DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21927>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21927 internal_internal_redirect() losts mod_action's auth info Summary: internal_internal_redirect() losts mod_action's auth info Product: Apache httpd-2.0 Version: 2.0.46 Platform: All OS/Version: All Status: NEW Severity: Major Priority: Other Component: mod_actions AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I have systemwide php binary and use it for php scripts. Also I use suexec to run each php script in right user permissions. The configuration is following: ScriptAlias /cgi-sbin/ /www/cgi-sbin/ Action application/x-httpd-php /cgi-sbin/php-4.3.2 AddType application/x-httpd-php .php I have test.php file in directory /customer. This directory is protected with user authentications. Now I access to www.customer.com/test.php and browser asks me username. I enter it and after that php script will be run. And here is the problem. mod_action rewrites url and does internal_redirect(). After that server cheks /www/cgi-sbin directory permissions and because there are no protection, it run php binary. But, because there was no authentication, php script don't get $REMOTE_USER variable. I solved this with following patch: diff -urd httpd-2.0.46.orig/modules/http/http_request.c httpd-2.0.46/modules/http/http_request.c --- httpd-2.0.46.orig/modules/http/http_request.c 2003-05-19 18:24:05.000000000 +0300 +++ httpd-2.0.46/modules/http/http_request.c 2003-07-24 21:47:27.000000000 +0300 @@ -385,6 +385,7 @@ new->allowed_methods = ap_make_method_list(new->pool, 2); new->htaccess = r->htaccess; + new->user = r->user; new->no_cache = r->no_cache; new->expecting_100 = r->expecting_100; new->no_local_copy = r->no_local_copy; --- Cougar --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
