> -----Original Message-----
> From: Matt Sergeant [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 11, 2000 8:27 AM
> To: [EMAIL PROTECTED]
> Subject: Still bugs in Apache::Dispatch with .htaccess
>
>
> Sorry Geoff,
>
> OK, the bug now is that the _translate_uri sub expects you to
> be working
> with <Location> rather than .htaccess.
argh - I knew there was a reason I enforced DispatchPrefix from within a
<Location> tag - I have all the memory of a bowling ball...
> It does this to do
> s/location/prefix/, which is why it doesn't work with .htaccess.
>
> Now first of all, there's a bit of a security risk in there -
> you're doing
> s/$location/$prefix/. Always *always* use \Q\E around those
> if you don't
> want someone to be malicous.
right - I suppose I should be using \Q - I do, however, check for
metacharacters in the url as the (nearly) very first step:
# if the uri contains any characters we don't like, bounce...
# is this necessary?
if ($uri =~ m![^\w/-]!) {
$log->info("\t$uri has bogus characters...")
if $Apache::Dispatch::DEBUG;
$log->info("Exiting Apache::Dispatch");
return DECLINED;
}
sufficient?
BTW, I return DECLINED often for scenarios like this within Dispatch, but
have contemplated recently returning NOT_FOUND... opinions? I don't want
to break existing behaviors for people...
>
> Second, we want to get this working inside of .htaccess. My
> thought as to
> how to do this is to set something defining where the directive is set
> when your config methods are called. So I'm assuming you can
> get this from
> $parms->path(). Store this in the $cfg hash, and then in
> _translate_uri
> do:
>
> my $location = $r->location || $cfg->{'Path'};
>
> Or something like that.
yeah, something like that might be the only alternative... I'll have to
play with it...
can you send me your .htaccess file - I may actually have some time in the
next day or so to try and figure this out...
>
> Anyway, for now, back to normal handlers... :-)
bah :)
--Geoff
>
> --
> <Matt/>
>
> /|| ** Director and CTO **
> //|| ** AxKit.com Ltd ** ** XML Application Serving **
> // || ** http://axkit.org ** ** XSLT, XPathScript, XSP **
> // \\| // ** Personal Web Site: http://sergeant.org/ **
> \\//
> //\\
> // \\
>
