Hey, Apache::ASP v2.29 has been released, CHANGES below, and you can get it in your local CPAN, or:
http://www.perl.com/CPAN-local/modules/by-module/Apache/ There are some major bugs fixed in this release, that stem from new work in the 2.25 release. These bugs are about empty $Sessions not getting garbage collected & POST requests over fast LAN connections sometimes returning an empty web response of 0 bytes. There were other optimizations, features & bugfixes this release. Some big features are XML::LibXSLT support for XSLT rendering and support for running under "PerlTaintCheck On" security config. --Josh _________________________________________________________________ Joshua Chamas Chamas Enterprises Inc. NodeWorks Founder Huntington Beach, CA USA http://www.nodeworks.com 1-714-625-4051 CHANGES: +Added some extra help text to the ./cgi/asp --help message to clarify how to pass arguments to a script from the command line. +When using $Server->Mail() API, if Content-Type header is set, and MIME-Version is not, then a "MIME-Version: 1.0" header will be sent for the email. This is correct according to RFC 1521 which specifies for the first time the Content-Type: header for email documents. Thanks to Philip Mak for pointing out this correct behavior. +Made dependent on MLDBM::Sync version .25 to pass the taint_check.t test +Improved server_mail.t test to work with mail servers were relaying is denied +Added <html><body> tags to MailErrorsTo email --Fixed SessionCount / Session_OnEnd bug, where these things were not working for $Sessions that never had anything written to them. This bug was introduced in 2.23/2.25 release. There was an optimization in 2.23/2.25 where a $Session that was never used does not write its state lock file & dbm files to disk, only if it gets written too like $Session->{MARK}++. Tracking of these NULL $Sessions then is handled solely in the internal database. For $Session garbage collection though which would fire Session_OnEnd events and update SessionCount, the Apache::ASP::State->GroupMembers() function was just looking for state files on disk ... now it looks in the internal database too for SessionID records for garbage collection. Added a test at ./t/session_events.t for these things. +Some optimizations for $Session API use. +Added support for XSLT via XML::LibXSLT, patch courtesy of Michael Buschauer -Got rid of an warning when recompiling changing includes under perl 5.6.1... undef($code) method did not work for this perl version, rather undef(&$code) does. Stopped using using Apache::Symbol for this when available. -Make Apache::ASP script run under perl taint checking -T for perl 5.6.1... $code =~ tr///; does not work to untaint here, so much use the slower: $code =~ /^(.*)$/s; $code = $1; method to untaint. -Check for inline includes changing, included in a dynamic included loaded at runtime via $Response->Include(). Added test case for this at t/include_change.t. If an inline include of a dynamic include changes, the dynamic include should get recompiled now. -Make OK to use again with PerlTaintCheck On, with MLDBM::Sync 2.25. Fixed in ASP.pm, t/global.asa, and created new t/taint_check.t test script +Load more modules when Apache::ASP is loaded so parent will share more with children httpd: Apache::Symbol Devel::Symdump Config lib MLDBM::Sync::SDBM_File +When FileUploadMax bytes is exceeded for a file upload, there will not be an odd error anymore resulting from $CGI::POST_MAX being triggered, instead the file upload input will simply be ignored via $CGI::DISABLE_UPLOADS. This gives the developer the opportunity to tell the user the the file upload was too big, as demonstrated by the ./site/eg/file_upload.asp example. To not let the web client POST a lot of data to your scripts as a form of a denial of service attack use the apache config LimitRequestBody for the max limits. You can think of PerlSetVar FileUploadMax as a soft limit, and apache's LimitRequestBody as a hard limit. --Under certain circumstances with file upload, it seems that IsClientConnected() would return an aborted client value from $r->connection->aborted, so the buffer output data would not be flushed to the client, and the HTML page would return to the browser empty. This would be under normal file upload use. One work-around was to make sure to initialize the $Request object before $Response->IsClientConnected is called, then $r->connection->aborted returns the right value. This problem was probably introduced with IsClientConnected() code changes starting in the 2.25 release. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
