>Number: 2148 >Category: mod_auth-any >Synopsis: Inconsistent use of , or space in require group >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Apr 28 10:10:02 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.6 >Environment: all? >Description: Apache documentation does not specify if a , or space should be used for multiple group names and some modules implement it as spaces and others impliment it as commas. eg: <Limit GET POST PUT> require group snet-lp snet-dp snet-fp </Limit>
mod_auth_dbm.c would only see the snet-lp group and would deny access to anyone in the snet-dp or snet-fp groups, while mod_auth_msql.c would work fine for any of the the 3 groups. >How-To-Repeat: >Fix: 1) decide if the seperator should be a , or a space 2) Document it properly in core 3) check and change mod_auth*.c (usualy there is a getword a few lines above the "user %s not in right group" error message and you just need to change the third parameter of the getword) >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
