because of the changes to the argument lists of apr_mmap_dup and apr_socket_create,
2.1-dev won't build with apr and apr-util's 0.9 branch anymore
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101154 13f79535-47bb-0310-9956-ffa450edef68
redirection target is not access protected and pass it
to scripts using the REDIRECT_REMOTE_USER environment variable.
PR: 10678, 11602.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100604 13f79535-47bb-0310-9956-ffa450edef68
ap_server_signature() against this cross-site scripting
vulnerability exposed by the directive 'UseCanonicalName Off'.
Also HTML-escape the SERVER_NAME environment variable for CGI
and SSI requests. It's safe to escape as only the '<', '>',
and '&' characters are affected, which won't appear in a valid
hostname. Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
[Brian Pane]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97064 13f79535-47bb-0310-9956-ffa450edef68
explicitly tell the server that warning messages should be sent
to the client in addition to being recorded in the error log.
Prior to this change, ap_log_rerror() always sent warning
messages to the client. In one case, a faulty CGI script caused
the server to send a warning message to the client that contained
the full path to the CGI script. This could be considered a
minor security exposure.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94744 13f79535-47bb-0310-9956-ffa450edef68
reads in mod_cgi: eof wasn't treated as an error condition when
reading the script headers, so we were delivering a 200 when a
CGI script produced no output.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94342 13f79535-47bb-0310-9956-ffa450edef68
The first step is to remove the socket from the conn_rec,
the server now lives in a context that is passed to the
core's input and output filters. This forces us to be very
careful when adding calls that use the socket directly,
because the socket isn't available in most locations.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91887 13f79535-47bb-0310-9956-ffa450edef68
access to the internals of an apr_table_t via a const pointer
instead of the current non-const pointer.
Submitted by: Brian Pane <BPane@pacbell.net>
Reviewed by: Ian Holsman
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91860 13f79535-47bb-0310-9956-ffa450edef68
Netware, especially, and any other platform with odd native requirements
for the PATH_TRANSLATED variable (where it should look like a filesystem
entity for non-unixish cgi's.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90976 13f79535-47bb-0310-9956-ffa450edef68
us set the environment variable REQUEST_URI to the redirected
URI, instead of the originally requested URI.
PR: 7580
Submitted by: Taketo Kabe <kabe@sra-tohoku.co.jp>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90886 13f79535-47bb-0310-9956-ffa450edef68
- explicitly include apr_lib.h since ap_config.h doesn't
- use apr_want.h where possible
- use APR_HAVE_ where possible
- remove some unneeded includes
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88060 13f79535-47bb-0310-9956-ffa450edef68
are used or not. This uses the same mechanism that is used for APR
and APR-util. This may not be the correct solution, but it works, and that
is what I really care about. This also renames CHARSET_EBCDIC to
AP_CHARSET_EBCDIC. This is for namespace correctness, but it also makes
the exports script a bit easier.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87424 13f79535-47bb-0310-9956-ffa450edef68
modules to not have to muck with the output_filter after it creates the
sub-request. Without this change, modules that create a sub-request have
to manually edit the output_filters, and therefore skip the sub-request
output_filter. If they skip the sub-request output_filter, then we end
up sending multiple EOS buckets to the core_output_filter.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87065 13f79535-47bb-0310-9956-ffa450edef68
functions to use it. This is onyl the start and I'll pause a while before
I continue in case people really hate this. The patch can be backed out and
all evidence will be removed, but I think this makes maintaining/developing
the code easier in the long term.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86870 13f79535-47bb-0310-9956-ffa450edef68
for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper)
and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE.
All _VAR_ flavors changes to _DATA to be absolutely clear.
Thank you Greg, for the most obvious suggestion.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86609 13f79535-47bb-0310-9956-ffa450edef68
Yes - it's blatently obvious that this should be 'bucketized', but the
sequence I will follow is:
*) compatibility of sources
*) extension to async + transmitfile emulated support
*) localization of ISAPI* directives to Directory, File blocks
*) addition of ISAPI caching
*) recode for buckets.
I'm actually looking forward to the mod_cgi bucketization as a model.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86360 13f79535-47bb-0310-9956-ffa450edef68
see src/lib/apr/apr_compat.h for most details.
Also a few minor nits to get Win32 to build.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@86008 13f79535-47bb-0310-9956-ffa450edef68
