httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: svn commit: r1554300 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/ap_regex.h include/http_core.h modules/proxy/mod_proxy.c modules/proxy/mod_proxy.h server/core.c server/request.c server/util_pcre.c
Date Wed, 01 Jan 2014 11:59:26 GMT
Am Montag, 30. Dezember 2013, 19:50:53 schrieb minfrin@apache.org:
> Author: minfrin
> Date: Mon Dec 30 19:50:52 2013
> New Revision: 1554300
> 
> URL: http://svn.apache.org/r1554300
> Log:
> core: Support named groups and backreferences within the
> LocationMatch, DirectoryMatch, FilesMatch and ProxyMatch
> directives.

I definitely like this idea. While I haven't done a full review of the 
patch, I have a few questions:

Aren't the apr_table keys case insensitive anyway? Why do we need the 
case conversion of the key names?

Maybe making ap_regname() accept an optional prefix string that is 
prepended to each name would be a good idea?

Maybe the use in <LocationMatch> and friends should add some prefix to 
the names? Like "m_" or "match_" or "m:"? This would make it more 
difficult to shoot oneself in the foot by allowing a remote attacker 
to set env variables that have some special meanings elsewhere in 
httpd (or in an executed cgi script). And/or maybe these values should 
be filtered out again when exporting them to cgi env variables?

Cheers,
Stefan


Mime
View raw message