[jira] Created: (MODPYTHON-140) util.redirect() returns wrong SERVER_RETURN status value

Wed, 01 Mar 2006 03:37:08 -0800 

util.redirect() returns wrong SERVER_RETURN status value
--------------------------------------------------------

         Key: MODPYTHON-140
         URL: http://issues.apache.org/jira/browse/MODPYTHON-140
     Project: mod_python
        Type: Bug
  Components: core  
    Versions: 3.2.8    
    Reporter: Graham Dumpleton
 Assigned to: Graham Dumpleton 
     Fix For: 3.3


The util.redirect() function ends with:

  raise apache.SERVER_RETURN, apache.OK

Although this will work when used in a handler run in the response/content 
handler phase, it will not always provide the desired result in a phase such as 
authenhandler where returning apache.OK actually means that the handler 
sucessfully authenticated the user.

One particular scenario that can result in undesirable behaviour is where a URL 
matches to a directory and Apache decides to iterate over files listed in 
DirectoryIndex trying to find an actual file. As it checks for each file, it 
will trigger any authenhandler. If the authenhandler decides it wants to 
redirect using util.redirect(), a status of apache.OK is being returned. All 
this does is make Apache think that authentication was successful and it 
ignores the fact that a redirection was being requested. The redirection only 
occurs when it gets to the last file listed in DirectoryIndex and it gives up, 
or it found one of the files. The desired result should be that it should stop 
looking through files immediately the redirection occurs.

To solve this problem and because util.redirect() is generating a complete 
response anyway, it should be returning apache.DONE and not apache.OK. Thus it 
should be using:

  raise apache.SERVER_RETURN, apache.DONE

By making this change, it will be safe to use util.redirect() in phases earlier 
than the response/content handler phase. This is not just because of the 
redirection issue described above, but is also because returning apache.OK as 
it does now doesn't actually stop any later phase from running, so a 
response/content handler would still run if one exists, with the content being 
appended to the content already generated by the util.redirect() function. Even 
if the util.redirect() was used in a response/content handler, without this 
change any stacked handlers not yet executed for the phase may still be run.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to