httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David Robinson)
Subject Re: Apache 1.0.1 beta uploaded, go gettit....
Date Mon, 18 Dec 1995 12:53:00 GMT
> I've uploaded 1.0.1 to hyperreal's httpd/dist directory.  Sorry
> Jim, it's got the old httpd_monitor in it.

Sorry Andew, -1 on this distribution; it doesn't have a BUGS file.
I've included a sample version below.

As 1.0.1 contains a substantive feature change from 1.0.0 (why isn't it called
1.1.0??) the manual will have to be updated. I had intended the manual to
be unchanged until 1.1, but this releases requires otherwise.

[I find it curious in the extreme that this release contains feature changes
 but does not contain a fix for a significant bug. Bug fixes seem to be
 accepted at random, as far as I can tell.]


Known bugs in this distribution

This distribution contains a few known bugs, for which fixes are available.
For one reason or another, these fixes have not been applied to the
distribution. Patches are available from xxxxxxx

1. Apache does not provide a compliant CGI/1.1 interface

 The AUTH_TYPE envirnomment variable is not set.

 Affects any well-written script which checks AUTH_TYPE is 'Basic' before
 using the REMOTE_USER variable.

Temporary Fix:
 Apache only sets REMOTE_USER for Basic authentication, so assume that
 AUTH_TYPE is "Basic" if REMOTE_USER is set and SERVER_SOFTWARE is Apache/xxxx
 for xxx <= "1.0.1"

2. Indexing of directories containing '%'

 If a directory name contains '%' and a user requests a directory index
 without the trailing '/', the redirection request will not re-escape the '%'.

 The user will get a redirection to a non-existant page; for example,
 if /foo%25bar is a directory, then a request for http://server/foo%25bar
 will redirect the user to http://server/foo%bar/

Temporary Fix:
 None. Avoid '%' in directory names.

3. Query string is ignored on a DirectoryIndex directive.

 DirectoryIndex is documented as taking a relative URL; in fact the
 query string part of the URL is ignored. e.g.   A DirectoryIndex directive of
    DirectoryIndex /cgi-bin/script?doindex
  will be treated as though ?doindex was not there.

 Minor; this feature has never worked so users are unlikely to be using it.

Temporary Fix:

4. Active HTML characters are not escaped in HTML generated by the server.

 In directory listings, error messages and redirection link messages
 the characters '<', '>' and '&' are not converted to their safe entity
 forms of '&lt;', '&gt;' and '&amp;' respectively.

 Server generated listings of a directory containing filenames using these
 characters will have cause unpredictable affects on the browser display.

Temporary Fix:
 None. Avoid use of these characters in filenames and URLs.

View raw message