httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <sl...@finance.commerce.ubc.ca>
Subject mod_rewrite: backreferences in rewritemaps are gone.
Date Mon, 16 Oct 2000 04:06:42 GMT
This has been brought up in the bug database and on the newsgroup, but I
figured I would point it out here as well:

It seems that the recent change to single-pass variable expansion in
mod_rewrite has messed up rewritemaps.  In particular, since the
rewritemap expansion of the ${map:whatever} is done before the expansion
of backreferences inside the "whatever", these maps no longer work.
Among other things, this screws up the mass-virtual-hosting with
mod_rewrite example given in the docs.

I think this is a rather serious problem, since it will hit almost
everyone who uses rewritemaps with Apache, and we can't suggest people
stick with the previous version because of the security flaw.

I see the problem in the code do_expand(), but I am not familiar enough
with the potential security problems to suggest a fix.  The relevant bug
is PR6671.

Joshua.


Mime
View raw message