I have code that contains the line:
$r->lookup_uri( $r->param( 'pm_uri' ) )->filename;
The parameter pm_uri is a hidden form field that contains a URI
for a file. I use lookup_uri() to translate that (eventually)
into an absolute filename.
However, if I have an access restriction that forbids access to
files ending in a .pm extension and the URI maps to such a
filename, then I get a "client denied by server confiruation"
message in the error log. (Not surprising.) However, I'm
still able to read the file myself from within the handler
routine. (This is the desired behavior and it's also not
surprising. I want to forbid *direct* access to .pm files by a
client so user's can't see the contents, but still have them
accessible to my handler.)
What I'd like, though, is to resolve a URI to a filename *only*
and not have Apache do access checks so I don't get a spurious
"client denied" error. Is there any way to do this?
- Paul
