On Tue, Oct 01, 2002 at 11:03:16AM -0400, Ryan Bloom wrote: > On Mon, 30 Sep 2002, Greg Stein wrote: >... > > For this particular case, the bug is in default_handler(). Plain and simple. > > There is no reason for a POST request to return the file contents. Yes, the > > system should also call the thing as a CGI script, in this case, but that > > doesn't excuse the default handler. > > No Greg, I'm sorry, but the bug has nothing to do with the > default_handler. Plain and simple. If mod_dav wasn't in the server, the > default_handler would never be called, because mod_cgi would have been > given an opportunity to handle the request. The bug is in mod_dav, and no > fix anyplace else will actually solve the problem.
mod_dav causes the bug in default_handler to be exposed. A secondary issue is how mod_dav alters the dav-handler in a way which disables POST to a CGI. You've fixed this latter issue (altho it breaks the RFC 2518 requirement of checking locks before allowing a POST). I think we should figure out a different hook to use for that check. While the "fixups" hook isn't really intended for this, it would seem a good place to do the check. mod_dav already hooks it, so that should be fine. Cheers, -g -- Greg Stein, http://www.lyra.org/
