Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 17132 invoked from network); 9 Sep 2007 14:04:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 9 Sep 2007 14:04:11 -0000 Received: (qmail 24511 invoked by uid 500); 9 Sep 2007 14:04:02 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 24437 invoked by uid 500); 9 Sep 2007 14:04:02 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 24426 invoked by uid 99); 9 Sep 2007 14:04:02 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 09 Sep 2007 07:04:02 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [80.229.52.226] (HELO grimnir.webthing.com) (80.229.52.226) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 09 Sep 2007 14:05:26 +0000 Received: from grimnir.webthing.com (localhost [127.0.0.1]) by grimnir.webthing.com (Postfix) with ESMTP id 6E9EC2137 for ; Sun, 9 Sep 2007 15:03:35 +0100 (BST) Date: Sun, 9 Sep 2007 15:03:34 +0100 From: Nick Kew To: dev@httpd.apache.org Subject: Re: svn commit: r573831 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_rewrite.xml modules/mappers/mod_rewrite.c Message-ID: <20070909150334.3aadb537@grimnir> In-Reply-To: <46E3BFE1.9050004@apache.org> References: <20070908124611.4C24D1A9832@eris.apache.org> <46E3BFE1.9050004@apache.org> Organization: WebThing X-Mailer: Sylpheed-Claws 2.5.0-rc3 (GTK+ 2.10.6; i486-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On Sun, 09 Sep 2007 11:41:53 +0200 Ruediger Pluem wrote: > > > On 09/08/2007 02:46 PM, wrote: > > Author: niq > > Date: Sat Sep 8 05:46:10 2007 > > New Revision: 573831 > > > > URL: http://svn.apache.org/viewvc?rev=573831&view=rev > > Log: > > Add option to escape backreferences in RewriteRule. > > PR 34602 and PR 39746 > > Patch by Guenther Gsenger The patch is in bugzilla. I applied it without modification because: * It fixes both the bugs listed. * The code looks good. I'm sure it could benefit from further refactoring, but I didn't want to spend more time on this than necessary. > I am a little bit unsure if this can have security implications in > some cases. I'd like to see an example of how it might affect security. > Does it make sense to duplicate code? Shouldn't this be placed in > util.c? Very likely. But that escalates it from a bugfix to an API change. > How about using apr_pstrndup instead? Indeed. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/