httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Stoddard" <b...@wstoddard.com>
Subject Re: [PATCH include/http_log.h] APLOG_TOCLIENT.
Date Tue, 04 Jun 2002 19:05:03 GMT
Just committed this...

diff -u -r1.37 http_log.h
--- http_log.h 23 May 2002 12:19:09 -0000 1.37
+++ http_log.h 4 Jun 2002 19:00:29 -0000
@@ -107,8 +107,17 @@
  */
 #define APLOG_NOERRNO  (APLOG_LEVELMASK + 1)
 
-/* Use APLOG_TOCLIENT to cause ap_log_rerror() to send the message
- * to the client in addition to recording it to the error log.
+/* Use APLOG_TOCLIENT on ap_log_rerror() to give content
+ * handlers the option of including the error text in the 
+ * ErrorDocument sent back to the client. Setting APLOG_TOCLIENT
+ * will cause the error text to be saved in the request_rec->notes 
+ * table, keyed to the string "error-notes", iff:
+ * - the severity level of the message is APLOG_WARNING or greater
+ * - there are no other "error-notes" set in request_rec->notes
+ * Once error-notes is set, it is up to the content handler to
+ * determine whether this text should be send back to the client.
+ * Note: Client generated text streams sent back to the  client MUST 
+ * be escaped to prevent CSS attacks.
  */

Bill

----- Original Message ----- 
From: "Stas Bekman" <stas@stason.org>
To: <dev@httpd.apache.org>
Sent: Tuesday, June 04, 2002 2:28 PM
Subject: [PATCH include/http_log.h] APLOG_TOCLIENT.


> 
> I'm not sure whether ap_log_rerror() is the only user of APLOG_TOCLIENT. 
> If so here is the patch that adds the whole story to the header file, so 
> one doesn't need to dig in the .c files to find out how it works.
> 
> Moreover, I'm still not happy with this description, as ap_log_rerror() 
> doesn't really send the message to the client, but only sets 
> 'error-notes' and it depends on the handler what it does about it. If I 
> understand this correctly the note is misleading.
> 
> 
> Index: include/http_log.h
> ===================================================================
> RCS file: /home/cvspublic/httpd-2.0/include/http_log.h,v
> retrieving revision 1.37
> diff -u -r1.37 http_log.h
> --- include/http_log.h 23 May 2002 12:19:09 -0000 1.37
> +++ include/http_log.h 4 Jun 2002 18:23:01 -0000
> @@ -109,6 +109,9 @@
> 
>   /* Use APLOG_TOCLIENT to cause ap_log_rerror() to send the message
>    * to the client in addition to recording it to the error log.
> + * In addition the following conditions should be true:
> + * the error level is 'warning' or more severe,
> + * AND there aren't already error-notes associated with this request
>    */
>   #define APLOG_TOCLIENT          (APLOG_LEVELMASK + 2)
> 
> 
> 
> __________________________________________________________________
> Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
> http://stason.org/     mod_perl Guide ---> http://perl.apache.org
> mailto:stas@stason.org http://use.perl.org http://apacheweek.com
> http://modperlbook.org http://apache.org   http://ticketmaster.com
> 
> 


Mime
View raw message