https://bugzilla.redhat.com/show_bug.cgi?id=1623265 --- Comment #3 from Petr Pisar <ppisar@xxxxxxxxxx> --- Reproducer: (1) Enable user's ~/public_html directories in httpd configuration (add "UserDir public_html" directive to /etc/httpd/conf.d/userdir.conf) and enable httpd_enable_homedirs SELinux boolean. (2) Add to ~/public_html/.htaccess: <Perl> warn "HIT"; </Perl> (3) Request <http://localhost/~<USER>/> document. (4) Check /var/log/httpd/error_log for Perl's "HIT" warning message, e.g. # tail -n 1 error_log HIT at /home/test/public_html/.htaccess line 2. A <USER> can write any arbitrary text to /var/log/httpd/error_log. Proposed fix: The <Perl> section should not be supported in .htaccess files at all as is documented in <http://perl.apache.org/docs/2.0/user/config/config.html#mod_perl_Directives_Argument_Types_and_Allowed_Location>. A fix proposed at <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644169#19> does that. This a bug in mod_perl implementation. This not about missing or malfunctioning "PerlOption -Sections" directive. This is about <Perl> sections being erroneously processed in <Directory>, <Location>, <Files> section, and .htaccess files. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
