httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: cvs commit: httpd-2.0 STATUS
Date Thu, 27 Mar 2003 15:24:45 GMT
* Jeff Trawick wrote:

>>   +    * Forward port: Escape special characters (especially control
>>   +      characters) in mod_log_config to make a clear distinction between
>>   +      client-supplied strings (with special characters) and server-side
>>   +      strings. This was already introduced in version 1.3.25.
>>
>>   +    * Fix mod_rewrite's path handling. It's essentially broken for non-unices
>>   +      for ages. PR 12902.
> 
> alternative opinion: neither of these are showstoppers... 

Sure :)

> not a
> security problem,

hmm. Bogus characters _can_ break the logfiles and it was never ported to 
2.x. At least it may prevent some people to switch from 1.3 to 2.x.
But ok, it may be a question of taste.

> not new breakage compared with previous release,
> instead something that has been working that way for ages and will not
> be an unpleasant surprise to anyone

mod_rewrite was finally broken in
<http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/mappers/mod_rewrite.c.diff?r1=1.83&r2=1.84&diff_format=h>
which is 2.0.27 (log time ago). Before this change it was mostly usable by 
some workarounds. The change was unfortunately backported to 1.3.25
(<http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_rewrite.c.diff?r1=1.175&r2=1.176&diff_format=h>)
which made it also unusable in nearly all cases in 1.3.

I'm still considering the mod_rewrite fix to be _very_ important. The very 
small subset of RewriteRules that do work on non-unices is IMHO not 
sufficient for a *GA* version.

nd
-- 
package Hacker::Perl::Another::Just;print
qq~@{[reverse split/::/ =>__PACKAGE__]}~;

#  André Malo  #  http://www.perlig.de  #

Mime
View raw message