httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/docs/manual/mod mod_log_config.html.en mod_log_config.xml
Date Sun, 06 Apr 2003 21:34:03 GMT
nd          2003/04/06 14:34:03

  Modified:    docs/manual/mod mod_log_config.html.en mod_log_config.xml
  Log:
  document log escaping
  
  Reviewed by: Astrid Ke▀ler, Erik Abele
  
  Revision  Changes    Path
  1.26      +14 -5     httpd-2.0/docs/manual/mod/mod_log_config.html.en
  
  Index: mod_log_config.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_log_config.html.en,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- mod_log_config.html.en	19 Mar 2003 00:19:34 -0000	1.25
  +++ mod_log_config.html.en	6 Apr 2003 21:34:03 -0000	1.26
  @@ -178,11 +178,20 @@
       "%!200,304,302{Referer}i" logs <code>Referer:</code> on all requests
       which did <em>not</em> return some sort of normal status.</p>
   
  -    <p>Note that there is no escaping performed on the strings from
  -    <code>%...r</code>, <code>%...i</code> and <code>%...o</code>.
This
  -    is mainly to comply with the requirements of the Common Log Format.
  -    This implies that clients can insert control characters into the log,
  -    so care should be taken when dealing with raw log files.</p>
  +    <p>Note that in versions previous to 2.0.46 no escaping has been performed
  +    on the strings from <code>%...r</code>, <code>%...i</code>
and
  +    <code>%...o</code>. This was mainly to comply with the requirements of
  +    the Common Log Format. This implied that clients could insert control
  +    characters into the log, so you had to be quite careful when dealing
  +    with raw log files.</p>
  +
  +    <p>For security reasons starting with 2.0.46 non-printable and
  +    other special characters are escaped mostly by using
  +    <code>\x<var>hh</var></code> sequences, where <var>hh</var>
stands for
  +    the hexadecimal representation of the raw byte. Exceptions from this
  +    rule are <code>"</code> and <code>\</code> which are escaped
by prepending
  +    a backslash, and all whitespace characters that are written in their
  +    C-notation (<code>\n</code>, <code>\t</code> etc).</p>
   
       <p>Some commonly used log format strings are:</p>
   
  
  
  
  1.17      +14 -5     httpd-2.0/docs/manual/mod/mod_log_config.xml
  
  Index: mod_log_config.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_log_config.xml,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- mod_log_config.xml	13 Mar 2003 23:16:04 -0000	1.16
  +++ mod_log_config.xml	6 Apr 2003 21:34:03 -0000	1.17
  @@ -185,11 +185,20 @@
       "%!200,304,302{Referer}i" logs <code>Referer:</code> on all requests
       which did <em>not</em> return some sort of normal status.</p>
   
  -    <p>Note that there is no escaping performed on the strings from
  -    <code>%...r</code>, <code>%...i</code> and <code>%...o</code>.
This
  -    is mainly to comply with the requirements of the Common Log Format.
  -    This implies that clients can insert control characters into the log,
  -    so care should be taken when dealing with raw log files.</p>
  +    <p>Note that in versions previous to 2.0.46 no escaping has been performed
  +    on the strings from <code>%...r</code>, <code>%...i</code>
and
  +    <code>%...o</code>. This was mainly to comply with the requirements of
  +    the Common Log Format. This implied that clients could insert control
  +    characters into the log, so you had to be quite careful when dealing
  +    with raw log files.</p>
  +
  +    <p>For security reasons starting with 2.0.46 non-printable and
  +    other special characters are escaped mostly by using
  +    <code>\x<var>hh</var></code> sequences, where <var>hh</var>
stands for
  +    the hexadecimal representation of the raw byte. Exceptions from this
  +    rule are <code>"</code> and <code>\</code> which are escaped
by prepending
  +    a backslash, and all whitespace characters that are written in their
  +    C-notation (<code>\n</code>, <code>\t</code> etc).</p>
   
       <p>Some commonly used log format strings are:</p>
   
  
  
  

Mime
View raw message