|
Graham Dumpleton
grahamd at dscpl.com.au
Thu Nov 11 21:59:27 EST 2004
On Nov 10 15:18, Graham Dumpleton <grahamd at dscpl.com.au> wrote: > > Subject: [mod_python] Bug in setting up of config_dir from Handler directives. > > I wander where else there are little mistakes like this in mod_python > where it doesn't take into consideration that Apache passed it POSIX > style pathnames and not Win32 ones. > > Anyway, possibly another one for the TODO list of things to fix. Someone > want to confirm this analysis or make the change and see what happens > then. Having a very quick look at mod_python.c, the SLASH macros get used in only one other spot. It is mentioned in other places, but that code is commented out. The code in this case is in select_interp_name() and it to is wrong, although it has a couple of problems and gives slightly undesirable results on UNIX platforms as well in certain cirsumstances. Consider a publisher based content handler containing: def index(req): return req.interpreter If you do not have the PythonInterPerDirectory diective turned on, accessing that page will generate the virtual/actual host of the web server. Eg. grumpy.company.com If you turn on the PythonInterpPerDirectory and access the page explicitly as for example: http://localhost:8080/~grahamd/publisher/index.py You get something like: /Users/grahamd/Sites/publisher/ The trailing slash "/" is put there by the select_interp_name() function. If this were on Win32, you probably end up with: /Users/grahamd/Sites/publisher\ Now, if the actual directory is accessed instead and the automagic mapping to the index() method in the file is relied upon, ie., request as: http://localhost:8080/~grahamd/publisher You first get redirected to: http://localhost:8080/~grahamd/publisher/ and the result you get back is: /Users/grahamd/Sites/publisher// Again, the final trailing '/' is put there by select_interp_name(). On Win32, this is thus likely to be: /Users/grahamd/Sites/publisher/\ In summary, there are two problems here. First is that on Win32 it is most likely going to use '\' even though rest of the path uses POSIX naming style. Second is that the code doesn't check to see if there already is a trailing slash with the result that although access to the directory and the file should result in the same interpreter name, it doesn't. This latter problem means that the same index() method can get executed within the context of two different interpreters dependent on which URL you used. This shouldn't be the case and could cause problems in some applications. I haven't worked out the actual patch required in this case because of there being two issues and because I haven't looked through the code enough to know where to look to see if there already is a trailing slash. At the minimum, the use of SLASH_S should be changed to "/" in that part of the select_interp_name() method. Anyone on Win32 want to see if my assumptions about what happens there is correct? -- Graham Dumpleton (grahamd at dscpl.com.au)
|