List files that would result in HTTP_UNAUTHORIZED in addition to

successes and redirections, since there's a chance the client will
actually have the proper authorization to retrieve them.

Reported by:	Stas Bekman

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93250 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index ea16d9337796450e585f62ee61411e5b74f56b24..0611fae5030eb63e10b0ae74f4d1b1eb26f86e74 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
 Changes with Apache 2.0.32-dev
 
+  *) mod_autoindex now lists files that would result in HTTP_UNAUTHORIZED
+     in addition to success and redirection, since there's a chance the
+     client will actually have the proper authorization to retrieve them.
+     [Stas Bekman, Cliff Woolley]
+
   *) Not being able to bind to the socket is a fatal error.  We should
      print an error to the console, and return a non-zero status code.
      With these changes, all of the Unix MPMs do that correctly.

diff --git a/modules/generators/mod_autoindex.c b/modules/generators/mod_autoindex.c
index aad5199b2b9f04d9818a6088b0048d871b1f2f7d..21f443dddc3284bbbe58a8e00ce1ee8b3b56b11e 100644 (file)
--- a/modules/generators/mod_autoindex.c
+++ b/modules/generators/mod_autoindex.c
@@ -1292,7 +1292,8 @@ static struct ent *make_autoindex_entry(const apr_finfo_t *dirent,
 
     if ((rr->finfo.filetype != APR_DIR && rr->finfo.filetype != APR_REG)
         || !(rr->status == OK || ap_is_HTTP_SUCCESS(rr->status)
-                              || ap_is_HTTP_REDIRECT(rr->status))) {
+                              || ap_is_HTTP_REDIRECT(rr->status)
+                              || rr->status == HTTP_UNAUTHORIZED)) {
         ap_destroy_sub_req(rr);
         return (NULL);
     }