- In VirtualHost context, PerlInitHandler is an alias for

PerlPostReadRequestHandler. So by encoding characters (%40 for 'a'),
  users can bypass some restrictions.
  Now PerlInitHandler is replaced by PerlHeaderParserHandler, so
  Lemonldap::NG is called after URI translation phase.
- Correction of a bug in internal redirections: now internal
  redirections are not examined: for example, http://test.example.com/
  is internaly redirected to /index.pl, but only the first request (/)
  is tested.

modules/lemonldap-ng-handler/Changes

@@ -1,5 +1,16 @@
 Revision history for Perl extension Lemonldap::NG::Handler.
 
+0.73  Thu Jan 4 15:34:22 2007
+	- In VirtualHost context, PerlInitHandler is an alias for
+	  PerlPostReadRequestHandler. So by encoding characters (%40 for 'a'),
+	  users can bypass some restrictions.
+	  Now PerlInitHandler is replaced by PerlHeaderParserHandler, so
+	  Lemonldap::NG is called after URI translation phase.
+	- Correction of a bug in internal redirections: now internal
+	  redirections are not examined: for example, http://test.example.com/
+	  is internaly redirected to /index.pl, but only the first request (/)
+	  is tested.
+
 0.72  Thu Jan 4 9:24:18 2007
 	- Correction in apache-1.3 configuration example file
 

modules/lemonldap-ng-handler/example/lmH-apache.conf

@@ -2,12 +2,12 @@
 	ServerName test.example.com
 
 	PerlRequire __DIR__/handler/MyHandler.pm
-	PerlInitHandler My::Package
+	PerlHeaderParserHandler My::Package
 	<Location /reload>
 		Order deny,allow
 		Deny from all
 		Allow from 127.0.0.0/8
-		PerlInitHandler My::Package->refresh
+		PerlHeaderParserHandler My::Package->refresh
 	</Location>
 
 	# Just to make example running (index.pl display authenticated user)

modules/lemonldap-ng-handler/example/lmH-apache2.conf

@@ -3,12 +3,12 @@ PerlOptions +GlobalRequest
 
 	ServerName test.example.com
 	PerlRequire __DIR__/handler/MyHandler.pm
-	PerlInitHandler My::Package
+	PerlHeaderParserHandler My::Package
 	<Location /reload>
 		Order deny,allow
 		Deny from all
 		Allow from 127.0.0.0/8
-		PerlInitHandler My::Package->refresh
+		PerlHeaderParserHandler My::Package->refresh
 	</Location>
 
 	# Just to make example running (index.pl display authenticated user)

modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler.pm

@@ -2,7 +2,7 @@ package Lemonldap::NG::Handler;
 
 print STDERR
 "See Lemonldap::NG::Handler(3) to know which Lemonldap::NG::Handler::* module to use.";
-our $VERSION = "0.72";
+our $VERSION = "0.73";
 
 1;
 
@@ -45,10 +45,10 @@ Call your package in /apache-dir/conf/httpd.conf:
   # Load your package
   PerlRequire /My/File
   # TOTAL PROTECTION
-  PerlInitHandler My::Package
+  PerlHeaderParserHandler My::Package
   # OR SELECTED AREA
   <Location /protected-area>
-    PerlInitHandler My::Package
+    PerlHeaderParserHandler My::Package
   </Location>
 
 The configuration is loaded only at Apache start. Create an URI to force
@@ -59,7 +59,7 @@ configuration reload, so you don't need to restart Apache at each change:
     Order deny,allow
     Deny from all
     Allow from my.manager.com
-    PerlInitHandler My::Package->refresh
+    PerlHeaderParserHandler My::Package->refresh
   </Location>
 
 =head1 DESCRIPTION

modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/SharedConf.pm

@@ -9,7 +9,7 @@ use Cache::Cache qw($EXPIRES_NEVER);
 
 our @ISA = qw(Lemonldap::NG::Handler::Vhost Lemonldap::NG::Handler::Simple);
 
-our $VERSION    = '0.51';
+our $VERSION    = '0.52';
 our $cfgNum     = 0;
 our $lastReload = 0;
 our $reloadTime;
@@ -166,10 +166,10 @@ Call your package in /apache-dir/conf/httpd.conf :
 
   PerlRequire MyFile
   # TOTAL PROTECTION
-  PerlInitHandler My::Package
+  PerlHeaderParserHandler My::Package
   # OR SELECTED AREA
   <Location /protected-area>
-    PerlInitHandler My::Package
+    PerlHeaderParserHandler My::Package
   </Location>
 
 The configuration is loaded only at Apache start. Create an URI to force
@@ -180,7 +180,7 @@ configuration reload, so you don't need to restart Apache at each change :
     Order deny,allow
     Deny from all
     Allow from my.manager.com
-    PerlInitHandler My::Package->refresh
+    PerlHeaderParserHandler My::Package->refresh
   </Location>
 
