/[Apache-SVN]
ViewVC logotype

Revision 1764961


Jump to revision: Previous Next
Author: wrowe
Date: Fri Oct 14 20:48:43 2016 UTC (7 years, 5 months ago)
Changed paths: 6
Log Message:
Dropped the never-released ap_has_cntrls() as it had very limited 
and inefficient application at that, added ap_scan_vchar_obstext()
to accomplish a similar purpose.

Dropped HttpProtocolOptions StrictURL option, this will be better
handled in the future with a specific directive and perhaps multiple
levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there
are no control characters or whitespace within the URI.

Changed the scanning of the response header table by check_headers()
to follow the same rulesets as reading request headers. Disallow any
CTL character within a response header value, and any CTL or whitespace
in response header field name, even in strict mode.

Apply HttpProtocolOptions Strict to chunk header parsing, invalid
whitespace is invalid, line termination must follow CRLF convention.



Changed paths

Path Details
Directoryhttpd/httpd/trunk/docs/manual/mod/core.xml modified , text changed
Directoryhttpd/httpd/trunk/modules/http/http_filters.c modified , text changed
Directoryhttpd/httpd/trunk/server/core.c modified , text changed
Directoryhttpd/httpd/trunk/server/gen_test_char.c modified , text changed
Directoryhttpd/httpd/trunk/server/protocol.c modified , text changed
Directoryhttpd/httpd/trunk/server/util.c modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26