"William A. Rowe, Jr." wrote: > > From: <[EMAIL PROTECTED]> > Sent: Monday, January 28, 2002 12:43 PM > > > gregames 02/01/28 10:43:19 > > > > Modified: modules/mappers mod_negotiation.c > > Log: > > handle_multi: pass along the original path info and query string if > > we redirect due to negotiation > > > > pointed out by: Bill Rowe > > > > also, clarify what some code in handle_map_file is doing
> I need to veto this patch. > > YOU CANNOT attempt to create one subrequest, then run another subrequest. > > It's entirely invalid... The request didn't have the opportunity to create the > proper subrequest for the 'real' args. Especially with ap_internal_fast_redirect > this is a serious security hole. I don't know wtf you are talking about. The only way this could be a security hole is if we mangled something earlier. But I missed your earlier commit to fix this problem, so I will back mine out. Greg
