Oh well. And [EMAIL PROTECTED] writes: - Synopsis: htaccess ignored if unreadable...
- These seems like a perfectly reasonable request - when you finish - the patch send it on and we'll consider it for inclusion. It's - possible that folks out there are relying upon this behavior for - some perverse reason, but I think we'll probably change it as - you suggest... I can see how it'd be a quick way to disable commands, but I'd prefer to protect people from disabling security through a restrictive umask. >shrug< Of course, now I'll probably have to answer a dozen ``why doesn't this work anymore'' questions. I'm not quite steady on allocation/deallocation, so I'm just imitating other error messages. The pool gets reaped after the request, I hope, so it shouldn't matter. The strerror/errno dependence might be a problem on some systems (NT?), but it seemed the easiest method. In other words, here's a patch with a bunch of assumptions. It's for http_config.c . Jason, looking forward to turning off DNS outside htaccess files... ;)
*** http_config.c.orig Wed Jul 23 12:33:31 1997
--- http_config.c Wed Jul 23 12:33:54 1997
***************
*** 821,828 ****
}
*result = dc;
! } else
dc = NULL;
/* cache it */
new = palloc(r->pool, sizeof(struct htaccess_result));
--- 821,845 ----
}
*result = dc;
! } else {
! /*
! This assumes that an unreadable .htaccess holds commands to
! deny access. It might seem silly, but if someone has a
! protective umask and overwrites an htaccess file...
!
! The errno is set by open() in pfopen(). Stating the file
! again would avoid this dependence but would involve more
! file traffic.
! */
! if ( ENOENT != errno ) {
! errmsg = pstrcat (parms.pool, "Cannot read ", filename,
! " (", strerror(errno),
! "), assuming it denies access.", NULL);
! log_reason (errmsg, filename, r);
! return FORBIDDEN;
! }
dc = NULL;
+ }
/* cache it */
new = palloc(r->pool, sizeof(struct htaccess_result));
pgpO4f2TqYKfK.pgp
Description: PGP signature
