httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <DRugg...@primary.net>
Subject Re: *Match, RewriteRule POLA violation?
Date Thu, 30 Apr 2015 23:55:24 GMT
+1
By unbreaking configurations we are indeed changing behavior. This could
be an unexpected change for an admin during a minor upgrade but I weigh
that against the fact that directives enclosed by these matches may be
intended to add security/authorization/authentication which a badly
written link could circumvent if an admin isn't using the appropriate regex.

-- 
Daniel Ruggeri

On 4/30/2015 8:16 AM, Yann Ylavic wrote:
> On Thu, Apr 30, 2015 at 2:57 PM, Jim Riggs <apache-lists@riggs.me> wrote:
>> Thanks, Yann. I remember looking at this code before. The question remains, though:
Is it currently "wrong"?
>> Does it need to be "fixed", or was this distinction made intentionally?
>> Is there a specific use case that requires the regex-matching directives to not get
slash-normalized URIs?
> I would like it to be fixed, non leading "/+" is equivalent to "/",
> this would break very few (if any) cases IMHO, and may even unbreak
> more ones .


Mime
View raw message