https://issues.apache.org/bugzilla/show_bug.cgi?id=50964
Summary: Apache HTTPD 2.2 does not parse nested server side
includes properly
Product: Apache httpd-2
Version: 2.2.17
Platform: PC
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: mod_include
AssignedTo: [email protected]
ReportedBy: [email protected]
When enabling includes within HTTPD, Apache 2.2 only parses first-level
<!--#include virtual="/some_file.shtml" --> includes.
Nested includes, while maybe not conventional, should be supported by the
server.
Such situations can occur when a header is created by using something like:
<!--#include virtual="/header.shtml" -->
and within header.shtml it has additional includes like:
<!--#include virtual="/banner.shtml" -->
<!--#include virtual="/contacts.shtml" -->
etc.
When loaded by apache, it responds by passing this data as plaintext.
Recommended solution:
Enable a directive enabling the operator to specify how deep httpd should parse
included documents. Set the default to 1, allow overwrite to some reasonable
max such as 10.
Doing this would allow people to nest server side includes without the
potential of DOSing the system via infinite recursion (in the case of a
self-referencing or otherwise erroneously-coded html doc).
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
