httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David Robinson)
Subject More patches
Date Tue, 03 Oct 1995 13:47:00 GMT
  Subject: Correctly reject bad and impossible URLs
  Affects: httpd.h, util.c, http_request.c
  ChangeLog: Reject bad % escapes with 400, and URL path segments containing
             / or \0
  Comment: The two characters forbidden in a UNIX filename are / and \0.
           This patch causes requests with these (% encoded) to be rejected,
           rather than treating %2f as a segment separator, and treating %00
           as the end of the URL.

  Subject: Allow user control over trailing slash in alias
  Affects: mod_alias.c, mod_dir.c
  ChangeLog: Do not strip trailing slash from Alias arguments; correct test
             for a trailing slash when redirecting /foo -> /foo/
  Comment: Removing the trailing slash from Alias arguments meant that it
           was impossible to (Script)Alias /foo and /foo/ differently.

I think there are sufficient patches pending that we need a new release,
1.0 notwithstanding.


View raw message