mirror of
https://github.com/apache/httpd.git
synced 2026-01-13 21:42:17 +03:00
ae172585fa
by mod_usertrack. This is because of the use of strstr() in spot_cookie() the original mod_usertrack.c to find the name of the cookie. strstr(), by virtue of looking for a substring instead of an exact match, can mis-identify the cookie "MyID" as the cookie "ID" or "My". So, if you were looking for the value of the cookie "ID", but only the cookie "MyID" was returned by the browser, mod_usertrack.c would return the value of the "MyID" cookie in place of the "ID" you were looking for. Even more seriously, because strstr is invoked before the cookie name is separated from its cookie value, a cookie and value like "myCookie=thisisnotIDeal" will be a false positive if you told mod_usertrack the cookie name was ID. Furthermore, using this example, "eal" will get logged as the value of the cookie; now that strstr has incorrectly identified the substring "ID" as the cookie name, the following "e" (assumed to be the "=" sign) gets discarded, and the remaining content used as the value of the cookie. Replacing the strstr() with a more robust regex match fixes this problem. PR: 16661 Submitted by: Manni Wood <manniwood@planet-save.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101306 13f79535-47bb-0310-9956-ffa450edef68
The directory structure for this level is as follows: aaa/ This directory contains modules dealing with authorization and authentication. arch/ cache/ This directory houses modules that implement file and data caching capability. dav/ This directory houses modules that implement WebDAV functionality. echo/ experimental/ In this directory we've placed some modules which we think provide some pretty interesting functionality, but which are still in the early stages of development and could evolve radically in the future. This code isn't supported officially. filters/ This directory houses modules that perform general inline data filtering. generators/ This directory houses modules that perform data generation functions. http/ This directory houses modules that basic HTTP protocol implementation. loggers/ This directory houses modules that handle logging functions. mappers/ This directory houses modules that handle URL mapping and rewriting. metadata/ This directory houses modules that deal with Header metadata. proxy/ This houses the code for the proxy module for Apache. ssl/ test/ This directory houses modules which test various components of Apache. You should not compile these into a production server. tls/ This directory houses code for OpenSSL functionality.