On Thu, Apr 11, 2002 at 04:27:08PM -0700, Justin Erenkrantz wrote: > No. The limit needs to apply to *all* bucket reads not just the > ap_get_client_block which we shouldn't even be supporting > (it's old cruft from 1.3). This patch is broken as inputs > will not be limited if you don't use ap_get_client_block() > (say use ap_get_brigade() - you won't limit it). > > I believe ap_http_input_filter is the right place. You really > need to make a case as to why this is wrong. This really seems > like CGI is broken. -- justin
I guess I'm unclear why it is CGI's responsibility to watch for this. Do we then need to put these kinds of checks in every http-body-using element? (My relative newness to the filters is showing.) Another thing I'm even less clear about is what ap_get_client_block is for. Where the heck do normal modules grab the entire post body from (I truly don't know)? -aaron
