Thanks for the quick response - I only just noticed that there was a
newer version in CVS and was planning to update the patch against this
however it looks like you beat me to it.
On Dec 2, 2003, at 7:43 PM, Rimon Barr wrote:
> Hi Paul,
> Thanks for sending in the patch. It wasn't against the latest version
> the code, so the merge failed and I ended up coding the functionality
> manually, and in a slightly different manner. But, thank you for
> spotting the deficiency. It's checked into the CVS now. As for a
> date... Yes, it will happen soon. It has been a while, but I need to
> find time for testing.
> All the best,
> On Sun, 30 Nov 2003, Paul Chakravarti wrote:
>> The current spyce built in web server doesn't appear to handle
>> with a path_info component so I generated a small patch (attached) to
>> add this. With the patch applied the server will now traverse up
>> through the path components until it finds a file match and dispatch
>> this to the appropriate content handler with the path_info component
>> provided as a parameter. The content handler can then choose to
>> the request as appropriate - eg. the spyce handler passes this to the
>> spyceHTTPRequest object whereas the dump handler reject requests with
>> path_info set.
>> I havent tested heavily however it 'seems to work' - there is no extra
>> testing for path traversal security issues as the search is done after
>> normpath and should therefore be safe.
>> On a related topic - are there any plans for a new spyce release
>> anytime which would wrap up some of the outstanding patches against
>> 1.3.11 ?
>> Regards, PaulC