httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: cvs commit: httpd-2.0/modules/aaa mod_authn_anon.c
Date Sun, 09 Nov 2003 19:48:00 GMT
* Greg Stein <gstein@lyra.org> wrote:

<snip>

> That's a rather complicated "if" statement, and you removed the comment.
> I'd ask that you leave a comment in there to provide a human-readable
> version of that condition.

hehe, ok. I've thought that the new version of the statement was
self-explaining enough :-)

> 
> >            if (conf->logemail && ap_is_initial_req(r)) {
> >                ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r,
> >   -                        "Anonymous: Passwd <%s> Accepted",
> >   -                        sent_pw ? sent_pw : "\'none\'");
> >   +                          "Anonymous: Passwd <%s> Accepted",
> >   +                          sent_pw ? sent_pw : "\'none\'");
> >            }
> 
> Hmm. This is taking input from the request and dropping it right into the
> log. I don't recall what our policy is around there. Do we need to escape
> it in any way? (e.g. remove newlines)

I don't recall about any policy about error logs. But we should escape it,
sure -- on a more central place (i.e. core).

nd

Mime
View raw message