>Number: 5389
>Category: mod_rewrite
>Synopsis: [PATCH] - expand_backref_inbuffer broken in version 1.148 of
>mod_rewrite.c
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache
>State: open
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Mon Nov 29 14:00:01 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: pre 1.3.10
>Environment:
n/a
>Description:
mod_rewrite is *SEVERELY* broken by a one-character bug introduced in version
1.148. The bug causes the next-to-last backref substitution to never happen...
if you only have one backref, the $1 disappears without a trace! This is
described more fully with an example in a followup to PR#4766.
Following is a patch against mod_rewrite.c version 1.152 that fixes the problem.
>How-To-Repeat:
See followups to PR#4766 for a demonstration.
>Fix:
--- src/modules/standard/mod_rewrite.c.112999 Mon Nov 29 16:32:33 1999
+++ src/modules/standard/mod_rewrite.c Mon Nov 29 16:32:40 1999
@@ -2513,7 +2513,7 @@
/* now apply the standard regex substitution function */
ap_cpystrn(buf, ap_pregsub(p, buf, bri->source,
- bri->nsub+0, bri->regmatch), nbuf);
+ bri->nsub+1, bri->regmatch), nbuf);
/* restore the original $N and & backrefs */
for (i = 0; buf[i] != '\0' && i < nbuf; i++) {
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
