DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29577>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29577 1.3.31 does no longer discard POST data on denied access Summary: 1.3.31 does no longer discard POST data on denied access Product: Apache httpd-1.3 Version: HEAD Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Scenario: - Client sends POST data - Access checker (my custom module) returns 403 For 1.3.29 ap_die() calls ap_discard_request_body(), 1.3.31 does not. This causes the start of POST data to be interpreted as next valid request line! Code details below 1.3.31 main/http_request.c:1057 if ((r->status != HTTP_NOT_MODIFIED) && (r->status != HTTP_NO_CONTENT) && !ap_status_drops_connection(r->status) && r->connection && (r->connection->keepalive > 0 )) { (void) ap_discard_request_body(r); } 1.3.29 main/http_request.c:1110 if ((r->status != HTTP_NOT_MODIFIED) && (r->status != HTTP_NO_CONTENT) && !ap_status_drops_connection(r->status) && r->connection && (r->connection->keepalive != -1)) { (void) ap_discard_request_body(r); } I changed the this code back to 1.2.29 and everything works fine for me --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