 =head1 DESCRIPTION

modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/SharedConf/DBI.pm

@@ -14,7 +14,7 @@ BEGIN {
     }
 }
 
-our $VERSION = '0.5';
+our $VERSION = '0.51';
 
 our @ISA = qw(Lemonldap::NG::Handler::SharedConf);
 
@@ -92,10 +92,10 @@ Call your package in /apache-dir/conf/httpd.conf :
 
   PerlRequire MyFile
   # TOTAL PROTECTION
-  PerlInitHandler My::Package
+  PerlHeaderParserHandler My::Package
   # OR SELECTED AREA
   <Location /protected-area>
-    PerlInitHandler My::Package
+    PerlHeaderParserHandler My::Package
   </Location>
 
 The configuration is loaded only at Apache start. Create an URI to force
@@ -106,7 +106,7 @@ configuration reload, so you don't need to restart Apache at each change :
     Order deny,allow
     Deny from all
     Allow from my.manager.com
-    PerlInitHandler My::Package->refresh
+    PerlHeaderParserHandler My::Package->refresh
   </Location>
 
 =head1 DESCRIPTION

modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm

@@ -6,7 +6,7 @@ use MIME::Base64;
 use Exporter 'import';
 use Safe;
 
-our $VERSION = '0.72';
+our $VERSION = '0.73';
 
 our %EXPORT_TAGS = (
     localStorage =>
@@ -247,8 +247,9 @@ sub localInit($$) {
     # performances.
     no strict;
     if ( MP() == 2 ) {
-        Apache->push_handlers( PerlChildInitHandler =>
-              sub { return $class->initLocalStorage( $_[1], $_[0] ); } );
+        Apache->push_handlers(
+            PerlChildInitHandler => sub { return $class->initLocalStorage( $_[1], $_[0] ); }
+        );
         Apache->push_handlers(
             PerlCleanupHandler => sub { return $class->cleanLocalStorage(@_); }
         );
@@ -404,6 +405,8 @@ sub forbidden {
 
 # hideCookie : hide Lemonldap cookie to the protected application
 sub hideCookie {
+    my $class = shift;
+    $class->lmLog( "$class: removing cookie", 'debug' );
     my $tmp = lmHeaderIn( $apacheRequest, 'Cookie' );
     $tmp =~ s/$cookieName[^;]*;?//o;
     lmSetHeaderIn( $apacheRequest, 'Cookie' => $tmp );
@@ -428,22 +431,18 @@ sub goToPortal() {
     return REDIRECT;
 }
 
-# MAIN SUBROUTINE called by Apache (using PerlInitHandler option)
+# MAIN SUBROUTINE called by Apache (using PerlHeaderParserHandler option)
 sub run ($$) {
     my $class;
     ( $class, $apacheRequest ) = @_;
 
-    my $uri =
-      $apacheRequest->uri
-      . ( $apacheRequest->args ? "?" . $apacheRequest->args : "" );
+    return DECLINED unless ( $apacheRequest->is_initial_req );
+    my $uri = $apacheRequest->uri . ( $apacheRequest->args ? "?" . $apacheRequest->args : "" );
 
     # AUTHENTICATION
     # I - recover the cookie
     my $id;
-    unless ( ($id) =
-        ( lmHeaderIn( $apacheRequest, 'Cookie' ) =~ /$cookieName=([^; ]+);?/o )
-      )
-    {
+    unless ( ($id) = ( lmHeaderIn( $apacheRequest, 'Cookie' ) =~ /$cookieName=([^; ]+);?/o ) ) {
         $class->lmLog( "$class: No cookie found", 'info' );
         return $class->goToPortal($uri);
     }
@@ -495,7 +494,7 @@ sub run ($$) {
 
     # SECURITY
     # Hide Lemonldap cookie
-    hideCookie;
+    $class->hideCookie;
     OK;
 }
 
@@ -596,10 +595,10 @@ Call your package in <apache-directory>/conf/httpd.conf
 
   PerlRequire MyFile
   # TOTAL PROTECTION
-  PerlInitHandler My::Package
+  PerlHeaderParserHandler My::Package
   # OR SELECTED AREA
   <Location /protected-area>
-    PerlInitHandler My::Package
+    PerlHeaderParserHandler My::Package
   </Location>
 
 =head1 DESCRIPTION

modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Vhost.pm

@@ -4,7 +4,7 @@ use Lemonldap::NG::Handler::Simple qw(:locationRules :headers);
 use strict;
 use MIME::Base64;
 
-our $VERSION = '0.5';
+our $VERSION = '0.51';
 
 sub locationRulesInit {
     my ( $class, $args ) = @_;
@@ -122,7 +122,7 @@ Create your own package:
 Call your package in <apache-directory>/conf/httpd.conf
 
   PerlRequire MyFile
-  PerlInitHandler My::Package
+  PerlHeaderParserHandler My::Package
 
 =head1 DESCRIPTION