DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=44262>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44262 Summary: AllowOverride Options= grants the permission of the 'All' option. Product: Apache httpd-2 Version: 2.2.6 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] If one option is permitted, 'All' is permitted. Impact: The user can use CGI/SSI/Symlink from any place with own .htaccess. Example: httpd.conf: <Directory "/home/*/public_html"> AllowOverride Options=Indexes Options Indexes </Directory> /home/user/public_html/.htaccess: Options +All source code: httpd-2.2.6/server/core.c line 1461: if (!(cmd->override_opts & opt) && opt != OPT_NONE) { When opt contains two or more bits, override_opts passes any bits of opt. In 2.2.6 cases, OPT_ALL is defined as "(OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)". -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
