On Wed, Sep 05, 2001 at 09:47:04AM -0700, Rasmus Lerdorf wrote:
> Whoa, deja vu... I could have sworn I fixed something very similar to
> this more than 5 years ago now. In fact, here is the patch for Apache
> 1.2.x:
>
> Fri Mar 1 03:01:06 1996 UTC (66 months, 1 week ago)
> http://cvs.apache.org/viewcvs.cgi/apache-1.2/src/http_request.c.diff?r1=1.2&r2=1.3
>
> Not exactly the same issue, I know, but very close.
>From inspecting the patch:
That patch affected two functions, internal_redirect and die. The die
patch was for responses with a 200 and a custom_response and was
therefor forced to always be a GET. The internal_redirect patch is
pretty much what I want to do with sub requests.
I haven't traced through an internally redirected POST but
mod_rewrite seems to rely on concocted r->filenames
(method://server:port/localpath) rather than the method in a sub
request. I wonder if POST://localhost/foo.php3 will chain
appropriately.
Can anybody suggest a reason that sub request methods would _not_
default to the parent requests method?
> On Wed, 5 Sep 2001, Eric Prud'hommeaux wrote:
>
> > Can anybody explain why ap_set_sub_req_protocol does
> > rnew->method = "GET";
> > rnew->method_number = M_GET;
> > instead of
> > rnew->method = r->method;
> > rnew->method_number = r->method_number;
> > ? The consequence is that functions like negotiation
> > sub_req = ap_sub_req_lookup_file(dirent.name, r, NULL);
> > check auth on the wrong method. You can check this by POSTing to
> > foo and having a limit on POST for foo.php3 (as opposed to the
> > whole directory). A quick way to check is to set a breakpoint in
> > ap_set_sub_req_protocol and
> > telnet localhost 80
> > POST /Overview HTTP/1.0
> > Content-Length: 5
> >
> > abcd
> > Any calls to the auth modules will have a method of GET despite
> > the POST action they will eventually execute.
> >
> > All auth modules and the like could check for this:
> > int method = r->main ? r->main->method_number : r->method_number;
> > but it seems better to have the sub request default to the method
> > of the request that inspired it. There may be some modules that
> > may count on the default behavior, like mod_include, but I think
> > they should specifically make the new method be a GET as they are
> > not duplicating the parent request's behaviour.
> >
> >
--
-eric
([EMAIL PROTECTED])
Feel free to forward this message to any list for any purpose other than
email address distribution.
