Hi,

I'm looking at the AuthCookie code, getting ready to release a new version to
CPAN.  It looks to me like currently only the first 'require' directive will be
processed and obeyed.  Here's the code from the old authz():

************************************************************
  foreach $reqs (@$reqs_arr) {
    ($requirement, $args) = split /\s+/, $reqs->{requirement}, 2;
    $args = "" unless defined $args;
    $r->log_error("requirement := $requirement, $args") if ($debug >= 2);

    if ($requirement eq "valid-user") {
      return OK;
    } elsif ($requirement eq "user") {
      return OK if ($args =~ m/\b$user\b/);
    } else {
      my $ret_val = $auth_type->$requirement($r, $args);
      $r->log_error("$auth_type->$requirement returned $ret_val")
        if $debug >= 3;
      return OK if $ret_val == OK;
    }
    $restricted++;
  }

  return OK unless $restricted;
  return FORBIDDEN;
************************************************************

Is anyone actually using this with multiple "require' directives?  Or would
anyone like to?


  -------------------                            -------------------
  Ken Williams                             Last Bastion of Euclidity
  [EMAIL PROTECTED]                            The Math Forum

Reply via email to