Am Tuesday, 29. July 2003 16:20, schrieb Robin Berjon:
> J�rg Walter wrote:
> > I have a yet unreleased plugin which adds
> > arbitrary perl expressions as parameters,
>
> Is that http://foo.org/bar.xml?ap=system(%27rm+-Rf+/%27) ?
No. But exactly this was my motivation. Think:
PerlAddVar XSPCacheParam page 'int($apr->param("page"))'
which makes the param a cache key _and_ assures that it is much less
Cache-DoS-prone due to normalizing it with "int". If you add a check for some
arbitrary maximum and minimum value, you have a non-DoS variant of any
parameter.
--
CU
Joerg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
