This patch is wrong.  Only text/html output is valid for consideration.
Just because no handler has been associated to the handler doesn't mean 
we should blindly accept the file.  Contrawise, even another handler
(e.g. PHP) could be xbithacked using the new filtering features.

So perhaps this is a better test;

  if (!r->content_type || strcmp(r->content_type, "text/html")) {
    return DECLINED;
  }


However, I'm of a mind that we should perhaps allow any text/* types that
the administrator is interested in to be considered for xbit testing.

That would include things like xml content, etc.  What about changing the
xbithack enable to something like

  XBitHackByType text/html text/xml text/application-xml

or some such?  This array could be skimmed in place of this test, and the
absense of a match would decline include's xbit-toggled participation
in serving the request.

Just a thought.

Bill

----- Original Message ----- 
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 29, 2001 3:34 PM
Subject: cvs commit: httpd-2.0/modules/filters mod_include.c


> brianp      01/12/29 13:34:04
> 
>   Modified:    modules/filters mod_include.c
>   Log:
>   Fix to make xbithack work again
>   
>   Revision  Changes    Path
>   1.175     +1 -1      httpd-2.0/modules/filters/mod_include.c
>   
>   Index: mod_include.c
>   ===================================================================
>   RCS file: /home/cvs/httpd-2.0/modules/filters/mod_include.c,v
>   retrieving revision 1.174
>   retrieving revision 1.175
>   diff -u -r1.174 -r1.175
>   --- mod_include.c 28 Dec 2001 17:44:28 -0000 1.174
>   +++ mod_include.c 29 Dec 2001 21:34:04 -0000 1.175
>   @@ -3220,7 +3220,7 @@
>                return DECLINED;
>            }
>    
>   -        if (!r->handler || strcmp(r->handler, "text/html")) {
>   +        if (r->handler && strcmp(r->handler, "text/html")) {
>                return DECLINED;
>            }
>        }
>   
>   
>   
> 

Reply via email to