On Mon, 30 Sep 2002, Greg Stein wrote: > On Mon, Sep 30, 2002 at 09:36:50AM -0400, [EMAIL PROTECTED] wrote: > > On Sun, 29 Sep 2002, Justin Erenkrantz wrote: > > > > > On Mon, Sep 30, 2002 at 01:17:55AM -0400, Ryan Bloom wrote: > > > > Because 2.0.42 always displays script source for CGI scripts that use > > > > POST, I believe that we should put that notice on our main site, and stop > > > > suggesting 2.0.42 for production use. > > > > > > I could not reproduce your problem in my tests. Do you have a clear > > > reproduction case? (POSTing to a DAV resource for me yields a 404.) > > > > > > Is it somehow related to mounting a DAV repository at / and the > > > server getting confused about the /cgi-bin/ dir? -- justin > > > > Nope, any script that is under DAV control will post the source to the > > user. > > Hunh? > > The POST code in mod_dav checks for DAV locks on the resource (per RFC > 2518). If there is a lock, then it returns an appropriate error. Otherwise, > it just returns DECLINED and lets (presumably) the default handler deal with > the POST request. > > The bug is located in server/core.c::default_handler(). It serves up the > content of a file that you POST to. That isn't right. > > Of course, we also have the problem that we can't have more than one > handler. We could restore the RFC 2518 POST check by putting that into a > different processing phase. Not sure which, tho... (it needs to be after the > authentication, at least)
The problem is that the default_handler shouldn't be involved. Because mod_dav is now replacing the r->handler field for ALL requests, things broke. Basically, mod_cgi had been set as the handler, but the mod_dav came in and took over. Then, when mod_dav was done, it passed the request over to the core server, which shouldn't be seeing this request. If mod_dav is going to take over all reqeusts, then it needs to save a copy of the old r->handler field so that it can be reset appropriately, and it needs to be registered as APR_HOOK_REALLY_FIRST for the handler phase. If those two things are done, then we could have two handlers for the same resource. However, mod_dav shouldn't just be taking over all requests and assuming that they were meant for the core server. Doing so means that all generators are broken if DAV is loaded in the server. Ryan _______________________________________________________________________________ Ryan Bloom [EMAIL PROTECTED] 550 Jean St Oakland CA 94610 -------------------------------------------------------------------------------
