httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48401] CacheIgnoreURLSessionIdentifiers recognizes the wrong key
Date Thu, 17 Dec 2009 22:24:03 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48401

--- Comment #8 from Dodou Wang <wangdong.08@gmail.com> 2009-12-17 14:24:01 UTC ---
(In reply to comment #7)
> Created an attachment (id=24729)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24729) [details]
> Revised version
> 
> Thanks for pointing out, but I guess your patch dosen't handle the following
> case:
> 
> PRE_key1=a&key2=b&key1=c&key3=blah
> 
> So I made a new one that should also handle this case :-)

er... have you tried the case above? I tried the case, and didn't find anything
wrong in my previous patch, can you explain your guess?

Maybe you means that in some cases, the querystring won't be ended by '&'?
But if the querystring isn't "", then it must be generated by cutting off the
identifier, the follow codes guarantees that the end of it must be '&'.

else {
    char *complete;

    /*
     * In order to avoid subkey matching (PR 48401) prepend
     * identifier with a '&' and append a '='
     */
    complete = apr_pstrcat(p, "&", *identifier, "=", NULL);
    param = strstr(querystring, complete);
    /* If we found something we are sitting on the '&' */    
    if (param) {
        param++;                                             
    }
}                                                            
if (param) {
    char *amp;

    if (querystring != param) {                              
        querystring = apr_pstrndup(p, querystring,
                               param - querystring);        


So in my opinion, we can be confident to change the last character to '\0', as
in my patch 24727. the comparaion between '&' in your patch maybe not needed
any more, isn't it?

Thanks:)
Dodou Wang

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message