httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: cvs commit: httpd-2.0/modules/generators mod_cgi.c
Date Thu, 26 Aug 2004 20:25:14 GMT
* Bill Stoddard <bill@wstoddard.com> wrote:

> Sorry, I have no time to spend on it. From a quick look at the code, it
> seems that it is possible for the errfn to log header fields which is why I
> choose to escape the string.

Sure...

> Why wouldn't you want to escape the string just
> to be safe? The errfn is only called on a (hopefully) infrequently
> encountered error path, so performance shouldn't be an issue. What other
> reasons would there be for not escaping the string? To prevent an
> 'obfuscated' error message?

Exactly. That's the reason why the switch exists (and was introduced when we
started to escape the errorlog). If you're running a development system, the
switch can help a lot.

nd
-- 
Real programmers confuse Christmas and Halloween because
DEC 25 = OCT 31.  -- Unknown

                                      (found in ssl_engine_mutex.c)

Mime
View raw message