git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Martin Kraemer <martin@apache.org>
	Tue, 21 May 2002 13:03:56 +0000 (13:03 +0000)
committer	Martin Kraemer <martin@apache.org>
	Tue, 21 May 2002 13:03:56 +0000 (13:03 +0000)
commit	2963e526a67ab11e1443753d58fde1c982e0c8c1
tree	97109e11fef77d834884edb5afb7513f2c4daf0d	tree
parent	40e43e57583d4511043db1ad14df2aeafb27e370	commit \| diff

Apply a stricter check to the request line syntax, in order to prevent
arbitrary user input to end up (unescaped) in the access_log and error_log
files. Until now, garbage could be injected to spoof accesses to nonexistent
(or inaccessible) resources -- of course without the client actually
getting access to them.
Now anything but whitespace following the "<method> <url> HTTP/x.y" request
line is disallowed, and special characters in the request are escaped
in the log.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@95205 13f79535-47bb-0310-9956-ffa450edef68

src/CHANGES		diff \| blob \| blame \| history
src/include/httpd.h		diff \| blob \| blame \| history
src/main/gen_test_char.c		diff \| blob \| blame \| history
src/main/http_protocol.c		diff \| blob \| blame \| history
src/main/util.c		diff \| blob \| blame \| history
src/modules/standard/mod_log_config.c		diff \| blob \| blame \| history
src/support/httpd.exp		diff \| blob \| blame \| history