Whoa, deja vu... I could have sworn I fixed something very similar to
this more than 5 years ago now. In fact, here is the patch for Apache
1.2.x:
Fri Mar 1 03:01:06 1996 UTC (66 months, 1 week ago)
http://cvs.apache.org/viewcvs.cgi/apache-1.2/src/http_request.c.diff?r1=1.2&r2=1.3
Not exactly the same issue, I know, but very close.
-Rasmus
On Wed, 5 Sep 2001, Eric Prud'hommeaux wrote:
> Can anybody explain why ap_set_sub_req_protocol does
> rnew->method = "GET";
> rnew->method_number = M_GET;
> instead of
> rnew->method = r->method;
> rnew->method_number = r->method_number;
> ? The consequence is that functions like negotiation
> sub_req = ap_sub_req_lookup_file(dirent.name, r, NULL);
> check auth on the wrong method. You can check this by POSTing to
> foo and having a limit on POST for foo.php3 (as opposed to the
> whole directory). A quick way to check is to set a breakpoint in
> ap_set_sub_req_protocol and
> telnet localhost 80
> POST /Overview HTTP/1.0
> Content-Length: 5
>
> abcd
> Any calls to the auth modules will have a method of GET despite
> the POST action they will eventually execute.
>
> All auth modules and the like could check for this:
> int method = r->main ? r->main->method_number : r->method_number;
> but it seems better to have the sub request default to the method
> of the request that inspired it. There may be some modules that
> may count on the default behavior, like mod_include, but I think
> they should specifically make the new method be a GET as they are
> not duplicating the parent request's behaviour.
>
>
