>Number: 4256
>Category: mod_autoindex
>Synopsis: Patch to permit HeaderName and Readme files to be server
>parsed.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Thu Apr 15 13:50:01 PDT 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.6
>Environment:
Linux redhat52 2.0.36 #1 Sat Mar 27 13:08:43 EST 1999 i686 unknown
>Description:
See PR 1574. Also, correct HTML was not always emitted by mod_autoindex under
exceptional conditions.
>How-To-Repeat:
See PR 1754.
SuppressHTMLPreamble and an unreadable (chmod 000) Readme or Header file result
in missing HTML tags.
>Fix:
It does appear to work; it's not pretty; I don't grok sub_reqs; some of the
environment variables reflect the Readme or Header file instead of the
directory in the server-parsed output.
--- apache_1.3.6/src/modules/standard/mod_autoindex.c Mon Jan 4 14:49:41 1999
+++ apache_1.3.6-rsbx/src/modules/standard/mod_autoindex.c Thu Apr 15
16:27:59 1999
@@ -178,8 +178,11 @@
* We include the DOCTYPE because we may be using features therefrom (i.e.,
* HEIGHT and WIDTH attributes on the icons if we're FancyIndexing).
*/
-static void emit_preamble(request_rec *r, char *title)
+static void emit_preamble(request_rec *r, char *title, int whichend)
{
+ if (FRONT_MATTER != whichend) {
+ return;
+ }
ap_rvputs(r, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n",
"<HTML>\n <HEAD>\n <TITLE>Index of ", title,
"</TITLE>\n </HEAD>\n <BODY>\n", NULL);
@@ -764,55 +767,78 @@
static int insert_readme(char *name, char *readme_fname, char *title,
int hrule, int whichend, request_rec *r)
{
- char *fn;
FILE *f;
struct stat finfo;
int plaintext = 0;
request_rec *rr;
autoindex_config_rec *cfg;
int autoindex_opts;
+ char fn1[MAX_STRING_LEN];
cfg = (autoindex_config_rec *) ap_get_module_config(r->per_dir_config,
&autoindex_module);
autoindex_opts = cfg->opts;
/* XXX: this is a load of crap, it needs to do a full sub_req_lookup_uri */
- fn = ap_make_full_path(r->pool, name, readme_fname);
- fn = ap_pstrcat(r->pool, fn, ".html", NULL);
- if (stat(fn, &finfo) == -1) {
- /* A brief fake multiviews search for README.html */
- fn[strlen(fn) - 5] = '\0';
- if (stat(fn, &finfo) == -1) {
+ ap_cpystrn(fn1, readme_fname, MAX_STRING_LEN-5);
+ strcat(fn1, ".html");
+
+ if (!(rr = ap_sub_req_lookup_file(fn1, r))) {
+ emit_preamble(r, title, whichend);
+ return 0;
+ }
+
+ if ((rr->status != HTTP_OK)
+ || (!(rr->filename))
+ || (!S_ISREG(rr->finfo.st_mode))) {
+ ap_destroy_sub_req(rr);
+
+ ap_cpystrn(fn1, readme_fname, MAX_STRING_LEN);
+
+ if (!(rr = ap_sub_req_lookup_file(fn1, r))) {
+ emit_preamble(r, title, whichend);
return 0;
}
+
+ if ((rr->status != HTTP_OK)
+ || (!(rr->filename))
+ || (!S_ISREG(rr->finfo.st_mode))) {
+ ap_destroy_sub_req(rr);
+ emit_preamble(r, title, whichend);
+ return 0;
+ }
+
plaintext = 1;
- if (hrule) {
- ap_rputs("<HR>\n", r);
+
+ if (!(f = ap_pfopen(r->pool, rr->filename, "r"))) {
+ ap_destroy_sub_req(rr);
+ emit_preamble(r, title, whichend);
+ return 0;
}
- }
- else if (hrule) {
- ap_rputs("<HR>\n", r);
- }
- /* XXX: when the above is rewritten properly, this necessary security
- * check will be redundant. -djg */
- rr = ap_sub_req_lookup_file(fn, r);
- if (rr->status != HTTP_OK) {
+
ap_destroy_sub_req(rr);
- return 0;
}
- ap_destroy_sub_req(rr);
- if (!(f = ap_pfopen(r->pool, fn, "r"))) {
- return 0;
- }
- if ((whichend == FRONT_MATTER)
- && (!(autoindex_opts & SUPPRESS_PREAMBLE))) {
- emit_preamble(r, title);
+
+ if (hrule) {
+ ap_rputs("<HR>\n", r);
}
+
if (!plaintext) {
- ap_send_fd(f, r);
+ if (!(autoindex_opts & SUPPRESS_PREAMBLE)) {
+ emit_preamble(r, title, whichend);
+ }
+ if (ap_run_sub_req(rr)) {
+ ap_destroy_sub_req(rr);
+ emit_preamble(r, title, whichend);
+ return 0;
+ }
+ ap_destroy_sub_req(rr);
+ return 1;
}
else {
char buf[IOBUFSIZE + 1];
int i, n, c, ch;
+
+ emit_preamble(r, title, whichend);
ap_rputs("<PRE>\n", r);
while (!feof(f)) {
do {
@@ -845,12 +871,10 @@
c = i + 1;
}
}
- }
- ap_pfclose(r->pool, f);
- if (plaintext) {
+ ap_pfclose(r->pool, f);
ap_rputs("</PRE>\n", r);
}
- return 1;
+ return ((whichend == FRONT_MATTER) ? 1 : 0);
}
@@ -1359,7 +1383,6 @@
if ((!(tmp = find_header(autoindex_conf, r)))
|| (!(insert_readme(name, tmp, title_name, NO_HRULE, FRONT_MATTER, r)))
) {
- emit_preamble(r, title_name);
ap_rvputs(r, "<H1>Index of ", title_name, "</H1>\n", NULL);
}
@@ -1426,15 +1449,15 @@
direction);
ap_pclosedir(r->pool, d);
- if ((tmp = find_readme(autoindex_conf, r))) {
- if (!insert_readme(name, tmp, "",
- ((autoindex_opts & FANCY_INDEXING) ? HRULE
- : NO_HRULE),
- END_MATTER, r)) {
- ap_rputs(ap_psignature("<HR>\n", r), r);
- }
+ if ((!(tmp = find_readme(autoindex_conf, r)))
+ || (!(insert_readme(name, tmp, "",
+ ((autoindex_opts & FANCY_INDEXING)
+ ? HRULE : NO_HRULE),
+ END_MATTER, r)))
+ || (!(autoindex_opts & SUPPRESS_PREAMBLE))) {
+ ap_rputs(ap_psignature("<HR>\n", r), r);
+ ap_rputs("</BODY></HTML>\n", r);
}
- ap_rputs("</BODY></HTML>\n", r);
ap_kill_timeout(r);
return 0;
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]
