Hi,
I think I may have found a bug in a corner case for the directive
AllowOverride
Way to reproduce:
* Latest httpd
* Set configuration for a directory to something similar to:
<Directory /some/path/here>
Options +ExecCGI +Includes +SymLinksIfOwnerMatch -FollowSymLinks
AllowOverride Nonfatal=Override Options=Includes
</Directory>
* Put in said directory an .htaccess file with a not allowed directive.
Expected behaviour is that the directive not allowed in the .htaccess
file gets ignored and there is no 500 error response.
Now, I may put in AllowOverride any directive type along with
Nonfatal=Override and it will work as expected.
But the moment I put Options=<Any_Option> , the Nonfatal=Override gets
silently ignored. Mind that if I just put Options (no equal sign and no
option list), it still works as expected. It is the moment I add the
equal sign and an option that the Nonfatal=Override gets ignored thus
leading to a 500 error response.
I say Nonfatal=Override because that is actually what I need in my
configuration, but Nonfatal=Unknown or Nonfatal=All get ignored too.
I have been reading through the function set_override() in server/core.c
to try to make sense of what may be happening, but I cannot figure it
out. It has been too long since I last did anything in c.
Any help with this will be greatly appreciated.
Best regards,
--
Eduardo Mayoral.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
