[hunchentoot-devel] handle-static-file

[Hans Hübner]

On Mon, Dec 8, 2008 at 13:03, Frank Schorr <franks-muc at web.de> wrote:
> Is it really necessary to disable debugging in the production environment ? The expected information gained from a thread hanging in the IDE debugger can have a higher weight than the fear of the bad guy exploiting the until then not publicly known bug in the application. It would be interesting to have your thoughts on that.

It is really up to you:  If you want to make sure that no bad guy can
start an indefinite number of debugger threads, disable debugging.  I
certainly never run any production system in a mode that makes random
Internet requests end up in a new debugger context, but that is just
my taste.

Going back to your original inquiry:  I think that the invalid
wildcard pathname error that you've produced deserves better handling.
 You can try this patch:

Index: misc.lisp
===================================================================
--- misc.lisp	(revision 4116)
+++ misc.lisp	(working copy)
@@ -129,8 +129,9 @@
 denoted by PATH.  Send a content type header corresponding to
 CONTENT-TYPE or \(if that is NIL) tries to determine the content
 type via the file's suffix."
-  (unless (and (fad:file-exists-p path)
-               (not (fad:directory-exists-p path)))
+  (when (or (wild-pathname-p path)
+            (not (fad:file-exists-p path))
+            (fad:directory-exists-p path))
     ;; does not exist
     (setf (return-code) +http-not-found+)
     (throw 'handler-done nil))

Please give it a try and let me know if it solves the problem for you.

-Hans