https://bz.apache.org/bugzilla/show_bug.cgi?id=61388
Eric Covener <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW --- Comment #3 from Eric Covener <[email protected]> --- I'm not sure if the later release would have prevented it. However, the mapping program must produce line-based output. I think mod_rewrite discarding multiple lines in the map output is an option but seeing as how you're on something 2.4.6-based It wouldn't be a very good idea to wait for it. Beyond correcting the mapping program or having mod_rewrite discard unexpected lines from the rewrite map program, sending the still-encoded request URL would be another way to stop the map from producing bad output so easily. One way to do this is to pass it a subset of %{THE_REQUEST}. But i am not sure if before 2.4.26 you may also see malicious CR/LF in %{THE_REQUEST}. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
