On Sun, 09 Sep 2007 11:41:53 +0200
Ruediger Pluem <rpluem@apache.org> wrote:
>
>
> On 09/08/2007 02:46 PM, wrote:
> > Author: niq
> > Date: Sat Sep 8 05:46:10 2007
> > New Revision: 573831
> >
> > URL: http://svn.apache.org/viewvc?rev=573831&view=rev
> > Log:
> > Add option to escape backreferences in RewriteRule.
> > PR 34602 and PR 39746
> > Patch by Guenther Gsenger
The patch is in bugzilla. I applied it without modification
because:
* It fixes both the bugs listed.
* The code looks good.
I'm sure it could benefit from further refactoring, but I didn't
want to spend more time on this than necessary.
> I am a little bit unsure if this can have security implications in
> some cases.
I'd like to see an example of how it might affect security.
> Does it make sense to duplicate code? Shouldn't this be placed in
> util.c?
Very likely. But that escalates it from a bugfix to an API change.
> How about using apr_pstrndup instead?
Indeed.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
|