Checkout Tools
  • last updated 19 mins ago
Constraints: committers
Constraints: files
Constraints: dates

Changeset 101991 is being indexed.

stop using apr_sockaddr_port_get() accessor function, as it will

disappear from APR 1.0 API shortly

  1. … 5 more files in changeset.
switch to APR 1.0 API (which is still in flux)

because of the changes to the argument lists of apr_mmap_dup and apr_socket_create,

2.1-dev won't build with apr and apr-util's 0.9 branch anymore

  1. … 42 more files in changeset.
Remember an authenticated user during internal redirects if the

redirection target is not access protected and pass it

to scripts using the REDIRECT_REMOTE_USER environment variable.

PR: 10678, 11602.

  1. … 2 more files in changeset.
finished that boring job:

update license to 2003.

Happy New Year! ;-))

  1. … 271 more files in changeset.
*) SECURITY: [CAN-2002-0840] HTML-escape the address produced by

ap_server_signature() against this cross-site scripting

vulnerability exposed by the directive 'UseCanonicalName Off'.

Also HTML-escape the SERVER_NAME environment variable for CGI

and SSI requests. It's safe to escape as only the '<', '>',

and '&' characters are affected, which won't appear in a valid

hostname. Reported by Matthew Murphy <mattmurphy@kc.rr.com>.

[Brian Pane]

  1. … 2 more files in changeset.

Use apr_ flavors of ischar()

stop using APLOG_NOERRNO in calls to ap_log_?error()

  1. … 24 more files in changeset.
Added the APLOG_TOCLIENT flag to ap_log_rerror() to

explicitly tell the server that warning messages should be sent

to the client in addition to being recorded in the error log.

Prior to this change, ap_log_rerror() always sent warning

messages to the client. In one case, a faulty CGI script caused

the server to send a warning message to the client that contained

the full path to the CGI script. This could be considered a

minor security exposure.

  1. … 3 more files in changeset.
Handle CR/LF terminated lines from CGI scripts.

Reviewed by: Brian Pane

Fix for a bug that I introduced when eliminating the single-byte

reads in mod_cgi: eof wasn't treated as an error condition when

reading the script headers, so we were delivering a 200 when a

CGI script produced no output.

Changed mod_cgi to not do single-byte reads to consume the

script headers

  1. … 4 more files in changeset.
Commit 2 of 2 to:

1. rename ap_rset_content_type to ap_set_content_type

2. reverse the arguments to aligh with ap_set_content_length

  1. … 2 more files in changeset.
Final commit to add ap_rset_content_type accessor. Add AddOutputFiltersbyType

filters during call to ap_rset_content_type()

  1. … 4 more files in changeset.
Update our copyright for this year.

  1. … 260 more files in changeset.
Optimization: changed some apr_pstrndup calls to apr_pstrmemdup

  1. … 1 more file in changeset.
optimize ap_add_common_vars() for the common case where r->subprocess_env is empty

minor performance fix for ap_add_common_vars(): replace printf with apr_itoa()

Begin to abstract out the underlying transport layer.

The first step is to remove the socket from the conn_rec,

the server now lives in a context that is passed to the

core's input and output filters. This forces us to be very

careful when adding calls that use the socket directly,

because the socket isn't available in most locations.

  1. … 18 more files in changeset.
This patch changes the apr_table_elts macro so that it provides

access to the internals of an apr_table_t via a const pointer

instead of the current non-const pointer.

Submitted by: Brian Pane <BPane@pacbell.net>

Reviewed by: Ian Holsman

  1. … 10 more files in changeset.
Improve http2env's performance by cutting the work it has to


Submitted by: Brian Pane <bpane@pacbell.net>

  1. … 1 more file in changeset.

PATHEXT is a critial Win32 cmd.exe variable that declares _which_ extensions

are given command-name status (such as .exe;.bat;.com;.cmd etc.)

This patch is insufficient (highlights an existing problem) for OS2 and

Netware, especially, and any other platform with odd native requirements

for the PATH_TRANSLATED variable (where it should look like a filesystem

entity for non-unixish cgi's.)

Back out the 1.45 change to util_script.c. This change made

us set the environment variable REQUEST_URI to the redirected

URI, instead of the originally requested URI.

PR: 7580

Submitted by: Taketo Kabe <kabe@sra-tohoku.co.jp>

  1. … 1 more file in changeset.

Why two ifdef blocks? This is simpler to read

Change over to apr_strfsize() for apr_off_t file size formatting.

  1. … 4 more files in changeset.
Another of the long term issues cleared up. BeOS can now run

perl and other CGI's that rely on .so's for their operation.

use apr-util's apr_date_parse_http() instead of the to-be-removed


(proxy needs to make similar changes)

build changes forthcoming...

Submitted by: Justin Erenkrantz

  1. … 2 more files in changeset.
surprised -Wall does not complain, but ap_scan_script_header_err_core() should explicitly return an int

tweak ap_get_remote_host() so that the caller can find out if she got

back an IP address

mod_access needed to know this, but the old code didn't handle IPv6

  1. … 8 more files in changeset.
Update copyright to 2001

  1. … 205 more files in changeset.