diff options
author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2013-03-06 12:53:42 +0000 |
---|---|---|
committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2013-03-06 12:53:42 +0000 |
commit | ddee5646445cdf292aa88c57d6693257c48e2d64 (patch) | |
tree | ddcd93ebc5cf9177b82caa380fc31c0e39801cd4 /auth_mellon_handler.c | |
parent | 81cf686843634f2e2ff70db6553ef712c531ced0 (diff) | |
download | mod_auth_mellon-ddee5646445cdf292aa88c57d6693257c48e2d64.tar.gz mod_auth_mellon-ddee5646445cdf292aa88c57d6693257c48e2d64.tar.xz mod_auth_mellon-ddee5646445cdf292aa88c57d6693257c48e2d64.zip |
Disable automatic creation of MellonPostDirectory.
Now that the POST replay functionality has been disabled by default,
we can force the administrator to create this directory manually. This
saves us from worrying about temp file/directory vulnerabilities.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@178 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_handler.c')
-rw-r--r-- | auth_mellon_handler.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index cdc4c28..f21f9bb 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -2307,8 +2307,15 @@ static int am_handle_repost(request_rec *r) } mod_cfg = am_get_mod_cfg(r->server); + + if (!mod_cfg->post_dir) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Repost query without MellonPostDirectory."); + return HTTP_NOT_FOUND; + } + query = r->parsed_uri.query; - + enctype = am_extract_query_parameter(r->pool, query, "enctype"); if (enctype == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |