dgaudet 98/01/21 14:48:14
Modified: src CHANGES
src/main http_request.c
Log:
We need to eat the request body, if any, in die() in order to continue a
keep-alive session.
PR: 1399
Submitted by: Roy Fielding
Reviewed by: Martin Kraemer, Dean Gaudet
Revision Changes Path
1.585 +5 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.584
retrieving revision 1.585
diff -u -r1.584 -r1.585
--- CHANGES 1998/01/21 22:31:44 1.584
+++ CHANGES 1998/01/21 22:48:10 1.585
@@ -1,5 +1,10 @@
Changes with Apache 1.3b4
+ *) When die() happens we need to eat any request body if one exists.
+ Otherwise we can't continue with a keepalive session. This shows up
+ as a POST problem with MSIE 4.0, typically against pages which are
+ authenticated. [Roy Fielding] PR#1399
+
*) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization
header will be passed to CGIs. This is generally a security hole, so
it's not a default. [Marc Slemko] PR#549
1.100 +11 -0 apachen/src/main/http_request.c
Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_request.c,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- http_request.c 1998/01/11 20:55:18 1.99
+++ http_request.c 1998/01/21 22:48:13 1.100
@@ -878,6 +878,17 @@
}
/*
+ * If we want to keep the connection, be sure that the request body
+ * (if any) has been read.
+ */
+ if ((r->status != HTTP_NOT_MODIFIED) && (r->status != HTTP_NO_CONTENT)
+ && !status_drops_connection(r->status)
+ && r->connection && (r->connection->keepalive != -1)) {
+
+ (void) discard_request_body(r);
+ }
+
+ /*
* Two types of custom redirects --- plain text, and URLs. Plain text has
* a leading '"', so the URL code, here, is triggered on its absence
*/
