On Fri, Aug 24, 2001 at 07:45:29PM -0400, Cliff Woolley wrote:
>...
> I've verified this as a security problem in 2.0. 1.3 seems to return a
> 405 Method Not Allowed error when you attempt to POST to a server-parsed
> file, so I've attempted to duplicate that behavior as best I can. Does
> the following patch look correct? If so, I'll commit.
The SSI stuff is a handler in 1.3, so it is the proper guy to state what is
handled. And it says "no POST" :-)
As a filter in 2.0, mod_include should just stay out of it.
Cheers,
-g
--
Greg Stein, http://www.lyra.org/