Received: (qmail 34896 invoked by uid 501); 10 Oct 2000 15:32:58 -0000 Message-Id: <20001010153258.34895.qmail@locus.apache.org> Date: 10 Oct 2000 15:32:58 -0000 From: Jay R.Ashworth Reply-To: jra@baylink.com To: submit@bugz.apache.org Subject: SSI include virtual will not allow relative paths above DocumentRoot - doco vague X-Send-Pr-Version: 3.110 >Number: 6649 >Category: mod_include >Synopsis: SSI #include documentation is vague >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: analyzed >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: apache >Arrival-Date: Tue Oct 10 08:40:18 PDT 2000 >Closed-Date: >Last-Modified: Tue Oct 10 13:25:30 PDT 2000 >Originator: jra@baylink.com >Release: 1.2.4 (yes, I know; that's what they run there) >Organization: >Environment: SunOS/Solaris; server at ISP; versions unk. >Description: While the documentation for 'include file=' explicitly states that relative paths containing .. are not allowed, the section on 'include virtual=' says that they are, but fails to say that the ceiling on climbing up the tree is the DocumentRoot, rather than the ServerRoot, which it appears, by inspection, to actually be. This makes shared SSI fragment directories impossible to implement. The alternative, of course, makes it possible for ISP customers sharing one server to include each other's stuff, which isn't good either. >How-To-Repeat: >Fix: Not really; see above. For servers where all the virtual servers are under the same span of administrative control, a config file directive could be created to allow include virtual to go further up the tree, but this would be a security violation on shared commercial servers. >Release-Note: >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: slive State-Changed-When: Tue Oct 10 13:25:27 PDT 2000 State-Changed-Why: Yes, the SSI documentation is pretty vague on how all the different #include and #exec stuff fit together. It could use some work. Your particular problem could probably be solved with an Alias directive. If you use Alias to point to your common SSI include directory and map it into your current URL space for each server, then #include virtual should be able to access it. Synopsis-Changed-From: SSI include virtual will not allow relative paths above DocumentRoot - doco vague Synopsis-Changed-To: SSI #include documentation is vague Synopsis-Changed-By: slive Synopsis-Changed-When: Tue Oct 10 13:25:27 PDT 2000 >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]