httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@apache.org>
Subject Re: [PATCH] catching malformed container directives
Date Tue, 09 Dec 2003 17:04:09 GMT
At 09:36 AM 12/9/2003, Geoffrey Young wrote:
>> 
>> André Malo wrote:
>>>
>>>I'd like to keep <IfDefine > possible. Simply because it's a very efficient
>>>way to comment a whole part out (reliably, since one cannot specify an
>>>empty -D argument). And it's in use out there.
>
>ok, here is a new patch that excludes <IfDefine >.

Now you have me thinking.  For Apache 2.1 (perhaps 2.0) I'd like to see that
particular nonsense go away.  I sympathize with André's observation that it's
useful, but what he wants to do can be accomplished with

<IfDefine NEVER>
    DangerousDirective
</IfDefine>

which serves the same purpose, but it much more legible.

You point out that containers that expect args (e.g. not <Perl> blocks) can 
be very difficult to debug in any sort of dynamic (mod_macro) sort of config
environment.  But also consider that many conf rewriting tools could probably 
crack under the strain of parsing such <IfFoo> containers, if they specify
no argument.

On the balance, for 2.1 forward we should disallow <IfDefine >.  It's a coin
toss to me if we continue to accept them in 2.0 - so I'd argue the principle
of least surprise.  Disallow in 2.1, but continue to allow in 2.0 <IfDefine >.

>also included is a patch (that applies on top of the other one) that fixes
>broken <Limit> containers.  currently
>
><Limit GET
>
>does not throw an error (note the missing final '>').

That would be goodness!

Bill 


Mime
View raw message