>Number: 1759 >Category: mod_include >Synopsis: POST method not allowed in exec cgi SSI expressions >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Feb 2 09:30:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.5 >Environment: Apache 1.2.5 running on S.U.S.E Linux 2.0.32 >Description: I tried to process form data with method POST, and used some server parsed HTML file as ACTION URL within the FORM tag. If the form is submitted, I receive the error message:
Method Not Allowed The requested method POST is not allowed for the URL /BGProWeb/BugReports/edit/handle.shtml. I did not use LIMIT in my access.conf, and anything works fine if I use METHOD GET within the FORM tag. Problem: If SSI is used in conjunction with forms and long data (eg Textareas), POST is required to overcome the 1024 character barrier of method GET. >How-To-Repeat: Create some HTML form with METHOD=POST and use some server parsed HTML page containing exec cgi=xxx.cgi as ACTION URL. Then submit the form and you will get the error. >Fix: Apache should read and store the POST message BODY and replay it to called SSI programs. Maybe its even possible to store parameters in environment variables in the same way as for GET on some system >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
