>Number: 5700 >Category: mod_actions >Synopsis: Apache passes non-existent files to a script >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Feb 04 04:30:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: [EMAIL PROTECTED] >Release: 1.3.11 >Organization: apache >Environment: Linux neptune.milton-house.elysium.ltd.uk 2.2.5-22 #1 Wed Jun 2 09:17:03 EDT 1999 i686 unknown >Description: .htaccess AddHandler xmlparser .xml Action xmlparser /xmlparser.php
If you then request a non-existent .xml file (e.g http://www.anywhere.org/not-here.xml) Apache doesn't produce a 404 error, it just passes the .xml file URL to the script. This is only broken in 1.3.11, 404 errors are produced in 1.3.9. (I thought I had already submitted this bug, but never got any E-Mail about it and it doesn't appear in the bug database, so this is one last attempt) >How-To-Repeat: Have no example URL's as I have already patched our servers. But follow the .htaccess instructions above and give it a try. >Fix: *** apache_1.3.11.orig/src/modules/standard/mod_actions.c Tue Jan 11 14:23:03 2000 --- apache_1.3.11/src/modules/standard/mod_actions.c Thu Feb 3 19:07:05 2000 *************** *** 245,250 **** --- 245,255 ---- if ((t = ap_table_get(conf->action_types, action ? action : ap_default_type(r)))) { script = t; + if (r->finfo.st_mode == 0) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + "File does not exist: %s", r->filename); + return NOT_FOUND; + } } if (script == NULL) { >Release-Note: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
