ie5 and .doc URLs

[ot () ZOY ORG (Olivier Thereaux)]

Hi everybody. I  do not know whether what I  have discovered has already
been  discussed  or  not,  but  it  seemed  pretty  interesting  to  me,
therefore, here I go:

[Uncle yoda's (yeah,  that's a stupid nick, I know  that already) story,
skip it if you lack time]

I  wanted to  share  a word  document  to people  on  a mailing-list.  I
put  it  in my  public_html,  and  posted the  path  to  the list  (i.e.
http://server/~yoda ).

Watching my apache's access.log, i could see that:

(xxx meaning "stupid windows host belonging to a stupid big consulting
company")

xxx - "GET /~yoda HTTP/1.0" 301 230
xxx - "GET /~yoda/ HTTP/1.0" 200 891
xxx - "GET /icons/blank.gif HTTP/1.0" 200 148
xxx - "GET /icons/back.gif HTTP/1.0" 200 216
xxx - "GET /icons/unknown.gif HTTP/1.0" 200 245
xxx - "GET /~yoda/document.doc HTTP/1.0" 200 83456
xxx - "OPTIONS /~yoda HTTP/1.0" 301 230
xxx - "GET /_vti_inf.html HTTP/1.0" 200 3042
xxx - "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 302 215
xxx - "OPTIONS /~yoda/document.doc HTTP/1.0" 200 -

So what?  I first supposed  someone on the list  wanted to play  with my
server, but why the hell did he  test an IIS script on an apache server?
Sounded weird.

So I asked for an explaination, what I got looked like "sorry, you know,
IE5 sucks..." aso.

Oh well, great.

[end of the tell-me-about-your-spectacular-life section]

So, it seems  IE5 has a rather mononeuronal behaviour  when dealing with
.doc URLs. I  am actually wondering whether the fact  that the shtml.exe
is  called with  the  POST  method could  allow  something  *bad* to  be
performed against  IE5. I  believe a  GET would have  been OK,  but what
about POST?

Any idea?

Thanks.

--
Olivier Thereaux
Doko ni datte, hito wa tsunagatteiru.