Changes with Apache 2.0.49
+ *) mod_rewrite: In external rewrite maps lookup keys containing
+ a newline now cause a lookup failure. PR 14453.
+ [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
+
*) Backport major overhaul of mod_include's filter parser from 2.1.
The new parser code is expected to be more robust and should
catch all of the edge cases that were not handled by the previous one.
APACHE 2.0 STATUS: -*-text-*-
-Last modified at [$Date: 2004/01/12 00:59:02 $]
+Last modified at [$Date: 2004/01/12 02:02:10 $]
Release:
else. BTW, clever use of NULL terms (or lack of). ;-)
+1: nd, trawick, jerenkrantz
- * mod_rewrite: cause a lookup failure in external rewrite maps if
- the key contains a newline. PR 14453. (2.0 + 1.3)
- modules/mappers/mod_rewrite.c: r1.199
- jerenkrantz: Okay by me, but perhaps we should just escape the \n?
- Wouldn't ignoring the rewrite here do something bad tho?
- (Am not backporting.)
- nd: If the user/admin wants to escape, he can use the internal escape
- map. Additionally not escaping \n is (more or less) backwards
- compatible, because it always failed (the map got out of sync).
- +1: nd, trawick, jerenkrantz
-
* mod_ssl: fix a link failure when the openssl-engine libraries are
present but the engine headers are missing.
modules/ssl/mod_ssl.c: r1.87
* context then the rewritemap-programs were not spawned.
* In this case using such a map (usually in per-dir context)
* is useless because it is not available.
+ *
+ * newlines in the key leave bytes in the pipe and cause
+ * bad things to happen (next map lookup will use the chars
+ * after the \n instead of the new key etc etc - in other words,
+ * the Rewritemap falls out of sync with the requests).
*/
- if (fpin == NULL || fpout == NULL) {
+ if (fpin == NULL || fpout == NULL || ap_strchr(key, '\n')) {
return NULL;
}
-
+
/* take the lock */
if (rewrite_mapr_lock_acquire) {
projects / thirdparty / apache / httpd.git / commitdiff
