Checkout Tools
  • last updated 6 hours ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 102061 is being indexed.

SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the


Reviewed by: Mark J Cox, Erik Abele, Jeff Trawick

  1. … 4 more files in changeset.
well, (kinda) backport LimitInternalRecursion. This prevents

the server from crashing if someone configure an infinite loop of

internal redirects and subrequests. Default value is 20/20

(subsequent redirects/nested subrequests), 0 means unlimited.

The patch works fine on my box, but is required to be tested

extensively before the next release.

PR: 19753 (and probably more)

Obtained from: 2.0 patch

Reviewed by: original 2.0 port by Justin and BrianP (?)

  1. … 4 more files in changeset.
update license to 2003.

  1. … 156 more files in changeset.
Where the OS allows, we now proactively use the various _ex and

magic cleanups to close fds (lock files, log files and sockets)

to prevent them from leaking into 3rd party modules that don't

call ap_cleanup_for_exec() before forking off subprocesses.

Expect some possible fine-tuning.

Obtained from:

Submitted by:

Reviewed by:

  1. … 13 more files in changeset.
*) Added new ap_register_cleanup_ex() API function which allows

for a "magic" cleanup function to be run at register time

rather than at cleanup time. Also added the

ap_note_cleanups_for_(socket|fd|file)_ex() API functions

which allows for control over whether that magic cleanup

should be called or not. This does not change the default

behavior of the non-"ex" function (eg: ap_register_cleanup).

At present, the magic cleanup is simply code that performs

a CLOSEXEC, but that can be modified (hmmm... maybe an

API issue?)


Obtained from:

Submitted by:

Reviewed by: Martin

  1. … 4 more files in changeset.
Bump MMN.


Obtained from:

Submitted by:

Reviewed by:

Namespace protect getline() and get_chunk_size().

Export ap_getline() and ap_get_chunk_size().


Obtained from:

Submitted by:

Reviewed by:

  1. … 2 more files in changeset.
Update our copyright for this year, plus fix two files that had included

the wrong license.

  1. … 155 more files in changeset.

Demote the FileETag MMN change to a minor bump. Also fix a comment

that incorrectly identified the previous MMN change.

  1. … 1 more file in changeset.

Whoops, forgot to bump MMN. Major bump because of a change

to the semi-private core_dir_config structure. (Also fix a

stale comment from an earlier version of the FileETag patch.)

  1. … 1 more file in changeset.
Modify buff.h and buff.c to enable modules to intercept the

output byte stream for dynamic page caching. A pointer to a

'filter callback' function is added to the end of buff.h.

This function, if registered by a module, is called

at the top of buff_write() and writev_it_all().

MMN Minor bumped.

Obtained from: [Kevin Mallory <>

Reviewed by: Bill Stoddard

  1. … 3 more files in changeset.
Change everything to The Apache Software License 1.1

  1. … 133 more files in changeset.
Change URLs for the HTTP server project to point to

  1. … 135 more files in changeset.
It's already late 2000, and our copyright notices still say "1999".

  1. … 135 more files in changeset.
Add the concept and implementation for a runtime config

directory, ala /etc/rc.d/init. Basically, if any of the

config "files" are actually directories, all files in

that directory (and in subdirectories) will be parsed as

config files. Thus you can add new config directives with

no file edits at all, simply file additions.

PR: 6397

Obtained from:

Submitted by: Lionel Clark <> (concept + initial patch)

Reviewed by: William A. Rowe, Jr

  1. … 5 more files in changeset.

No functional changes; just fixing a comment so it *looks*

like a comment, and therefore isn't as confusing when it

contains cpp directives..

MODULE_MAGIC_AT_LEAST was hopelessly broken. reimplement under a new name:

AP_MODULE_MAGIC_AT_LEAST. leave the old, but force breakage if somebody

happened to be using it (if they were, it probably is NOT working as

they expect).

I swore I edited this before committing. Correct the comment to

the mmn bump.


Obtained from:

Submitted by:

Reviewed by:

Rename the alloc.h header file to ap_alloc.h. This patch will be

followed by the physical copy of alloc.h to ap_alloc.h in order to

preserve all historical comments, and cvs deletion of alloc.h.

A minor MMN bump is included in this patch.

Resolves problems observed by Borland and a few other compilers that

can't discern which alloc.h they should be including, the os's or the

Apache file.


Obtained from:

Submitted by:

Reviewed by:

  1. … 37 more files in changeset.
add a comment on why the minor was bumped.

Update minor module magic number to reflect the new field (case_preserved_filename)


  1. … 4 more files in changeset.
Revert the scoreboard change because Jim doesn't like it.

  1. … 5 more files in changeset.
Revert to the 1.3.3 way of getting the server name from the scoreboard,

with a modification to make it respect the UseCanonicalName setting.

This makes things work better with mass vhosting setups.

Submitted by: Cliff Woolley <>

Reviewed by: Tony Finch

  1. … 3 more files in changeset.
Minor MMN bump to note the addition of all the 1.3.6-9 functions.

back out Ken's recent patch, I'm vetoing it:

- it adds a new API which can only be implemented through O(n^2) methods

- it does not solve the problem in a way which is compatible with existing


- We went over this, and other solutions were presented. The current

situation is already O(n^2), so I'm not just vetoing this based on that

-- I'm vetoing this because I don't want another O(n^2) API embedded

into the code. A solution which would retain more compatibility with

existing modules would add an "table *vary" to the request_rec, and

then modify ap_send_http_header to merge the contents of the table

and any "Vary" entry in r->headers_out. This can be done with a simple

sort operation.

  1. … 10 more files in changeset.

Note some recent API changes in a couple of places; correct

docco on *SecurityDescriptor safety.

  1. … 2 more files in changeset.
MMN bump and change of location for local_ip

and local_host slots

  1. … 1 more file in changeset.

mod_autoindex was only checking for exact matches of "text/html"

for ScanHTMLTitles, which meant that "text/html;charset=foo"

documents wouldn't be scanned. As a side effect of this patch,

add ap_field_noparam(), which returns the unparameterised value

for any HTTP field that can use '*( ";" parameter)'.

PR: 4524

  1. … 5 more files in changeset.
Uhhhhhh.. minor vs. major: Ok, make the friends happy. I've personally no

strong opinion on this stuff because I'm still part of the guys who thing the

major/minor distinction is mostly useless. A single value is enough IMHO...