible. Make it DispatchRoot (akin to
DocumentRoot). Don't try and do anything fancy.

--
<Matt/>

/|| ** Director and CTO **
//|| ** AxKit.com Ltd ** ** XML Application Serving **
// || ** http://axkit.org ** ** XSLT, XPathScript, XSP **
// \\| // ** Personal Web Site: http://sergeant.org/ **
\\//
//\\
// \\

gyoung at laserlink

Dec 11, 2000, 11:51 AM

Post #5 of 5 (547 views)
Permalink

RE: Still bugs in Apache::Dispatch with .htaccess [In reply to]

> -----Original Message-----
> From: Matt Sergeant [mailto:matt [at] sergeant]
> Sent: Monday, December 11, 2000 1:27 PM
> To: Geoffrey Young
> Cc: 'modperl [at] apache'
> Subject: RE: Still bugs in Apache::Dispatch with .htaccess
>
>
>
> I'd make it as simple as possible. Make it DispatchRoot (akin to
> DocumentRoot).

I like that name (and concept) better...

> Don't try and do anything fancy.

but that's so much more fun ;)

--Geoff

>
> --
> <Matt/>
>
> /|| ** Director and CTO **
> //|| ** AxKit.com Ltd ** ** XML Application Serving **
> // || ** http://axkit.org ** ** XSLT, XPathScript, XSP **
> // \\| // ** Personal Web Site: http://sergeant.org/ **
> \\//
> //\\
> // \\
>

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads