On Fri, May 1, 2015 at 9:01 PM, Jim Riggs apache-li...@riggs.me wrote:
I may go ahead and write up a patch this weekend to change them all (*Match
and RewriteRule) and then we can all debate it over on bugz too!
ap_getparents() may be the right place to strip
(non-leading-)double-slashes, for
* Jim Riggs wrote:
On 1 May 2015, at 10:52, André Malo n...@perlig.de wrote:
* Niklas Edmundsson wrote:
On Thu, 30 Apr 2015, Yann Ylavic wrote:
On Thu, Apr 30, 2015 at 2:57 PM, Jim Riggs apache-li...@riggs.me
wrote:
Thanks, Yann. I remember looking at this code before. The
On Mon, May 4, 2015 at 6:01 AM, Yann Ylavic ylavic@gmail.com wrote:
On Fri, May 1, 2015 at 9:01 PM, Jim Riggs apache-li...@riggs.me wrote:
I may go ahead and write up a patch this weekend to change them all
(*Match and RewriteRule) and then we can all debate it over on bugz too!
On Mon, May 4, 2015 at 9:20 PM, William A Rowe Jr wr...@rowe-clan.net wrote:
On Mon, May 4, 2015 at 6:01 AM, Yann Ylavic ylavic@gmail.com wrote:
On Fri, May 1, 2015 at 9:01 PM, Jim Riggs apache-li...@riggs.me wrote:
I may go ahead and write up a patch this weekend to change them all
On 1 May 2015, at 10:52, André Malo n...@perlig.de wrote:
* Niklas Edmundsson wrote:
On Thu, 30 Apr 2015, Yann Ylavic wrote:
On Thu, Apr 30, 2015 at 2:57 PM, Jim Riggs apache-li...@riggs.me
wrote:
Thanks, Yann. I remember looking at this code before. The question
remains, though: Is it
On Thu, 30 Apr 2015, Yann Ylavic wrote:
On Thu, Apr 30, 2015 at 2:57 PM, Jim Riggs apache-li...@riggs.me wrote:
Thanks, Yann. I remember looking at this code before. The question remains, though: Is it
currently wrong?
Does it need to be fixed, or was this distinction made intentionally?
Is
* Niklas Edmundsson wrote:
On Thu, 30 Apr 2015, Yann Ylavic wrote:
On Thu, Apr 30, 2015 at 2:57 PM, Jim Riggs apache-li...@riggs.me
wrote:
Thanks, Yann. I remember looking at this code before. The question
remains, though: Is it currently wrong? Does it need to be fixed,
or was this
On Thu, Apr 30, 2015 at 2:57 PM, Jim Riggs apache-li...@riggs.me wrote:
Thanks, Yann. I remember looking at this code before. The question remains,
though: Is it currently wrong?
Does it need to be fixed, or was this distinction made intentionally?
Is there a specific use case that requires
On 28 Apr 2015, at 17:55, Yann Ylavic ylavic@gmail.com wrote:
It seems that while Location is compared to ap_no2slash(r-uri),
LocationMatch is matched against r-uri directly.
That's probably the issue.
A possible fix (untested) could be:
Index: server/request.c
+1
By unbreaking configurations we are indeed changing behavior. This could
be an unexpected change for an admin during a minor upgrade but I weigh
that against the fact that directives enclosed by these matches may be
intended to add security/authorization/authentication which a badly
written
It seems that while Location is compared to ap_no2slash(r-uri),
LocationMatch is matched against r-uri directly.
That's probably the issue.
A possible fix (untested) could be:
Index: server/request.c
===
--- server/request.c
* Jim Riggs wrote:
This came up at ApacheCon a couple of weeks ago. I just took this knowledge
for granted, as I have always accounted for it, but both Rich and Trawick
were surprised. As I thought about it some more, it seems this may be a
POLA violation. Thoughts? If we agree it should be
This came up at ApacheCon a couple of weeks ago. I just took this knowledge for
granted, as I have always accounted for it, but both Rich and Trawick were
surprised. As I thought about it some more, it seems this may be a POLA
violation. Thoughts? If we agree it should be fixed, I can make the
13 matches
Mail list logo