httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@hyperreal.org
Subject cvs commit: apache-1.3/src CHANGES
Date Tue, 23 Jun 1998 23:41:13 GMT
coar        98/06/23 16:41:13

  Modified:    src      CHANGES
  Log:
  	Bill's fix for non-executable script files on Win32.
  
  Submitted by:	W G Stoddard <wgstodda@us.ibm.com>
  
  Revision  Changes    Path
  1.930     +5 -2      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.929
  retrieving revision 1.930
  diff -u -r1.929 -r1.930
  --- CHANGES	1998/06/23 19:53:29	1.929
  +++ CHANGES	1998/06/23 23:41:11	1.930
  @@ -1,9 +1,12 @@
   Changes with Apache 1.3.1
   
  +  *) Win32: If we can't figure out how to execute a file in a script
  +     directory, bail out of the request with an error message.  [W G Stoddard]
  +
     *) Win32 (security): Eliminate directories consisting of three or more dots;
        these are treated by Win32 as if they are ".." but are not detected by
  -	 other machinery within Apache. This is something of a kludge but eliminates
  -	 a security hole. [Ben Laurie]
  +     other machinery within Apache. This is something of a kludge but
  +     eliminates a security hole. [Ben Laurie]
   
     *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses
        pools and thus pollutes libap (until the pool stuff is moved there).
  
  
  

Mime
View raw message