ID: 32561 Updated by: [EMAIL PROTECTED] Reported By: mnot at pobox dot com -Status: Open +Status: Analyzed Bug Type: Apache related Operating System: Mac OS X 10.3.8 PHP Version: 4.3.10 New Comment:
Actually, it resets the r->allowed to all the methods when it declines to handle the request for the next handler in the chain. It probably doesn't need to do this, but it isn't unique to the xbithack handler. Whatever finally accepts to handle the request should be setting r->allowed accordingly. Previous Comments: ------------------------------------------------------------------------ [2005-04-04 05:19:18] mnot at pobox dot com Description: ------------ When using the Apache module, PHP installs the xbithack handler for text/html. This handler make the following change to r->allowed, which is what Apache uses to populate the Allowed header on responses that require it (e.g., to OPTIONS, 405 Method Not Allowed, 501 Not Implemented); r->allowed |= (1 << METHODS) - 1; This has the affect of adding *all* known HTTP methods to the list. Effectively, PHP is telling clients that it can handle all HTTP methods, even for resources that aren't actually parsed as PHP. This is also the case in php5. Reproduce code: --------------- mnot-laptop:~> telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. OPTIONS /index.html HTTP/1.1 Host: localhost Expected result: ---------------- HTTP/1.1 200 OK Date: Mon, 04 Apr 2005 03:12:29 GMT Server: Apache/1.3.33 (Darwin) PHP/4.3.10 Cache-Control: max-age=3600 Expires: Mon, 04 Apr 2005 04:12:29 GMT Content-Length: 0 Allow: GET, HEAD, OPTIONS, TRACE Actual result: -------------- HTTP/1.1 200 OK Date: Mon, 04 Apr 2005 03:12:29 GMT Server: Apache/1.3.33 (Darwin) PHP/4.3.10 Cache-Control: max-age=3600 Expires: Mon, 04 Apr 2005 04:12:29 GMT Content-Length: 0 Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32561&edit=1
