httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <>
Subject Re: localization of content/apache server
Date Wed, 06 Aug 1997 18:03:56 GMT
On Wed, 6 Aug 1997, Marc Slemko wrote:

> Have we resolved the necessary NT issues?

No, but that shouldn't stop us from doing a beta. Just because there are
known bugs doesn't mean we can't ship. That's a lesson I think we learned
pretty well after nine months on 1.2 (a release that was supposed to be
done in two).

BTW, I recall someone posting a fix for the Listen problem on
Windows. Has that been commited/tested/etc?

> Has anyone actually verified that mixed-case does or doesn't present a
> security issue?

I don't think so (either way). The dual-filename format also provides a
problem (I haven't tried it, but I can guarantee it's there - using DOS
8.3 filenames should bypass security setup for long Windows filenames,
and vice versa). I suspect that we should do something like this:

Prior to directory_walk, call GetFullPathName() on r->filename. This
expands filenames to their canonical format (full names, drive letters,
backslashes). Then convert backslashes to forward slashes, so Apache will
like it. Then make sure all the compares in directory_walk and file_walk
(location_walk, too?) are strcasecmp().

We should also alter DirectoryMatch and FilesMatch (LocationMatch, too?)
to use REG_ICASE on Windows. That way, regexes will work correctly as

If this is a sound plan, I'll work up a patch.

-- Alexei Kosut <>

View raw message