[ http://issues.apache.org/jira/browse/MODPYTHON-140?page=all ]
Graham Dumpleton updated MODPYTHON-140:
---------------------------------------
Attachment: grahamd_20060302_MP140_1.diff
Attached "grahamd_20060302_MP140_1.diff" containing proposed changes.
> util.redirect() returns wrong SERVER_RETURN status value
> --------------------------------------------------------
>
> Key: MODPYTHON-140
> URL: http://issues.apache.org/jira/browse/MODPYTHON-140
> Project: mod_python
> Type: Bug
> Components: core
> Versions: 3.2.8
> Reporter: Graham Dumpleton
> Assignee: Graham Dumpleton
> Fix For: 3.3
> Attachments: grahamd_20060302_MP140_1.diff
>
> The util.redirect() function ends with:
> raise apache.SERVER_RETURN, apache.OK
> Although this will work when used in a handler run in the response/content
> handler phase, it will not always provide the desired result in a phase such
> as authenhandler where returning apache.OK actually means that the handler
> sucessfully authenticated the user.
> One particular scenario that can result in undesirable behaviour is where a
> URL matches to a directory and Apache decides to iterate over files listed in
> DirectoryIndex trying to find an actual file. As it checks for each file, it
> will trigger any authenhandler. If the authenhandler decides it wants to
> redirect using util.redirect(), a status of apache.OK is being returned. All
> this does is make Apache think that authentication was successful and it
> ignores the fact that a redirection was being requested. The redirection only
> occurs when it gets to the last file listed in DirectoryIndex and it gives
> up, or it found one of the files. The desired result should be that it should
> stop looking through files immediately the redirection occurs.
> To solve this problem and because util.redirect() is generating a complete
> response anyway, it should be returning apache.DONE and not apache.OK. Thus
> it should be using:
> raise apache.SERVER_RETURN, apache.DONE
> By making this change, it will be safe to use util.redirect() in phases
> earlier than the response/content handler phase. This is not just because of
> the redirection issue described above, but is also because returning
> apache.OK as it does now doesn't actually stop any later phase from running,
> so a response/content handler would still run if one exists, with the content
> being appended to the content already generated by the util.redirect()
> function. Even if the util.redirect() was used in a response/content handler,
> without this change any stacked handlers not yet executed for the phase may
> still be run.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
